Getting error while assigning multiple security group using modules to ec2 in terraform

1
votes

This is my ec2.tf

resource "aws_instance" "ec2_instance" {
# resource gets created if private_ip variable is not passed as a input.
  count                       = var.instance_count
  //"${length(compact(split(",", var.instance_count))) > 0 ? "${var.instance_count}" : 0}"
                                
  ami                         = "${element(split(",", var.ami_id), count.index)}"
  instance_type               = "${element(split(",", var.instance_type), count.index)}"
  subnet_id                   = "${element(split("," ,var.subnet),count.index)}"
  key_name                    = "${aws_key_pair.tmnl-infra-ssrv.key_name}"
  associate_public_ip_address = "${var.associate_public_ip}"
  disable_api_termination     = "${var.disable_termination}"
  vpc_security_group_ids      = ["${element(split("@", var.security_group), 0)}"]
  iam_instance_profile        = "${element(split(",", var.iam_instance_profile), count.index)}"
  ebs_optimized               = "${element(split(",", var.ebs_optimized), count.index)}"

This is module for EC2 in main.tf

module "ec2" {
  source           = "../../euc-terraformcontrol-compute"
  ami_id           =  "${element(split(",", var.ami_id), 0)},${element(split(",", var.ami_id), 1)},${element(split(",", var.ami_id), 2)},${element(split(",", var.ami_id), 3)},${element(split(",", var.ami_id), 4)},${element(split(",", var.ami_id), 5)},${element(split(",", var.ami_id), 6)},${element(split(",", var.ami_id), 7)}"
  instance_count   = "${element(split(",", var.instance_count), 0)}"
  root_volume_size = "${element(split(",", var.root_volume_size),0)}"
  subnet           = "subnet-0be87b3442158715d,subnet-0cd01502c1a6f37d9,subnet-06785e23087afb9a6"
  iam_instance_profile  = "${element(split(",", var.iam_instance_profile),0)}"
  #if multiple security group should be attached to each instance then the format will be "${var.sg1},${var.sg2},${var.sg3},${var.sg4}"
  security_group                = ["${element(split(",", module.security_groups.security_group_05_id),0)}","${element(split(",", module.security_groups.security_group_06_id),0)}"]
  instance_type                 = "${element(split(",", var.instance_type), 0)},${element(split(",", var.instance_type), 1)},${element(split(",", var.instance_type), 2)},${element(split(",", var.instance_type), 3)},${element(split(",", var.instance_type), 4)},${element(split(",", var.instance_type), 5)},${element(split(",", var.instance_type), 6)},${element(split(",", var.instance_type), 7)}"
  instance_name                 = "${element(split(",", var.instance_name), 0)},${element(split(",", var.instance_name), 1)},${element(split(",", var.instance_name), 2)},${element(split(",", var.instance_name), 3)},${element(split(",", var.instance_name), 4)},${element(split(",", var.instance_name), 5)},${element(split(",", var.instance_name), 6)},${element(split(",", var.instance_name), 7)}"
}

my variable in tfvars file is:

security_group = "security_group_04_id@security_group_05_id@security_group_07_id"

Now there are two types of error I am getting:

  1. Error: Incorrect attribute value type

on ....\xxxxxxxxxxxx\ec2.tf line 20, in resource "aws_instance" "ec2_instance": 20: vpc_security_group_ids = ["${element(split("@", var.security_group), 0)}"] |---------------- | var.security_group is tuple with 2 elements

Invalid value for "str" parameter: string required.

  1. Error: Error launching source instance: InvalidGroup.NotFound: The security group 'sg-0a8a5220cf7ae4fff,sg-0d245af2b879c385d' does not exist in VPC 'vpc-016113bafe6694c18' status code: 400, request id: 291fda8a-7ec5-486b-b45b-9feb3bd9f7a3

Please help me to resolve these errors.

2
amazon-web-servicesterraformterraform-provider-awsaws-security-group
Are you sure that security_group is what you think it is. The error msg says its tuple, not string.Marcin

2 Answers

0
votes

I dont think the value you have defined in tfvars is being used.

The ec2.tf module gets the value from this line in main.tf

  security_group                = ["${element(split(",", module.security_groups.security_group_05_id),0)}","${element(split(",", module.security_groups.security_group_06_id),0)}"]

This looks like a List of Security Group IDs. You are passing this List as "var.security_group" to the module. Obviously the SPLIT function will throw an error as it would be expecting a STRING. So the error you see is expected.

  vpc_security_group_ids      = ["${element(split("@", var.security_group), 0)}"]

Its hard to pin-point what the Issue here is any further. This code would not work. If you TF config files worked before, my guess is that there was a recent change that broke this - review that code change.

The requirement is simple. vpc_security_group_ids needs a List of valid Security Group IDs.

I am going to make a Wild Guess: Below could be the possible issues. Review and give it a try.... (Obviously, check if Terraform plan comes up as per your expectation)

1.) in main.tf -- Remove the Double Quotes in between and just leave a comma. Like "," --> to just ,

  security_group                = ["${element(split(",", module.security_groups.security_group_05_id),0)},${element(split(",", module.security_groups.security_group_06_id),0)}"]

2.) in ec2.tf -- Replace the @ with Comma. @ does not make sense.

vpc_security_group_ids = ["${element(split(",", var.security_group), 0)}"]

0
votes

I made this change in ec2.tf

vpc_security_group_ids      = "${var.security_group}"

I changed this in main.tf

security_group =["${module.security_groups.security_group_04_id}", "${module.security_groups.security_group_05_id}"]

This worked for me.