I’m going to try to keep this short you can refer to Confusion about dependencies and terraform plan for more details about layout.
quick layout
- root
- dev
- instances
- all.tf (actually multiple files)
- instances
- dev
- global
- iam_roles.tf
- and_many_more_subscription_based.tf files
First i run: I run terraform import aws_iam_role.devfoo
in the global module space.
In instances
there are multiple files that contain aws_instance "foo"
like blocks. I’ve been adding both implicit dependencies like iam_instance_profile = module.global.iam_role_dev
and explicit dependencies such as
depends_on = [
module.security_groups.sg_ping,
module.security_groups.sg_local_ssh
]
As soon as i run terraform plan
i get a destroy and a create (grepped output) from an iam role change
# module.global.aws_iam_role.Deploy will be destroyed
# module.instances.module.global.aws_iam_role.Deploy will be created
The above are the same two configurations. Oh and i can modify terraform.tfstate and add a "module": "module.instances.module.global.aws_iam_role"
The drop and create go away, but what if i want to make another file dependent on these
I’m still running in local state mode as I am converting existing infra and trying to test each step before i think of running apply.
Is there a reason that it needs to be nested inside of modules.instances.module.global.iam_aws_role
? For aws_iam_policies
, or aws_security_group
I will be accessing them from multiple modules and it seems like i should be able to do something that could only reference the global
module.
I would assume there is something in the configuration I can change so it doesn’t need to import from a nested module path.
Thanks,
Jeff