Terraform aws_iam_role_policy_attachment

Question

我有些說我有不同的政策，從而沿着角色，我並不想綁在一起，他們說：

#Role that gets created in in identity account that okta uses to map AD groups to Roles in AWS 
resource "aws_iam_role" "create_identity_role" { 
    count = "${length(var.team_name)}" 
    name = "${lookup(var.identity_role_name,element(var.team_name, count.index))}" 
    assume_role_policy = "${data.aws_iam_policy_document.trustokta.json}" 
} 

#Role that gets created in each of the accounts that will determine what it is a user will be able to do inside AWS 
resource "aws_iam_role" "create_assume_role" { 
    count = "${length(var.team_name)}" 
    name = "${lookup(var.assume_role_name,element(var.team_name, count.index))}" 
    assume_role_policy = "${data.aws_iam_policy_document.trustawsaccount.json}" 
} 

#Policy that gets created in the identity account which tells AWS which role to assume in a different account 
resource "aws_iam_policy" "create_assume_policy" { 
    count = "${length(var.team_name)}" 
    name = "${lookup(var.assume_role_name,element(var.team_name, count.index))}" 
    policy = "${data.template_file.network_assume.rendered}" 
} 

#Tie my role and polocies together 
resource "aws_iam_role_policy_attachment" "attach_assume_policy" { 
    count = "${length(var.team_name)}" 
    role = "${lookup(var.assume_role_name,element(var.team_name, count.index))}" 
    policy_arn = "${element(aws_iam_policy.create_assume_policy.arn, count.index)}" 
} 

我來跨越的問題是，當政策開始附着本身是一個角色，我不太確定我知道什麼變量應該通過policy_arn到最終資源中，以便它在它之前的資源中創建的每個策略都迭代。在terraform計劃

錯誤：

Answer 1

發現問題，與使用圖示解析：

#Tie my role and polocies together 
resource "aws_iam_role_policy_attachment" "attach_assume_policy" { 
    count = "${length(var.team_name)}" 
    role = "${lookup(var.assume_role_name,element(var.team_name, count.index))}" 
    policy_arn = "${element(aws_iam_policy.create_assume_policy.*.arn, count.index)}" 
}