Automatizacion, Geeks

Terraform LifeCycle Rules

By Leave a comment

Managing Resource Lifecycle in Terraform

When managing infrastructure with Terraform, controlling the lifecycle of resources is crucial, especially in production environments. Terraform provides several lifecycle parameters to control how resources are created, updated, and deleted. Three key lifecycle parameters are create_before_destroyprevent_destroy, and ignore_changes.

create_before_destroy

The create_before_destroy parameter ensures that a new resource is created before the old one is destroyed. This is useful when downtime needs to be minimized or completely avoided. For example, when updating an instance, you might want to ensure the new instance is up and running before the old one is terminated.

prevent_destroy

The prevent_destroy parameter prevents a resource from being destroyed. This can be critical for resources that should not be deleted, such as production databases or persistent storage.

ignore_changes

The ignore_changes parameter specifies which attributes of a resource should be ignored when Terraform plans and applies changes. This can be useful when certain attributes are managed outside of Terraform or when they change frequently and you do not want Terraform to revert those changes.

Example Scenario: Managing an AWS EC2 Instance and S3 Bucket

Suppose we have an AWS EC2 instance and an S3 bucket. We want to ensure the EC2 instance is replaced with minimal downtime, the S3 bucket is never deleted, and some attributes of both resources are managed outside Terraform.

EC2 Instance Configuration

We want the new EC2 instance to be created before the old one is destroyed. Also, the instance_type should be ignored if changed outside of Terraform.

provider "aws" {
  region = "us-west-2"
}

resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  tags = {
    Name = "example-instance"
  }

  lifecycle {
    create_before_destroy = true
    ignore_changes = [
      instance_type
    ]
  }
}

S3 Bucket Configuration

We want to prevent the S3 bucket from being destroyed and ignore changes to the Environment tag if modified outside Terraform.

resource "aws_s3_bucket" "example_bucket" {
  bucket = "example-unique-bucket-name"
  acl    = "private"

  tags = {
    Name        = "example-bucket"
    Environment = "production"
  }

  lifecycle {
    prevent_destroy = true
    ignore_changes = [
      tags["Environment"]
    ]
  }
}

Detailed Breakdown

  1. Provider Configuration: Specifies the AWS region.
  2. EC2 Instance Configuration:
    • ami: The AMI ID for the instance.
    • instance_type: The type of instance (e.g., t2.micro).
    • tags: A set of tags to assign to the instance.
    • create_before_destroy: Ensures the new instance is created before the old one is destroyed.
    • ignore_changes: Ignores changes to the instance_type attribute.
  3. S3 Bucket Configuration:
    • bucket: The unique name of the S3 bucket.
    • acl: The access control list for the bucket.
    • tags: A set of tags to assign to the bucket.
    • prevent_destroy: Prevents the bucket from being destroyed.
    • ignore_changes: Ignores changes to the Environment tag.

Applying the Configuration

To apply this configuration, use the following Terraform commands:

# Initialize the configuration
terraform init

# Apply the configuration
terraform apply

Updating the EC2 Instance

If you need to update the EC2 instance, for example, changing the instance type, modify the instance_type parameter:

resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.small"  # Updated instance type

  tags = {
    Name = "example-instance"
  }

  lifecycle {
    create_before_destroy = true
    ignore_changes = [
      instance_type
    ]
  }
}

After updating, apply the changes:

terraform apply

Terraform will create a new instance of type t2.small before terminating the existing t2.micro instance, ensuring continuous availability. Any changes to the instance_type attribute made outside of Terraform will be ignored.

Conclusion

Using create_before_destroyprevent_destroy, and ignore_changes lifecycle parameters in Terraform allows you to manage resources with greater control and confidence. These parameters are essential tools for maintaining high availability, preventing accidental deletion of critical resources, and accommodating external management of specific attributes.

Compartir:
, ,

This article was written by RoberMB

💻OS, ☁️Cloud, 🛡️Cybersecurity, ✈️Traveling #Linux, #Ansible, #AWS, #VMware, #Docker 🏴‍☠️ CEH v10, CPHE 🏴‍☠️ ... Always learning, always enjoying.

Leave a Reply

Your email address will not be published. Required fields are marked *