Hello,
I have 2 modules which are dependent on each other as follows
Module 1) create-aurora-postgresql
- Creates aurora RDS instance
- on-board the RDS master account password into secrets manager
- Creates a custom friendly alias in route 53
Module 2) create-postgresql-setup-db-accts
- Postgresql account provisioning using cyrilgdn/postgresql provider
- Logs into the above instance and provisions the user supplied accounts
Below the root level main.tf code.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.71.0"
}
postgresql = {
source = "cyrilgdn/postgresql"
version = "1.15.0"
}
}
}
/* Default provider */
provider "aws" {
region = var.aws_region
}
/* Secondary provider */
provider "aws" {
alias = "secondary"
region = var.secondary_aws_region - Secondary Provider
}
/* cyrilgdn/postgresql Postgresql Provider where i am passing outputs from the module 1*/
provider "postgresql" {
alias = "appusrprov"
host = module.create-aurora-postgresql.rg_write_cluster_endpoint_friendly_alias
database = module.create-aurora-postgresql.database_name
username = module.create-aurora-postgresql.master_username
password = jsondecode(data.aws_secretsmanager_secret_version.master_ver.secret_string)["password"]
port = module.create-aurora-postgresql.port
sslmode = "require"
superuser = false
}
/* Get the seceret id from seceret manager */
data "aws_secretsmanager_secret" "master_username" {
**name = module.create-aurora-postgresql.master_username**
}
/* Extract the master account password from the AWS Secerets Manager */
data "aws_secretsmanager_secret_version" "master_ver" {
secret_id = data.aws_secretsmanager_secret.master_username.id
}
/* module which creates the Auora Postgresql and on-boards master account into seceret manager */
module "create-aurora-postgresql" {
source = "tfe.****.com/inregistry/create-aurora-postgresql/aws"
version = "4.0.0"
Requied input parameters
providers = {
aws.secondary = aws.secondary
}
}
/* Module which creates the required database accounts based on the postgresql provider */
module "create-postgresql-setup-db-accts" {
source = "tfe.**********.com/inregistry/create-postgresql-setup-db-accts/aws"
depends_on = [module.create-aurora-postgresql]
version = "1.0.4"
providers = {
postgresql.appusrprov = postgresql.appusrprov
}
}
The issue is the data resource is getting evaluated during the plan phase and complaining the secret doesn't exists, which is obvious,
terraform plan -var-file=input_vars.auto.tfvars
â•·
│ Error: Secrets Manager Secret "ap_master_dev_ggbts" not found
│
│ with data.aws_secretsmanager_secret.master_username,
│ on main.tf line 37, in data "aws_secretsmanager_secret" "master_username":
│ 37: data "aws_secretsmanager_secret" "master_username" {
│
╵
exit status 1
isn’t the data source supposed to wait until the module 1 is completion ?
Regards
Raj