New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error: module : provider alias must be defined by the module: #18682
Comments
This issue has been automatically migrated to hashicorp/terraform-provider-aws#5560 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to hashicorp/terraform-provider-aws#5560. |
Reopening as this issue does not look specific to the AWS provider or its resources. This other issue about provider aliases within modules may provide some clues here (unless the interpolation within the |
@Xtigyro out of curiosity, does the |
Hi @Xtigyro, This error is just a confusing way of saying that your string is not a valid provider address, because interpolations are not supported in this context. Terraform needs to know which provider will handle each resource very early on because the provider defines the schema and validation rules for the block and handles the planning step. Without seeing the definition of |
I've come up against the same limitation. I'm curious why this couldn't work in a similar fix that solved how "count" used to work. Essentially, allow interpolation as long as the
Things like creating instances in two regions currently requires double the code because I cant do like above. |
Another use case is setting up cross-account roles like
|
I've also come across this limitation. @apparentlymart Let me tell you about my use case:
What we are trying to do is use the "assume_role" block in the AWS provider so that we can "smartly" switch between IAM Roles depending on the environment (prod/test). This is a very silly example of something that fails to work:
However, if i replace
with
Terraform run will go through |
I'm running into this right now as well. My problem is that, for some time, we will need to be running Terraform directly using shared credentials/profiles, but the long term goal is to have it run by a Jenkins worker which uses an assumed role. With things as they are, we're going to have to put a pretty nasty workaround in place for a while; perhaps maintaining a separate branch for CD or setting the credentials environment variables manually in the container before the TF runs (assuming that will work). |
The use case I'm running into is one where I'm leveraging the MS distributed subscription model. At Ignite this year, they recommended using lots of subscriptions. Subscriptions are tied to providers. I don't mind setting up individual providers and passing that data into modules, but defining separate modules for the same thing (eg Resource Groups which may be created in several different subscriptions during the same TF run) so that the providers can be hard coded seems REALLY bad. Is this recognized as an issue and, if so, is there a plan against resolution? Thanks! |
+1 Same issue here ... |
+1 Same issue here. We are creating Direct Connect VIF's using Terraform. It needs to be able to provision resources in multiple accounts. I can do, it, but not using modules, which leads to duplicated code. |
Hi all! Sorry for the lack of response here, and thanks for sharing your use-cases. The intended way to create a region-agnostic module is to write it with no Let's use a hypothetical "aws_vpc" module as an example, and set up a similar VPC configuration across two regions: provider "aws" {
alias = "usw1"
region = "us-west-1"
}
provider "aws" {
alias = "use1"
region = "us-east-1"
}
module "vpc_west" {
source = "./aws_vpc"
cidr_block = "10.1.0.0/16"
providers = {
"aws" = "aws.usw1"
}
}
module "vpc_east" {
source = "./aws_vpc"
cidr_block = "10.2.0.0/16"
providers = {
"aws" = "aws.use1"
}
} This single variable "cidr_block" {}
resource "aws_vpc" "main" {
cidr_block = "${var.cidr_block}"
}
# ... and any other related resources, such as subnets. When this configuration is applied altogether, Terraform will ensure that the default Although I showed a multi-region example here, the same can be done for multiple accounts or any other provider-level setting. The constraint motivating this design is that the relationships between resources and their providers must be determined during graph construction, and expressions can only be evaluated after graph construction, during the graph walk. This mechanism for passing providers between modules is a compromise to ensure that all of the providers can be resolved statically (during graph construction) without hard-coding particular provider settings into every resource. There are more details on this in the configuration section Providers Within Modules. This section of the documentation is planned to get an overhaul for the forthcoming v0.12 release to describe specific patterns for applying modules, rather than just describing technically how they operate as it does today. (This revision will also correct the outdated claim in those docs that a proxy |
I think the term "module" is confusing the issue. Martin, I believe everyone is talking about the inability to use even simple interpolation in the provider declaration. Simple conditionals based on values that are clearly known at plan should work. A little over a year ago, you couldn't include interpolations in "count", for the same reason. "Expressions could only be evaluated after graph construction." However, this was changed. Count can now include interpolation as long as its based on values "known at plan". Why cant the same logic be applied the provider reference? It would allow for much more dynamic execution.
|
The situation with the |
Hi @apparentlymart , Can we get this added as an enhancement request? Is there a way to add another construct before graph to handle providers? This seems to be a very reasonable use case. Terraform Version
Terraform Configuration Files
or
Expected BehaviorI have a use case to pass n number of regions per aws account (profile) to manage different counts of total regions. One account may only need 2 regions, but other accounts may need 6. Being able to manage all regions in one state resolves tiered dependance on global AWS resources with regional ones. Actual behavior
or
|
Terraform Version
Terraform Configuration Files
Expected Behavior
The correct provider should have been chosen - either "aws.stg" or "aws.prd".
Actual Behavior
It crashes out with the error:
Error: module : provider alias must be defined by the module: ${contains( replace(split(",", var.hosted_zones_stg), "\\.$", ""), replace(lookup(local.dvo[count.index], "domain_name"), "*.", "") ) ? "aws.stg" : "aws.prd"}
Steps to Reproduce
terraform init
The text was updated successfully, but these errors were encountered: