Search code examples
terraformterraform-provider-aws

Invalid template interpolation value when creating VPC flow logs

I am new to TF and I am trying to have a variable which will include all the regions for different S3 buckets.

variable.tf

 variable "s3_bucket_arn" {
  type = any
   default = {
    us-east-1 = "arn:aws:s3:::centralized-vpcflowlogs-logging-us"
    us-east-2 = "arn:aws:s3:::centralized-vpcflowlogs-logging-us"
    us-west-2 = "arn:aws:s3:::centralized-vpcflowlogs-logging-us"
    us-west-1 = "arn:aws:s3:::centralized-vpcflowlogs-logging-us"
    ap-southeast-2="arn:aws:s3:::centralized-vpcflowlogs-logging-aus"
  }
}

below is VPC in main.tf

    resource "aws_flow_log" "vpc_flow_log" {
   log_destination = "${var.s3_bucket_arn}/${var.environment}/${data.aws_region.current.name}/${aws_vpc.network.id}"
    log_destination_type = "s3"
    traffic_type         = "ALL"
     vpc_id          = aws_vpc.network.id
    
}

while running the terraform plan I am getting this error.

 │ Error: Invalid template interpolation value

        log_destination = "${var.s3_bucket_arn}/${var.environment}/${data.aws_region.current.name}/${aws_vpc.network.id}"
    │     ├────────────────
    │     │ var.s3_bucket_arn is object with 5 attributes
    │ 
    │ Cannot include the given value in a string template: string required.

Any idea why I am getting the error?

Solution

  • Any idea why I am getting the error?

    You're trying to use a map where a string value is expected.

    This example should help you understand and fix your problem:

    variable "environment" {
  description = "The environment name"
  type        = string
  default     = "dev"
}

locals {
  # this can be declared local as opposed to a variable, 
  # because it is not expected to be changed by the user
  s3_bucket_arns = {
    "us-east-1"      = "arn:aws:s3:::centralized-vpcflowlogs-logging-us"
    "us-east-2"      = "arn:aws:s3:::centralized-vpcflowlogs-logging-us"
    "us-west-2"      = "arn:aws:s3:::centralized-vpcflowlogs-logging-us"
    "us-west-1"      = "arn:aws:s3:::centralized-vpcflowlogs-logging-us"
    "ap-southeast-2" = "arn:aws:s3:::centralized-vpcflowlogs-logging-aus"
  }

  # hard-coded variables for testing purposes only
  current_region = "us-east-1"
  network_id     = "vpc-1234567890"
  # current_region = data.aws_region.current.name
  # network_id     = aws_vpc.network.id

  # current_region must be one of the keys defined in s3_bucket_arn
  s3_bucket_arn = local.s3_bucket_arns[local.current_region]
}

resource "null_resource" "vpc_flow_log" {
  triggers = {
    log_destination      = "${local.s3_bucket_arn}/${var.environment}/${local.current_region}/${local.network_id}"
    log_destination_type = "s3"
    traffic_type         = "ALL"
  }
}

    Running terraform plan:

    Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # null_resource.vpc_flow_log will be created
  + resource "null_resource" "vpc_flow_log" {
      + id       = (known after apply)
      + triggers = {
          + "log_destination"      = "arn:aws:s3:::centralized-vpcflowlogs-logging-us/dev/us-east-1/vpc-1234567890"
          + "log_destination_type" = "s3"
          + "traffic_type"         = "ALL"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.