Search code examples
amazon-web-servicesaws-lambdaterraformterraform-provider-aws

Why is terraform saying my required variable is not defined?

TF project:

  • main.tf
  • inputs.tf

The contents are: main.tf

locals {
  common_tags = {
    SECRET_MGR_HOST = "${var.SECRET_MGR_HOST}",
    SECRET_MGR_SAFE = "${var.SECRET_MGR_SAFE}",
    SECRET_MGR_SECRET_KEY_NAME = "${var.SECRET_MGR_SECRET_KEY_NAME}",
    SECRET_MGR_USER_NAME = "${var.SECRET_MGR_USER_NAME}",
    LOGON_URL = "${var.LOGON_URL}",
    PLATFORM_SECRET_NAME = "${var.PLATFORM_SECRET_NAME}"
  }
  vpc_config_vars = {
    subnet_ids = "${var.SUBNET_IDS}",
    security_group_ids = "${var.SECURITY_GROUP_IDS}"
  }
}


module "lambda" {
    source = "git::https://corpsource.io/corp-cloud-platform-team/corpcloudv2/terraform/lambda-modules.git?ref=dev" 
    lambda_name = var.name
    lambda_role = "arn:aws:iam::${var.ACCOUNT}:role/${var.lambda_role}"
    lambda_handler = var.handler
    lambda_runtime = var.runtime
    default_lambda_timeout = var.timeout
    ACCOUNT = var.ACCOUNT
    vpc_config_vars = merge(
      local.vpc_config_vars
    )
    env = merge(
        local.common_tags,
        { DEFAULT_ROLE = "corp-platform" }
    )
}


module "lambda_iam" {
    source = "git::https://corpsource.io/corp-cloud-platform-team/corpcloudv2/terraform/iam-modules/lambda-iam.git?ref=dev" 
    lambda_policy = var.lambda_policy
    ACCOUNT = var.ACCOUNT
    lambda_role = var.lambda_role
}

and inputs.tf

variable "handler" {
  type = string
  default = "handler.lambda_handler"
}

variable "runtime" {
  type = string
  default = "python3.8"
}

variable "name" {
  type = string
  default = "create-SECRET_MGR-entry"
}

variable "timeout"{
    type = string
    default = "120"
}

variable "lambda_role" {
  type = string
  default = "create-SECRET_MGR-entry-role"
}

variable "ACCOUNT" {
  type = string
  default = ""
}

variable "SECRET_MGR_HOST" {
  type = string
  default = ""
}

variable "SECRET_MGR_SAFE" {
  type = string
  default = ""
}

variable "SUBNET_IDS" {
  type = string
  default = ""
}

variable "subnet_ids" {
  type = string
  default = ""
}

variable "security_group_ids" {
  type = string
  default = ""
}

variable "SECURITY_GROUP_IDS" {
  type = string
  default = ""
}

variable "SECRET_MGR_SECRET_KEY_NAME" {
  type = string
  default = ""
}

variable "SECRET_MGR_USER_NAME" {
  type = string
  default = ""
}

variable "LOGON_URL" {
  type = string
  default = ""
}

variable "PLATFORM_SECRET_NAME" {
  type = string
  default = ""
}

variable "lambda_policy" {
  default = "{\"Version\": \"2012-10-17\",\"Statement\": [{\"Sid\":\"VisualEditor0\",\"Effect\":\"Allow\",\"Action\":[\"logs:CreateLogStream\",\"logs:CreateLogGroup\"],\"Resource\":\"*\"},{\"Sid\":\"UseKMSKey\",\"Effect\":\"Allow\",\"Action\":\"kms:Decrypt\",\"Resource\":\"*\"},{\"Sid\":\"GetSecret\",\"Effect\":\"Allow\",\"Action\":\"secretsmanager:GetSecretValue\",\"Resource\":\"*\"},{\"Sid\":\"ConnectToVPC\",\"Effect\":\"Allow\",\"Action\":[\"ec2:CreateNetworkInterface\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DeleteNetworkInterface\"],\"Resource\":\"*\"},{\"Sid\":\"VisualEditor1\",\"Effect\":\"Allow\",\"Action\":\"logs:PutLogEvents\",\"Resource\":\"*\"},{\"Effect\": \"Allow\",\"Action\": [\"logs:*\"],\"Resource\": \"arn:aws:logs:*:*:*\"},{\"Effect\": \"Allow\",\"Action\": [\"s3:GetObject\",\"s3:PutObject\"],\"Resource\": \"arn:aws:s3:::*\"}]}"
  
