Terraform aws - create security group in vpc with modules

NikopoL NikopoL

unread,

Nov 20, 2018, 12:45:19 AM11/20/18

to Terraform

Hi I have a terraform file in a directory called "vpc" that create a aws vpc with 2 subnets and I have another directory called "secgroup" and there I have a terraform script that creates a security group in a specific vpc and I use modules for that or I am trying with modules, but when I execute the security group creation script I got a message that says that I cannot create more VPC because some limit in aws accounts, for some reason when I use the module option in the security group creation script it tries to create another vpc and not use the alreade create by the first script, any ideas why ?

the vpc script have this outputs.tf file:

output "vpc_id" {
  value = "${aws_vpc.rds.id}"
}

and the output of the execution of the vpc script:

Outputs:

vpc_id = vpc-0e1503ac0e6895de5

All looks good, that id is correct! but when I execute the security group creation script I got this error :

The maximum number of VPCs has been reached

This is how I am using the modules and variables in the security group script:

module "vpc_info" {
  source = "../VPCGEN"
  zone = "${var.zone}"
}


resource "aws_security_group" "allow_all_db" {
name = "allow_all_db"
description = "Allow all traffic to db"
#vpc_id = "${aws_vpc.rds.id}"
vpc_id = "${module.vpc_info.vpc_id}"
#vpc_id = "${var.vpc_get}"
ingress {
protocol = "tcp"
from_port = 37700
to_port = 37700
cidr_blocks = ["0.0.0.0/0"] }
egress {
protocol = "tcp"
from_port = 1
to_port = 65535
cidr_blocks = ["0.0.0.0/0"] }
}

Help please.

Ryan Hartkopf

unread,

Nov 21, 2018, 2:22:39 PM11/21/18

to Terraform

Hi NikopoL,

This is the correct behavior. When a module is added to a Terraform configuration, Terraform will create those resources without considering any state files that exist in the module directory.

When you ran Terraform in the VPCGEN directory, you created a state file containing the VPC resources. When you run Terraform in the directory containing the security group, you are creating a new state file containing new VPC resources and the security group.

I would use a single state file to manage these resources, instead of running terraform inside the module directories.

Good luck on your dive into modules! It takes some getting used to but it will become second nature eventually. The official module registry has a lot of good (albeit sometimes complicated) examples: https://registry.terraform.io/

I also found these blog posts very helpful when starting out:

https://blog.gruntwork.io/how-to-create-reusable-infrastructure-with-terraform-modules-25526d65f73d

https://medium.com/@petey5000/petes-terraform-tips-694a3c4c5169

Ryan

Alvaro Miranda Aguilera

unread,

Nov 22, 2018, 5:09:05 AM11/22/18

to terrafo...@googlegroups.com

Hello Nikopol

Thanks for sharing this question with us, is a very good one.

So, on top of what Ryan have said, you can try something else.

When you have directories, Terraform by default won't go into them, so each directory will be a separate terraforn project, and they will have a local statefile.

Each project won't know of each other.

so if you create a VPC in one.

And you go to a new directory that also creates a VPC, terraform won't make any assumptions. here the idea is, terraform will create what the local project dictate.

So 2 options here.

- You can import the existing VPC, not 100% sure will work as not all the resources can be imported, but worth a try.

Import resources

https://www.terraform.io/docs/import/usage.html

- You can try to use a backend for both of this projects so they share state. Again, I will suggest try this first to check if works for what you want.

State backend (he can share backend)

https://www.terraform.io/docs/backends/state.html

As time permits, please have a look at those links and feel free to came back with what you found.

Thanks again

Alvaro.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/70282f9f-2600-4889-a9b7-2ecbea76c597%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.