terraform-provider-aws: Modules inter-dependencies not resolving

Hi there,

I initially described this issue in one of the comments in https://github.com/hashicorp/terraform/issues/10462#issuecomment-313259912 but was asked by @apparentlymart to open a separate issue on that.

Below is an example of my problem. Basically, I have two modules, where input parameter to the second module is the output variable computed from the first module, and it does not look like the first module is created before the second module is tried to be instantiated.

So, here’s how my first module is defined which creates a security_group which it then exposes through its output variable below:

module "ecs_elb_security_group" {
  source = "git::ssh://<lib-repository-for-general-resources>//security_group?ref=feature/ecs_v2"

  name="nodify-elb"
  description="Security Group for ECS ELB"

  environment_name="${var.environment_name}"
  environment_type="${var.environment_type}"
  vpc_id="${var.vpc_id}"
}

output "id" {
  value = "${module.ecs_elb_security_group.id}"
}

And this is instantiation of another module which relies on the computed ecs_elb_security_group.id value from above:

module "ecs_elb" {
  source = "git::ssh://<lib-repository-for-general-resources>//classic_load_balancer?ref=feature/ecs_v2"

  environment_name="${var.environment_name}"
  environment_type="${var.environment_type}"

  elb_name="nodify-ecs"
  aws_region="${var.aws_region}"
  subnets="${var.ecs_elb_subnets}"

  //This will be internet facing service
  internal = false

  listeners = [
    {
      lb_port = "${var.nodify_elb_port}"
      lb_protocol = "tcp"
      instance_port = "${var.nodify_docker_host_port}"
      instance_protocol = "tcp"
    }
  ]

  healthcheck_target="HTTP:${var.nodify_elb_port}/"

  security_groups = "${module.ecs_elb_security_group.id}"
}

So, from above, ““${module.ecs_elb_security_group.id}”” value should already be computed when passed to security_groups of the “ecs_elb” module, but it’s not. I believe this does fall into the same realm as other use cases in this ticket? Terraform needs to be able to compute that “ecs_elb_security_group” module is a dependency to “ecs_elb” module and should already instantiate all resources for the “ecs_elb_security_group” before instantiating “ecs_elb” module.

Thanks.

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 6
  • Comments: 16 (4 by maintainers)

Most upvoted comments

Hi everyone 👋 Sorry for any frustration you have been running into.

Its probably worth starting off here that there are quite a few unrelated bugs reported here. Almost all of them at quick glance (including the original post) likely belong upstream in Terraform core so they can be properly identified and triaged. Terraform core handles dependency ordering, the configuration language itself (e.g. defining what a module actually is), and the generic resource handling of count, depends_on, and lifecycle configurations.

For anyone running into issues dealing with the lack of strong typing in Terraform 0.11 and below (e.g. should be a list errors), there are some upstream issues in Terraform core that track this updated handling and potentially are good references for trying to further track the fix for your situation:

For anyone specifically looking for information about module dependency handling, I would recommend tracking that in the original https://github.com/hashicorp/terraform/issues/10462

For anyone specifically getting the ECS does not have an associated load balancer error, I would recommend tracking that in https://github.com/terraform-providers/terraform-provider-aws/issues/3495

Since all of the above reports seem to be related to upstream code or issues with the exception of the ECS one, I am going to close this seemingly catch-all issue. If you do happen to have specific cases you would like investigated please feel free to open new issues upstream or here, with all the relevant details after checking to ensure there is not something similar open. 👍

The good news is that there are some large improvements coming in the next version of Terraform, Terraform 0.12, that should help alleviate at least some of these described issues. A high level sneak peek of some of the upcoming features/fixes can be found at: https://www.hashicorp.com/blog/terraform-0-1-2-preview

+2
bflad on Jul 3, 2018

Either a simple reproducer or another issue, but I ran into this passing a resource reference into a module and boiled it down to the simple resource file & module attached. In this case I’m creating an IAM policy resource and passing the ARN into a module that takes an array of roles. I get the error below when planning:

module.federated_myrole_support.aws_iam_role_policy_attachment.managed_attachment: aws_iam_role_policy_attachment.managed_attachment: value of 'count' cannot be computed

module_dependency_bug.zip

+1
mr-olson on Oct 24, 2017
Read more comments on GitHub
← terraform-provider-aws: Modify aws_db_instance and delete aws_db_parameter_group breaks
terraform-provider-aws: Not able to create lambda function with aws_lambda_function →