My company created an internal set of modules. Each of the modules has a provider block (for aws). I want to call the corporate modules, but redefine the provider block in order to use localstack endpoints
When I run the modules, it seems like the provider block in the module is taking precedence. The calls are not going to localstack, but instead returning an invalid security token error. Is there a way for me to make terraform use my provider block?
Hi @rogermyung,
Since Terraform v0.11, provider configurations inside shared modules have been deprecated, in part because of the very problem you’ve encountered here.
The recommended approach is to have shared modules contain no provider blocks at all and instead expect to receive inherited or explictly-passed providers from the root module. That way you can centralize all of the provider settings in the root module and have all of the descendent modules share them.
Of course, that answer isn’t helpful if you can’t change the modules you’re calling. Unfortunately in that case I think the answer is that there isn’t a good answer: those modules are written to work only with “real” AWS, and so you can’t use them with any other workalike API endpoints.
Thanks for the response.
Since we’re using terragrunt as a wrapper, I tried a few of their features, but it didn’t work either.
- aws-provider-patch, which does a “get” on the modules and then modifies the providers in the .terraform cache. It looks like it only works for import though, it gets overwritten when the plan or apply runs.
- generating an additional provider.tf file in the modules. It looks like the existing provider blocks take precedence.