Terraform 0.12: Provider configuration not present
3,382 views
Skip to first unread message
Martijn Grendelman
May 28, 2019, 3:16:21 AM5/28/19
to Terraform
Hi,
The 'dmg' module uses several submodules, for example one that sets up VPC peering to the shared account, and the acceptor for the peering connection uses the 'aws.shared' provider:
but that would also mean, that in every submodule that uses a submodule, I'd have to add something like this:
That seems unnatural, not to mention a lot of extra code, but also, my first small experiment in that direction seems to suggest it doesn't work, i.e. the 'Provider configuration not present' error doesn't go away.
I am trying to migrate a Terraform configuration from v0.11 to v0.12. After running the migration tool and fixing a few things manually, I'm now trying the first 'plan', but it errors out:
Error: Provider configuration not present
To work with
module.dmg.module.aws_baseline.aws_ami_launch_permission.debian_stretch its
original provider configuration at
module.dmg.module.aws_baseline.provider.aws.shared is required, but it has
been removed. This occurs when a provider configuration is removed while
objects created by that provider still exist in the state. Re-add the provider
configuration to destroy
module.dmg.module.aws_baseline.aws_ami_launch_permission.debian_stretch, after
which you can remove the provider configuration again.
The error above is an example for our 'dmg' module, but in fact, we get the error many times, once for each resource that is using the non-default provider.
Some background:
- all our resources live in AWS.
- we use different AWS accounts for different customers, about 27 accounts in total.
- we have a 'shared' account that holds some shared resources, like AMIs, Route53 zones and routes for a VPN to our HQ.
In Terraform, this means:
- each customer account gets a dedicated module in the root of our configuration
- each customer gets a provider for managing the resources in the client's module
- each customer module uses at least a few other modules that manage resources that need to be made with the 'shared' account
This is what we have in our root module:
variable "region" { default = "eu-central-1"}
provider "aws" {
region = var.region
version = "~> 2.7"
}
For the 'shared' module:
provider "aws" { alias = "shared" region = var.region
assume_role { role_arn = "arn:aws:iam::${aws_organizations_account.shared.id}:role/OrganizationAccountAccessRole" }}And for the 'dmg' customer module (this bit is present for each customer's module, with different values for 'dmg'):
provider "aws" { alias = "dmg" region = var.region
assume_role { role_arn = "arn:aws:iam::${aws_organizations_account.dmg.id}:role/OrganizationAccountAccessRole" }}
module "dmg" {
source = "./dmg"
providers = {
aws = aws.dmg
}
}
The 'dmg' module uses several submodules, for example one that sets up VPC peering to the shared account, and the acceptor for the peering connection uses the 'aws.shared' provider:
resource "aws_vpc_peering_connection_accepter" "vpc_to_service" {
vpc_peering_connection_id = aws_vpc_peering_connection.vpc_to_service.id
auto_accept = "true"
provider = aws.shared
}All this works nicely in Terraform 0.11 and earlier, but in 0.12, it does not.
I have read this: https://github.com/hashicorp/terraform/issues/21268#issuecomment-491872018 but I'm not sure I understand it correctly. To me, it seems to suggest that I should add the 'aws.shared' provider to the 'providers' block of every module like this:
module "dmg" { source = "./dmg"
providers = { aws = aws.dmg
aws.shared = aws.shared }}but that would also mean, that in every submodule that uses a submodule, I'd have to add something like this:
providers = {
aws = aws
aws.shared = aws.shared
}That seems unnatural, not to mention a lot of extra code, but also, my first small experiment in that direction seems to suggest it doesn't work, i.e. the 'Provider configuration not present' error doesn't go away.
What am I doing wrong here? What is missing in my configuration?
Best regards,
Martijn Grendelman
Martijn Grendelman
May 28, 2019, 3:47:24 AM5/28/19
to Terraform
Hi,
It seems the Github comment I quoted was the key to the solution after all.
In all my modules that use the 'shared' provider, either directly or indirectly through a submodule, I added a proxy configuration block like this:
provider "aws" {
alias = "shared"}and the errors are gone.
Lots of other errors now, so I'll get back to work ;-)
Best regards,
Martijn..
Martijn Grendelman
May 28, 2019, 4:23:05 AM5/28/19
to Terraform
A different, but related error now occurred:
Error: Missing required argument
on ec2_instance/provider.tf line 9, in provider "aws":
9: provider "aws" {
The argument "region" is required, but no definition was found.
Apparently, the root-level provider 'aws.shared', which has a 'region' set, is not the same as the 'aws.shared' provider in the submodules.
I have now added the following to EVERY module declaration that directly or indirectly uses the 'aws.shared' provider, and the errors have gone away:
providers = {
aws = aws
aws.shared = aws.shared
}
Somehow, I find it hard to believe that this is actually necessary.
Can someone shed some light on this?
Best regards,
Martijn.
Ron Jarrell
Nov 6, 2019, 12:28:15 PM11/6/19
to Terraform
I'm running into this exact problem. I'm using the proxy provider block in my submodule, but it keeps calling out the error that region is required.
Reply all
Reply to author
Forward
0 new messages