Reputation: 89
aws_caller_identity for two providers inside a module
I am facing an issue trying to get the account id of an aws provider that is not the provider where the resource will be deployed. This is my scenario:
main.tf (root directory)
terraform {
backend "s3" {
[Omitted]
}
}
module "ASDF" {
source = "./modules/asdf"
providers = {
aws-account1 = aws.acc1
aws-account2 = aws.acc2
}
}
providers.tf (root directory)
provider "aws" {
alias = "acc1"
profile = "profile-acc1"
region = "eu-west-1"
}
provider "aws" {
alias = "acc2"
profile = "profile-acc2"
region = "eu-west-1"
}
main.tf (asdf module)
terraform {
required_providers {
aws-account1 = {
source = "hashicorp/aws"
version = "~> 3.65.0"
}
aws-account2 = {
source = "hashicorp/aws"
version = "~> 3.65.0"
}
}
}
data.tf (asdf module)
data "aws_caller_identity" "account1" {
provider = aws-account1
}
data "aws_caller_identity" "account2" {
provider = aws-account2
}
lambda.tf (asdf module)
resource "aws_lambda_function" "asdfLambda" {
provider = aws-account1
role = aws_iam_role.asdfLambdaExecutionRole.arn
[Omitted]
}
resource "aws_iam_role" "asdfLambdaExecutionRole" {
provider = aws-account1
[Omitted]
}
resource "aws_lambda_permission" "asdfLambdaApiGatewayPermission" {
provider = aws-account1
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.asdfLambda.function_name
principal = "apigateway.amazonaws.com"
source_account = data.aws_caller_identity.account2.account_id
source_arn = [APIGateway arn in account2]
}
With this terraform files, in the source_account in asdfLambdaApiGatewayPermission I am getting the account1 id instead of account2 id as I want (and need). The api gateway that invoke this lambda is in another account, so I need all the information about this second provider (accountid, region, etc.)
I came across to this GitHub issue (https://github.com/hashicorp/terraform-provider-aws/issues/1078) that is similar to my problem, but in my case the problem is inside a module, as stated in the answer in the GitHub topic said I might get some problems
Do you know how I can achive this?? I know that I could use a variable with the accountID but I would like to get the account id in a dynamic way (in my case I use profiles in my .aws/config), instead of force the user to write each accountID in variables.
Upvotes: 0
Views: 2001
Answers (1)
Reputation: 1478
Following Hashicorp documentation, the main.tf file of the child (asdf) module should be:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.65.0"
configuration_aliases = [ aws-account1, aws-account2]
}
}
}
Else the main.tf of the asdf module is configuring two providers with the default aws profile which, I'm guessing from your error, is account1.
Upvotes: 1
Related Questions
- Using Terraform Provider in aws module
- How to repeat similar provider in terraform?
- Module with multiple providers
- Passing multiple provider aliases to a module in terraform 0.12.13
- Passing Alias AWS Provider to Child Module Terraform
- How can I use 2 providers in the same terraform config?
- Terraform: how to support different providers
- How to pass several aws providers to one module?
- Terraform provider/variable sharing in modules
- In Terraform is there a way to use different provider for module?