In this article, I am going to show you how the implicit dependencies
affect the behavior and order of different resources created and destroyed based on their configurations. However, Terraform cannot always deduce/give reasons on implicit dependencies between different parts of your infrastructure.
Please visit my GitHub Repository for Terraform articles on various topics being updated on constant basis.
Let’s get started!
Objectives:
1. Create infrastructure for Implicit
dependencies
2. Delete (Destroy) your infrastructure
Pre-requisites:
- AWS user account with admin access, not a root account.
- Cloud9 IDE with AWS CLI.
Resources Used:
I have used a data source for pulling in an AMI ID instead of a hard-coded value for creating an EC2 Instance. I have used Terraform documentation for this purpose.
Terraform documentation for AMI.
data source for pulling in an AMI ID.
Steps for implementation to this project:
1. Create infrastructure for Implicit dependencies
- Let’s create the following organizational structure as shown below.
- Create a
main.tf
file. This will deploy 2 Linux EC2 instances"ec2_1"
and"ec2_2"
, with the security group"ec2_sg"
.
# PROVIDERS BLOCK
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.23"
}
}
required_version = ">= 1.2.0"
}
provider "aws" {
region = var.aws_region
}
# EC2 BLOCK
data "aws_ami" "linux" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = ["amzn2-ami-hvm-*-x86_64-gp2"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
}
resource "aws_instance" "ec2_1" {
ami = data.aws_ami.linux.id
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.ec2_sg.id]
tags = {
Name = "ec2_1"
}
}
resource "aws_instance" "ec2_2" {
ami = data.aws_ami.linux.id
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.ec2_sg.id]
tags = {
Name = "ec2_2"
}
}
resource "aws_eip" "ip" {
vpc = true
instance = aws_instance.ec2_1.id
tags = {
Name = "ip"
}
}
# SECURITY BLOCK
resource "aws_security_group" "ec2_sg" {
name = "ec2_sg"
description = "allow inbound HTTP traffic"
# HTTP from vpc
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# outbound rules
# internet access to anywhere
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
name = "ec2_sg"
}
}
# VARIABLES BLOCK
variable "aws_region" {
description = "AWS region for all resources."
type = string
default = "us-east-1"
}
# OUTPUTS BLOCK
output "instance_id_1" {
value = aws_instance.ec2_1.id
}
output "instance_id_2" {
value = aws_instance.ec2_2.id
}
output "ec2_elastic_ip" {
description = "Elastic IP address for ec2_1 instance."
value = aws_eip.ip.id
}
- Run
terraform init
to initialize Terraform.
The
aws_eip
resource type allocates and associates an Elastic IP to anec2_1
instance.Hence,
aws_instance.ec2_1
should be created beforeaws_eip
can be created and attached, because it is dependent onaws_instance.ec2_1
creation.However,
aws_instance.ec2_2
can be created parallelly to other resources as there is no dependency attached.Run
terraform apply
to apply the configuration and typeyes
when prompted.
- See how Terraform creates your resources in order, and reports on its progress as it deploys your resources. The output will be similar to the following.
As shown above, Terraform waited until the creation of EC2 instance -
ec2_1
was complete before creating the Elastic IP address -aws_eip
.It automatically infers when one resource depends on another by studying the resource attributes used in interpolation expressions.
Terraform knows that the EC2 Instance must be created before the Elastic IP.
The reference to aws_instance.ec2_1.id
in the definition of the aws_eip.ip
block creates an implicit dependency.
- It uses this dependency information to determine the correct order in which to create the different resources.
2. Delete (Destroy) your infrastructure
Implicit dependencies affect the order in which resources are destroyed as well as created.
Run
terraform destroy
to destroy your infrastructure. Accept the changes by typingyes
when prompted.Wait for 4-5 minutes to destroy your resources.
See how Elastic IP address -
eip_ip
is destroyed before EC2 instance -ec2_1
.
What we have done so far
- We have successfully demonstrated how the
implicit dependencies
affect the behavior and order of different resources created and destroyed based on their configurations.
Top comments (0)