Terraform output error: Error: Variables not allowed

Question

I am really not sure why I am seeing this error. I know it's something simple and right in my face . My issue is how I am passing on the subnet_id in the subnet_mapping block. This is the code below:

main.tf

resource "aws_lb" "lb" {
  name                             = var.name
  internal                         = var.internal
  load_balancer_type               = var.lb_type
  enable_cross_zone_load_balancing = var.enable_cross_zone_load_balancing

  subnet_mapping {
    allocation_id                  = aws_eip.lb.id
    subnet_id                      = var.subnet_id[1]
  }
}

resource "aws_eip" "lb" {
  vpc                              = true
}

variables.tf

variable "name" {
  type        = string
}

variable "internal" {
  type        = bool
  default     = false
}

variable "lb_type" {
  type        = string
  default     = "network"
}

variable "enable_cross_zone_load_balancing" {
  type        = bool
  default     = true
}

variable "vpc" {
  type        = bool
  default     = true
}

variable "vpc_id" {
  type        = string
}

variable "subnet_id" {
  type        = list(string)
  default     = []
}

terragrunt.hcl

include {
  path = find_in_parent_folders()
}

dependency "test" {
  config_path = "../../../folder/test"
  mock_outputs = {
    vpc_id            = "vpc-12345"
    public_subnet_ids = ["subnet-1", "subnet-2"]
  }
}

# var to pass in to use the module specified in the terragrunt configuration above
inputs = {
  vpc_id    = dependency.test.outputs.vpc_id
  subnet_id = dependency.test.outputs.public_subnet_ids[1]
  xxx...

Terragrunt error

Error: Variables not allowed

 on <value for var.subnet_id> line 1:
 (source code not available)

Variables may not be used here.

I would appreciate some feedback. It has been a pain for the past few hours.

Answer 1

This error message is quite misleading, as evidenced by several people raising the issue on GitHub. In your case, the problem is that you have a variable named subnet_id and you also use the same identifier in the inputs block (in subnet_id = dependency.test.outputs.public_subnet_ids[1]). Renaming one of them should solve the issue.

Answer 2

It's hard to see exactly what's happening here because Terragrunt is running Terraform CLI with some generated command line arguments, but you can't easily see from its output exactly what command it is running.

I suspect that Terragrunt is running Terraform with a command line like this:

terraform apply -var='vpc_id=vpc-12345' -var='subnet_id=subnet_1'

This argument is correctly-formatted for vpc_id because you've declared that as type = string, but you've declared subnet_id as list(string) and so Terraform is expecting to see a list expression as the value of that argument, like this:

terraform apply -var='vpc_id=vpc-12345' -var='subnet_id=["subnet-1","subnet-2"]'

Terraform is reporting "Variables not allowed" because when parsing as an expression rather than just as a raw string subnet_1 looks like a reference to an symbol called subnet_1, and not like a literal value.

If I'm correct about the cause (which I may not be, since I'm just guessing based on the symptoms) then I think you have two different options to fix it. You should choose only one of the following two options:

1. Change the variable to be type = string instead, and then Terraform will understand -var='subnet_id=subnet_1' as assigning the string "subnet_1" to the variable.
2. Leave the variable as list(string) but change your Terragrunt configuration to pass the variable as a list instead of a string. I don't know Terragrunt well enough to know exactly how to achieve that, but the first thing I would try would be subnet_id = dependency.test.outputs.public_subnet_ids to assign the entire list of subnet IDs, rather than only the first element.