Terraform - Unable to pass string variable to child module

Question

I have terraform setup with a number of nested modules. Simplified it looks like this

├── modules
│   ├── sec-groups
│   │   ├── main.tf
│   │   ├── outputs.tf
│   │   ├── variables.tf
│   │   └── versions.tf
├── dev
│   ├── env.dev.tfvars
│   ├── main.tf
│   ├── versions.tf
│   └── variables.tf
└── prod
    ├── env.prod.tfvars
    ├── main.tf
    ├── versions.tf
    └── variables.tf

Where in dev:

main.tf

module "aws_dev_sec-groups" {
  source = "../modules/sec-groups"

  vpc_name   = aws_vpc.dev_bp_vpc
  vpc_id     = aws_vpc.dev_bp_vpc.id

  localip  = var.localip
}

variables.tf

variable "localip" {
  type = string
}

env.dev.tfvars

localip = "1.1.1.1/32"

And in the sec-groups module:

main.tf

resource "aws_security_group" "servers_sg" {
  name = "servers_sg"
  description = "Traffic allowed to and from Servers"
  vpc_id = var.vpc_id
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = [var.localip]
  }
}

variables.tf

variable vpc_id {}
variable localip {
  type = string
}

--

'terraform init' produces expected results. However, 'terraform plan' produces the following error. To me this suggests an empty localip variable, which means I'm not correctly declaring the variable, is this the case?

Error: "" is not a valid CIDR block: invalid CIDR address:

  on ../modules/sec-groups/main.tf line 63, in resource "aws_security_group" "servers_sg":
  63: resource "aws_security_group" "servers_sg" {
  }

Thanks in advance

--

% terraform -v
    Terraform v0.13.0
    + provider registry.terraform.io/hashicorp/aws v3.2.0
    + provider registry.terraform.io/hashicorp/random v2.3.0

I don't think that env.dev.tfvars is automatically loaded into variables. Either rename the file to env.dev.auto.tfvars or specify it on the command line using the -var-file="env.dev.tfvars" argument when doing terraform plan & apply. — pijemcolu
The above comment is correct but you should instead get an error about the localip variable not being set because it doesn't contain a default value in the root module vars.tf. Have you mangled things slightly and removed this? Or is this code exactly an minimal reproducible example? — ydaetskcoR
The title is very very misleading... you can pass the variable just fine _ _ _ look in your code where is that "" set for the variable — Helder Sepulveda
When I call plan, I specify -var-file=env.dev.auto.tfvars using 'auto' doesn't appear to make a difference. — Adam
@HelderSepulveda - I don't understand why the title is misleading. I have specified the variable as '1.1.1.1' and as far as I can tell it is not bring passed to the module. Is there a better way to describe this — Adam

Tiemen Tiemen · Accepted Answer · 2020-08-24T15:06:13

Variables from a .tfvars file are assigned to the root module.

If the code you posted is actually at root level, it will work, when you specify the -var-file.

If it is not actually at root level, you are most likely not passing down the localip var correctly. The fact that you see Error: "" is not a valid CIDR block: invalid CIDR address: indicates that you are passing down an empty string somewhere. If you would not load the .tfvars correctly and the code above is actually at root level, you would get a different error (missing variable), since you did not provide a default to the localip variable.

Terraform - Unable to pass string variable to child module

2 Answers