New Cyclical references

[PaulG77]

I have a terraform solution which consists of: -

• Cognito
• Cloudfront
• APIGateway
• s3 bucket website

The S3 bucket website and api gateway sit on cloudfront using the cloudfront module: _

    s3_oac = {
      domain_name = "${module.test.s3_bucket_website_endpoint}"

.... and ...

    apigateway = {
      domain_name = "${module.api_gateway.stage_domain_name}" 
    //previously  domain_name = ${module.api_gateway.default_apigatewayv2_stage_domain_name}"

Meanwhile the callback Urls used in the cognito resource are configured with the following callback URLs: -

  callback_urls = [
    format("https://%s/Authentication",module.cdn.cloudfront_distribution_domain_name )]
  logout_urls   = [
    format("https://%s/Logout",module.cdn.cloudfront_distribution_domain_name )]

Finally API gateway using this module references cognitio: -

  authorizers = {
    "cognito" = {
      authorizer_type  = "JWT"
      identity_sources = ["$request.header.Authorization"]
      name             = "Cognito"
      jwt_configuration = {
        audience         =  [resource.aws_cognito_user_pool_client.test.id]
        issuer           = "https://${resource.aws_cognito_user_pool.test.endpoint}"
      }
    }
  }

This all worked in the previous version of the module. However, with version 5, I'm now getting a circular reference as below: -

│ Error: Cycle: module.api_gateway.aws_apigatewayv2_route_response.this, module.api_gateway.aws_apigatewayv2_deployment.this, module.cdn.output.cloudfront_distribution_domain_name (expand), aws_cognito_user_pool_client.test, module.api_gateway.cognito (expand), module.api_gateway.aws_apigatewayv2_authorizer.this, module.api_gateway.aws_apigatewayv2_route.this, module.api_gateway.aws_apigatewayv2_stage.this, module.api_gateway.output.stage_domain_name (expand), module.cdn.var.origin (expand), module.cdn.aws_cloudfront_distribution.this

[carpusherw]

I also bumped into the cycle error although with different resources. It happens to be that I didn't update all the output references. You could double check if that's also the case for you. Please reference https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/blob/v5.0.0/UPGRADE-5.0.md#variable-and-output-changes

[dlleu]

Cycle errors also happen between for example an api gw and a lambda. I created a separate aws_lambda_permission resource.

[bryantbiggs]

Cycle errors also happen between for example an api gw and a lambda. I created a separate aws_lambda_permission resource.

Care to demonstrate?

[dlleu]

Absolutely.

This: https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/blob/master/examples/complete-http/main.tf#L290

Coupled with this: https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/blob/master/examples/complete-http/main.tf#L101

Will result in a Cycle error in terraform.

I created a separate resource resource "aws_lambda_permission" "apigw_lambda" { in which I give the permission and that worked just fine.

[bryantbiggs]

I don't follow - that example works without issue

[dlleu]

Cool, for me it didn't even pass terraform validate. TF version 1.9.1. It was not the exact example but purely an API gw (using this module) that was referring to the lambda for its integration and the lambda (using the lambda module from the same suite) that was referring to the API gateway for its invocation rights.

[bryantbiggs]

I just re-deployed https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/tree/master/examples/complete-http without issue so closing out this issue. if someone has a reproduction that shows a cyclical error then we can take a look

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.