}

As you see, main.tf references a module in another project referenced via source argument. The structure of the module project is also:

  • main.tf
  • inputs.tf

main.tf

data "archive_file" "lambda_handler" {
  type        = "zip"
  output_path = "lambda_package.zip"
  source_dir  = "lambda_code/"
}

resource "aws_lambda_function" "lambda_function" {
  filename         = "lambda_package.zip"
  function_name    = var.lambda_name
  role             = var.lambda_role
  handler          = var.lambda_handler
  runtime          = var.lambda_runtime
  memory_size      = 256
  timeout          = var.default_lambda_timeout
  source_code_hash = filebase64sha256("lambda_code/lambda_package.zip")
    dynamic "vpc_config" {
      for_each = length(keys(var.vpc_config_vars)) == 0 ? [] : [true]
      content {
        variables = var.vpc_config_vars
      }
    }
    dynamic "environment" {
      for_each = length(keys(var.env)) == 0 ? [] : [true]
        content {
        variables = var.env
        }
      }
}

inputs.tf

variable "lambda_name" {
  type = string
}

variable "lambda_runtime" {
  type = string
}

variable "lambda_role" {
  type = string
}

variable "default_lambda_timeout" {
  type = string
}

variable "lambda_handler" {
  type = string
}

variable "vpc_config_vars" {
  type = map(string)
  default = {}
}

variable "env" {
  type = map(string)
  default = {}
}

variable "tags" {
  default = {
    blc        = "1539"
    costcenter = "54111"
    itemid     = "obfuscated"
    owner      = "[email protected]"
  }
}

variable "ACCOUNT" {
  type = string
}

Error when my pipeline runs the project:

Error: Missing required argument
(and 7 more similar warnings elsewhere)
  on .terraform/modules/lambda/main.tf line 18, in resource "aws_lambda_function" "lambda_function":
  18:       content {
The argument "subnet_ids" is required, but no definition was found.
Error: Missing required argument
  on .terraform/modules/lambda/main.tf line 18, in resource "aws_lambda_function" "lambda_function":
  18:       content {
The argument "security_group_ids" is required, but no definition was found.
Error: Unsupported argument
  on .terraform/modules/lambda/main.tf line 19, in resource "aws_lambda_function" "lambda_function":
  19:         variables = var.vpc_config_vars
An argument named "variables" is not expected here.

Oh and I'm passing in the value for subnet_ids and security_group_ids as an environment variable using my gitlab ci file. And log statements confirm that those values are defined.

What is wrong? thank you

Solution

  • You need to pass the required arguments for the vpc_config child block, which are subnet_ids and security_group_ids. You cannot use the entire map variable as it is inside the nested content block. You need to use the equals sign "=" to introduce the argument value.

    Try the below code snippet

    ###################
# Root Module
###################

locals {

  vpc_config_vars = {
    vpc_config = {
      subnet_ids         = ["subnet-072297c000a32e200"],
      security_group_ids = ["sg-05d06431bd25870b4"]
    }
  }
}

module "lambda" {
  source = "./modules"
  ...
  ......
  vpc_config_vars = local.vpc_config_vars
}

###################
# Child Module
###################

variable "vpc_config_vars" {
  default = {}
}

resource "aws_lambda_function" "lambda_function" {
  filename         = "lambda_package.zip"
  function_name    = var.lambda_name
  role             = var.lambda_role
  handler          = var.lambda_handler
  runtime          = var.lambda_runtime
  memory_size      = 256
  timeout          = var.default_lambda_timeout
  source_code_hash = filebase64sha256("lambda_code/lambda_package.zip")

  dynamic "vpc_config" {
    for_each = var.vpc_config_vars != {} ? var.vpc_config_vars : {}
    content {
      subnet_ids         = vpc_config.value["subnet_ids"]
      security_group_ids = vpc_config.value["security_group_ids"]
    }
  }

}