Invalid count argument - db_subnet_group_name

[ahummel25]

I get this error when trying to set db_subnet_group_name to an output value from another module. In addition to setting that, I also tried setting create_db_subnet_group to false so as to ensure my RDS instance gets placed in an existing VPC's subnet group.

on .terraform/modules/db.db/terraform-aws-rds-2.14.0/modules/db_subnet_group/main.tf line 2, in resource "aws_db_subnet_group" "this":
2:   count = var.create ? 1 : 0

The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.

Seems to have occurred on acm as well: terraform-aws-modules/terraform-aws-acm#10

$ terraform -v

Terraform v0.12.24

Call to module:

module "db" {
  source = "./rds"

  name                       = var.name
  my_ip                      = chomp(data.http.icanhazip.body)
  rds_vpc_id                 = module.bastion-networking.vpc_id
  rds_security_group_id      = module.bastion-networking.bastion_security_group_id
  eip_private_ip_address     = module.bastion-networking.eip_private_ip_address
  database_subnet_group_name = module.bastion-networking.database_subnet_group_name // Throws error here
  all_tags                   = var.all_tags
}

Module:

module "db" {
  source = "terraform-aws-modules/rds/aws"

  identifier = "some_identifier"

  engine            = "mysql"
  engine_version    = "8.0.11"
  instance_class    = "db.t2.small"
  allocated_storage = 5
  storage_encrypted = false

  name     = "my_db"
  username = "user"
  password = "pass"
  port     = "3306"

  vpc_security_group_ids = [module.mysql_security_group.this_security_group_id]

  create_db_subnet_group = false
  db_subnet_group_name   = var.database_subnet_group_name // Should be passed successfully to here

  publicly_accessible = true

  maintenance_window = "Mon:00:00-Mon:03:00"
  backup_window      = "03:00-06:00"

  multi_az = true

  # disable backups to create DB faster
  backup_retention_period = 0

  # DB parameter group
  family = "mysql8.0"

  # DB option group
  major_engine_version = "8.0"

  # Snapshot name upon DB deletion
  final_snapshot_identifier = "some_final_identifier"

  # Database Deletion Protection
  deletion_protection = false

  parameters = [
    {
      name  = "character_set_client"
      value = "utf8"
    },
    {
      name  = "character_set_server"
      value = "utf8"
    }
  ]

  tags = {
    Application = var.all_tags["Application"]
    Project     = var.all_tags["Project"]
    Env         = var.all_tags["Env"]
  }
}

[rafmagns-skepa-dreag]

I was able to do this without issue in my configuration. What version of terraform are you using? That may be the problem.

[drexler]

I just had the same issue with the Terraform AWS provider v2.61.0 & TF 0.12.24

@rafmagns-skepa-dreag what versions are you on?

[drexler]

Update I figured the problem out. This occurs because Terraform under the hood is evaluating the var.create in the terraform-aws-rds db_subnet_group module by chaining it all the way back to the actual type of value assigned in the db_subnet_group_name. Since it's a computed value rather than one of the internal TF data types it fails there.

My solution:

db_subnet_group_name = local.create_test_resources ? module.rds.rds_parameter_groups_output["hr_subnet_group_name"] : ""

local.create_test_resources is just a boolean value.

@ahummel25 let me know if this works for you.

[ahummel25]

@drexler That doesn't seem to work for me. Still getting same exact error.

Here's what I tried.

locals.tf:

locals {
  create_test_resources = true
}

main.tf: - Call to my module

module "db" {
  source = "./rds"

  name                       = var.name
  my_ip                      = chomp(data.http.icanhazip.body)
  rds_vpc_id                 = module.bastion-networking.vpc_id
  rds_security_group_id      = module.bastion-networking.bastion_security_group_id
  eip_private_ip_address     = module.bastion-networking.eip_private_ip_address
  database_subnet_group_name = local.create_test_resources ? module.bastion-networking.database_subnet_group_name : var.database_subnet_group_name
  all_tags                   = var.all_tags
}

[drexler]

@ahummel25 put the conditional check within the module that imports the terraform_aws_rds module.

