Issue creating security group in AWS with custom name passed as variables

Terraform Version

Terraform v0.12.13

Terraform Configuration Files

resource "aws_security_group" "ec2_instance_sg" {
  count       = var.create_sg == true ? 1 : 0
  name        = "aws-eu-${var.business-unit}-${var.access[ProjectAccountName]}-${var.environment}-${var.app-name}-${var.tier}-sg"
  vpc_id      = var.vpc_id
  description = var.description

  tags = {
    Name            = "aws-eu-${var.business-unit}-${var.access[ProjectAccountName]}-${var.environment}-${var.app-name}-${var.tier}-sg"
    "Owner/Creator" = "${var.sg_owner}/${var.sg_creator}"
  }
}

Crash Output

Error: Invalid reference

  on security-group.tf line 8, in resource "aws_security_group" "ec2_instance_sg":
   8:     Name            = "aws-eu-${var.business-unit}-${var.access[ProjectAccountName]}-${var.environment}-${var.app-name}-${var.tier}-sg"

A reference to a resource type must be followed by at least one attribute
access, specifying the resource name.

Expected Behavior

Create Security Group with desired name

Actual Behavior

Error : A reference to a resource type must be followed by at least one attribute access, specifying the resource name.

Steps to Reproduce

Please list the full steps required to reproduce the issue, for example:

1. terraform init
2. terraform validate

Additional Context

I have faced same issue while creating s3 bucket for attribute bucket_name .

Hi @sernapallyanurag,

I think the problem here is the reference to ProjectAccountName in your expression. Terraform thinks you are trying to refer to a resource type name, as if there were a block somewhere else in the configuration defined like this:

resource "ProjectAccountName" "anything" {

The error message is saying that in order for that to be valid you’d need to follow it by the name of the resource, which would be ProjectAccountName.anything in the above example.

However, I expect what you actually wanted was either to use that string literally, like this:

${var.access["ProjectAccountName"]}

…or to get the value from an input variable, like this:

${var.access[var.ProjectAccountName]}