We have a private Terraform module that operates on 2 AWS accounts.
The module has:
terraform {
required_providers {
aws = {
configuration_aliases = [
aws.current_account,
aws.management_account
]
}
}
}
This then is called from as follows:
module "tailscale_connection" {
source = "app.terraform.io/digitickets/tailscale-connection/aws"
version = "0.0.1"
vpc_id = module.vpc.vpc_id
vpc_cidr = var.aws_vpc_cidr
cluster = var.cluster
environment = var.environment
providers = {
aws.current_account = aws
aws.management_account = aws.management
}
}
This all works great (i.e. everything is where it should be and everyoneβs happy).
Iβve tried incorporating our usual tooling for terraform modules (pre-commit, pipelines, etc.) and come across an issue with terraform validation:
$ terraform validate
β·
β Error: Provider configuration not present
β
β To work with aws_route.tailscale_route its original provider configuration at provider["registry.terraform.io/hashicorp/aws"].management_account is required, but it has been removed. This occurs
β when a provider configuration is removed while objects created by that provider still exist in the state. Re-add the provider configuration to destroy aws_route.tailscale_route, after which you can
β remove the provider configuration again.
β΅
β·
β Error: Provider configuration not present
β
β To work with data.aws_vpc.tailscale_vpc its original provider configuration at provider["registry.terraform.io/hashicorp/aws"].management_account is required, but it has been removed. This occurs
β when a provider configuration is removed while objects created by that provider still exist in the state. Re-add the provider configuration to destroy data.aws_vpc.tailscale_vpc, after which you
β can remove the provider configuration again.
β΅
β·
β Error: Provider configuration not present
β
β To work with data.aws_route_table.tailscale_rt its original provider configuration at provider["registry.terraform.io/hashicorp/aws"].management_account is required, but it has been removed. This
β occurs when a provider configuration is removed while objects created by that provider still exist in the state. Re-add the provider configuration to destroy data.aws_route_table.tailscale_rt,
β after which you can remove the provider configuration again.
β΅
β·
β Error: Provider configuration not present
β
β To work with aws_vpc_peering_connection.tailscale_current its original provider configuration at provider["registry.terraform.io/hashicorp/aws"].current_account is required, but it has been
β removed. This occurs when a provider configuration is removed while objects created by that provider still exist in the state. Re-add the provider configuration to destroy
β aws_vpc_peering_connection.tailscale_current, after which you can remove the provider configuration again.
β΅
β·
β Error: Provider configuration not present
β
β To work with aws_vpc_peering_connection_accepter.tailscale_management its original provider configuration at provider["registry.terraform.io/hashicorp/aws"].management_account is required, but it
β has been removed. This occurs when a provider configuration is removed while objects created by that provider still exist in the state. Re-add the provider configuration to destroy
β aws_vpc_peering_connection_accepter.tailscale_management, after which you can remove the provider configuration again.
β΅
Is there a way around this such that the validation takes place with the rest of the code (not that validation really seems to do much sometimes β¦ misses a LOT that should be picked up before the apply stage, but thatβs down to the provider, not terraform itself).