β
What is lifecycle (quick recap)
lifecycle block controls how Terraform handles resource changes:
lifecycle {
create_before_destroy = true
prevent_destroy = true
ignore_changes = [...]
}
π
π― Goal
You will:
- Create EC2 instance
- Modify it β see replacement behavior
- Protect resource from deletion
- Ignore specific changes
π Project Structure
terraform-lifecycle-lab/
βββ main.tf
βββ variables.tf
βββ terraform.tfvars
βββ providers.tf
βββ outputs.tf
βββ versions.tf
π versions.tf
terraform {
required_version = ">= 1.5.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
π providers.tf
provider "aws" {
region = var.aws_region
}
π variables.tf
variable "aws_region" {
description = "AWS region"
type = string
}
variable "instance_name" {
description = "EC2 name"
type = string
}
variable "instance_type" {
description = "EC2 type"
type = string
}
variable "common_tags" {
description = "Tags"
type = map(string)
}
π terraform.tfvars
aws_region = "us-east-2"
instance_name = "lifecycle-lab-instance"
instance_type = "t2.micro"
common_tags = {
Project = "LifecycleLab"
Owner = "Student"
}
π main.tf (CORE LAB)
data "aws_ami" "amazon_linux" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = ["al2023-ami-*-x86_64"]
}
}
resource "aws_instance" "example" {
ami = data.aws_ami.amazon_linux.id
instance_type = var.instance_type
tags = merge(var.common_tags, {
Name = var.instance_name
})
lifecycle {
# β
1. Create new before destroying old
create_before_destroy = true
# β
2. Prevent accidental deletion
prevent_destroy = false
# β
3. Ignore changes to tags
ignore_changes = [
tags
]
}
}
π outputs.tf
output "instance_id" {
value = aws_instance.example.id
}
output "public_ip" {
value = aws_instance.example.public_ip
}
π§ͺ STEP-BY-STEP TESTING
β Step 1 β Initialize
terraform init
β Step 2 β Create Resource
terraform apply
π₯ TEST 1 β create_before_destroy
Change instance type:
instance_type = "t3.micro"
Run:
terraform apply
β What happens:
- New EC2 created FIRST
- Old EC2 destroyed AFTER
π Without this β downtime
π With this β zero downtime (important for production)
π₯ TEST 2 β prevent_destroy
Change:
prevent_destroy = true
Now run:
terraform destroy
β Result:
Terraform will fail:
Error: Instance cannot be destroyed
π This protects production resources (RDS, S3, etc.)
π₯ TEST 3 β ignore_changes
Step:
- Go to AWS Console
- Change tag manually (e.g., Name)
Run:
terraform plan
β Result:
No changes detected
π Terraform ignores drift for tags
π§ REAL DEVOPS USAGE
| Lifecycle Rule | Real Use Case |
|---|---|
| create_before_destroy | Zero downtime deploy (ASG, ALB) |
| prevent_destroy | Protect RDS, S3, DB |
| ignore_changes | External systems modify resource |
β οΈ IMPORTANT INTERVIEW POINTS
Q: When should NOT use ignore_changes?
π When drift matters (security groups, IAM)
Q: Risk of prevent_destroy?
π Blocks CI/CD destroy β must manually disable
Q: Does Terraform automatically use lifecycle?
π No β must be explicitly defined
Top comments (0)