Terraform chicken/egg problem using aws_vpc data source in root module

Question

I have a root Terraform module that declares a VPC module and other modules such as an EC2 instance that is to launch in the VPC.

In the EC2 module, I read the VPC using the aws_vpc type:

data "aws_vpc" "vpc" {
  filter {
    name  = "tag:Name"
    values = [var.name_tag]
  }
}

Now this works fine if I declare the modules independently.

But when declaring a root module that declares these other modules separately, I get this failure:

▶ terraform apply
module.cloudwatch.data.aws_ami.ami: Refreshing state...
module.backend.data.aws_vpc.vpc: Refreshing state...
module.backend.data.aws_ami.ami: Refreshing state...

Error: no matching VPC found

  on .terraform/modules/backend/main.tf line 1, in data "aws_vpc" "vpc":
   1: data "aws_vpc" "vpc" {

So there is a chicken/egg problem here.

I am confused. How can this ever work? If a root module cannot both declare a VPC and then use the aws_vpc data source later to read it into other modules, what is the use of these data sources? I would appreciate advice on the best practice here. Should I simply not use aws_vpc and instead read in the VPC ID as an output elsewhere?

Answer 1

To me this sounds like you are declaring both a resource like

resource "aws_vpc" "example" {}

AND data-provider like

data "aws_vpc" "example" {}

in order to access something from the data like data.aws_vpc.example.arn. This is not needed and in fact is causing your error. If both is in the same terraform state, you can simply drop the data "aws_vpc" "example" {} and refer to the resource by e.g. resource.aws_vpc.example.arn.

The data provider is actually only needed in cases in which you are referring to a resource that is created somewhere else like something created manually, by a different provisioning engine (or also by terraform, but in a different layer).