Home > OS >  AWS Terraform error: "expected cidr_block to contain a valid Value, got: with err: invalid CIDR
AWS Terraform error: "expected cidr_block to contain a valid Value, got: with err: invalid CIDR

Time:09-25

Practicing with AWS security groups in Terraform. I'm moderately experienced with TF but SGs have been tricky. I have the following main.tf:

provider "aws" {
region = "us-east-1"
}

resource "aws_vpc" "test" {
cidr_block = var.cidr_block
}

resource "aws_security_group" "sg" {
name = var.name
vpc_id = aws_vpc.test.id
description = var.description
}

resource "aws_security_group_rule" "ingress_rule" {
type = "ingress"
from_port = var.from_port
to_port = var.to_port
protocol = var.protocol
cidr_blocks = var.cidr_blocks
security_group_id = aws_security_group.sg.id
}

I have variables for the above in a variables.tf file (can show on request), and my modules are below:

provider "aws" {
region = "us-east-1"
}

module "vpc" {
source = "../"
cidr_block = "10.0.0.0/16"
}

module "TestSG1" {
source = "../"
name = "Test"
description = "Test"
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["192.168.0.0/16"]
}

When run Terraform Plan on the above configuration, I get this error:

Error: expected cidr_block to contain a valid Value, got: with err: invalid CIDR address:

on ..\vpc.tf line 6, in resource "aws_vpc" "test":

6: cidr_block = var.cidr_block

Now, if I REMOVE the cidr_block line from the vpc module and instead hardcode that same cidr_block value into main.tf, like so:

resource "aws_vpc" "test" {
cidr_block = "10.0.0.0/16"
}

....then I can apply the code no problem, the two modules deploy successfully. So something only goes wrong when I insert the cidr_block line into the VPC module. If I run the VPC module in isolation - apart from the SG resources and module - it runs fine with the cidr_block variable in the module aws well. Something is wrong in the interplay between the two. Exhausted my research so turning to the Stackoverflow brain trust. Any ideas?

UPDATE: Sharing my variables too, for good measure.

variable "cidr_block" {
description = ""
type = string
default = ""
}

variable "name" {
description = ""
type = string
default = ""
}

variable "description" {
description = ""
type = string
default = ""
}

variable "type" {
description = ""
type = string
default = ""
}

variable "from_port" {
description = ""
type = number
default = 0
}

variable "to_port" {
description = ""
type = number
default = 0
}

variable "protocol" {
description = ""
type = string
default = ""
}

variable "cidr_blocks" {
description = ""
type = list(string)
default = []
}

CodePudding user response:

It looks to me that you are invoking the same module (code) twice with different parameters:

  • once as module vpc
  • and one more time as module TestSG1

As you have default = "" set for more most of the vars it's taking the default value for cidr_block you have in variables.tf while invoking the module as TestSG1, and as it's empty you are seeing:

Error: expected cidr_block to contain a valid Value, got: with err: invalid CIDR address:=.

In order to fix it, you either need to invoke the module only once by passing all the required parameters properly or separating the VPC creation from the security group creation in a separate module.

  • Related