Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failure to use module with resource dependencies: 'operating_regions' must include us-east-1 #67

Open
vinelias opened this issue Apr 20, 2024 · 1 comment
Open

Failure to use module with resource dependencies: 'operating_regions' must include us-east-1 #67

vinelias opened this issue Apr 20, 2024 · 1 comment

Comments

@vinelias
Copy link

Hi folks!
I'm trying to use this module with a 'depends_on' statement. I want to use a cross-account provider to delegate the IPAM service to my 'Network" account. It's not a requirement in this case, I can create the IPAM pools and delegate the organization service after that, but would be nice if we could have it working.

Here you can see a code snippet:

resource "aws_organizations_delegated_administrator" "ipam" {
  provider = aws.org-management

  account_id        = data.aws_caller_identity.current.account_id
  service_principal = "ipam.amazonaws.com"
}

module "ipam" {
  source  = "aws-ia/ipam/aws"
  version = "2.1.0"
  depends_on = [aws_organizations_delegated_administrator.ipam]
...

The error is:

Error: operating_regions must include us-east-1
│ 
│   with module.ipam.aws_vpc_ipam.main[0],
│   on .terraform/modules/ipam/main.tf line 27, in resource "aws_vpc_ipam" "main":
│   27: resource "aws_vpc_ipam" "main" {
│

Terraform version: 1.5.0

My suggestion is create a variable to inform the main region statically, it will avoid problems with depends_on statement and data resources inside the module. I did some changes locally and it seems to work fine.

--- a/main.tf
+++ b/main.tf
@@ -19,7 +19,7 @@ locals {
 
   # its possible to create pools in all regions except the primary, but we must pass the primary region
   # to aws_vpc_ipam.operating_regions.region_name
-  operating_regions = distinct(concat(local.all_locales, [data.aws_region.current.name]))
+  operating_regions = distinct(concat(local.all_locales, [var.ipam_main_region == "" ? data.aws_region.current.name : var.ipam_main_region]
))
 }
 
 data "aws_region" "current" {}
diff --git a/variables.tf b/variables.tf
index 86d814f..ef18d53 100644
--- a/variables.tf
+++ b/variables.tf
@@ -130,6 +130,15 @@ variable "ipam_scope_type" {
   }
 }
 
+variable "ipam_main_region" {
+  description = <<-EOF
+    It is possible to create pools in all regions except the main, but we must pass the primary region.
+    You can use this variable to specify the main region, or you can leave it blank to use the region for the current provider.
+  EOF
+  type        = string
+  default     = ""
+}
+

Thanks in advance
@fsmedw
Copy link

fsmedw commented Jul 10, 2024

Making it a list of strings of regions would be nice. Currently the module requires you to set up a pool in each region you operate, our use case is a single pool that covers multiple regions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vinelias @fsmedw