Teraform cannot find Resource for variable despite having it declared in the same file

0 votes

Terraform is not able to find a resource which is declared in the same file where the reference is.

It seems that this line is causing trouble: role_arn = "${aws_iam_role.newsapi_lambda_codepipeline.arn}". It can't find newsapi_lambda_codepipelinewhich is declared as resource "aws_iam_role" "newsapi_lambda_codepipeline" { ... }.

This is my main.tf:

resource "aws_s3_bucket" "newsapi_lambda_builds" {
  bucket = "newsapi-lambda-builds"
  acl    = "private"
}

resource "aws_iam_role" "newsapi_lambda_codebuild" {
  name = "newsapi-lambda-codebuild"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:GetBucketVersioning"
      ],
      "Resource": "arn:aws:s3:::newsapi_lambda_builds",
      "Effect": "Allow"
    },
    {
      "Action": [
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::newsapi_lambda_builds"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "lambda:invokefunction",
        "lambda:listfunctions"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Effect": "Allow",
      "Resource": [
        "*"
      ],
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ]
    }
  ]
}
EOF
}
resource "aws_iam_role" "newsapi_lambda_codepipeline" {
  name = "newsapi-lambda-codepipeline"

  assume_role_policy = <<EOF
{
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codepipeline.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:GetBucketVersioning"
      ],
      "Resource": "${aws_s3_bucket.newsapi_lambda_builds.arn}",
      "Resource": "${aws_s3_bucket.newsapi_lambda_builds.arn}/*"
      "Effect": "Allow"
    },
    {
      "Action": [
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::newsapi_lambda_builds"
      ],
      "Effect": "Allow"
    },
    {
      "Effect": "Allow",
      "Action": [
        "codebuild:BatchGetBuilds",
        "codebuild:StartBuild"
      ],
      "Resource": "*"
    }
  ],
  "Version": "2012-10-17"
}
EOF
}


resource "aws_codepipeline" "newsapi_lambda" {
  name     = "newsapi-lambda"
  role_arn = "${aws_iam_role.newsapi_lambda_codepipeline.arn}"

  artifact_store {
    location = "${aws_s3_bucket.newsapi_lambda_builds.bucket}"
    type     = "S3"
  }

  stage {
    name = "Source"

    action {
      name             = "Source"
      category         = "Source"
      owner            = "ThirdParty"
      provider         = "GitHub"
      version          = "1"
      output_artifacts = ["newsapi_lambda"]

      configuration {
        Owner      = "Defozo"
        Repo       = "traceitfor.me_newsapi_lambda"
        Branch     = "master"
      }
    }
  }

  stage {
    name = "Build"

    action {
      name            = "Build"
      category        = "Build"
      owner           = "AWS"
      provider        = "CodeBuild"
      input_artifacts = ["newsapi_lambda"]
      version         = "1"
      role_arn = "${aws_iam_role.newsapi_lambda_codebuild.arn}"

      configuration {
        ProjectName = "newsapi-lambda"
      }
    }
  }
}

After executing terraform apply I get:

Error: Error running plan: 1 error(s) occurred:

* aws_codepipeline.newsapi_lambda: 1 error(s) occurred:

* aws_codepipeline.newsapi_lambda: Resource 'aws_iam_role.newsapi_lambda_codepipeline' not found for variable 'aws_iam_role.newsapi_lambda_codepipeline.arn'


I have aws_iam_role.newsapi_lambda_codepipeline declared, haven't I? DOnt know why its happening, can anyone help?

Jun 14, 2018 in AWS by Flying geek
• 3,280 points
2,262 views

1 answer to this question.

0 votes

I think role declaration that u have entered could be wrong. And terraform was not able to generate an arn because of that, therefore can't find it.

It looks like you also need to create resource "aws_iam_role_policy". See https://www.terraform.io/docs/providers/aws/r/codepipeline.html It's a bit unclear why you'd need to split.

If this isn't working then let me know in the reply.

answered Jun 14, 2018 by Cloud gunner
• 4,670 points

Related Questions In AWS

0 votes
1 answer
+1 vote
1 answer

[WinError 2] The system cannot find the file specified

Hi@akhtar, You may get this error, if you ...READ MORE

answered Jun 1, 2020 in AWS by MD
• 95,460 points
4,013 views
0 votes
1 answer
0 votes
1 answer
+2 votes
3 answers
+5 votes
2 answers

Can we export/migrate users from AWS cognito, does it cause vendor lock-in?

Cognito actually has the capability to import ...READ MORE

answered Aug 1, 2018 in AWS by bug_seeker
• 15,510 points
4,991 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP