Terraformcloud~5 mins

Creation-time vs destruction-time in Terraform - CLI Comparison

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

When you create or delete cloud resources with Terraform, some actions happen when you first make the resource, and others happen when you remove it. Understanding when these actions run helps you control your infrastructure safely.

When you want to run a script only once when a resource is created, like setting up a database schema.

When you need to clean up external resources or data when deleting a cloud resource.

When you want to avoid running expensive or risky commands every time you update your infrastructure.

When you want to manage lifecycle hooks to control resource creation and destruction order.

When you want to automate backups before deleting storage buckets.

Config File - main.tf

main.tf

resource "null_resource" "example" {
  provisioner "local-exec" {
    command = "echo 'This runs at creation time'"
  }

  lifecycle {
    create_before_destroy = true
  }

  provisioner "local-exec" {
    when    = "destroy"
    command = "echo 'This runs at destruction time'"
  }
}

This Terraform file defines a null_resource that runs commands at different times.

The first local-exec provisioner runs a command when the resource is created.
The lifecycle block ensures the resource is created before the old one is destroyed.
The second local-exec provisioner with when = "destroy" runs a command only when the resource is deleted.

Commands

This command sets up Terraform in the current folder by downloading necessary plugins and preparing the environment.

Terminal

terraform init

Expected OutputExpected

Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/null... - Installing hashicorp/null v3.1.0... - Installed hashicorp/null v3.1.0 (signed by HashiCorp) Terraform has been successfully initialized!

This command creates the resource defined in the configuration and runs the creation-time command automatically.

Terminal

terraform apply -auto-approve

Expected OutputExpected

null_resource.example: Creating... null_resource.example: Provisioning with 'local-exec'... null_resource.example (local-exec): Executing: ["/bin/sh" "-c" "echo 'This runs at creation time'"] null_resource.example (local-exec): This runs at creation time null_resource.example: Creation complete after 0s [id=1234567890] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

→

-auto-approve - Skip manual approval to apply changes immediately

This command deletes the resource and runs the destruction-time command automatically.

Terminal

terraform destroy -auto-approve

Expected OutputExpected

null_resource.example: Destroying... null_resource.example: Provisioning with 'local-exec'... null_resource.example (local-exec): Executing: ["/bin/sh" "-c" "echo 'This runs at destruction time'"] null_resource.example (local-exec): This runs at destruction time null_resource.example: Destruction complete after 0s Destroy complete! Resources: 1 destroyed.

→

-auto-approve - Skip manual approval to destroy resources immediately

Key Concept

If you remember nothing else from this pattern, remember: creation-time actions run when making resources, destruction-time actions run only when removing them.

Common Mistakes

Running destruction-time commands during resource updates.

Destruction-time commands should only run when deleting resources, not when changing them, to avoid unwanted side effects.

Use the 'when = "destroy"' setting in provisioners to ensure commands run only at destruction.

Not using lifecycle rules when replacing resources.

Without lifecycle rules, Terraform might destroy a resource before creating a new one, causing downtime.

Use 'create_before_destroy = true' to create new resources before deleting old ones.

Summary

Use provisioners with 'when = "destroy"' to run commands only when deleting resources.

Use normal provisioners to run commands at creation time.

Use lifecycle rules like 'create_before_destroy' to control resource replacement order.