TF project:
The contents are: main.tf
locals {
common_tags = {
SECRET_MGR_HOST = "${var.SECRET_MGR_HOST}",
SECRET_MGR_SAFE = "${var.SECRET_MGR_SAFE}",
SECRET_MGR_SECRET_KEY_NAME = "${var.SECRET_MGR_SECRET_KEY_NAME}",
SECRET_MGR_USER_NAME = "${var.SECRET_MGR_USER_NAME}",
LOGON_URL = "${var.LOGON_URL}",
PLATFORM_SECRET_NAME = "${var.PLATFORM_SECRET_NAME}"
}
vpc_config_vars = {
subnet_ids = "${var.SUBNET_IDS}",
security_group_ids = "${var.SECURITY_GROUP_IDS}"
}
}
module "lambda" {
source = "git::https://corpsource.io/corp-cloud-platform-team/corpcloudv2/terraform/lambda-modules.git?ref=dev"
lambda_name = var.name
lambda_role = "arn:aws:iam::${var.ACCOUNT}:role/${var.lambda_role}"
lambda_handler = var.handler
lambda_runtime = var.runtime
default_lambda_timeout = var.timeout
ACCOUNT = var.ACCOUNT
vpc_config_vars = merge(
local.vpc_config_vars
)
env = merge(
local.common_tags,
{ DEFAULT_ROLE = "corp-platform" }
)
}
module "lambda_iam" {
source = "git::https://corpsource.io/corp-cloud-platform-team/corpcloudv2/terraform/iam-modules/lambda-iam.git?ref=dev"
lambda_policy = var.lambda_policy
ACCOUNT = var.ACCOUNT
lambda_role = var.lambda_role
}
and inputs.tf
variable "handler" {
type = string
default = "handler.lambda_handler"
}
variable "runtime" {
type = string
default = "python3.8"
}
variable "name" {
type = string
default = "create-SECRET_MGR-entry"
}
variable "timeout"{
type = string
default = "120"
}
variable "lambda_role" {
type = string
default = "create-SECRET_MGR-entry-role"
}
variable "ACCOUNT" {
type = string
default = ""
}
variable "SECRET_MGR_HOST" {
type = string
default = ""
}
variable "SECRET_MGR_SAFE" {
type = string
default = ""
}
variable "SUBNET_IDS" {
type = string
default = ""
}
variable "subnet_ids" {
type = string
default = ""
}
variable "security_group_ids" {
type = string
default = ""
}
variable "SECURITY_GROUP_IDS" {
type = string
default = ""
}
variable "SECRET_MGR_SECRET_KEY_NAME" {
type = string
default = ""
}
variable "SECRET_MGR_USER_NAME" {
type = string
default = ""
}
variable "LOGON_URL" {
type = string
default = ""
}
variable "PLATFORM_SECRET_NAME" {
type = string
default = ""
}
variable "lambda_policy" {
default = "{\"Version\": \"2012-10-17\",\"Statement\": [{\"Sid\":\"VisualEditor0\",\"Effect\":\"Allow\",\"Action\":[\"logs:CreateLogStream\",\"logs:CreateLogGroup\"],\"Resource\":\"*\"},{\"Sid\":\"UseKMSKey\",\"Effect\":\"Allow\",\"Action\":\"kms:Decrypt\",\"Resource\":\"*\"},{\"Sid\":\"GetSecret\",\"Effect\":\"Allow\",\"Action\":\"secretsmanager:GetSecretValue\",\"Resource\":\"*\"},{\"Sid\":\"ConnectToVPC\",\"Effect\":\"Allow\",\"Action\":[\"ec2:CreateNetworkInterface\",\"ec2:DescribeNetworkInterfaces\",\"ec2:DeleteNetworkInterface\"],\"Resource\":\"*\"},{\"Sid\":\"VisualEditor1\",\"Effect\":\"Allow\",\"Action\":\"logs:PutLogEvents\",\"Resource\":\"*\"},{\"Effect\": \"Allow\",\"Action\": [\"logs:*\"],\"Resource\": \"arn:aws:logs:*:*:*\"},{\"Effect\": \"Allow\",\"Action\": [\"s3:GetObject\",\"s3:PutObject\"],\"Resource\": \"arn:aws:s3:::*\"}]}"
}
As you see, main.tf references a module in another project referenced via source
argument. The structure of the module project is also:
main.tf
data "archive_file" "lambda_handler" {
type = "zip"
output_path = "lambda_package.zip"
