Terraform can't find a resource which is declared in the same file where the reference is.
It seems that this line is causing trouble: role_arn = "${aws_iam_role.newsapi_lambda_codepipeline.arn}"
. It can't find newsapi_lambda_codepipeline
which is declared as resource "aws_iam_role" "newsapi_lambda_codepipeline" { ... }
.
This is my main.tf:
resource "aws_s3_bucket" "newsapi_lambda_builds" {
bucket = "newsapi-lambda-builds"
acl = "private"
}
resource "aws_iam_role" "newsapi_lambda_codebuild" {
name = "newsapi-lambda-codebuild"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketVersioning"
],
"Resource": "arn:aws:s3:::newsapi_lambda_builds",
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::newsapi_lambda_builds"
],
"Effect": "Allow"
},
{
"Action": [
"lambda:invokefunction",
"lambda:listfunctions"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
}
]
}
EOF
}
resource "aws_iam_role" "newsapi_lambda_codepipeline" {
name = "newsapi-lambda-codepipeline"
assume_role_policy = <<EOF
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codepipeline.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketVersioning"
],
"Resource": "${aws_s3_bucket.newsapi_lambda_builds.arn}",
"Resource": "${aws_s3_bucket.newsapi_lambda_builds.arn}/*"
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::newsapi_lambda_builds"
],
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"codebuild:BatchGetBuilds",
"codebuild:StartBuild"
],
"Resource": "*"
}
],
"Version": "2012-10-17"
}
EOF
}
resource "aws_codepipeline" "newsapi_lambda" {
name = "newsapi-lambda"
role_arn = "${aws_iam_role.newsapi_lambda_codepipeline.arn}"
artifact_store {
location = "${aws_s3_bucket.newsapi_lambda_builds.bucket}"
type = "S3"
}
stage {
name = "Source"
action {
name = "Source"
category = "Source"
owner = "ThirdParty"
provider = "GitHub"
version = "1"
output_artifacts = ["newsapi_lambda"]
configuration {
Owner = "Defozo"
Repo = "traceitfor.me_newsapi_lambda"
Branch = "master"
}
}
}
stage {
name = "Build"
action {
name = "Build"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
input_artifacts = ["newsapi_lambda"]
version = "1"
role_arn = "${aws_iam_role.newsapi_lambda_codebuild.arn}"
configuration {
ProjectName = "newsapi-lambda"
}
}
}
}
After executing terraform apply
I get:
Error: Error running plan: 1 error(s) occurred:
* aws_codepipeline.newsapi_lambda: 1 error(s) occurred:
* aws_codepipeline.newsapi_lambda: Resource 'aws_iam_role.newsapi_lambda_codepipeline' not found for variable 'aws_iam_role.newsapi_lambda_codepipeline.arn'
I don't understand why that happens. I have aws_iam_role.newsapi_lambda_codepipeline
declared, haven't I?
I believe your role declaration could be slightly wrong. And terraform was not able to generate an arn for that, therefore not found.
It looks like you also need to create resource "aws_iam_role_policy"
. See https://www.terraform.io/docs/providers/aws/r/codepipeline.html
It's a bit unclear why you'd need to split.
If this is not the case, let me know and I'll try to run the code myself to test.