In terraform how to skip creation of resource if the resource already exist?
In a Terraform project there are situations where a Developer feels a need to pre-check if the resource exists or not and many times I also wondered if is it possible to check the existence of the resource to avoid the duplicity of the resource. In this blog, we are gonna see -
- Why it is not possible to decide dynamically if the resource exists or not?
- What are alternate ways we have in Terraform to check the existence of resources?
- Conclusion
1. Why it is not possible to decide dynamically if the resource exists or not?
Why it is not possible? -
"Terraform does not support this kind of pre-check on resources because there is no direct way to decide dynamically in Terraform. Let's assume Terraform does provide support to check the existence of resources dynamically then it would result in the no-deterministic state when you issue the terraform destroy
command."
Example - Let's take a hypothetical example to understand the non-deterministic situation of Terraform. In this example we will specially talk about project_B and terraform destroy command-
1# main.tf
2
3# project_A - Does not have any pre-check condition
4resource "google_project_service" "project_A" {
5...
6...
7}
8
9# project_B - Let's assume there is the pre-exist-check condition
10resource "google_project_service" "project_B" {
11...
12...
13}
Flow of Terraform Commands for above terraform example -
- terraform apply - Terraform apply command would work without a problem. It will first create project_A and then based on the condition it will decide to create project_B.
- terraform destroy - Things will get more interesting over here because once you issue terraform destroy it will delete all terraform resources but when terraform destroy command try to evaluate the condition over the project_B it can not decide whether to delete the resource or retain the resource which leads to the non-deterministic situation
2. What alternate ways do we have in Terraform to check the existence of resources?
The other alternate approach would be to use external Data Source. You can read more in-depth in this article but to elaborate a bit Terraform External Data Source can help you to fetch the information about the pre-existing resource.
Let's take a very basic example to understand how to check if the resource exists or not.
Scenario - I have and EC2 Instance which I have manually setup on AWS. Here are the details of the EC2 Instance -
- AMI - ami-0767046d1677be5a0
- Instance Type - t2.micro
- Tag - Terraform EC2
How to Use Terraform Data Source? - Now we know the scenario let's write the Data source to fetch the information about the EC2 resource.
1
2data "aws_instance" "myawsinstance" {
3 filter {
4 name = "tag:Name"
5 values = ["Terraform EC2"]
6 }
7
8 depends_on = [
9 "aws_instance.ec2_example"
10 ]
11}
12
13# the following is_ec2_instance_exist local should return value 1 if resource exists
14locals {
15 is_ec2_instance_exist = "${data.aws_instance.myawsinstance.public_ip)}"
16}
17
18# Here is the output block printing the existence of the resource onto the console
19output "fetched_info_from_aws" {
20 value = data.aws_instance.myawsinstance.public_ip
21}
Here is the key takeaway -
- The above approach can help you to make a dynamic decision but it is not a silver bullet to all of your problems to determine the existence of the resource.
- The above might return the in-consistent result or it might fail when the resource does not exist.
- Never take an approach that is against the working principle of Terraform workflow because Terraform has a very linear workflow where it simply relies on the following facts -
- If the resource is present in
main.tf
create a resource - If the resource is not present in the
main.tf
then remove the resource if it is previously created terraform destory
will always remove all the resources.- Terraform always has a fix .tfstate, it can never have non-deterministic state.
3. Conclusion
I hope this article will help you to solve your problem of finding existing resources using Terraform and also to understand why it is not a good practice to find the resource dynamically.
Posts in this Series
- Securing Sensitive Data in Terraform
- Boost Your AWS Security with Terraform : A Step-by-Step Guide
- How to Load Input Data from a File in Terraform?
- Can Terraform be used to provision on-premises infrastructure?
- Fixing the Terraform Error creating IAM Role. MalformedPolicyDocument Has prohibited field Resource
- In terraform how to handle null value with default value?
- Terraform use module output variables as inputs for another module?
- How to Reference a Resource Created by a Terraform Module?
- Understanding Terraform Escape Sequences
- How to fix private-dns-enabled cannot be set because there is already a conflicting DNS domain?
- Use Terraform to manage AWS IAM Policies, Roles and Users
- How to split Your Terraform main.tf File into Multiple Files
- How to use Terraform variable within variable
- Mastering the Terraform Lookup Function for Dynamic Keys
- Copy files to EC2 and S3 bucket using Terraform
- Troubleshooting Error creating EC2 Subnet InvalidSubnet Range The CIDR is Invalid
- Troubleshooting InvalidParameter Security group and subnet belong to different networks
- Managing strings in Terraform: A comprehensive guide
- How to use terraform depends_on meta argument?
- What is user_data in Terraform?
- Why you should not store terraform state file(.tfstate) inside Git Repository?
- How to import existing resource using terraform import comand?
- Terraform - A detailed guide on setting up ALB(Application Load Balancer) and SSL?
- Testing Infrastructure as Code with Terraform?
- How to remove a resource from Terraform state?
- What is Terraform null Resource?
- In terraform how to skip creation of resource if the resource already exist?
- How to setup Virtual machine on Google Cloud Platform
- How to use Terraform locals?
- Terraform Guide - Docker Containers & AWS ECR(elastic container registry)?
- How to generate SSH key in Terraform using tls_private_key?
- How to fix-Terraform Error acquiring the state lock ConditionalCheckFiledException?
- Terraform Template - A complete guide?
- How to use Terragrunt?
- Terraform and AWS Multi account Setup?
- Terraform and AWS credentials handling?
- How to fix-error configuring S3 Backend no valid credential sources for S3 Backend found?
- Terraform state locking using DynamoDB (aws_dynamodb_table)?
- Managing Terraform states?
- Securing AWS secrets using HashiCorp Vault with Terraform?
- How to use Workspaces in Terraform?
- How to run specific terraform resource, module, target?
- How Terraform modules works?
- Secure AWS EC2s & GCP VMs with Terraform SSH Keys!
- What is terraform provisioner?
- Is terraform destroy needed before terraform apply?
- How to fix terraform error Your query returned no results. Please change your search criteria and try again?
- How to use Terraform Data sources?
- How to use Terraform resource meta arguments?
- How to use Terraform Dynamic blocks?
- Terraform - How to nuke AWS resources and save additional AWS infrastructure cost?
- Understanding terraform count, for_each and for loop?
- How to use Terraform output values?
- How to fix error configuring Terraform AWS Provider error validating provider credentials error calling sts GetCallerIdentity SignatureDoesNotMatch?
- How to fix Invalid function argument on line in provider credentials file google Invalid value for path parameter no file exists
- How to fix error value for undeclared variable a variable named was assigned on the command line?
- What is variable.tf and terraform.tfvars?
- How to use Terraform Variables - Locals,Input,Output
- Terraform create EC2 Instance on AWS
- How to fix Error creating service account googleapi Error 403 Identity and Access Management (IAM) API has not been used in project before or it is disabled
- Install terraform on Ubuntu 20.04, CentOS 8, MacOS, Windows 10, Fedora 33, Red hat 8 and Solaris 11