You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Provisioners let you execute scripts on resources after creation, while lifecycle rules control how Terraform creates, updates, and destroys resources. This lesson covers both concepts, including when (and when not) to use provisioners.
Lifecycle rules modify the default behaviour of resource creation, update, and destruction:
resource "aws_instance" "web" {
ami = var.ami_id
instance_type = var.instance_type
lifecycle {
create_before_destroy = true
}
}
| Argument | Purpose |
|---|---|
create_before_destroy | Create the replacement before destroying the original |
prevent_destroy | Prevent accidental destruction of critical resources |
ignore_changes | Ignore changes to specific attributes |
replace_triggered_by | Force replacement when a referenced value changes |
precondition | Validate assumptions before applying |
postcondition | Validate outcomes after applying |
By default, Terraform destroys the old resource before creating the new one. This argument reverses the order:
resource "aws_instance" "web" {
ami = var.ami_id
instance_type = "t3.micro"
lifecycle {
create_before_destroy = true
}
}
Use case: Zero-downtime deployments — the new instance is ready before the old one is removed.
Protects critical resources from accidental deletion:
resource "aws_db_instance" "production" {
# ...
lifecycle {
prevent_destroy = true
}
}
Running terraform destroy or making a change that requires recreation will produce an error instead of proceeding.
Tells Terraform to ignore changes to specific attributes, useful when external processes modify resources:
resource "aws_instance" "web" {
ami = var.ami_id
instance_type = "t3.micro"
lifecycle {
ignore_changes = [tags, ami]
}
}
Use ignore_changes = all to ignore every attribute (use sparingly).
Force a resource to be replaced when a referenced value changes:
resource "aws_instance" "web" {
ami = var.ami_id
instance_type = "t3.micro"
lifecycle {
replace_triggered_by = [null_resource.config_change.id]
}
}
Validate assumptions before and after resource operations:
resource "aws_instance" "web" {
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
lifecycle {
precondition {
condition = data.aws_ami.ubuntu.architecture == "x86_64"
error_message = "The AMI must be an x86_64 architecture."
}
postcondition {
condition = self.public_ip != ""
error_message = "The instance must have a public IP address."
}
}
}
Provisioners execute scripts or commands on a resource after creation. They are a last resort — Terraform's documentation explicitly recommends alternatives.
| Provisioner | Purpose |
|---|---|
local-exec | Run a command on the machine running Terraform |
remote-exec | Run a command on the provisioned resource (via SSH or WinRM) |
file | Copy files or directories to the provisioned resource |
resource "aws_instance" "web" {
ami = data.aws_ami.ubuntu.id
instance_type = "t3.micro"
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.