Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Terraform - Resource not found for variable despite having it declared in the same file

Terraform can't find a resource which is declared in the same file where the reference is.

It seems that this line is causing trouble: role_arn = "${aws_iam_role.newsapi_lambda_codepipeline.arn}". It can't find newsapi_lambda_codepipeline which is declared as resource "aws_iam_role" "newsapi_lambda_codepipeline" { ... }.

This is my main.tf:

resource "aws_s3_bucket" "newsapi_lambda_builds" {
  bucket = "newsapi-lambda-builds"
  acl    = "private"
}

resource "aws_iam_role" "newsapi_lambda_codebuild" {
  name = "newsapi-lambda-codebuild"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:GetBucketVersioning"
      ],
      "Resource": "arn:aws:s3:::newsapi_lambda_builds",
      "Effect": "Allow"
    },
    {
      "Action": [
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::newsapi_lambda_builds"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "lambda:invokefunction",
        "lambda:listfunctions"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Effect": "Allow",
      "Resource": [
        "*"
      ],
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ]
    }
  ]
}
EOF
}
resource "aws_iam_role" "newsapi_lambda_codepipeline" {
  name = "newsapi-lambda-codepipeline"

  assume_role_policy = <<EOF
{
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codepipeline.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:GetBucketVersioning"
      ],
      "Resource": "${aws_s3_bucket.newsapi_lambda_builds.arn}",
      "Resource": "${aws_s3_bucket.newsapi_lambda_builds.arn}/*"
      "Effect": "Allow"
    },
    {
      "Action": [
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::newsapi_lambda_builds"
      ],
      "Effect": "Allow"
    },
    {
      "Effect": "Allow",
      "Action": [
        "codebuild:BatchGetBuilds",
        "codebuild:StartBuild"
      ],
      "Resource": "*"
    }
  ],
  "Version": "2012-10-17"
}
EOF
}


resource "aws_codepipeline" "newsapi_lambda" {
  name     = "newsapi-lambda"
  role_arn = "${aws_iam_role.newsapi_lambda_codepipeline.arn}"

  artifact_store {
    location = "${aws_s3_bucket.newsapi_lambda_builds.bucket}"
    type     = "S3"
  }

  stage {
    name = "Source"

    action {
      name             = "Source"
      category         = "Source"
      owner            = "ThirdParty"
      provider         = "GitHub"
      version          = "1"
      output_artifacts = ["newsapi_lambda"]

      configuration {
        Owner      = "Defozo"
        Repo       = "traceitfor.me_newsapi_lambda"
        Branch     = "master"
      }
    }
  }

  stage {
    name = "Build"

    action {
      name            = "Build"
      category        = "Build"
      owner           = "AWS"
      provider        = "CodeBuild"
      input_artifacts = ["newsapi_lambda"]
      version         = "1"
      role_arn = "${aws_iam_role.newsapi_lambda_codebuild.arn}"

      configuration {
        ProjectName = "newsapi-lambda"
      }
    }
  }
}

After executing terraform apply I get:

Error: Error running plan: 1 error(s) occurred:

* aws_codepipeline.newsapi_lambda: 1 error(s) occurred:

* aws_codepipeline.newsapi_lambda: Resource 'aws_iam_role.newsapi_lambda_codepipeline' not found for variable 'aws_iam_role.newsapi_lambda_codepipeline.arn'

I don't understand why that happens. I have aws_iam_role.newsapi_lambda_codepipeline declared, haven't I?

like image 265
Defozo Avatar asked Mar 21 '18 11:03

Defozo


People also ask

Does Terraform recreate resource every time?

my_meta_data, Terraform picks it up as a value change on the description field, which forcefully destroys and then recreates the development-workstation resource.

How do I stop Terraform destroying resources?

To prevent destroy operations for specific resources, you can add the prevent_destroy attribute to your resource definition. This lifecycle option prevents Terraform from accidentally removing critical resources. Add prevent_destroy to your EC2 instance. Run terraform destroy to observe the behavior.

What is the difference between module and resources in Terraform?

Using modules in terraform is similar to using resources except we use module clause for modules instead of resource clause. In modules, we only specify a name, which is used elsewhere in the configuration to reference module outputs. Source parameter is a required field for modules.

Does Terraform recreate resources?

During planning, by default Terraform retrieves the latest state of each existing object and compares it with the current configuration, planning actions only against objects whose current state does not match the configuration.


1 Answers

For those experiencing an issue with aws_ecs_task_definition not finding a variable for the aws_ecs_task_definition.XXX.arn, there's a good chance your JSON came out malformed. Here's what I did to remedy my issue

  • Replace your line with task_definition = "[]"
  • Run terraform plan

At this point you should get an error. For example, I got

module.tf.aws_ecs_task_definition.sandbox: ECS Task Definition container_definitions is invalid: Error decoding JSON: json: cannot unmarshal string into Go struct field ContainerDefinition.MemoryReservation of type int64

In this case, I had quoted memSize in my template_file and it didn't implicitly convert to int64, hence an error.

I changed "memoryReservation": "${mem_size}" to "memoryReservation": ${mem_size}, removed the task_definition placeholder, and everything went smoothly.

like image 160
wonton Avatar answered Oct 08 '22 00:10

wonton