kclinden · October 13, 2020 21:19
diff --git a/get_subnet_arns_by_tag.tf b/get_subnet_arns_by_tag.tf
 #This was an interesting thing I was trying to figure out. I used this to pass into a IAM Policy Resource Limit

 # Get all of the subents with tag packer; returns a set of ids
 data "aws_subnet_ids" "this" {
  vpc_id = var.vpc_id
  tags = {
    tag_name = "tag_value"
  }
 }

 #Get the arns for each subnet
 data "aws_subnet" "this" {
  for_each = data.aws_subnet_ids.this.ids
  id       = each.key
 }

 output "subnet_ids" {
  value = data.aws_subnet_ids.this.ids
 }

 # This value here can then be sent to another resource for use as a list of arns
 output "subnet_arns" {
  value = [for s in data.aws_subnet.this : s.arn]
 }
  
 data "aws_iam_policy_document" "document" {
  statement {
    effect    = "Allow"
    actions   = ["ec2:CreateNetworkInterfacePermission"]
    resources = ["${data.aws_caller_identity.current.arn}:network-interface/*"]
    condition {
      test     = "StringEquals"
      variable = "ec2:Subnet"
      values   = var.subnets
    }
  }
 }
	#This was an interesting thing I was trying to figure out. I used this to pass into a IAM Policy Resource Limit

	# Get all of the subents with tag packer; returns a set of ids
	data "aws_subnet_ids" "this" {
	vpc_id = var.vpc_id
	tags = {
	tag_name = "tag_value"
	}
	}

	#Get the arns for each subnet
	data "aws_subnet" "this" {
	for_each = data.aws_subnet_ids.this.ids
	id = each.key
	}

	output "subnet_ids" {
	value = data.aws_subnet_ids.this.ids
	}

	# This value here can then be sent to another resource for use as a list of arns
	output "subnet_arns" {
	value = [for s in data.aws_subnet.this : s.arn]
	}

	data "aws_iam_policy_document" "document" {
	statement {
	effect = "Allow"
	actions = ["ec2:CreateNetworkInterfacePermission"]
	resources = ["${data.aws_caller_identity.current.arn}:network-interface/*"]
	condition {
	test = "StringEquals"
	variable = "ec2:Subnet"
	values = var.subnets
	}
	}
	}