amazon-web-services - 地形错误 : Reference to undeclared resource

Question

我正在尝试在跨区域的 terraform 中运行 s3 复制。我的大部分代码都很好，但我只收到 2 个我似乎无法解决的错误。

我主要的s3.tf的一部分是

resource "aws_kms_key" "s3_replica-us-west-2" {
  description             = "S3 master key replica us-west-2"
  deletion_window_in_days = 30
  enable_key_rotation     = "true"
}

module "s3_replica" {
  source = "git@github.com:xxx"

  providers = {
    aws     = "aws.us-west-2"
  }

  name                  = "s3_replica"
  logging_bucket_prefix = "s3_replica"
  versioning            = var.versioning
  bucket_logging        = var.bucket_logging
  logging_bucket_name   = var.logging_bucket_name

  kms_key_id    = aws_kms_key.s3_replica-us-west-2.key_id
  sse_algorithm = var.sse_algorithm
}

module "s3" {
  source                = "git@github.com:xxxx"
  name                  = "s3"
  logging_bucket_prefix = "s3"
  versioning            = var.versioning
  bucket_logging        = var.bucket_logging
  logging_bucket_name   = var.logging_bucket_name

  kms_key_id    = aws_kms_key.s3.key_id
  sse_algorithm = var.sse_algorithm

  replication_configuration = {
    role = aws_iam_role.s3_replication.arn

      rules = {
         id = "replicate_to_${local.s3_replica}"
         prefix = ""
         status = "Enabled"

        destination = {
          bucket = lookup.module.s3_replica.bucket_arn
          replica_kms_key_id = lookup.s3_replica_arn
          }
        }

      source_selection_criteria = {
          sse_kms_encrypted_objects = {
            enabled = true
          }
        }
  }

我使用的模块中的复制配置 block 部分是:

dynamic "replication_configuration" {
    for_each = length(keys(var.replication_configuration)) == 0 ? [] : [var.replication_configuration]

    content {
      role = replication_configuration.value.role

      dynamic "rules" {
        for_each = replication_configuration.value.rules

        content {
          id       = lookup(rules.value, "id", null)
          priority = lookup(rules.value, "priority", null)
          prefix   = lookup(rules.value, "prefix", null)
          status   = lookup(rules.value, "status", null)

          dynamic "destination" {
            for_each = length(keys(lookup(rules.value, "destination", {}))) == 0 ? [] : [lookup(rules.value, "destination", {})]

            content {
              bucket             = lookup(destination.value, "bucket", null)
              storage_class      = lookup(destination.value, "storage_class", null)
              replica_kms_key_id = lookup(destination.value, "replica_kms_key_id", null)
              account_id         = lookup(destination.value, "account_id", null)
            }
          }

          dynamic "source_selection_criteria" {
            for_each = length(keys(lookup(rules.value, "source_selection_criteria", {}))) == 0 ? [] : [lookup(rules.value, "source_selection_criteria", {})]

            content {

              dynamic "sse_kms_encrypted_objects" {
                for_each = length(keys(lookup(source_selection_criteria.value, "sse_kms_encrypted_objects", {}))) == 0 ? [] : [lookup(source_selection_criteria.value, "sse_kms_encrypted_objects", {})]

                content {

                  enabled = sse_kms_encrypted_objects.value.enabled
                }
              }
            }
          }

        }
      }
    }
  }
}

现在，当我运行 terraform init 时...它起作用了。 但是当我运行 terraform plan 时出现错误:

Error: Reference to undeclared resource

  on s3.tf line 108, in module "s3":
 108:           bucket = lookup.module.s3_replica.bucket_arn

A managed resource "lookup" "module" has not been declared in the root module.


Error: Reference to undeclared resource

  on s3.tf line 109, in module "s3":
 109:           replica_kms_key_id = lookup.s3_replica-us-west-2_arn

A managed resource "lookup" "s3_replica_arn" has not been declared
in the root module.

现在我不知道为什么会出现这些错误..

Answer 1

据我了解，您的 s3_replica 存储桶是在 module.s3 中创建的，您想要访问其 ARN 以初始化 module.s3。遗憾的是，您不能这样做，因为您无法在模块完全创建之前引用模块输出。

解决此问题的一种方法是先创建 s3_replica，然后将其传递给 module.s3。下面只是一个示例，可能需要进一步修改:

resource "aws_s3_bucket" "s3_replica" {
  bucket = "my-replication-bucket-23223"
  acl    = "private"
}

resource "aws_kms_key" "s3_replica" {
  description             = "KMS for replication"
  deletion_window_in_days = 10
}

module "s3" {

  # 
  #

  replication_configuration = {
    role = aws_iam_role.s3_replication.arn

      rules = {
         id = "replicate_to_${local.s3_replica}"
         prefix = ""
         status = "Enabled"

        destination = {
          bucket             = resource.aws_s3_bucket.s3_replica.arn
          replica_kms_key_id = resource.aws_kms_key.s3_replica.arn
          }
        }

      source_selection_criteria = {
          sse_kms_encrypted_objects = {
            enabled = true
          }
        }
  }

我建议您查看 Module Composition 在 TF 文档中。它通过示例解释了如何使用模块。