Hi everyone,
I need support from you guys. I have been reading other posts but I still have hard time to understand how I can use a resource created by another module.
Here is a quick example, I have an AWS Lambda function that needs to use an IAM role (pre-requirement). I am a huge fan of using modules in order to avoid having huge config files in my root. Here is my root main config file:
++++++++++++++++++++++
module “lambda”{
source = “./2_lambda”
lambdaFunctionName = var.lambdaFunctionName
role = module.iam.clouddynamicsIAMRole (1) -------------> ???
depends_on = [module.iam]
}
module “iam”{
source = “./3_iam”
iamRoleName = var.iamRoleName
}
++++++++++++++++++++++
Inside my Lambda module, I have a resource of type Lambda function which needs an IAM role (2):
++++++++++++++++++++++
resource “aws_lambda_function” “clouddynamicsLambda” {
function_name = var.lambdaFunctionName
role = (2) -------> ???
handler = “exports.test”
runtime = “nodejs12.x”
}
++++++++++++++++++++++
My IAM resource is named clouddynamicsIAMRole.
Am I doing something wrong at the root level (1)?
So how can (2) use the IAM role created previously?
I would really appreciate your help.
Best,
Peter
It will help if you share the outputs of the IAM module here and any other outputs you have coded up.
Hi nmarchini,
My apologies, you are totally right. Here is the config file for the IAM role:
resource "aws_iam_role" "schengenRefugeeClouddynamicsIAMRole" {
name = var.iamRoleName
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
Resuming, my module Lambda is under folder 2_lambda, while my module IAM is under folder 3_iam. All of this is in my main config file at the root level:
module "lambda"{
source = "./2_lambda"
lambdaFunctionName = var.lambdaFunctionName
role = module.iam.??????????????????
depends_on = [module.iam, module.dynamoDB]
}
module "iam"{
source = "./3_iam"
iamRoleName = var.iamRoleName
depends_on = [module.dynamoDB]
}
What do I need to pass at the root level above? And how can I use it inside my Lambda module below?
resource "aws_lambda_function" "schengenRefugeeClouddynamicsLambda" {
function_name = var.lambdaFunctionName
role = ?????????????????????????????
handler = "exports.test"
runtime = "nodejs12.x"
environment {
variables = {
foo = "bar"
}
}
}
Thanks again for your help.
Peter
Here is the directory structure:
I cannot see if you have any outputs defined so maybe something like this would be needed if you don’t
output "iam_role_id" {
value = aws_iam_role.schengenRefugeeClouddynamicsIAMRole.id
}
output "iam_role_arn" {
value = aws_iam_role.schengenRefugeeClouddynamicsIAMRole.arn
}
This will output the ARN and ID of the IAM role created by the module. You can then use these as inputs to the other module.
module "lambda"{
source = "./2_lambda"
lambdaFunctionName = var.lambdaFunctionName
role = module.iam.iam_role_id
depends_on = [module.iam, module.dynamoDB]
}
```
Hi nmarchini,
Thanks a lot! I didn’t know we had to setup an output to be used in another module.
I will try it out straight away.
Thanks again!
1 Like