I have created an azurerm_data_protection_backup_vault in subscription A and when I create storage accounts in subscription B, I would like to enable the backup vault’s principal id to be the storage account backup contributor. I have created in subscription B a second provider block, an alias provider block like this:

provider "azurerm" {
  alias           = "backup_sub_provider"
  subscription_id = "xxx-xxxx-"
  features {
    
  }
}

and in the module that creates the storage account I have added this:

  provider            = azurerm.backup_sub_provider
  name                = "bvault-reb3az-vault"
  resource_group_name = "rg-reb3az-vault"
  }
  

resource "azurerm_role_assignment" "example" {
  scope                = azurerm_storage_account.storage_accounts["accntbackup"]
  role_definition_name = "Storage Account Backup Contributor"
  principal_id         = azurerm_data_protection_backup_vault.this_vault.identity[0].principal_id
}

This doesn’t work and I don’t even understand the error message from Terraform:

Error: Provider configuration not present

To work with
module.client_instance.module.storage.data.azurerm_data_protection_backup_vault.this_vault
its original provider configuration at
module.client_instance.module.storage.provider["registry.terraform.io/hashicorp/azurerm"].backup_sub_provider
is required, but it has been removed. This occurs when a provider
configuration is removed while objects created by that provider still exist
in the state. Re-add the provider configuration to destroy
module.client_instance.module.storage.data.azurerm_data_protection_backup_vault.this_vault,
after which you can remove the provider configuration again.

I wonder whether it has to do with the fact that the alias provider block is in another module. My module structure is:

root module (has the provider and the alias provider block for the deployment)
  |
  + -- module x
  + -- module y (creates the storage account and references the alias provider)