terraform-aws-tfstate-backend Using this module without without specifying an external context label module generates invalid resource names

Using this module without without specifying an external context label module generates invalid resource names

Open thiagoalmeidasa opened this issue 3 years ago • 0 comments

Found a bug? Maybe our Slack Community can help.

Describe the Bug

When creating buckets with replication without specifying an external context label variable (note it's not mandatory on this module), like this:

data "aws_caller_identity" "current" {}

locals {
  default_tags = {
    "omd_environment" : var.environment,
    "creator_arn" : data.aws_caller_identity.current.arn,
  }
}

module "terraform_state_backend" {
  source  = "cloudposse/tfstate-backend/aws"
  version = "v0.38.1"

  providers = {
    aws = aws.one
  }

  s3_bucket_name                = var.bucket_name
  dynamodb_table_name           = var.dynamodb_table_name
  dynamodb_enabled              = true
  enable_server_side_encryption = true
  billing_mode                  = "PAY_PER_REQUEST"

  force_destroy          = true
  s3_replication_enabled = true
  s3_replica_bucket_arn  = module.terraform_state_backend_replication.s3_bucket_arn
  tags                   = local.default_tags

}

module "terraform_state_backend_replication" {
  source  = "cloudposse/tfstate-backend/aws"
  version = "v0.38.1"

  providers = {
    aws = aws.other
  }

  s3_bucket_name   = "${var.bucket_name}-replica"
  force_destroy    = true
  dynamodb_enabled = false
  tags             = local.default_tags

}

some resource names are being evaluated to invalid strings:

iam role name gets evaluated to an invalid string:

  + resource "aws_iam_role" "replication" {
      + arn                   = (known after apply)
...
      + name                  = "-replication"
...
    }

iam policy gets evaluated to invalid string :

  + resource "aws_iam_policy" "replication" {
...
      + name      = "-replication"
...
    }

replication rule id gets an empty value:

  dynamic "replication_configuration" {
    for_each = var.s3_replication_enabled ? toset([var.s3_replica_bucket_arn]) : []
    content {
      role = aws_iam_role.replication[0].arn

      rules {
        id     = module.this.id
        ...

Expected Behavior

Replication resource names use the same logic as the bucket name:

  bucket_name = var.s3_bucket_name != "" ? var.s3_bucket_name : module.this.id

iam role name use the same logic as bucket name.
iam policy use the same logic as bucket name.
replication rule id use the same logic as bucket name.

Nov 23 '21 14:11 thiagoalmeidasa

terraform-aws-tfstate-backend terraform-aws-tfstate-backend copied to clipboard

Using this module without without specifying an external context label module generates invalid resource names

Describe the Bug

Expected Behavior

terraform-aws-tfstate-backend
terraform-aws-tfstate-backend copied to clipboard