Wednesday, February 12, 2020

Terraform Errors

Terraform Notes

Terraform Errors

The given key does not identify an element in this collection value.

Error: Invalid index

  on main.tf line 89, in resource "aws_organizations_organizational_unit" "level2_ou":
  89:       parent_id = "${[for thisLevel in local.level1_ou_flat: thisLevel.id if thisLevel.path == each.value["parent_path"]][0]}"
    |----------------
    | each.value["parent_path"] is "/Root/Non-Production"
    | local.level1_ou_flat is tuple with 3 elements

The given key does not identify an element in this collection value.

This means that there were nothing that matches the "/Root/Non-Production"
You need to account for this happening by checking for element size as such:

parent_id = length([for thisLevel in local.level1_ou_flat: thisLevel.id if thisLevel.path == each.value["parent_path"]]) > 0 ? "${[for thisLevel in local.level1_ou_flat: thisLevel.id if thisLevel.path == each.value["parent_path"]][0]}" : aws_organizations_organization.stifel-master.roots[0].id

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Index brackets must contain either a literal number or a literal string.

Error: Index value required

  on <import-address> line 1:
   1: aws_organizations_account.account[TEST-Master]

Index brackets must contain either a literal number or a literal string.

This error is probably because of your shell is stripping the double quotes.
Try this instead: wrap the whole module name in single quotes and escape the double quotes inside for the index string.

terraform import 'module.accounts.aws_organizations_account.account[\"TEST-Master\"]' 1111111111111

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Self-referential block

You can't reference itself in the for_each block inside resource block. I thought maybe Terraform would put a placeholder such as "(Known after apply)" like it usually does during plan. It seems that the entire resource's dependencies are evaluated as a whole. This blog does a good job of explaining this limitation.  

Error Output
Error: Self-referential block

  on modules\ous\m_org_ou.tf line 142, in resource "aws_organizations_organizational_unit" "levelX_ou":
 142:       parent_id = each.value["name"] == "Alpha" ? "r-f999" : aws_organizations_organizational_unit.levelX_ou["X1"].id

Configuration for aws_organizations_organizational_unit.levelX_ou["X1"] may
not refer to itself.

Resource Block
resource "aws_organizations_organizational_unit" "levelX_ou"{
    for_each = var.ou_map_x
      name = each.value["name"]
      parent_id = each.value["name"] == "Alpha" ? "r-f999" : aws_organizations_organizational_unit.levelX_ou["X1"].id 
}

Variable

variable "ou_map_x"{
    default = {
        "X1" = {
            "depth" = "1"
            "name" = "Alpha"
            "path" = "/"
            "parent_name" = "Root"
            "parent_path" = "/Root"
        },
        "X2" = {
            "depth" = "2"
            "name" = "Bravo"
            "path" = "/"
            "parent_name" = "Alpha"
            "parent_path" = "/Root/Alpha"
        },
        "X3" = {
            "depth" = "3"
            "name" = "Charlie"
            "path" = "/"
            "parent_name" = "Bravo"
            "parent_path" = "/Root/Alpha/Bravo"
        }
    }
}

This is using same Terraform code as above, except I tried to loop through the entire resource block and find the matching parent_name, which returned a more ambiguous error, but same issue with cyclic self-reference issue.


Error: Cycle: module.ous.aws_organizations_organizational_unit.levelX_ou["X3"], module.ous.aws_organizations_organizational_unit.levelX_ou["X2"], module.ous.aws_organizations_organizational_unit.levelX_ou["X1"]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

No valid credential sources found for AWS Provider

If you changed the profile used to access your S3 backend, you won't have access to it anymore. You'll see this error during terraform init

Initializing the backend...

Error: No valid credential sources found for AWS Provider.
        Please see https://terraform.io/docs/providers/aws/index.html for more information on
        providing credentials for the AWS Provider

In order to fix this, you can either copy the new profile name so you have both new and old profile credential (although same credential). Or you can edit the local terraform.tfstate so that it uses the new profile name. 

"backend": {
        "type": "s3",
        "config": {
            "profile": "oldProfile"

If you see this error during terraform plan/apply then in your provider block, you have wrong or invalid profile name.



=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

AWS WAF log4j query

How to query AWS WAF log for log4j attacks 1. Setup your Athena table using this instruction https://docs.aws.amazon.com/athena/latest/ug/wa...

  • AWS WAF log4j query
    How to query AWS WAF log for log4j attacks 1. Setup your Athena table using this instruction https://docs.aws.amazon.com/athena/latest/ug/wa...
  • Terraform Errors
    Terraform Notes Terraform Errors The given key does not identify an element in this collection value. Error: Invalid index on main...
  • AWS Policy Conditions
    AWS Policy Conditions References: Condition Policy Element Condition with Multiple Keys or Values Multiple Conditions Multiple conditions ar...