How to use a Resource created in another module?

peterfigueiredo · December 18, 2020, 2:46pm

Hi everyone,

I need support from you guys. I have been reading other posts but I still have hard time to understand how I can use a resource created by another module.

Here is a quick example, I have an AWS Lambda function that needs to use an IAM role (pre-requirement). I am a huge fan of using modules in order to avoid having huge config files in my root. Here is my root main config file:

++++++++++++++++++++++
module “lambda”{
source = “./2_lambda”
lambdaFunctionName = var.lambdaFunctionName
role = module.iam.clouddynamicsIAMRole (1) -------------> ???
depends_on = [module.iam]
}
module “iam”{
source = “./3_iam”
iamRoleName = var.iamRoleName
}
++++++++++++++++++++++

Inside my Lambda module, I have a resource of type Lambda function which needs an IAM role (2):

++++++++++++++++++++++
resource “aws_lambda_function” “clouddynamicsLambda” {
function_name = var.lambdaFunctionName
role = (2) -------> ???
handler = “exports.test”
runtime = “nodejs12.x”
}
++++++++++++++++++++++

My IAM resource is named clouddynamicsIAMRole.

Am I doing something wrong at the root level (1)?

So how can (2) use the IAM role created previously?

I would really appreciate your help.
Best,
Peter

nmarchini · December 19, 2020, 1:45pm

It will help if you share the outputs of the IAM module here and any other outputs you have coded up.

peterfigueiredo · December 19, 2020, 6:21pm

Hi nmarchini,

My apologies, you are totally right. Here is the config file for the IAM role:

resource "aws_iam_role" "schengenRefugeeClouddynamicsIAMRole" {
  name = var.iamRoleName
  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

Resuming, my module Lambda is under folder 2_lambda, while my module IAM is under folder 3_iam. All of this is in my main config file at the root level:

module "lambda"{
    source = "./2_lambda"
    lambdaFunctionName = var.lambdaFunctionName
    role = module.iam.??????????????????
    depends_on = [module.iam, module.dynamoDB]
}

module "iam"{
    source = "./3_iam"
    iamRoleName = var.iamRoleName
    depends_on = [module.dynamoDB]
}

What do I need to pass at the root level above? And how can I use it inside my Lambda module below?

resource "aws_lambda_function" "schengenRefugeeClouddynamicsLambda" {
  function_name = var.lambdaFunctionName
  role          = ?????????????????????????????
  handler       = "exports.test"
  runtime = "nodejs12.x"
  environment {
    variables = {
      foo = "bar"
    }
  }
}

Thanks again for your help.
Peter

peterfigueiredo · December 19, 2020, 6:41pm

Here is the directory structure:

nmarchini · December 20, 2020, 7:05pm

I cannot see if you have any outputs defined so maybe something like this would be needed if you don’t

output "iam_role_id" {
  value = aws_iam_role.schengenRefugeeClouddynamicsIAMRole.id
}

output "iam_role_arn" {
  value = aws_iam_role.schengenRefugeeClouddynamicsIAMRole.arn
}

This will output the ARN and ID of the IAM role created by the module. You can then use these as inputs to the other module.

module "lambda"{
    source = "./2_lambda"
    lambdaFunctionName = var.lambdaFunctionName
    role = module.iam.iam_role_id
    depends_on = [module.iam, module.dynamoDB]
}
```

peterfigueiredo · December 21, 2020, 8:56am

Hi nmarchini,

Thanks a lot! I didn’t know we had to setup an output to be used in another module.

I will try it out straight away.

Thanks again!