Contents


Meta-arguments are a class of arguments built into the Terraform configuration language that control how Terraform creates and manages your infrastructure. You can use meta-arguments in any type of resource and in most module blocks.

All resources support meta-arguments that let you manage the infrastructure lifecycle, including destruction behavior, preventing destruction, and establishing dependencies between resources.


depends_on

The depends_on meta-argument instructs Terraform to complete all actions on the dependency object, including read operations, before performing actions on the object declaring the dependency.

  • Use depends_on to explicitly set the order in which Terraform creates resources.
  • Terraform automatically determines most resource dependencies based on configuration references, so you only need depends_on when a dependency is not visible to Terraform.

lifecycle

The lifecycle block accepts a rule that customizes how Terraform performs the lifecycle stages for each resource. All lifecycle settings affect how Terraform constructs and traverses the dependency graph. As a result, only literal values can be used because the processing happens too early for arbitrary expression evaluation.

action_trigger

action_trigger directs Terraform to automatically invoke actions based on the conditions you specify. The action_trigger rule is a block that supports the following arguments:

ArgumentDescriptionData typeRequired
eventsRequired list of lifecycle events: before_create, after_create, before_update, after_updatelistrequired
conditionOptional expression that must evaluate to true to invoke the actionexpressionoptional
actionsSpecifies an ordered list of actions to trigger when the events and condition arguments are metlistrequired

The available events:

  • before_create — invokes the specified actions before Terraform creates the resource
  • after_create — invokes the specified actions after Terraform creates the resource
  • before_update — invokes the specified actions before updating the infrastructure to match the configuration
  • after_update — invokes the specified actions after updating the infrastructure to match the configuration

create_before_destroy

By default, when Terraform must change a resource argument that cannot be updated in-place due to remote API limitations, Terraform destroys the existing object and then creates a new replacement object with the new configured arguments. Use the create_before_destroy rule to instruct Terraform to create a replacement resource before destroying the current resource.

prevent_destroy

When prevent_destroy is set to true, Terraform rejects plans that would destroy the infrastructure object associated with the resource and returns an error. The argument must be present in the configuration. This rule doesn’t prevent Terraform from destroying a resource if you remove its configuration.

ignore_changes

By default, Terraform detects any difference in the current settings of a real infrastructure object and plans to update the remote object to match configuration. Use the ignore_changes argument when a resource is created with references to data that may change in the future, but should not affect the resource after its creation.

replace_triggered_by

Terraform replaces the resource when any of the referenced resources or specified attributes change. Supply a list of expressions that reference managed resources, instances, or instance attributes.

precondition

Specifies a condition that Terraform evaluates before creating the resource. The following arguments are required:

ArgumentDescription
conditionExpression that must return true for Terraform to proceed with an operation. You can refer to any other object in the same configuration scope unless the reference creates a cyclic dependency.
error_messageMessage that Terraform prints to the console if the condition returns false.

postcondition

Specifies a condition that Terraform evaluates after creating the resource. The following arguments are required:

ArgumentDescription
conditionExpression that must return true for Terraform to perform operations on downstream resources. You can refer to any other object in the same configuration scope unless the reference creates a cyclic dependency.
error_messageMessage that Terraform prints to the console if the condition returns false.

destroy

Set to false to remove a resource from state without destroying the actual infrastructure resource. You can only use this rule in a removed block.

Examples

create_before_destroy

Zero-downtime replacement — create a new instance before destroying the old one:

resource "aws_instance" "web" {
  ami           = "ami-0abcdef1234567890"
  instance_type = "t3.micro"
 
  lifecycle {
    create_before_destroy = true
  }
}

prevent_destroy

Protect critical resources like databases from accidental destruction:

resource "aws_db_instance" "main" {
  engine         = "postgres"
  instance_class = "db.r6g.large"
 
  lifecycle {
    prevent_destroy = true
  }
}

ignore_changes

Ignore tags that are managed externally (e.g., by AWS auto-scaling or another team):

resource "aws_instance" "web" {
  ami           = "ami-0abcdef1234567890"
  instance_type = "t3.micro"
  tags          = { Name = "web" }
 
  lifecycle {
    ignore_changes = [tags]
  }
}

Ignore all attributes — useful when Terraform only manages the resource’s existence:

resource "aws_instance" "imported" {
  ami           = "ami-0abcdef1234567890"
  instance_type = "t3.micro"
 
  lifecycle {
    ignore_changes = all
  }
}

replace_triggered_by

Force EC2 instance replacement when the AMI resource or a variable changes:

resource "aws_ami_copy" "app" {
  name              = "app-ami"
  source_ami_id     = "ami-0abcdef1234567890"
  source_ami_region = "us-east-1"
}
 
resource "aws_instance" "app" {
  ami           = aws_ami_copy.app.id
  instance_type = "t3.micro"
 
  lifecycle {
    replace_triggered_by = [aws_ami_copy.app]
  }
}

precondition and postcondition

Validate inputs before creating and verify results after:

resource "aws_instance" "web" {
  ami           = var.ami_id
  instance_type = var.instance_type
 
  lifecycle {
    precondition {
      condition     = startswith(var.ami_id, "ami-")
      error_message = "AMI ID must start with 'ami-'."
    }
 
    postcondition {
      condition     = self.public_ip != ""
      error_message = "Instance must have a public IP address."
    }
  }
}

Combined lifecycle rules

Multiple rules in a single lifecycle block:

resource "aws_db_instance" "main" {
  engine            = "postgres"
  engine_version    = "16.4"
  instance_class    = "db.r6g.large"
  allocated_storage = 100
 
  lifecycle {
    prevent_destroy       = true
    create_before_destroy = true
    ignore_changes        = [engine_version]
  }
}

destroy with removed block

Remove a resource from Terraform state without destroying the actual infrastructure:

removed {
  from = aws_instance.old_server
 
  lifecycle {
    destroy = false
  }
}