github.com/kcburge/terraform@v0.11.12-beta1/website/docs/configuration/resources.html.md (about) 1 --- 2 layout: "docs" 3 page_title: "Configuring Resources" 4 sidebar_current: "docs-config-resources" 5 description: |- 6 The most important thing you'll configure with Terraform are resources. Resources are a component of your infrastructure. It might be some low level component such as a physical server, virtual machine, or container. Or it can be a higher level component such as an email provider, DNS record, or database provider. 7 --- 8 9 # Resource Configuration 10 11 The most important thing you'll configure with Terraform are 12 resources. Resources are a component of your infrastructure. 13 It might be some low level component such as a physical server, 14 virtual machine, or container. Or it can be a higher level 15 component such as an email provider, DNS record, or database 16 provider. 17 18 This page assumes you're familiar with the 19 [configuration syntax](/docs/configuration/syntax.html) 20 already. 21 22 ## Example 23 24 A resource configuration looks like the following: 25 26 ```hcl 27 resource "aws_instance" "web" { 28 ami = "ami-408c7f28" 29 instance_type = "t1.micro" 30 } 31 ``` 32 33 ## Description 34 35 The `resource` block creates a resource of the given `TYPE` (first 36 parameter) and `NAME` (second parameter). The combination of the type 37 and name must be unique. 38 39 Within the block (the `{ }`) is configuration for the resource. The 40 configuration is dependent on the type, and is documented for each 41 resource type in the 42 [providers section](/docs/providers/index.html). 43 44 ### Meta-parameters 45 46 There are **meta-parameters** available to all resources: 47 48 - `count` (int) - The number of identical resources to create. This doesn't 49 apply to all resources. For details on using variables in conjunction with 50 count, see [Using Variables with `count`](#using-variables-with-count) below. 51 52 -> Modules don't currently support the `count` parameter. 53 54 - `depends_on` (list of strings) - Explicit dependencies that this resource has. 55 These dependencies will be created before this resource. For syntax and other 56 details, see the section below on [explicit 57 dependencies](#explicit-dependencies). 58 59 - `provider` (string) - The name of a specific provider to use for this 60 resource. The name is in the format of `TYPE.ALIAS`, for example, `aws.west`. 61 Where `west` is set using the `alias` attribute in a provider. See [multiple 62 provider instances](#multiple-provider-instances). 63 64 - `lifecycle` (configuration block) - Customizes the lifecycle behavior of the 65 resource. The specific options are documented below. 66 67 The `lifecycle` block allows the following keys to be set: 68 69 - `create_before_destroy` (bool) - This flag is used to ensure the replacement 70 of a resource is created before the original instance is destroyed. As an 71 example, this can be used to create an new DNS record before removing an old 72 record. 73 74 - `prevent_destroy` (bool) - This flag provides extra protection against the 75 destruction of a given resource. When this is set to `true`, any plan that 76 includes a destroy of this resource will return an error message. 77 78 - `ignore_changes` (list of strings) - Customizes how diffs are evaluated for 79 resources, allowing individual attributes to be ignored through changes. As 80 an example, this can be used to ignore dynamic changes to the resource from 81 external resources. Other meta-parameters cannot be ignored. 82 83 ~> Ignored attribute names can be matched by their name, not state ID. 84 For example, if an `aws_route_table` has two routes defined and the 85 `ignore_changes` list contains "route", both routes will be ignored. 86 Additionally you can also use a single entry with a wildcard (e.g. `"*"`) 87 which will match all attribute names. Using a partial string together 88 with a wildcard (e.g. `"rout*"`) is **not** supported. 