Terraform: aws_cloudwatch_log_group.logs.arn doesn't exist when used as variable in template_file on first run

Created on 31 Dec 2015  ·  5Comments  ·  Source: hashicorp/terraform

aws_cloudwatch_log_group resource arn doesn't exist when used as a variable in template_file resource on first run

trick I used for IAM (local exec of 30 sec) seems not to work even when increased to 60secs.

bug provideaws
Source
picture ilijaljubicic

All 5 comments

Hi @engine07 - I don't think the provisioner trick would be expected to work here - if the ARN isn't available when the state is updated (prior to the provisioner running) it won't become available without another refresh. @catsby is there precedent here for waiting on the ARN before calling the resource created?

jen20 picture jen20 on 4 Jan 2016

This is affecting me as well. Here is a test case:

variable "paths" {
  default = "/var/log/sysmessages,/var/log/test"
}

provider "aws" {
  region = "us-east-1"
}

resource "aws_cloudwatch_log_group" "default" {
  name = "/test${element(split(",", var.paths), count.index)}"
  retention_in_days = "3"

  count = "${length(split(",", var.paths))}"
}

resource "aws_iam_policy" "default" {
  name = "test-policy"
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:DescribeLogStreams"
      ],
      "Resource": [
        ${join(",\n", formatlist("\"%s\"", aws_cloudwatch_log_group.default.*.arn))}
      ]
    }
  ]
}
EOF
}

I was unable to get any sort of provisioner with a sleep to help, I think you are right that there needs to be something else to trigger the refresh first.

I'll have to look at the code and see if there is something with this resource thats different than others?

paultyng picture paultyng on 15 Feb 2016
👍1

Meanwhile, I think this will be a good workaround:

${join(",\n", formatlist("\"arn:aws:logs:*:*:log-group:%s\"", aws_cloudwatch_log_group.default.*.name))}
egarbi picture egarbi on 24 Feb 2016
👍1

Hey Friends –

Sorry for the long silence here. I believe this issue was resolved in https://github.com/hashicorp/terraform/pull/6384 . TL;DR we were returning early before hitting the follow up READ call that populated the ARN

catsby picture catsby on 6 Jun 2016

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 25 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sprokopiak picture sprokopiak  ·  3Comments
shanmugakarna picture shanmugakarna  ·  3Comments
rkulagowski picture rkulagowski  ·  3Comments
allomov picture allomov  ·  3Comments
ronnix picture ronnix  ·  3Comments