search

cloudposse / terraform-aws-transit-gateway

Terraform module to provision AWS Transit Gateway, AWS Resource Access Manager (AWS RAM) Resource, and share the Transit Gateway with the Organization or another AWS Account.
https://cloudposse.com/accelerate
Apache License 2.0
53 stars 47 forks source link

local.lookup_transit_gateway : The "count" value depends on resource attributes that cannot be determined until apply #51

Open allexivan opened 2 months ago

allexivan commented 2 months ago

Describe the Bug

I cannot dynamically reference module.transit_gateway. I get a count error:

.terraform/modules/transit_gateway_vpc_attachments_and_subnet_routes_dev_oregon/main.tf line 34, in data "aws_ec2_transit_gateway" "this":
│ 34: count = local.lookup_transit_gateway ? 1 : 0
│
module "transit_gateway_vpc_attachments_and_subnet_routes_prod" {
  source = "../../"

  # `prod` account can access the Transit Gateway in the `network` account since we shared the Transit Gateway with the Organization using Resource Access Manager
  existing_transit_gateway_id             = module.transit_gateway.transit_gateway_id
  existing_transit_gateway_route_table_id = module.transit_gateway.transit_gateway_route_table_id

  create_transit_gateway                                         = false
  create_transit_gateway_route_table                             = false
  create_transit_gateway_vpc_attachment                          = true
  create_transit_gateway_route_table_association_and_propagation = false

  config = {
    prod = {
      vpc_id                 = module.vpc_prod.vpc_id
      vpc_cidr               = module.vpc_prod.vpc_cidr_block
      subnet_ids             = module.subnets_prod.private_subnet_ids
      subnet_route_table_ids = module.subnets_prod.private_route_table_ids
      route_to               = null
      route_to_cidr_blocks = [
        module.vpc_staging.vpc_cidr_block,
        module.vpc_dev.vpc_cidr_block
      ]
      static_routes                     = null
      transit_gateway_vpc_attachment_id = null
    }
  }

  context = module.this.context

  providers = {
    aws = aws.prod
  }
}

Expected Behavior

reference to a transit gateway should not fail when there are no resources created.

Steps to Reproduce

The official code does not work:

https://github.com/cloudposse/terraform-aws-transit-gateway/blob/main/examples/multi-account/main.tf

Screenshots

No response

Environment

Terraform v1.9.3 on darwin_arm64

Additional Context

No response

intel352 commented 2 weeks ago

I'm also blocked by this error.

intel352 commented 1 week ago

@osterman Is there a workaround that CloudPosse can recommend here, or a suggested fix? I'm happy to submit a PR but I'm newer to terraform and unsure how to resolve this other than potentially via apply-time -target, which seems hacky.

intel352 commented 1 week ago

@allexivan I've submitted PR #53, in case you want to test whether this also resolves your issue.