3

I have the following project structure to build Lambda functions on AWS using Terraform : 

.
├── aws.tf
├── dev.tfvars
├── global_variables.tf -> ../shared/global_variables.tf
├── main.tf
├── module
│   ├── data_source.tf
│   ├── main.tf
│   ├── output.tf
│   ├── role.tf
│   ├── security_groups.tf
│   ├── sources
│   │   ├── function1.zip
│   │   └── function2.zip
│   └── variables.tf
└── vars.tf

In the .main.tf file i have this code that will create 2 different lambda functions : 

module "function1" {
  source = "./module"

  function_name    = "function1"
  source_code      = "function1.zip"

  runtime          = "${var.runtime}"
  memory_size      = "${var.memory_size}"
  timeout          = "${var.timeout}"
  aws_region       = "${var.aws_region}"
  vpc_id           = "${var.vpc_id}"
}


module "function2" {
  source = "./module"

  function_name    = "function2"
  source_code      = "function2.zip"  
  runtime          = "${var.runtime}"
  memory_size      = "${var.memory_size}"
  timeout          = "${var.timeout}"
  aws_region       = "${var.aws_region}"
  vpc_id           = "${var.vpc_id}"
}

The problem is that in deployment terraform create all resources twice. For Lambda it's Ok, that's the purpose, but for security groups and Roles that's not what i want.

For example this security group is create 2 times : 

resource "aws_security_group" "lambda-sg" {
  vpc_id = "${data.aws_vpc.main_vpc.id}"
  name   = "sacem-${var.project}-sg-lambda-${var.function_name}-${var.environment}"

  egress {
    protocol    = "-1"
    from_port   = 0
    to_port     = 0
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    protocol        = "-1"
    from_port       = 0
    to_port         = 0
    cidr_blocks     = "${var.authorized_ip}"
  }
  # To solve dependcies error when updating the security groups
  lifecycle {
    create_before_destroy = true
    ignore_changes        = ["tags.DateTimeTag"]
  }

  tags = "${merge(var.resource_tagging, map("Name", "${var.project}-sg-lambda-${var.function_name}-${var.environment}"))}"

}

So that's clear that the problem is the structure of the project. Could you help to solve that ?

Thanks.

Improve this question
1
  • 3
    Then your module design is faulty. Put the stuff that isn't module-specific (i.e. that shouldn't be created separately for each time the module is used) outside the module. Commented Jun 17, 2019 at 15:13

1 Answer 1

Reset to default
5

If you create the SecurityGroup within the module, it'll be created once per module inclusion.

I believe that some of the variable values for the sg name change when you include the module, right? Therefore, the sg name will be unique for both modules and can be created twice without errors.

If you'd choose a static name, Terraform would throw an error when trying to create the sg from module 2 as the resource already exists (as created by module 1).

You could thus define the sg resource outside of the module itself to create it only once. You can then pass the id of the created sg as variable to the module inclusion and use it there for other resources.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.