Why does terraform fail with "An argument named "flow_log_destination_type" is not expected here"?

Question

"While I am using terraform to create vpc flow log module to s3 bucket then its throwing errors like: An argument named "flow_log_destination_type" is not expected here. An argument named "flow_log_destination_arn" is not expected here. In the Terraform docs, I can see the details to be filled like log_destination_type & log_destination_arn, and I found some docs on GitHub that exactly says the same code but while trying it's not working for me

The following error produced:

Error: Unsupported argument

  on main.tf line 52, in module "vpc_with_flow_logs_s3_bucket":
  52:   flow_log_destination_type = "s3"

An argument named "flow_log_destination_type" is not expected here.


Error: Unsupported argument

  on main.tf line 53, in module "vpc_with_flow_logs_s3_bucket":
  53:   flow_log_destination_arn  = "${aws_s3_bucket.terra-test2-lifecycle.arn}"

An argument named "flow_log_destination_arn" is not expected here.


Error: Unsupported argument

  on main.tf line 55, in module "vpc_with_flow_logs_s3_bucket":
  55:   vpc_flow_log_tags = {

An argument named "vpc_flow_log_tags" is not expected here.

Where I am doing wrong?"

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "2.33.0"
  # Interpolated from the workspace
  name = "${terraform.workspace}"
  cidr = var.vpc_cidr

  azs             = var.vpc_azs
  private_subnets = var.vpc_private_subnets
  public_subnets  = var.vpc_public_subnets

  enable_nat_gateway = var.vpc_enable_nat_gw
  single_nat_gateway = var.vpc_single_nat_gw

  public_subnet_tags = {
    Name = "${terraform.workspace}-public"
  }

  private_subnet_tags = {
    Name = "${terraform.workspace}-private"
  }

  tags = {
    Name = "${terraform.workspace}"
  }

  vpc_tags = {
    owner       = "PEDevOps"
    environment = "${terraform.workspace}"
    version     = "0.0.1"
    managedby   = "Terraform"
  }
}

module "vpc_with_flow_logs_s3_bucket" {
  source = "../../"
  log_destination_type = "s3"
  log_destination_arn  = "${aws_s3_bucket.terra-test2-lifecycle.arn}"

  vpc_flow_log_tags = {
    Name = "vpc-flow-logs-s3-bucket"
  }

}

resource "aws_s3_bucket" "terra-test-lifecycle" {
  bucket = "terra-test-lifecycle"
  acl    = "private"

  lifecycle_rule {
    id      = "log"
    enabled = true

    prefix = "log/"

    tags = {
      "rule"      = "log"
      "autoclean" = "true"
    }

    transition {
      days          = 30
      storage_class = "STANDARD_IA" # or "ONEZONE_IA"
    }

    expiration {
      days = 60
    }
  }
  lifecycle_rule {
    id      = "tmp"
    prefix  = "tmp/"
    enabled = true

    expiration {
      date = "2020-06-06"
    }
  }
}

Why does terraform fail with "An argument named "flow_log_destination_type" is not expected here"?

Answer 1

The module at "../../" does not declare any of the log_destination_type, log_destination_arn, or vpc_flow_log_tags variables and Terraform considers it an error to assign to undeclared variables in a module block like this:

module "vpc_with_flow_logs_s3_bucket" {
  source = "../../"
  log_destination_type = "s3"
  log_destination_arn  = "${flow_log_destination_arn}"

  vpc_flow_log_tags = {
    Name = "vpc-flow-logs-s3-bucket"
  }
}

It's most likely that "../../" is the wrong source path for the vpc_with_flow_logs_s3_bucket module and you should fix that. If you are in the source path for the module where this module block is declared and you run cd ../../, do you end up in the directory with the vpc_with_flow_logs_s3_bucket Terraform code? If not, then source is set incorrectly and you need to fix it.

If "../../" is the correct path, then you should add the missing variable declarations.

variable "log_destination_type" {
    type = string
}

variable "log_destination_arb" {
    type = string
}

variable "vpc_flow_log_tags" {
    type = map(string)
}

Answer 2

This error occurs if you are passing a variable that module is not expecting.

For e.g.

module "vpc_with_flow_logs_s3_bucket" {
  source = "../../"
  log_destination_type = "s3"
  log_destination_arn  = "${flow_log_destination_arn}"

  vpc_flow_log_tags = {
    Name = "vpc-flow-logs-s3-bucket"
  }

}

If you specify this it will throw an error if the variable flow_log_destination_arn is defined in main.tf and not in variables.tf

source: ../../vpc_with_flow_logs_s3_bucket/main.tf

resource "aws_flow_log" "example" {
  iam_role_arn    = "${aws_iam_role.example.arn}"
  log_destination = "${aws_cloudwatch_log_group.example.arn}"
  traffic_type    = "ALL"
  vpc_id          = "${aws_vpc.example.id}"
}