Error: Invalid provider configuration

[7adityaraj]

Description

I am trying to use the provider alias in ACM module with the latest tag but it returns a provider error. Can someone please confirm that this is not an issue with the module? I have been using the provider alias for other configs and it's working fine.

github.com:terraform-aws-modules/terraform-aws-acm.git?ref=v4.1.0

terraform configs

provider "aws" { alias = "sre-dev" region = "us-east-1" assume_role { role_arn = "arn:aws:iam::6360000008:role/terraform" } } provider "aws" { alias = "sre-ops" region = "us-east-1" assume_role { role_arn = "arn:aws:iam::1790000008:role/terraform" } } terraform { required_version = "1.2.2" required_providers { aws = { source = "hashicorp/aws" } } } module "cert" { source = "git@github.com:terraform-aws-modules/terraform-aws-acm.git?ref=v4.1.0" providers = { aws = aws.sre-ops } create_certificate = true wait_for_validation = true validate_certificate = true dns_ttl = 3600 domain_name = local.domain_name["sre_master"] zone_id = local.zone_id["sre_master"] subject_alternative_names = local.subject_alternative_names["sre_master"] tags = merge(local.aws_tags, { Name = "${local.aws_tags.project}-acm_sre_master" account_id = data.aws_caller_identity.current.account_id }) } locals { aws_tags = { project = "sre" environment = DEV department = "engineering" service = "acm" role = "acm" git_repo = "terraform-sre/services/certificates" } subject_alternative_names = { sre_master = [ "*.sre.abc.com", ] } domain_name = { "sre_master" = "sre.abc.com" } zone_id = { "sre_master" = "Z3HV12435SDGFG" } }

• [x] ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/ ✅
2. Re-initialize the project root to pull down modules: terraform init ✅
3. Re-attempt your terraform plan or apply and check if the issue still persists - yes

Versions

• Module version [Required]: v4.1.0

• Terraform version: Terraform v1.2.2 on darwin_amd64

• Provider version(s):

├── provider[registry.terraform.io/hashicorp/aws]
└── module.cert
    └── provider[registry.terraform.io/hashicorp/aws] >= 4.12.0

Reproduction Code [Required]

terraform plan

 Error: Invalid provider configuration
│
│ Provider "registry.terraform.io/hashicorp/aws" requires explicit configuration. Add a provider block to the root module and configure the provider's required arguments as described in the provider documentation.
│
╵
╷
│ Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, failed to resolve service endpoint, an AWS region is required, but was not found
│
│   with provider["registry.terraform.io/hashicorp/aws"],
│   on <empty> line 0:
│   (source code not available)

Steps to reproduce the behavior:

NO YES

Expected behavior

error with provider block

Actual behavior

the alias should be honored for different account

Terminal Output Screenshot(s)

Additional context

When i add a block without alias, it does work with the given account.

[antonbabenko]

error validating provider credentials indicates that you don't have the correct AWS permissions to do what is necessary. I am pretty sure there is something wrong (sts:GetCallerIdentity should succeed).

This is not a module issue.

[7adityaraj]

@antonbabenko yeap, there is confusion with the error above. when I remove the alias from terraform configs, it works fine. Is there any advice/recommendations that I can try.

` provider "aws" {

alias = "sre-dev"

region = "us-east-1" assume_role { role_arn = "arn:aws:iam::6360000008:role/terraform" } } ` thank you for checking.

[antonbabenko]

There is an example where I use aliases, and it works - https://github.com/terraform-aws-modules/terraform-aws-acm/blob/master/examples/complete-dns-validation/main.tf#L54-L73

Maybe there is some bug in the AWS provider, but I am not sure...

[7adityaraj]

@antonbabenko thank you again, I figured out what is the issue. It's actually my error, I am pointing account id as the current caller id. account_id = data.aws_caller_identity.current.account_id

I would request having the caller ID output from module would be a good help.

Thank you again.

[antonbabenko]

The current caller ID is not so much related to the main module's resources, so we won't add it to the module output.

Good that you fixed an issue.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.