Second run of destroy failed when VPC Flow log is enabled and full module output is set #841
Description
Description
When we use VPC Flow logs and full output of the module, we got an error on second run of the destroy command.
Versions
- Module version:
3.16.0 - Terraform version:
Terraform v1.3.2 on darwin_arm64 - Provider version(s):
hashicorp/aws v4.34.0
Reproduction code
# VPC
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "3.16.0"
# Main
cidr = "10.0.0.0/16"
# Flow logs
enable_flow_log = true
create_flow_log_cloudwatch_iam_role = true
create_flow_log_cloudwatch_log_group = true
}
# Output
output "vpc" {
value = module.vpc
}Steps to reproduce the behavior:
- Authenticate on AWS
vi main.tf- Add sample code from the block above
terraform initterraform applyterraform destroyterraform destroy
Expected behavior
We should not get an error on destroy run, after destroy was performed.
Actual behavior
We get the following error
╷
│ Error: Invalid index
│
│ on .terraform/modules/vpc/vpc-flow-logs.tf line 8, in locals:
│ 8: flow_log_destination_arn = local.create_flow_log_cloudwatch_log_group ? aws_cloudwatch_log_group.flow_log[0].arn : var.flow_log_destination_arn
│ ├────────────────
│ │ aws_cloudwatch_log_group.flow_log is empty tuple
│
│ The given key does not identify an element in this collection value: the collection has no elements.
╵
╷
│ Error: Invalid index
│
│ on .terraform/modules/vpc/vpc-flow-logs.tf line 9, in locals:
│ 9: flow_log_iam_role_arn = var.flow_log_destination_type != "s3" && local.create_flow_log_cloudwatch_iam_role ? aws_iam_role.vpc_flow_log_cloudwatch[0].arn : var.flow_log_cloudwatch_iam_role_arn
│ ├────────────────
│ │ aws_iam_role.vpc_flow_log_cloudwatch is empty tuple
│
│ The given key does not identify an element in this collection value: the collection has no elements.
╵
Terminal Output Screenshot(s)
