search

cloudposse / terraform-aws-vpc

Terraform Module that defines a VPC with public/private subnets across multiple AZs with Internet Gateways
https://cloudposse.com/accelerate
Apache License 2.0
229 stars 195 forks source link

creating EC2 VPC: MissingParameter: Either 'cidrBlock' or 'ipv4IpamPoolId' should be provided. #118

Closed adampeklay closed 1 year ago

adampeklay commented 1 year ago

Describe the Bug

I believe I've followed the documentation properly, however I can't get past this error when trying to create a VPC:

Plan: 3 to add, 0 to change, 0 to destroy.
module.vpc.aws_vpc.default[0]: Creating...

 Error: creating EC2 VPC: MissingParameter: Either 'cidrBlock' or 'ipv4IpamPoolId' should be provided.
       status code: 400, request id: d0e8e1a1-a19c-4d2a-9b33-cf89c5d207be

   with module.vpc.aws_vpc.default[0],
   on .terraform/modules/vpc/main.tf line 30, in resource "aws_vpc" "default":
   30: resource "aws_vpc" "default" {

Releasing state lock. This may take a few moments...

Expected Behavior

When declaring variables according to the documentation, I would expect the module to create a VPC using my IPAM pool & CIDR I specified in my .tfvars file:

ipv4_additional_cidr_block_associations = {
    ipv4_cidr = {
      ipv4_cidr_block = null
      ipv4_ipam_pool_id = "ipam-pool-<REDACTED>"
      ipv4_netmask_length = 20
    }
}

Steps to Reproduce

Steps to reproduce the behavior: Using the VPC module as so, you should be able to replicate this:

main.tf

module "vpc" {
  source  = "cloudposse/vpc/aws"
  version = "2.0.0"
  // https://github.com/cloudposse/terraform-aws-vpc

  namespace = var.namespace
  stage     = var.stage
  name      = var.name

  internet_gateway_enabled                = false
  ipv4_additional_cidr_block_associations = var.ipv4_additional_cidr_block_associations
  assign_generated_ipv6_cidr_block        = false

}

<some-prefix>.tfvar:

region = "<REDACTED>"

stage = "<REDACTED>"

name = "<REDACTED>"

ipv4_additional_cidr_block_associations = {
    ipv4_cidr = {
      ipv4_cidr_block = null
      ipv4_ipam_pool_id = "ipam-pool-<REDACTED>"
      ipv4_netmask_length = 20
    }
}

provider.tf:

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "4.58.0"
    }
  }
}

provider "aws" {
  region                   = var.region
  shared_credentials_files = ["<REDACTED>"]
  profile                  = "<REDACTED>"
}

backend.tf:

terraform {
  required_version = "~> 1.4.6"

  backend "s3" {
    region         = "<REDACTED>"
    bucket         = "<REDACTED>"
    key            = "terraform.tfstate"
    dynamodb_table = "<REDACTED>-state-lock"
    profile        = "<REDACTED>"
    role_arn       = ""
    encrypt        = "true"
  }
}

variables.tf:

variable "region" {
  description = "The region in AWS we're working on"
  default = null
}

variable "namespace" {
  description = "ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique"
  default     = "<REDACTED>"
}

variable "stage" {
  description = "ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'"
  default = null
}

variable "name" {
  description = <<EOF
    ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
    This is the only ID element not also included as a tag.
    The "name" tag is set to the full id string. There is no tag with the value of the name input.
  EOF
  default = null
}

variable "ipv4_additional_cidr_block_associations" {
  description = <<EOF
   IPv4 CIDR blocks to assign to the VPC.
   Ipv4_cidr_block can be set explicitly, or set to null with the CIDR block derived from ipv4_ipam_pool_id using ipv4_netmask_length.
   Map keys must be known at plan time, and are only used to track changes.
  EOF
  type = map(object({
    ipv4_cidr_block     = string
    ipv4_ipam_pool_id   = string
    ipv4_netmask_length = number
  }))
  default = null
}

Screenshots

I think the code snippets above should be just fine

Environment:

[] adam ~ $ tfenv list
* 1.4.6 (set by /opt/homebrew/Cellar/tfenv/3.0.0/version)
  1.3.6
  1.2.9
  1.1.9
[] adam ~ $
terraform {
  required_version = "~> 1.4.6"

(I also tried terraform versions 1.2.9 & 1.1.9, same error)

      source  = "hashicorp/aws"
      version = "4.58.0"

Additional Context

I can't seem to figure this out. I've enabled export TF_LOG=DEBUG too, however that didn't give anymore information besides the error above.

I very well could be using map(object) incorrectly, however I've troubleshot this quite a bit and I'm out of ideas. I looked locally in the .terraform/modules directory too, to see what the modules doing but again.. just stuck on this. Any help would be greatly appreciated.

Thank you!

adampeklay commented 1 year ago

Oh wait, I see what I did here lol. I used the wrong input, closing this out now.