Terraform-provider-aws: Looping: when delete item from list, terraform want to recreate resource
_This issue was originally opened by @CrusaderX as hashicorp/terraform#15678. It was migrated here as a result of the provider split. The original body of the issue is below._
Hello there,
I want to create multiple users and gave them special access to ecr repository. Everything working fine except I want to delete user from user list. Terraform code and terraform output:
Terraform Configuration Files
Calling module users from main module:
...
module "users" {
source = "IAM-USER"
user-list = "${var.user-list}"
}
variables.tf users module:
variable "user-list" {
type = "map"
default = {
repository1 = [ "user-power.lower","user-koko.boko","user-gogo.ranger","user-test.user" ]
repository2 = [ "user-lower.power","user-cover.prover" ]
}
}
user module code:
resource "aws_iam_user" "iam-user" {
name = "${element(split(",",join(",",data.template_file.users.*.rendered)), count.index)}"
path = "/"
count = "${length(split(",",join(",",data.template_file.users.*.rendered)))}"
force_destroy = true
}
resource "aws_iam_access_key" "iam-key" {
user = "${element(aws_iam_user.iam-user.*.name, count.index)}"
count = "${length(split(",",join(",",data.template_file.users.*.rendered)))}"
}
data "template_file" "users" {
count = "${length(keys(var.user-list))}"
template = "${join(",", var.user-list[element(keys(var.user-list), count.index)])}"
}
Expected Behavior
User deleted successfully
Actual Behavior
Terraform want to recreate users (shift all users after removed user)
Steps to Reproduce
Delete user from user list in any position except the end
Terraform output
user: "user-koko.boko" => "user-gogo.ranger" (forces new resource)
and so on
~ module.users.aws_iam_user.iam-user.4
name: "user-koko.boko" => "user-gogo.ranger"
Terraform Version
terraform --version
Terraform v0.9.11
How can I avoid this problem? I want to manipulate users from terraform :(
hashibot
All 5 comments
https://github.com/terraform-providers/terraform-provider-aws/pull/2021 This should fix it
kushmansingh
on 23 Oct 2017
Hi,
I'm having the same issue, I create users like this:
resource "aws_iam_user" "user" {
count = "${length(split(",", data.external.find_ldap_users.result["json_search_file"]))}"
name = "${element(split(",", data.external.find_ldap_users.result["json_search_file"]), count.index)}"
path = "/"
lifecycle {
create_before_destroy = true
}
}
When removing users from my list variable, Terraform is having problems removing users from AWS because it needs to rearrange the users. User in position 1 will be put in position 0, and so on.
Create_before_destroy = true is a suggested fix but does not help in this case. If you have created AWS keys on the users in the AWS account it causes even more problems since a user cannot be deleted if there is a key attached.
I'm going to look at some kind of way of generating new terraform code each time I run the job. Meaning I would like to create unique iam_user-blocks every time, according to a user list (or AD-lookup). Would that be a viable solution or would terraform still have problems adding/deleting users?
antvak
on 5 Mar 2018
Hey @antvak, have you found a solution for this particular issue?
I guess the root cause is that the resources are associated with the list index. This means as long as the resources are not enumerated by another key (like username) on modification we'll not get around this issue when using count.
yves-vogl
on 28 Mar 2020
Hi folks 👋 This issue is resolved in Terraform 0.12.6 and later, which supports new functionality in the configuration language aimed at solving problems like these. The new resource-level for_each argument can be used so resources are indexed in the Terraform state based on a string map or set, rather than the simple numeric list with the resource-level count argument. Resources switched to for_each over count will no longer have issues with removing elements in the middle of a list or general rearranging of elements as the resource index keys are stable.
If you're looking for general assistance with how to implement for_each in this situation, please note that we use GitHub issues in this repository for tracking bugs and enhancements with the Terraform AWS Provider codebase rather than for questions. While we may be able to help with certain simple problems here it's generally better to use the community forums where there are far more people ready to help, whereas the GitHub issues here are generally monitored only by a few maintainers and dedicated community members interested in code development of the Terraform AWS Provider itself.
bflad
on 7 Jul 2020
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 6 Aug 2020
Related issues
hashibot
·
3Comments
blaltarriba
·
3Comments
ccslamstack
·
3Comments
andywirv
·
3Comments
reedloden
·
3Comments
Most helpful comment
Hi,
I'm having the same issue, I create users like this:
When removing users from my list variable, Terraform is having problems removing users from AWS because it needs to rearrange the users. User in position 1 will be put in position 0, and so on.
Create_before_destroy = true is a suggested fix but does not help in this case. If you have created AWS keys on the users in the AWS account it causes even more problems since a user cannot be deleted if there is a key attached.
I'm going to look at some kind of way of generating new terraform code each time I run the job. Meaning I would like to create unique iam_user-blocks every time, according to a user list (or AD-lookup). Would that be a viable solution or would terraform still have problems adding/deleting users?