How to reference a resource created in one file in another file in terraform

Question

terraform/env/res/main.tf:

resource "aws_security_group" "allow_all" {
  name        = "allow_all"
  description = "Allow all inbound traffic"
  vpc_id      = "${aws_vpc.main.id}"

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
  }
} 
   

terraform/mod/sec/main.tf:

resource aws_elb "elb" { 
  name = "elb-example"
  subnets         = ["${data.aws_subnet_ids.all.ids}"]
  security_groups = ["${aws_security_group.allow_all.id}"] # SG 
  internal        = false
  listener = [
    {
      instance_port     = "80"
      instance_protocol = "HTTP"
      lb_port           = "80"
      lb_protocol       = "HTTP"
    },
    {
      instance_port     = "8080"
      instance_protocol = "HTTP"
      lb_port           = "8080"
      lb_protocol       = "HTTP"
    },
  ]

  health_check = [
    {
      target              = "HTTP:80/"
      interval            = 30
      healthy_threshold   = 2
      unhealthy_threshold = 2
      timeout             = 5
    },
  ]
  access_logs = [
    {
      bucket = "my-access-logs-bucket"
    },
  ]
  lifecycle {
    prevent_destroy = true
  }
}

Running into error undefined variable aws_security_group.allow_all in variable aws_security_group.allow_all_id.

Also, is it possible to verify a string and add an additional security group? Ternary conditional is what I can think of. Can you suggest any other alternatives?

Answer 1

It looks like you have two modules, one is terraform/mod/sec and the other is terraform/env/res. The former defines an aws_security_group resource and the latter uses that security group id to create a aws_elb resource.

I'm assuming you're running terraform from the res directory which is incorrect. Instead what should be done is output the security group id in the res module

output "sg_id" {
  value = aws_security_group.allow_all.id
}

and then reference the res module within the sec module.

module "res" {
  source = "../../env/res"

  # ... additional inputs
}

resource "aws_lb" "default" {
  name            = "lb-example"
  subnets         = [data.aws_subnet_ids.all.ids]
  security_groups = [module.res.sg_id] # uses the module output to insert SG
  internal        = false

  listener = [
    # ...
  ]

  # ... additional inputs
}

Then this can be run

cd terraform/mod/sec
terraform init
terraform plan

and that should apply the new security group in the res module which outputs the security group id using sg_id, which is then used by the sec module as an input to the aws_lb resource.