Search code examples
amazon-web-servicesterraformterraform-provider-aws

Using Terraform Provider in aws module

I am going through the terraform documentation, and it seems unclear to me. I'm quite new to Terraform so no doubt i'm misunderstanding something here: https://developer.hashicorp.com/terraform/language/modules/develop/providers

Problem:

My terraform pipeline is returning the following warning:

│ 
│   on waf-cdn.tf line 9, in module "waf_cdn":
│    9:     aws = aws.useastone
│ 
│ Module module.waf_cdn does not declare a provider named aws.
│ If you wish to specify a provider configuration for the module, add an entry for aws in the required_providers block within the module.

My root module is calling a child waf module. I understand that i need to configure my provider within my root module. There are 2 files within my root module:

...terraform.tf...

terraform {
  backend "s3" {}
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 4.33.0"
    }

    random = {
      source  = "hashicorp/random"
      version = "3.1.0"
    }

    local = {
      source  = "hashicorp/local"
      version = "2.1.0"
    }

    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = ">= 2.0.1"
    }
  }
}

...and providers.tf...

provider "aws" {

  region = var.region
  assume_role {
    role_arn = "arn:aws:iam::${var.account_id}:role/${local.role_name}"
  }

}

provider "aws" {

  region = "us-east-1"
  alias  = "useastone"
  assume_role {
    role_arn = "arn:aws:iam::${var.account_id}:role/${local.role_name}"
  }
}

provider "aws" {
  region = var.region
  alias  = "master"
  assume_role {
    role_arn = replace(
      "arn:aws:iam::${var.master_account_id}:role/${local.role_name}",
      local.app_region,
      "master"
    )
  }
}

When calling the child module, the SCOPE attribute of the waf needs to specify the region as us-east-1 for CLOUDFRONT as it is a global service in AWS. Therefore, i need to pass the useastone provider when calling the child waf module as seen below:

module "waf_cdn" {
  source      = "../modules/qa-aws-waf-common"
  name        = "${local.waf_prefix}-cdn"
  logging_arn = aws_kinesis_firehose_delivery_stream.log_stream_cdn.arn
  scope       = "CLOUDFRONT"
  tags        = merge(module.tags.tags, { name = "${local.name_prefix}-qa-waf-cdn" })

  providers = {
    aws = aws.useastone
  }
}

With this code i'm getting the error show above.

I'm banging my head against the documentation here so any help guys would be really appreciated.

Here's hoping, thanks!

Solution

  • As per the documentation you linked, here is the passage you are interested in [1]:

    Additional provider configurations (those with the alias argument set) are never inherited automatically by child modules, and so must always be passed explicitly using the providers map.

    Since that is the case, you need to define the provider(s) on the module level as well:

    terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 4.33.0"
      configuration_aliases = [ aws.useastone ]
    }
  }
}

    That would probably be an additional providers.tf file in ../modules/qa-aws-waf-common.

    [1] https://developer.hashicorp.com/terraform/language/modules/develop/providers#passing-providers-explicitly