Set an AWS Resource's provider value via a module variable

matthewmcspadden · November 10, 2021, 4:08am

Hi - I have created a module I want to use across multiple providers (just two AWS providers for 2 regions). How can I set a resource’s provider value via variable from a calling module? I am calling a module codebuild.tf (which I want to be region agnostic) from a MGMT module named cicd.tf - Folder structure:

main.tf
/MGMT/
→ cicd.tf
/modules/codebuild/
→ codebuild.tf

main.tf:

terraform {
  required_version = ">= 1.0.10"
  backend "s3" {
  }
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.0"
    }
  }
}

# default AWS provider for MGMT resources in us-east-1 and global
provider "aws" {
  region = "us-east-1"
}

# DEV Account resources in us-east-1 and global
provider "aws" {
  region = "us-east-1"
  assume_role {
    role_arn     = "arn:aws:iam::accountid:role/dev-rolename"
  }
  alias = "dev_us-east-1"
}


# DEV Account resources in us-west-2 and global
provider "aws" {
  region = "us-west-2"
  assume_role {
    role_arn     = "arn:aws:iam::accountid:role/dev-rolename"
  }
  alias = "dev_us-west-2"
}

module "MGMT" { 
  source                         = "./MGMT"
  count                           = var.aws_env == "MGMT" ? 1 : 0
  aws_env                      = var.aws_env
}

When I build my TF, its under the MGMT AWS account which uses the the default aws provider that doesn’t have an alias - I am then trying to set a provider with an AWS IAM Role (that’s cross account) when I am calling the module (I made the resource a module because I want to run it in multiple regions):

/MGMT/cicd.tf:

# DEV in cicd.tf

# create the codebuild resource in the assumed role's us-east-1 region
module "dev_cicd_iac_us_east_1" {
  source = "../modules/codebuild/"
  input_aws_provider = "aws.dev_us-east-1"
  input_aws_env = var.dev_aws_env
}


# create the codebuild resource in the assumed role's us-west-2 region
module "dev_cicd_iac_us_west_2" {
  source = "../modules/codebuild/"
  input_aws_provider = "aws.dev_us-west_2"
  input_aws_env = var.dev_aws_env
}

/modules/codebuild/codebuild.tf:

# Code Build resource here
variable "input_aws_provider" {}
variable "input_aws_env" {}

resource "aws_codebuild_project" "codebuild-iac" {
  provider      = tostring(var.input_aws_provider) # trying to make it a string, with just the var there it looks for a var provider
  
  name          = "${var.input_aws_env}-CodeBuild-IaC"
  # etc...
}

I get the following error when I plan the above:

│ Error: Invalid provider reference
│ On modules/codebuild/codebuild.tf line 25: Provider argument requires
│ a provider name followed by an optional alias, like "aws.foo".

How can I make the provider value a proper reference to the aws provider defined in main.tf while still using a MGMT folder/module file named cicd.tf?