89 90 -> Interpolations are not currently supported in the `lifecycle` configuration block (see [issue #3116](https://github.com/hashicorp/terraform/issues/3116)) 91 92 ### Timeouts 93 94 Individual Resources may provide a `timeouts` block to enable users to configure the 95 amount of time a specific operation is allowed to take before being considered 96 an error. For example, the 97 [aws_db_instance](/docs/providers/aws/r/db_instance.html#timeouts) 98 resource provides configurable timeouts for the 99 `create`, `update`, and `delete` operations. Any Resource that provides Timeouts 100 will document the default values for that operation, and users can overwrite 101 them in their configuration. 102 103 Example overwriting the `create` and `delete` timeouts: 104 105 ```hcl 106 resource "aws_db_instance" "timeout_example" { 107 allocated_storage = 10 108 engine = "mysql" 109 engine_version = "5.6.17" 110 instance_class = "db.t1.micro" 111 name = "mydb" 112 113 # ... 114 115 timeouts { 116 create = "60m" 117 delete = "2h" 118 } 119 } 120 ``` 121 122 Individual Resources must opt-in to providing configurable Timeouts, and 123 attempting to configure the timeout for a Resource that does not support 124 Timeouts, or overwriting a specific action that the Resource does not specify as 125 an option, will result in an error. Valid units of time are `s`, `m`, `h`. 126 127 ### Explicit Dependencies 128 129 Terraform ensures that dependencies are successfully created before a 130 resource is created. During a destroy operation, Terraform ensures that 131 this resource is destroyed before its dependencies. 132 133 A resource automatically depends on anything it references via 134 [interpolations](/docs/configuration/interpolation.html). The automatically 135 determined dependencies are all that is needed most of the time. You can also 136 use the `depends_on` parameter to explicitly define a list of additional 137 dependencies. 138 139 The primary use case of explicit `depends_on` is to depend on a _side effect_ 140 of another operation. For example: if a provisioner creates a file, and your 141 resource reads that file, then there is no interpolation reference for Terraform 142 to automatically connect the two resources. However, there is a causal 143 ordering that needs to be represented. This is an ideal case for `depends_on`. 144 In most cases, however, `depends_on` should be avoided and Terraform should 145 be allowed to determine dependencies automatically. 146 147 The syntax of `depends_on` is a list of resources and modules: 148 149 - Resources are `TYPE.NAME`, such as `aws_instance.web`. 150 - Modules are `module.NAME`, such as `module.foo`. 151 152 When a resource depends on a module, _everything_ in that module must be 153 created before the resource is created. 154 155 An example of a resource depending on both a module and resource is shown 156 below. Note that `depends_on` can contain any number of dependencies: 157 158 ```hcl 159 resource "aws_instance" "web" { 160 depends_on = ["aws_instance.leader", "module.vpc"] 161 } 162 ``` 163 164 -> **Use sparingly!** `depends_on` is rarely necessary. 165 In almost every case, Terraform's automatic dependency system is the best-case 166 scenario by having your resources depend only on what they explicitly use. 167 Please think carefully before you use `depends_on` to determine if Terraform 168 could automatically do this a better way. 169 170 ### Connection block 171 172 Within a resource, you can optionally have a **connection block**. 173 Connection blocks describe to Terraform how to connect to the 174 resource for 175 [provisioning](/docs/provisioners/index.html). This block doesn't 176 need to be present if you're using only local provisioners, or 177 if you're not provisioning at all. 178 179 Resources provide some data on their own, such as an IP address, 180 but other data must be specified by the user. 181 182 The full list of settings that can be specified are listed on 183 the [provisioner connection page](/docs/provisioners/connection.html). 