FG
☁️ Cloud & DevOps

terraform modules value of count cannot be computed

Freshabout 22 hours ago
Mar 14, 20260 views
Confidence Score95%
95%

Problem

I was using terraform modules for IAM user creation, add multiple inline policies and multiple policy_arn's to the user after creation. But now I got an issue where I create an IAM_POLICY and get the arn of this policy and i am trying to add it as `policy_arn ="{module.policy.policy_arn}"` but i was getting the error, value of 'count' cannot be computed. My current version of terraform is `0.8.7` module/user/users.tf [code block] module/policy/policy.tf [code block] main.tf [code block] when i do terraform plan i was getting the error the aws_iam_user_policy.user_policy: value of 'count' cannot be computed. now i am not sure. how would i get the arn of the policy created in other module to the current policy_arn to the user. I tried with `terraform 0.9.0 dev` its showing the same issue. but if i first apply with target module on the policy then apply for user, Its not throwing any count error. Its working. I might need a way to tell terraform to apply policy module first then apply user module. It should be done with depends_on but i'm not able to call depends_on on other modules. Could we write a null_resource depending on policy and user module depending on null_resource ? Any suggestions/workarounds or modifications to my modules will be appreciated. thanks.

Error Output

error the aws_iam_user_policy.user_policy: value of 'count' cannot be computed.

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
Unverified Fix
New Fix – Awaiting Verification

Implement Dependency Management for IAM Policy Creation in Terraform

Medium Risk

The error 'value of count cannot be computed' occurs because Terraform cannot determine the number of resources to create when the resource depends on the output of another resource that is not yet created. In this case, the IAM user policy depends on the ARN of a policy created in a separate module, leading to a circular dependency issue.

Awaiting Verification

Be the first to verify this fix

  1. 1

    Create a Null Resource for Dependency Management

    Add a null_resource in your main.tf to create an explicit dependency between the policy module and the user module. This will ensure that the policy module is applied before the user module.

    hcl
    resource "null_resource" "policy_dependency" {}
  2. 2

    Add Dependency to User Module

    Modify the user module to depend on the null_resource created in the previous step. This will enforce the execution order during the apply phase.

    hcl
    resource "aws_iam_user_policy" "user_policy" { count = length(var.policy_arn) depends_on = [null_resource.policy_dependency] policy_arn = var.policy_arn }
  3. 3

    Update Policy Module Output

    Ensure that the policy module outputs the ARN of the created policy correctly. This output should be referenced in the user module to ensure that the IAM user policy can access it.

    hcl
    output "policy_arn" { value = aws_iam_policy.example.arn }
  4. 4

    Refactor User Module to Accept Policy ARN

    Ensure that the user module accepts the policy ARN as a variable. This will allow you to pass the ARN from the policy module to the user module seamlessly.

    hcl
    variable "policy_arn" { type = list(string) }
  5. 5

    Run Terraform Commands

    After making the changes, run `terraform init`, followed by `terraform plan` and `terraform apply` to verify that the dependencies are respected and the resources are created in the correct order.

Validation

Confirm the fix worked by running `terraform plan` and ensuring there are no errors related to 'count' or dependencies. Additionally, verify that the IAM user and policies are created as expected in the AWS console.

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

terraformiacawsenhancementconfig