Problem with creating compute instance in GCP for different project IDs with terraform

Question

I have a terraform to create compute instance in GCP which looks like:

resource "google_compute_address" "static_ip" {
  project = var.project_id
  name = "vm-instance"
}

resource "google_compute_instance" "vm_instance" {
  project       = var.project_id
  name          = "vm-instance"
  machine_type  = "e2-standard-4"
  zone          = "us-east4-c"

  boot_disk {
    device_name = "vm-instance"
    mode = "READ_WRITE"

    initialize_params {
      image = "centos-cloud/centos-7"
      size = 20
    }
  }

  tags = ["web-host","http-server","https-server"]

  network_interface {
    network = var.network
    subnetwork = var.subnetwork
    #subnetwork_project = var.project_id

    access_config {
      nat_ip = google_compute_address.static_ip.address
    }

  }

  service_account {
    scopes = ["cloud-platform"]
  }

  scheduling {
    on_host_maintenance = "MIGRATE"
    #provisioning_model = "STANDARD"
  }

  shielded_instance_config {
    enable_secure_boot = true
    enable_vtpm = true
    enable_integrity_monitoring = true
  }
}

and modules which will use it:

module "sandbox_vm" {
  source     = "./modules/terraform-vm"
  network    = "sandbox-vpc"
  subnetwork = "sandbox-vpc"
  project_id = var.sandbox_project
}

module "dev_vm" {
  source     = "./modules/terraform-vm"
  network    = "dev-vpc"
  subnetwork = "dev-vpc"
  project_id = var.dev_project
}


module "prod_vm" {
  source     = "./modules/terraform-vm"
  network    = "prod-vpc"
  subnetwork = "prod-vpc"
  project_id = var.prod_project
}

but when I will try to apply it will end up with errors:

Error: Error creating instance: googleapi: Error 400: Invalid value for field 'resource.networkInterfaces[0].subnetwork': 'projects/cloud-sandbox/regions/us-east4/subnetworks/dev-vpc'. The referenced subnetwork resource cannot be found., invalid

  on modules/terraform-vm/main.tf line 6, in resource "google_compute_instance" "vm_instance":
   6: resource "google_compute_instance" "vm_instance" {



Error: Error creating instance: googleapi: Error 400: Invalid value for field 'resource.networkInterfaces[0].subnetwork': 'projects/cloud-sandbox/regions/us-east4/subnetworks/prod-vpc'. The referenced subnetwork resource cannot be found., invalid

  on modules/terraform-vm/main.tf line 6, in resource "google_compute_instance" "vm_instance":
   6: resource "google_compute_instance" "vm_instance" {

Why it will try to use subnets from other project IDs when those are strictly specified per module?

PS.

Provider file contains

provider "google" {
  credentials = var.credentials_file
  region      = var.region
}

Answer 1

It came up that documentation is not correct when it goes towards specifying subnets. It came up that all 3 parameters need to be provided to get it to work correctly:

    network = var.network
    subnetwork = var.subnetwork
    subnetwork_project = var.project_id