Problem with creating compute instance in GCP for different project IDs with terraform

I have a terraform to create compute instance in GCP which looks like:

resource "google_compute_address" "static_ip" {
  project = var.project_id
  name = "vm-instance"

resource "google_compute_instance" "vm_instance" {
  project       = var.project_id
  name          = "vm-instance"
  machine_type  = "e2-standard-4"
  zone          = "us-east4-c"

  boot_disk {
    device_name = "vm-instance"
    mode = "READ_WRITE"

    initialize_params {
      image = "centos-cloud/centos-7"
      size = 20

  tags = ["web-host","http-server","https-server"]

  network_interface {
    network =
    subnetwork = var.subnetwork
    #subnetwork_project = var.project_id

    access_config {
      nat_ip = google_compute_address.static_ip.address


  service_account {
    scopes = ["cloud-platform"]

  scheduling {
    on_host_maintenance = "MIGRATE"
    #provisioning_model = "STANDARD"

  shielded_instance_config {
    enable_secure_boot = true
    enable_vtpm = true
    enable_integrity_monitoring = true

and modules which will use it:

module "sandbox_vm" {
  source     = "./modules/terraform-vm"
  network    = "sandbox-vpc"
  subnetwork = "sandbox-vpc"
  project_id = var.sandbox_project

module "dev_vm" {
  source     = "./modules/terraform-vm"
  network    = "dev-vpc"
  subnetwork = "dev-vpc"
  project_id = var.dev_project

module "prod_vm" {
  source     = "./modules/terraform-vm"
  network    = "prod-vpc"
  subnetwork = "prod-vpc"
  project_id = var.prod_project

but when I will try to apply it will end up with errors:

Error: Error creating instance: googleapi: Error 400: Invalid value for field 'resource.networkInterfaces[0].subnetwork': 'projects/cloud-sandbox/regions/us-east4/subnetworks/dev-vpc'. The referenced subnetwork resource cannot be found., invalid

  on modules/terraform-vm/ line 6, in resource "google_compute_instance" "vm_instance":
   6: resource "google_compute_instance" "vm_instance" {

Error: Error creating instance: googleapi: Error 400: Invalid value for field 'resource.networkInterfaces[0].subnetwork': 'projects/cloud-sandbox/regions/us-east4/subnetworks/prod-vpc'. The referenced subnetwork resource cannot be found., invalid

  on modules/terraform-vm/ line 6, in resource "google_compute_instance" "vm_instance":
   6: resource "google_compute_instance" "vm_instance" {

Why it will try to use subnets from other project IDs when those are strictly specified per module?


Provider file contains

provider "google" {
  credentials = var.credentials_file
  region      = var.region


  • It came up that documentation is not correct when it goes towards specifying subnets. It came up that all 3 parameters need to be provided to get it to work correctly:

        network =
        subnetwork = var.subnetwork
        subnetwork_project = var.project_id