Using tfe_organization, "Variables not allowed"

I have a remote backend configured like this:

terraform {
  backend "remote" {
    organization = tfe_organization.my_tf_cloud_org

    workspaces {
      name = "my-workspace-name"
    }
  }

  required_version = "~> 1.0.2"
}

resource "tfe_organization" "my_tf_cloud_org" {
  name  = "my-tf-cloud-org"
  email = "foo@example.com"
  collaborator_auth_policy = "two_factor_mandatory"
}

This works fine in TF Cloud when triggered by a Github pull request.

However, when I try to ‘init’ using the terraform CLI on my local computer (for testing purposes so I don’t have to rely on a pull request trigger) I get this error (with “tfe_organization” underlined):

╷
│ Error: Variables not allowed
│ 
│   on main.tf line 3, in terraform:
│    3:     organization = tfe_organization.my_tf_cloud_org
│ 
│ Variables may not be used here.
╵

Why does this config work when triggered in TF Cloud but not via CLI?

Hi @jmiller,

In Terraform Cloud’s remote execution environment, to support folks who are using the non-CLI workflows (and thus might not have a backend "remote" block at all) Terraform Cloud automatically generates a new backend configuration which hard-codes the organization name of whatever workspace it’s running in.

That’s therefore masking the error, because Terraform is ignoring the original invalid expression in your main.tf file.

1 Like