Terraform - azurerm_frontdoor_custom_https_configuration - 'the given key does not identify an element in this collection value'

Question

• this code has worked before, all I'm trying to do is add new frontend endpoints, routing rules, backend pools
• I've tried only sharing the code snippets that I think are relevant but let me know if there's some key info you need missing

This one has stumped me for a couple days now and no matter what I've tried I cannot seem to make sense of the error. Its like its indexing out of the variable or searching for something that isn't there but there are something like 6 already there and now I'm adding another.

I'm worried that this front door code has not been ran in awhile and something has gotten screwed up in state. Especially given all the alerts on the accompanying TF docs for this resource - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/frontdoor_custom_https_configuration

Its been quite awhile but the AzureRM version has gone through several updates - possibly from previous to 2.58 to now past 2.58. I guess I also don't know how to verify/look at the state file and ensure its correct - even looking at the 2.58 upgrade notes its just confusing.

Ideas?

The error

on ..\modules\frontdoor\main.tf line 129, in resource "azurerm_frontdoor_custom_https_configuration" "https_config":
 129:   frontend_endpoint_id              = azurerm_frontdoor.main.frontend_endpoints[each.value]
    |----------------
    | azurerm_frontdoor.main.frontend_endpoints is map of string with 8 elements
    | each.value is "www-sell-dev-contoso-com"

The given key does not identify an element in this collection value.

main.tf

provider "azurerm" {
  features {}
}
terraform {
  backend "azurerm" {
  }
}

#the outputs.tf on this module output things like the frontdoor_endpoints
#the outputs.tf with main.tf also output similar values

module "coreInfraFrontDoor" {
  source                                       = "../modules/frontdoor"
  resource_group_name                          = module.coreInfraResourceGroup.resource_group_name
  frontdoor_name                               = "fd-infra-${terraform.workspace}-001"
  enforce_backend_pools_certificate_name_check = lookup(var.enforce_backend_pools_certificate_name_check, terraform.workspace)
  log_analytics_workspace_id                   = module.coreInfraLogAnalytics.log_analytics_workspace_id
  tags                                         = local.common_tags
  health_probes                                = lookup(var.health_probes, terraform.workspace)
  routing_rules                                = lookup(var.routing_rules, terraform.workspace)
  backend_pools                                = lookup(var.backend_pools, terraform.workspace)
  frontend_endpoints                           = lookup(var.frontend_endpoints, terraform.workspace)
  prestage_frontend_endpoints                  = lookup(var.prestage_frontend_endpoints, terraform.workspace)
  frontdoor_firewall_policy_name               = "fdfwp${terraform.workspace}001"
  frontdoor_firewall_prestage_policy_name      = "fdfwp${terraform.workspace}prestage"
  mode                                         = lookup(var.mode, terraform.workspace)
  ip_whitelist_enable                          = lookup(var.ip_whitelist_enable, terraform.workspace)
  ip_whitelist                                 = lookup(var.ip_whitelist, terraform.workspace)
  key_vault_id                                 = module.coreInfraKeyVault.id
}

module main.tf

resource "azurerm_frontdoor" "main" {
  name                                         = var.frontdoor_name
  location                                     = "global"
  resource_group_name                          = var.resource_group_name
  enforce_backend_pools_certificate_name_check = var.enforce_backend_pools_certificate_name_check
  tags                                         = var.tags

dynamic "routing_rule {#stuff is here obv}
dynamic "backend_pool {#also here}

#i think this is because there was an issue/needs to be some default value for the first endpoint?
frontend_endpoint {
    name                                    = var.frontdoor_name
    host_name                               = "${var.frontdoor_name}.azurefd.net"
    web_application_firewall_policy_link_id = azurerm_frontdoor_firewall_policy.main.id
  }

#now the dynamic ones from vars
dynamic "frontend_endpoint" {
    for_each = var.frontend_endpoints
    content {
      name                                    = frontend_endpoint.value.name
      host_name                               = frontend_endpoint.value.host_name
      session_affinity_enabled                = lookup(frontend_endpoint.value, "session_affinity_enabled", false)
      web_application_firewall_policy_link_id = azurerm_frontdoor_firewall_policy.main.id
    }
  }

versions.tf

terraform {
  required_version = "~> 0.14.7"
  required_providers {
    azurerm = "~>2.72.0"
  }
}

variables.tf

variable "frontend_endpoints" {
  type        = map(any)
  description = "List of frontend (custom) endpoints. This is in addition to the <frontend_name>.azurefd.net endpoint that this module creates by default."

  default = {
    dev = [
      {
        name         = "dev-search-contoso-com"
        host_name    = "dev.search.contoso.com"
      },
      {
        name         = "dev-cool-contoso-com"
        host_name    = "dev.cool.contoso.com"
      },
      ########################
      #this is new below
      ########################
      {
        name         = "dev-sell-contoso-com"
        host_name    = "dev.sell.contoso.com"
      }
   ]
   prod = [ #you get the idea ]
  }