Error: Invalid count argument when using access_logs_s3_bucket_id = mybucket.id

[cl0udf0x]

Found a bug? Maybe our Slack Community can help.

Describe the Bug

When specifying custom bucket for ALB logging:

access_logs_s3_bucket_id = aws_s3_bucket.alb_s3_logging.id

The terraform apply fails with the following error:

Error: Invalid count argument
│ 
│   on .terraform/modules/alb.access_logs/main.tf line 2, in data "aws_elb_service_account" "default":
│    2:   count = module.this.enabled ? 1 : 0
│ 
│ The "count" value depends on resource attributes that cannot be determined
│ until apply, so Terraform cannot predict how many instances will be
│ created. To work around this, use the -target argument to first apply only
│ the resources that the count depends on.

Expected Behavior

I expect terraform plan to complete successfully.

Steps to Reproduce

Steps to reproduce the behavior:

I've been using this module for while. All working fine. I then enabled logging using a custom bucket and get the above error.

• it works fine if I don't specify a custom bucket (access_logs_s3_bucket_id = aws_s3_bucket.alb_s3_logging.id). However, I need to be able to give the bucket a specific name as opposed to having the name derived from the labels. Is there a way to specify the bucket name when not using access_logs_s3_bucket_id = aws_s3_bucket.alb_s3_logging.id?

ALB configuration
###
module "alb" {
  source        = "https://github.com/cloudposse/terraform-aws-alb.git?ref=1.0.0"
  context       = module.alb-web-label
  vpc_id        = data.aws_vpc.selected.id
  subnet_ids    = [for s in data.aws_subnet.public : s.id]
  internal      = var.alb_internal
  http_enabled  = var.alb_http_enabled
  http_redirect = var.alb_http_redirect
  
  #access_logs_prefix = "alb-web"
  access_logs_enabled = true
  access_logs_s3_bucket_id = aws_s3_bucket.alb_s3_logging.id

  cross_zone_load_balancing_enabled       = var.alb_cross_loadbalancing_enabled
  http2_enabled                           = var.alb_http2_enabled
  health_check_path                       = var.alb_health_check_path
  health_check_matcher                    = var.alb_health_check_matcher
  target_group_port                       = var.alb_target_port
  target_group_target_type                = "ip"
  certificate_arn                         = module.acm_cert.certificate_arn
  security_group_ids = [
    "${data.aws_security_group.common.id}",
    "${data.aws_security_group.specific.id}"
  ]
  security_group_enabled    = var.alb_sg_enabled
  https_enabled             = var.alb_https_enabled
  https_ingress_cidr_blocks = var.https_ingress_cidr_blocks
  target_group_name         = "${module.alb-web-label.id}-tg"
}

S3 bucket configuration
###
resource "aws_s3_bucket" "alb_s3_logging" {
  bucket = "${var.environment}-${data.aws_region.current.name}-alb-s3-logging"
}

resource "aws_s3_bucket_acl" "alb_s3_logging_acl" {
  bucket = aws_s3_bucket.alb_s3_logging.id
  acl    = "private"
}

resource "aws_s3_bucket_policy" "alb_s3_logging_policy" {
  bucket = aws_s3_bucket.alb_s3_logging.id
  policy = templatefile("templates/alb-logging-s3-bucket-policy.tpl", {
    aws_elb_service_account = data.aws_elb_service_account.current.arn,
    s3_bucket = "${var.environment}-${data.aws_region.current.name}-alb-s3-logging"
  })
}

Screenshots

Not applicable here. See error above.

Environment (please complete the following information):

Terraform v1.1.6
on linux_amd64
Initializing plugins and modules...

Additional Context

Add any other context about the problem here.

[cl0udf0x]

Yeah, it works if the bucket is created before you run terraform apply with enable logging and the custom bucket ccess_logs_s3_bucket_id = aws_s3_bucket.alb_s3_logging.id

[cl0udf0x]

If the literal name of the bucket is used e.g access_logs_s3_bucket_id = my-bucket-${var.env} it works just fine. How would a scenario whereby a unique random string needed to be appended to the bucket name work?

Is worth updating the README as I didn't know the bucket.id was just the bucket name. Perhaps that's just a me thing :)

Cheers.