In my setup i have:

module "asurecloud_hr_db" {
  source = "terraform-aws-modules/rds/aws"
  version = "2.15"
  
  create_db_instance = local.create_test_resources
  
  db_subnet_group_name      = local.create_test_resources ? module.rds.rds_parameter_groups_output["hr_subnet_group_name"] : ""
  option_group_name         = local.create_test_resources ? module.rds.rds_parameter_groups_output["hr_option_group_name"] : ""
  create_db_parameter_group = false

...
}

[ahummel25]

Dang, no luck. Just tried that.

So changed my setup to below. And I moved my locals.tf file into the ./rds directory.

Call to module:

module "db" {
  source = "./rds"

  name                       = var.name
  my_ip                      = chomp(data.http.icanhazip.body)
  rds_vpc_id                 = module.bastion-networking.vpc_id
  rds_security_group_id      = module.bastion-networking.bastion_security_group_id
  eip_private_ip_address     = module.bastion-networking.eip_private_ip_address
  database_subnet_group_name = module.bastion-networking.database_subnet_group_name
  all_tags                   = var.all_tags
}

RDS Module:

module "db" {
  source = "terraform-aws-modules/rds/aws"

  identifier = "some_id"

  engine            = "mysql"
  engine_version    = "8.0.11"
  instance_class    = "db.t2.small"
  allocated_storage = 5
  storage_encrypted = false
  
  ...

  vpc_security_group_ids = [module.mysql_security_group.this_security_group_id]

  create_db_subnet_group = false
  db_subnet_group_name   = local.create_test_resources ? var.database_subnet_group_name : ""

  ...
}

[drexler]

hmmm... that's interesting. The only difference between yours and mine is that i have my locals block declaration and the module definition all in the main.tf. The only other difference i see is that mine is for sql server but that shouldn't factor.

[cloudvant]

This is a serious bug that needs to be fixed. From the local variable defined, terraform fails to infer the proper type of
local.enable_create_db_subnet_group but if you replace with var.create_db_subnet_group in the db_subnet_group module then everything works. There is no need for this local variable, please remove it.

locals {
enable_create_db_subnet_group = var.db_subnet_group_name == "" ? var.create_db_subnet_group : false
}

module "db_subnet_group" {
source = "./modules/db_subnet_group"

create = local.enable_create_db_subnet_group
identifier = var.identifier
name_prefix = "${var.identifier}-"
subnet_ids = var.subnet_ids

tags = var.tags
}

[patricknazar]

I'm also running into this, would love to see a fix

[ahummel25]

@vmendoza Is the code you pasted in your comment the actual source of the bug? Just curious if you did the leg work there. I never dug thru that deep.

[ichasco]

Hi,

I have the same error:

Error

Error: Invalid count argument

  on .terraform/modules/postgresql/modules/db_subnet_group/main.tf line 2, in resource "aws_db_subnet_group" "this":
   2:   count = var.create ? 1 : 0

The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the count depends on.

RDS module:

module "postgresql" {
  source  = "terraform-aws-modules/rds/aws"
  version = "2.20.0"
...
  vpc_security_group_ids    = [aws_security_group.private-postgresql-sg.id]
  create_db_subnet_group    = false
  create_db_option_group    = true
  create_db_parameter_group = true
  db_subnet_group_name      = module.vpc.database_subnet_group
  subnet_ids                = module.vpc.database_subnets
...

VPC module:

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "2.63.0"
...
create_database_subnet_group   = true
...

Terraform version:

Terraform v0.13.4

Work around:

Run first apply the VPC

terraform apply -target=module.vpc

Then, apply all

terraform apply

[michaelmccaskill]

Seeing the same thing on Terraform v0.14.0

[michaelmccaskill]

Seems like maybe changing this line could fix it - https://github.com/terraform-aws-modules/terraform-aws-rds/blob/master/main.tf#L3

enable_create_db_subnet_group = local.db_subnet_group_name == "" ? var.create_db_subnet_group : false

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.