All of my Terraform infrastructure is currently in us-east-2. Below is from my root module.
# Default
provider "aws" {
region = "us-east-2"
shared_credentials_files = ["~/.aws/credentials"]
default_tags {
tags = {
ManagedBy = "Terraform"
}
}
}
# Needed because CloudFront can only use ACM certs generated in us-east-1
provider "aws" {
alias = "us-east-1"
region = "us-east-1"
shared_credentials_files = ["~/.aws/credentials"]
default_tags {
tags = {
ManagedBy = "Terraform"
}
}
}
I'm writing a Terraform module to create a static site in AWS (S3, CloudFront, ACM, Route53, etc...).
The module creates all of these resources, but CloudFront requires ACM certificates to be in us-east-1.
To use a certificate in AWS Certificate Manager (ACM) to require HTTPS between viewers and CloudFront, make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1).
In the child module (currently hosted on GitHub), I saw that I can set a provider to use a different provider.
resource "aws_acm_certificate" "site" {
# Needed because CloudFront can only use ACM certs generated in us-east-1
provider = aws.us-east-1
domain_name = aws_route53_zone.site.name
validation_method = "DNS"
subject_alternative_names = [
"*.${aws_route53_zone.site.name}"
]
lifecycle {
create_before_destroy = true
}
}
When I call the module, I set a providers block...
module "static_site_mydomain_com" {
source = "github.com/myname/terraform-aws-static-site"
providers = {
aws.us-east-1 = aws.us-east-1
}
...
...
...
However, that results in this warning.
╷
│ Warning: Reference to undefined provider
│
│ on site_mydomain_com.tf line 5, in module "static_site_mydomain_com":
│ 5: aws.us-east-1 = aws.us-east-1
│
│ There is no explicit declaration for local provider name "aws.us-east-1" in module.static_site_mydomain_com, so
│ Terraform is assuming you mean to pass a configuration for "hashicorp/aws".
│
│ If you also control the child module, add a required_providers entry named "aws.us-east-1" with the source address
│ "hashicorp/aws".
│
│ (and 3 more similar warnings elsewhere)
Where is this provider supposed to go? In the root module, or the child module? I've read that child modules shouldn't contain provider blocks. To be clear, everything the module creates should be in us-east-2, except the aws_acm_certificate, which should be in us-east-1`.
I ended up doing this. This creates everything in us-east-2, except the specific resources I wanted in us-east-1.
# Default
provider "aws" {
region = "us-east-2"
shared_credentials_files = ["~/.aws/credentials"]
}
# Needed because CloudFront can only use ACM certs generated in us-east-1
provider "aws" {
alias = "us-east-1"
region = "us-east-1"
shared_credentials_files = ["~/.aws/credentials"]
}
module "static_site_domain_com" {
source = "github.com/myname/mymodule"
providers = {
aws.us-east-1 = aws.us-east-1
}
...
...
In the module itself, I have this set.
terraform {
required_version = ">= 1.0.2"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.15.0"
configuration_aliases = [aws.us-east-1]
}
}
}