source_dir = "lambda_code/"
}
resource "aws_lambda_function" "lambda_function" {
filename = "lambda_package.zip"
function_name = var.lambda_name
role = var.lambda_role
handler = var.lambda_handler
runtime = var.lambda_runtime
memory_size = 256
timeout = var.default_lambda_timeout
source_code_hash = filebase64sha256("lambda_code/lambda_package.zip")
dynamic "vpc_config" {
for_each = length(keys(var.vpc_config_vars)) == 0 ? [] : [true]
content {
variables = var.vpc_config_vars
}
}
dynamic "environment" {
for_each = length(keys(var.env)) == 0 ? [] : [true]
content {
variables = var.env
}
}
}
inputs.tf
variable "lambda_name" {
type = string
}
variable "lambda_runtime" {
type = string
}
variable "lambda_role" {
type = string
}
variable "default_lambda_timeout" {
type = string
}
variable "lambda_handler" {
type = string
}
variable "vpc_config_vars" {
type = map(string)
default = {}
}
variable "env" {
type = map(string)
default = {}
}
variable "tags" {
default = {
blc = "1539"
costcenter = "54111"
itemid = "obfuscated"
owner = "[email protected]"
}
}
variable "ACCOUNT" {
type = string
}
Error when my pipeline runs the project:
Error: Missing required argument
(and 7 more similar warnings elsewhere)
on .terraform/modules/lambda/main.tf line 18, in resource "aws_lambda_function" "lambda_function":
18: content {
The argument "subnet_ids" is required, but no definition was found.
Error: Missing required argument
on .terraform/modules/lambda/main.tf line 18, in resource "aws_lambda_function" "lambda_function":
18: content {
The argument "security_group_ids" is required, but no definition was found.
Error: Unsupported argument
on .terraform/modules/lambda/main.tf line 19, in resource "aws_lambda_function" "lambda_function":
19: variables = var.vpc_config_vars
An argument named "variables" is not expected here.
Oh and I'm passing in the value for subnet_ids and security_group_ids as an environment variable using my gitlab ci file. And log statements confirm that those values are defined.
What is wrong? thank you
You need to pass the required arguments for the vpc_config
child block, which are subnet_ids
and security_group_ids
. You cannot use the entire map
variable as it is inside the nested content
block. You need to use the equals sign "=" to introduce the argument value.
Try the below code snippet
###################
# Root Module
###################
locals {
vpc_config_vars = {
vpc_config = {
subnet_ids = ["subnet-072297c000a32e200"],
security_group_ids = ["sg-05d06431bd25870b4"]
}
}
}
module "lambda" {
source = "./modules"
...
......
vpc_config_vars = local.vpc_config_vars
}
###################
# Child Module
###################
variable "vpc_config_vars" {
default = {}
}
resource "aws_lambda_function" "lambda_function" {
filename = "lambda_package.zip"
function_name = var.lambda_name
role = var.lambda_role
handler = var.lambda_handler
runtime = var.lambda_runtime
memory_size = 256
timeout = var.default_lambda_timeout
source_code_hash = filebase64sha256("lambda_code/lambda_package.zip")
dynamic "vpc_config" {
for_each = var.vpc_config_vars != {} ? var.vpc_config_vars : {}
content {
subnet_ids = vpc_config.value["subnet_ids"]
security_group_ids = vpc_config.value["security_group_ids"]
}
}
}