Terraform module dependency issues

Hello,

I have 2 modules which are dependent on each other as follows

Module 1) create-aurora-postgresql

  • Creates aurora RDS instance
  • on-board the RDS master account password into secrets manager
  • Creates a custom friendly alias in route 53

Module 2) create-postgresql-setup-db-accts

  • Postgresql account provisioning using cyrilgdn/postgresql provider
  • Logs into the above instance and provisions the user supplied accounts
Below the root level main.tf code. 

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 3.71.0"
    }
    postgresql = {
      source  = "cyrilgdn/postgresql"
      version = "1.15.0"
    }
  }
}

/* Default provider */

provider "aws" {
  region = var.aws_region 
}

/* Secondary provider */

provider "aws" {
  alias = "secondary"
  region = var.secondary_aws_region - Secondary Provider
}

/* cyrilgdn/postgresql Postgresql Provider where i am passing outputs from the module 1*/

provider "postgresql" {
  alias     = "appusrprov"
  host      = module.create-aurora-postgresql.rg_write_cluster_endpoint_friendly_alias
  database  = module.create-aurora-postgresql.database_name
  username  = module.create-aurora-postgresql.master_username
  password  = jsondecode(data.aws_secretsmanager_secret_version.master_ver.secret_string)["password"]
  port      = module.create-aurora-postgresql.port
  sslmode   = "require"
  superuser = false
}

/* Get the seceret id from seceret manager */

data "aws_secretsmanager_secret" "master_username" {
  **name = module.create-aurora-postgresql.master_username**
}


/* Extract the master account password from the AWS Secerets Manager */

data "aws_secretsmanager_secret_version" "master_ver" {
  secret_id = data.aws_secretsmanager_secret.master_username.id
}


/* module which creates the Auora Postgresql and on-boards master account into seceret manager */

module "create-aurora-postgresql" {
  source  = "tfe.****.com/inregistry/create-aurora-postgresql/aws"
  version = "4.0.0"
  
  Requied input parameters
  
  providers = {
        aws.secondary = aws.secondary
    }
}

/* Module which creates the required database accounts based on the postgresql provider */

module "create-postgresql-setup-db-accts" {
  source               = "tfe.**********.com/inregistry/create-postgresql-setup-db-accts/aws"
  depends_on           = [module.create-aurora-postgresql]
  version              = "1.0.4"
  
   providers = {
        postgresql.appusrprov = postgresql.appusrprov
    }
}

The issue is the data resource is getting evaluated during the plan phase and complaining the secret doesn't exists, which is obvious, 

terraform plan -var-file=input_vars.auto.tfvars

â•·
│ Error: Secrets Manager Secret "ap_master_dev_ggbts" not found
│ 
│   with data.aws_secretsmanager_secret.master_username,
│   on main.tf line 37, in data "aws_secretsmanager_secret" "master_username":
│   37: data "aws_secretsmanager_secret" "master_username" {
│ 
╵
exit status 1

isn’t the data source supposed to wait until the module 1 is completion ?

Regards
Raj

Not quite, no. It will wait until the value of master_username is known - which presumably means no waiting at all, as it sounds like something that would be statically configured.

It is difficult to suggest how to fix this without seeing the definition of the create-aurora-postgresql module. Can you share all of the .tf files for that module?