Cannot pass default acl ID from vpc module

[ekristen]

trafficstars

Found a bug? Maybe our Slack Community can help.

Describe the Bug

Even though the variable private_network_acl_id exists, if you pass it from the vpc module you get a count error

Error: Invalid count argument

  on .terraform/modules/dev_subnets/private.tf line 56, in resource "aws_network_acl" "private":
  56:   count      = module.this.enabled && var.type == "private" && signum(length(var.private_network_acl_id)) == 0 ? 1 : 0

The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the count depends on.

Expected Behavior

I would expect to be able to pass the acl reference down. Perhaps this is a limitation in terraform?

[syh-rapha]

Weird thing is that this variable private_network_acl_id acts as a boolean rather than an actual configuration that will be done, that is: associate the given network acl to the subnet. I also couldn't find a terraform resource that can perform such action. There's a CloudFormation Template tho. The name of this variable should probably change to something like: create_network_acl and be a boolean.

Update: Indeed, as per this issue, it seems there's no resource to perform such. So I really think we should update the variable name/description to avoid confusion.