Terraformcloud~5 mins

Lifecycle customization in Terraform - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes you want to control how Terraform creates, updates, or deletes resources. Lifecycle customization lets you tell Terraform to ignore changes, prevent deletion, or create resources before others. This helps avoid accidental data loss or downtime.

When you want Terraform to keep a resource even if you remove it from your code to avoid accidental deletion.

When you want Terraform to ignore changes to certain resource attributes that are managed outside Terraform.

When you need Terraform to create a resource before another one to avoid dependency issues.

When you want to prevent Terraform from replacing a resource during updates.

When you want to control the order of resource creation and deletion explicitly.

Config File - main.tf

main.tf

resource "aws_s3_bucket" "example" {
  bucket = "my-example-bucket-terraform"

  lifecycle {
    prevent_destroy = true
    ignore_changes  = ["tags"]
    create_before_destroy = true
  }
}

The resource block defines an AWS S3 bucket named example.

The lifecycle block customizes how Terraform manages this resource:

prevent_destroy: stops Terraform from deleting the bucket, protecting data.
ignore_changes: tells Terraform to ignore changes to the tags attribute, useful if tags are changed outside Terraform.
create_before_destroy: ensures Terraform creates a new bucket before deleting the old one during updates, avoiding downtime.

Commands

Initializes the Terraform working directory and downloads necessary provider plugins.

Terminal

terraform init

Expected OutputExpected

Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/aws... - Installing hashicorp/aws v4.0.0... - Installed hashicorp/aws v4.0.0 (signed by HashiCorp) Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure.

Shows the changes Terraform will make to match the configuration, respecting lifecycle rules.

Terminal

terraform plan

Expected OutputExpected

An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_s3_bucket.example will be created + resource "aws_s3_bucket" "example" { + bucket = "my-example-bucket-terraform" + id = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy.

Applies the planned changes to create the S3 bucket with lifecycle customizations.

Terminal

terraform apply -auto-approve

Expected OutputExpected

aws_s3_bucket.example: Creating... aws_s3_bucket.example: Creation complete after 2s [id=my-example-bucket-terraform] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

→

-auto-approve - Automatically approves the apply without prompting for confirmation.

Attempts to destroy the resources, but lifecycle prevent_destroy will block deletion.

Terminal

terraform destroy -auto-approve

Expected OutputExpected

Error: Instance cannot be destroyed on main.tf line 1, in resource "aws_s3_bucket" "example": 1: resource "aws_s3_bucket" "example" { Resource aws_s3_bucket.example has lifecycle.prevent_destroy set, so it cannot be destroyed.

→

-auto-approve - Automatically approves the destroy without prompting for confirmation.

Key Concept

If you remember nothing else from this pattern, remember: lifecycle blocks let you control how Terraform creates, updates, or deletes resources to protect your infrastructure.

Common Mistakes

Removing a resource from the configuration expecting Terraform to delete it, but prevent_destroy is set.

Terraform will refuse to delete the resource, causing apply or destroy to fail.

Remove or set prevent_destroy to false before deleting the resource from the configuration.

Expecting ignore_changes to prevent all updates to a resource.

ignore_changes only ignores specified attributes; other changes will still be applied.

Specify all attributes you want Terraform to ignore inside ignore_changes.

Not using create_before_destroy when updating resources that require replacement, causing downtime.

Terraform destroys the old resource before creating the new one, causing service interruption.

Set create_before_destroy = true in the lifecycle block to create new resources first.

Summary

Use the lifecycle block inside resource definitions to customize resource management.

prevent_destroy protects resources from accidental deletion by Terraform.

ignore_changes lets Terraform ignore changes to specific resource attributes.

create_before_destroy ensures new resources are created before old ones are destroyed to avoid downtime.