I am using terraform with terragrunt to deploy a VPC on AWS using a multi-account setup (an account for dev and an account for prd). I have a file structure as follows.
.
└── my_processor/
├── vpc/
│ └── environments/
│ ├── dev/
│ │ ├── provider.tf
│ │ ├── remote-state.tf
│ │ ├── terragrunt.hcl
│ │ ├── variables.tf
│ │ └── versions.tf
│ ├── prod/
│ │ ├── provider.tf
│ │ ├── remote-state.tf
│ │ ├── terragrunt.hcl
│ │ ├── variables.tf
│ │ └── versions.tf
│ └── root_terragrunt.hcl
└── modules/
└── vpc/
├── dhcp-options.tf
├── internet-gateway.tf
├── key-pair.tf
├── nat-gateway.tf
├── routes.tf
├── subnets.tf
├── variable.tf
└── vpc.tf
I have a dev and prod folder within my environments folder. These folders contain the files and module invocations for the development and production AWS accounts respectively. I run the commands terragrunt init, terragrunt plan etc. from within these folders.
I call the vpc module from these environments. The vpc module has a variable.tf file, which contains several variables, as follows.
vpc/variable.tf
variable "cidr" {
type = object({
vpc_cidr_block = string,
subnet_ext_a_cidr = string,
subnet_ext_b_cidr = string,
subnet_int_a_cidr = string,
subnet_int_b_cidr = string,
})
description = "CIDR blocks for VPC and subnets"
}
variable "workspace_name" {
type = string
}
My root_terragrunt.hcl file calls the vpc module, as shown below.
root_terragrunt.hcl
terraform {
source = "../../modules/vpc"
}
inputs = {
aws_region = "us-west-2"
}
I then assign the variables from the vpc module in the environment-specific terragrunt.hcl file as shown below.
dev/terragrunt.hcl
include "root" {
path = find_in_parent_folders("root_terragrunt.hcl") #include the root terragrunt.hcl file
}
inputs = {
cidr = {
vpc_cidr_block = "10.0.35.128/25"
subnet_ext_a_cidr = "10.0.35.128/27"
subnet_ext_b_cidr = "10.0.35.160/27"
subnet_int_a_cidr = "10.0.35.192/27"
subnet_int_b_cidr = "10.0.35.224/27"
}
workspace_name = "prd"
}
The variables.tf file in my dev and prod environments folders contained only the following.
dev/variables.tf
variable "aws_region" {
type = string
}
However, when I tried running terragrunt plan, I got variable errors such as
│ Error: Reference to undeclared input variable
│
│ on vpc.tf line 3, in resource "aws_vpc" "hifi_vpc":
│ 3: cidr_block = var.cidr.vpc_cidr_block
│
│ An input variable with the name "cidr" has not been declared. This variable
│ can be declared with a variable "cidr" {} block.
I thought this was strange because:
- I was importing the
vpcmodule inroot_terragrunt.hcl - In the environment-specific
terragrunt.hclfile, I was passing ininputsfor each variable defined in thevariables.tffile for thevpcmodule
I was able to remove this error message when I copy-and-pasted the variables defined in the variables.tf file of the vpc module into the variables.tf file for the dev and prd environments. So, the variables.tf file for my prd and dev became the following.
modified dev/variables.tf
variable "aws_region" {
type = string
}
variable "cidr" {
type = object({
vpc_cidr_block = string,
subnet_ext_a_cidr = string,
subnet_ext_b_cidr = string,
subnet_int_a_cidr = string,
subnet_int_b_cidr = string,
})
description = "CIDR blocks for VPC and subnets"
}
variable "workspace_name" {
type = string
}
After doing this, everything worked and no error message.
Why is this?
- Why would I need to define the variables of a module I'm calling when it is already defined in the module? I thought of modules similar to functions, where it has defined inputs (variables) and we pass arguments to the module to call it and instantiate it.
- This means I need to update the variables in two separate places if things change. This seems counter-intuitive and violates DRY.
Is there a better, more-maintainable, and DRY-er way of accomplishing what I'm trying to achieve? Why do I need to define the variables of a module in my local variables.tf file?