Invalid count argument when using predefined ACM

[andyshinn]

Description

I am running into an error when trying to use an existing ACM.

• ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
2. Re-initialize the project root to pull down modules: terraform init
3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

• Module version [Required]:

• Terraform version:

Terraform v1.1.4
on darwin_amd64
+ provider registry.terraform.io/datadog/datadog v3.8.1
+ provider registry.terraform.io/hashicorp/aws v3.73.0
+ provider registry.terraform.io/hashicorp/local v2.2.2
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/taiidani/jenkins v0.9.0

• Provider version(s):

terraform providers -version
Terraform v1.1.4
on darwin_amd64

Reproduction Code [Required]

locals {
  atlantis_region = "us-east-1"
  atlantis_domain = "mydomain.net"
}

module "atlantis_acm" {
  source  = "terraform-aws-modules/acm/aws"
  version = "3.3.0"

  domain_name = "*.${local.atlantis_domain}"
  zone_id     = "ZMYFAKEZONEID"

  wait_for_validation    = false
  create_route53_records = false
}

module "atlantis" {
  source  = "terraform-aws-modules/atlantis/aws"
  version = "3.13.1"

  name = "atlantis"

  cidr            = "10.20.0.0/16"
  azs             = ["${local.atlantis_region}a", "${local.atlantis_region}b", "${local.atlantis_region}c"]
  private_subnets = ["10.20.1.0/24", "10.20.2.0/24", "10.20.3.0/24"]
  public_subnets  = ["10.20.101.0/24", "10.20.102.0/24", "10.20.103.0/24"]

  acm_certificate_domain_name = local.atlantis_domain

  certificate_arn = module.atlantis_acm.acm_certificate_arn

  atlantis_github_user       = "myorg-build"
  atlantis_github_user_token = "fakekey"
  atlantis_repo_allowlist    = ["github.com/myorg/*"]
}

Steps to reproduce the behavior:

• I am using workspaces.
• I have cleared the local .terraform folder and trying an init again.
• The error happens during apply phase.

Expected behavior

The apply should complete.

Actual behavior

Error during apply:

╷
│ Error: Invalid count argument
│ 
│   on .terraform/modules/atlantis.acm/main.tf line 17, in resource "aws_acm_certificate" "this":
│   17:   count = var.create_certificate ? 1 : 0
│ 
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target
│ argument to first apply only the resources that the count depends on.

Terminal Output Screenshot(s)

Additional context

[antonbabenko]

Hi Andy,

I don't see create_certificate in your code sample. Did you forget to put it in the Reproduction Code [Required] section?

The error message you have mentions create_certificate, which should be boolean (true or false but nothing else).

Make sure that you specify create_certificate = false if you manage ACM certificates externally.

[andyshinn]

I added my example. I was able to workaround it by targeting module.atlantis_acm first. I guess this is a Terraform limitation with modules?

[antonbabenko]

You are right, you should use -target to work around this issue.

There is a long-standing issue about this - hashicorp/terraform#4149

There is nothing we can do about it in the module.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.