Solving resource dependency in Terraform

Question

I'm new to Terraform and I'm trying to create an AWS SNS topic and subscription. My code looks like the following:

provider "aws" {
  region = "${var.aws_region}"
}

resource "aws_sns_topic" "sns_my_topic" {
  name = "${var.sns_topic_name}"
}

resource "aws_sns_topic_subscription" "code_commit_notification" {
  depends_on  = ["${aws_sns_topic.sns_my_topic}"]

  topic_arn   = "${aws_sns_topic.sns_my_topic.arn}"
  protocol    = "email"    
  endpoint    = "${var.sns_subscribe_endpoint}"
}

However, I get the following error output when running terraform apply:

Error: aws_sns_topic_subscription.code_commit_notification: resource depends on non-existent resource '${aws_sns_topic.sns_my_topic}'

I was receiving the same error before adding the depends on block above as well (and also moved it out of a module after reading https://github.com/hashicorp/terraform/issues/10462). What is the proper way to get Terraform to process these?

Answer 1

As mentioned in the comments, this looks like a syntax issue.

It should be:

resource "aws_sns_topic_subscription" "code_commit_notification" {
  depends_on  = ["aws_sns_topic.sns_my_topic"]

  ...
}

The depends_on syntax is a little different from the rest and does not require ${} brackets around the referenced resource variables. It is still a little strange to me that you are receiving the same error without depends_on.

Answer 2

I didn't spot it at first but email is not supported as a protocol for SNS in Terraform because it requires out of band acceptance of the subscription before an ARN is available.

This is mentioned in the docs:

Unsupported protocols include the following:

• email -- delivery of message via SMTP
• email-json -- delivery of JSON-encoded message via SMTP

These are unsupported because the endpoint needs to be authorized and does not generate an ARN until the target email address has been validated. This breaks the Terraform model and as a result are not currently supported.

The error message you are showing in your question is down to using the wrong syntax as pointed out in @fishi's answer but your longer term problem will be down to the lack of email SNS subscription support (and likely the cause of a different error before you used the wrong depends_on syntax. As an aside, you also definitely don't need the depends_on because you have an implicit dependency between the resources that is already created because you refer to the aws_sns_topic resource in the aws_sns_topic_subscription resource.

When I plan the code in your question without the depends_on I get the following error instead which is much clearer:

Error: aws_sns_topic_subscription.code_commit_notification: Unsupported protocol (email) for SNS Topic