Referencing an arn declared in a module

I have a folder /modules/firehose where i’ve declared a file as such:

resource "aws_kinesis_firehose_delivery_stream" "purchase_logs_firehose_stream" {
  name        = var.firehose_stream_name
  destination = "extended_s3"
  extended_s3_configuration {
    role_arn        = var.firehose_role_arn
    buffer_interval = 60
    buffer_size     = 64
    bucket_arn      = var.destination_bucket_arn
  }
}
variable "firehose_stream_name" {
  description = "name of your stream"
}

variable "firehose_role_arn" {
}

variable "destination_bucket_arn" {

}

I then import the module in the root directory as such:

module "purchase_logs_firehose_prod" {
  source                 = "./modules/firehose"
  firehose_stream_name   = "purchase_logs_firehose_prod"
  firehose_role_arn      = aws_iam_role.purchase_logs_firehose_role.arn
  destination_bucket_arn = aws_s3_bucket.purchase_logs_destination_prod.arn
}
resource "aws_s3_bucket" "purchase_logs_destination_prod" {
  bucket = "purchase-logs-prod-dump"
}

According to the documentation there is an attribute arn which i can reference afterwards. However when i try to reference it else where as module.purchase_logs_firehose_prod.arn i get an error

│ Error: Unsupported attribute
│ 
│   on iam.tf line 83, in resource "aws_iam_policy" "ec2_policy":
│   83:             ${module.purchase_logs_firehose_prod.arn}
│     ├────────────────
│     │ module.purchase_logs_firehose_prod is a object
│ 
│ This object does not have an attribute named "arn".

I’m really not sure what the source of the error is. If I even check the state file (after removing the code causing the error and running terraform apply, i see an arn attribute for the resource in question). Any input appreciated!

Here is the file iam.tf where i try to reference it

resource "aws_iam_policy" "ec2_policy" {
  name        = "ec2-policy"


  policy = <<EOF
{
  "Version":"2012-10-17",
  "Statement":[
      {
        "Effect":"Allow",
        "Action":[
            "*"
        ],
        "Resource":[
            "${module.purchase_logs_firehose_prod.arn}" 
        ]
      }
  ]
}
EOF

}

>Solution :

For this to work, you have to define an output at the module level:

resource "aws_kinesis_firehose_delivery_stream" "purchase_logs_firehose_stream" {
  name        = var.firehose_stream_name
  destination = "extended_s3"
  extended_s3_configuration {
    role_arn        = var.firehose_role_arn
    buffer_interval = 60
    buffer_size     = 64
    bucket_arn      = var.destination_bucket_arn
  }
}
variable "firehose_stream_name" {
  description = "name of your stream"
}

variable "firehose_role_arn" {
}

variable "destination_bucket_arn" {

}

output "firehose_prod_arn" {
  description = "Kinesis Firehose ARN."
  value       = aws_kinesis_firehose_delivery_stream.purchase_logs_firehose_stream.arn
}

Then, you can reference it in the iam.tf file like this:

resource "aws_iam_policy" "ec2_policy" {
  name        = "ec2-policy"


  policy = <<EOF
{
  "Version":"2012-10-17",
  "Statement":[
      {
        "Effect":"Allow",
        "Action":[
            "*"
        ],
        "Resource":[
            module.purchase_logs_firehose_prod.firehose_prod_arn
        ]
      }
  ]
}
EOF

}

More information about using outputs can be found in the docs, while the exact explanation on how referencing the module outputs works is a subsection.

Leave a Reply