79773453

Date: 2025-09-24 08:30:59
Score: 1.5
Natty:
Report link

I have asked the same question on Terragrunt GitHub repo issues gruntwork-io/terragrunt#4867

The issue comes from the fact that ec2 module uses a data source to get the subnet using its id. So it needs a real subnet id, not a mocked one.

Could we have a note on that question that this is being answered here so that there's a single source of truth for this?

The root cause of the error that you're getting is from the AWS provider, because you're trying to create a security group, and the data source is looking up the subnet with a mocked value. The AWS provider doesn't know that you're mocking the ID of the subnet, so you need to either disable creation of the security group, or use a different module that doesn't attempt to use that data source (or provision the VPC first).
https://github.com/terraform-aws-modules/terraform-aws-ec2-instance/blob/master/main.tf#L734

Reasons:
  • Long answer (-0.5):
  • No code block (0.5):
  • Contains question mark (0.5):
  • Self-answer (0.5):
  • Low reputation (0.5):
Posted by: Rafik