I tried to create an Azure Key Vault access policy for multiple object_id. Theeses object_id are system identity from multiple virtuals machines created with the fonction 'count'.
I tried this :
resource "azurerm_key_vault_access_policy" "terra_kva_pol_arr" {
for_each = azurerm_windows_virtual_machine.terra_vma_arr[*].identity[*].principal_id
key_vault_id = azurerm_key_vault.terra_kva[0].id
tenant_id = var.tenant_id
object_id = each.value
secret_permissions = [
"Get",
]
}
But I have this error :
│ Error: Invalid for_each argument
│
│ on key_vault.tf line 30, in resource "azurerm_key_vault_access_policy" "terra_kva_pol_arr":
│ 30: for_each = azurerm_windows_virtual_machine.terra_vma_arr[*].identity[*].principal_id
│ ├────────────────
│ │ azurerm_windows_virtual_machine.terra_vma_arr is tuple with 1 element
│
│ The given "for_each" argument value is unsuitable: the "for_each" argument must be a map, or set of strings, and you have provided a value of type tuple.
I think I need a more complex for_each but I am not an expert in this.
Thank you.
If you want to keep using for_each you can do:
for_each = toset(flatten(azurerm_windows_virtual_machine.terra_vma_arr[*].identity[*].principal_id))