terraform validate error: The argument "region" is required, but was not set

Question

I wrote a custom RDS module for my development team to consume for deploying RDS instances. I am using BitBucket for source control and I am trying to integrate a BitBucket pipeline to run terraform validate on my .tf files to validate syntax before making it consumable to the devs.terraform init runs fine but when I run terraform validate I get the following error: Error: Missing required argument. The argument "region" is required, but was not set. After looking at the documentation, I am confused why this command would check for a declared provider if it is not actually deploying anything? I am admittedly new to writing modules. Perhaps this isn't the right command for what I want to accomplish?

Terraform version: v0.12.7

AWS Provider version: 2.24

bitbucket-pipelines.yml:

image: hashicorp/terraform:full

pipelines:
  branches:
    master:
    - step:
        script:
          - terraform version
          - terraform init
          - terraform validate

Module tree:

├── CHANGELOG.md
├── README.md
├── bitbucket-pipelines.yml
├── main.tf
├── modules
│   ├── db_instance
│   │   ├── README.md
│   │   ├── main.tf
│   │   ├── outputs.tf
│   │   └── variables.tf
│   ├── db_option_group
│   │   ├── README.md
│   │   ├── main.tf
│   │   ├── outputs.tf
│   │   └── variables.tf
│   ├── db_parameter_group
│   │   ├── README.md
│   │   ├── main.tf
│   │   ├── outputs.tf
│   │   └── variables.tf
│   └── db_subnet_group
│       ├── README.md
│       ├── main.tf
│       ├── outputs.tf
│       └── variables.tf
├── outputs.tf
└── variables.tf

Answer 1

I have run into the same problem even though I have provided region to my provider configuration.

After some digging I have come across this thread from terraform's discussion board. The problem it seems is that for some undocumented reason, terraform expects AWS_DEFAULT_REGION environment variable to be set to a region value (eg. "us-west-1"). Setting it to a valid region has solved this problem for me.

You can find more information about setting environment variables for Terraform here.

Hope it helps your problem.

Answer 2

The situation you've hit here is the bug described in Terraform issue #21408, where validation is checking that the provider configuration is complete even though you're intending to write a module that will inherit a provider.

There are two main workarounds for this at the time of writing. The easiest one-shot workaround is to set the environment variable AWS_DEFAULT_REGION to any valid AWS region then it should be used as a value for region and allow validation to pass.

To make that reproducible, you can use a test configuration which can serve a test bed for the module when you are developing it alone, outside the context of a particular caller. To do this, make a directory tests/simple (or really anything you like; the name doesn't matter) and put in it a test.tf file containing something like this:

provider "aws" {
  region = "us-east-1"
}

module "under_test" {
  source = "../.."

  # Any arguments the module requires
}

You can then switch into that test directory and use the normal Terraform workflow to validate the whole configuration together:

cd tests/simple
terraform init
terraform validate

A nice benefit of this general idea of test configurations is that you can potentially also use them for end-to-end testing by running terraform plan or terraform apply with a suitable set of environment variables set, and you can have multiple test configurations to test different permutations of options and make sure they all pass validation and, if you do end-to-end testing, that they all work.

Even once that Terraform issue is fixed, test configurations will remain a nice technique for ensuring that your module works as a child module, separately from whether it's valid in isolation.

Answer 3

One or more of your TF resources has no region configured. To handle this without the AWS_DEFAULT_REGION env variable or if you have multiple regions, you can use provider aliases in your resources to specify your region. For example:

provider "aws" {
  region = "us-east-1"
  alias  = "us"
}
...
resource "aws_cloudwatch_log_metric_filter" "hk_DBrecoverymode-UAT" {
  provider       = aws.us
  ...
}