Issues with a modular setup-- AWS

[Gonzalo Fernandez]

Hi

Not sure if I am doing this completely right... I hope to make some sense with this explanation or what I want to achieve.

I am setting up a multiple module setup for AWS as I am creating a full infrastructure with multiple VPCs..

terraform apply -var 'access_key=<key>' -var 'secret_key=<key>' -var 'region=<region>'

So running from a main.tf

---

module "security_rules_staging" {

    source = "modules/security_rules/staging"

}

module "security_rules_production" {

    source = "modules/security_rules/production"

}

module "security_rules_infrastructure" {

    source = "modules/security_rules/infrastructure"

}

------

And every of those directory will contain the usual provider with the variable file . For example on security_rules/infrastructure I got in the provider file:

----

provider "aws" {

  access_key = "${var.access_key}"

  secret_key = "${var.secret_key}"

  region = "${var.region}"

}

module "vpc_infrastructure" {

    source = "../../../modules/vpc/infrastructure/"

    region = "${var.region}"

}

output "aws_vpc_infrastructure_id" {

    value = "${module.vpc_infrastructure.aws_vpc_infrastructure_id}"

}

----

So that will call the VPC module creating all the relevant parts for the VPC: subnets/routing tables/gateways....

Now... with the plan parameter i am trying to pass variables to ALL those parts (example var.region) but the value of the variable seems to get lost at some stage and I am not sure if I am setting all this right or what the issue might be...

I would really like to get some values from some of the modules into others so to make this pretty flexible so avoid hard-coding as much as I can...

Any help on these regards?

Many thanks!!

[Paul Hinze]

Hi there,

You're close! Terraform's configuration language is very explicit about variable wiring. Each module is it's own variable namespace, and must have input variables passed in in when it's used.

So if you have a provider block inside your module, at the top level you'd need to declare variables for access_key, secret_key, and region, and pass them through to each module. For example:

```

variable "access_key" {}

variable "secret_key" {}

variable "region" {}

module "security_rules_infrastructure" {
  source = "modules/security_rules/infrastructure"

  access_key = "${var.access_key}"

  secret_key = "${var.secret_key}"

  region = "${var.region}"

}
```

(Remember, you'd _also_ need the access_key, secret_key, and region variable declarations inside the module to declare them as module inputs.)

As you can see, this gets noisy quickly! This is one reason that provider configuration automatically inherits down into modules. So if you omit any provider config from your modules and instead do it at the top level, it should start to work as you expect. You'll notice of the modules being collected into https://github.com/terraform-community-modules follow this pattern.

Another even terser approach is to rely on the fact that providers can be configured via environment variables. If you use the appropriate env vars (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION). You can omit `provider {}` blocks from your config entirely. This is the strategy I personally like best.

I hope this helps! Let me know if there's anything else I can help explain here,

Paul

[Marc Tamsky]

Hi Paul,

Is the fact you state regarding ENV vars trigger the ability to omit 'provider {}' blocks spelled out in the docs?

I'd expect it to show up on either

• https://www.terraform.io/docs/providers/aws/index.html or
  
• https://www.terraform.io/docs/providers/index.html
  

On Thursday, April 23, 2015 at 6:32:34 AM UTC-7, Paul Hinze wrote:

Another even terser approach is to rely on the fact that providers can be configured via environment variables. If you use the appropriate env vars (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION). You can omit `provider {}` blocks from your config entirely. This is the strategy I personally like best.

[emphasis mine]