How to use code from terraform sibling directory

Question

I am trying to use specific code from sibling directories and I am having some trouble doing so. As an example, please see below for how my files are structured:

parents/
    brother/
        main.tf
        outputs.tf
        variables.tf
    sister/
        main.tf
        outputs.tf
        variables.tf

I want to use a definition that I created in brother/main.tf in sister/main.tf and I can't seem to figure out the right way to do so. I have tried to use modules:

module "brother" {
    source = "../brother"
}

Doing this works, but it doesn't. I am able to import and use the code, but for some reason terraform is creating a bunch of other resources with a new resource name, using the new module name (if that makes any sense). Essentially, it creates the desired resource, but also created 100+ other unwanted.

I can easily get this to work by putting the definition I want to use in the same sister directory, but that is not how I want to structure my files. What is the right way to do this? If I have an IAM role that is defined in brother, and I want to reference it in sister, how can I do that? Thanks in advance!

EDIT:

Current Code:

sister/main.tf

resource "aws_config_config_rule" "test-rule" {
  name = "test-rule"

  source {
    owner             = "AWS"
    source_identifier = "TEST"
  }

  depends_on = ["aws_config_configuration_recorder.config_configuration_recorder"]
}

resource "aws_config_configuration_recorder" "config_configuration_recorder" {
  name     = "config_configuration_recorder"
  role_arn = "${var.test_assume_role_arn}"
}

brother/main.tf

resource "aws_iam_role" "test_assume_role" {
    name               = "${var.test_assume_role_name}"
    path               = "/"
    assume_role_policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "config.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
POLICY
}

So basically, I want to be able to use the test_assume_role arn in the sister/main.tf.

Answer 1

When you require another module it will recreate those resources. It sounds like you want to reference the state of the already created resources. You can do this using remote state data source.

This allows you to read outputs of another state but doesn't create additional resources

data "terraform_remote_state" "brother" {
  backend = "..."
}

resource "aws_instance" "sister" {
  # ...
  subnet_id = "${data.terraform_remote_state.brother.my_output}"
}

Answer 2

An alternative to outputting an attribute of a resource to the Terraform state and reading it in with the terraform_remote_state data source would be to just use the appropriate data source for your resource in the first place where possible.

In this case you can use the aws_iam_role data source to look up the ARN for an IAM role by its name:

data "aws_iam_role" "example" {
  name = "an_example_role_name"
}