184 185 ### Provisioners 186 187 Within a resource, you can specify zero or more **provisioner 188 blocks**. Provisioner blocks configure 189 [provisioners](/docs/provisioners/index.html). 190 191 Within the provisioner block is provisioner-specific configuration, 192 much like resource-specific configuration. 193 194 Provisioner blocks can also contain a connection block 195 (documented above). This connection block can be used to 196 provide more specific connection info for a specific provisioner. 197 An example use case might be to use a different user to log in 198 for a single provisioner. 199 200 ## Using Variables With `count` 201 202 When declaring multiple instances of a resource using [`count`](#count), it is 203 common to want each instance to have a different value for a given attribute. 204 205 You can use the `${count.index}` 206 [interpolation](/docs/configuration/interpolation.html) along with a map 207 [variable](/docs/configuration/variables.html) to accomplish this. 208 209 For example, here's how you could create three [AWS 210 Instances](/docs/providers/aws/r/instance.html) each with their own 211 static IP address: 212 213 ```hcl 214 variable "instance_ips" { 215 default = { 216 "0" = "10.11.12.100" 217 "1" = "10.11.12.101" 218 "2" = "10.11.12.102" 219 } 220 } 221 222 resource "aws_instance" "app" { 223 count = "3" 224 private_ip = "${lookup(var.instance_ips, count.index)}" 225 # ... 226 } 227 ``` 228 229 To reference a particular instance of a resource you can use `resource.foo.*.id[#]` where `#` is the index number of the instance. 230 231 For example, to create a list of all [AWS subnet](/docs/providers/aws/r/subnet.html) ids vs referencing a specific subnet in the list you can use this syntax: 232 233 ```hcl 234 resource "aws_vpc" "foo" { 235 cidr_block = "198.18.0.0/16" 236 } 237 238 resource "aws_subnet" "bar" { 239 count = 2 240 vpc_id = "${aws_vpc.foo.id}" 241 cidr_block = "${cidrsubnet(aws_vpc.foo.cidr_block, 8, count.index)}" 242 } 243 244 output "vpc_id" { 245 value = "${aws_vpc.foo.id}" 246 } 247 248 output "all_subnet_ids" { 249 value = "${aws_subnet.bar.*.id}" 250 } 251 252 output "subnet_id_0" { 253 value = "${aws_subnet.bar.*.id[0]}" 254 } 255 256 output "subnet_id_1" { 257 value = "${aws_subnet.bar.*.id[1]}" 258 } 259 ``` 260 261 ## Multiple Provider Instances 262 263 By default, a resource targets the provider based on its type. For example 264 an `aws_instance` resource will target the "aws" provider. As of Terraform 265 0.5.0, a resource can target any provider by name. 266 267 The primary use case for this is to target a specific configuration of 268 a provider that is configured multiple times to support multiple regions, etc. 269 270 To target another provider, set the `provider` field: 271 272 ```hcl 273 resource "aws_instance" "foo" { 274 provider = "aws.west" 275 276 # ... 277 } 278 ``` 279 280 The value of the field should be `TYPE` or `TYPE.ALIAS`. The `ALIAS` value 281 comes from the `alias` field value when configuring the 282 [provider](/docs/configuration/providers.html). 283 284 ```hcl 285 provider "aws" { 286 alias = "west" 287 288 # ... 289 } 290 ``` 291 292 If no `provider` field is specified, the default provider is used. 293 294 ## Syntax 295 296 The full syntax is: 297 298 ```text 299 resource TYPE NAME { 300 CONFIG ... 301 [count = COUNT] 302 [depends_on = [NAME, ...]] 303 [provider = PROVIDER] 304 305 [LIFECYCLE] 306 307 [CONNECTION] 308 [PROVISIONER ...] 309 } 310 ``` 311 312 where `CONFIG` is: 313 314 ```text 315 KEY = VALUE 316 317 KEY { 318 CONFIG 319 } 320 ``` 321 322 where `LIFECYCLE` is: 323 324 ```text 325 lifecycle { 326 [create_before_destroy = true|false] 327 [prevent_destroy = true|false] 328 [ignore_changes = [ATTRIBUTE NAME, ...]] 329 } 330 ``` 331 332 where `CONNECTION` is: 333 334 ```text 335 connection { 336 KEY = VALUE 337 ... 338 } 339 ``` 340 341 where `PROVISIONER` is: 342 343 ```text 344 provisioner NAME { 345 CONFIG ... 346 347 [when = "create"|"destroy"] 348 [on_failure = "continue"|"fail"] 349 350 [CONNECTION] 351 } 352 ```