Terraform Lifecycle Meta-Argument

Terraform’s lifecycle meta-argument helps control how resources are created, updated, and destroyed. It includes:

create_before_destroy – Ensures a new resource is created before deleting the old one, preventing downtime.
prevent_destroy – Blocks accidental deletions of critical resources.
ignore_changes – Ignores changes to specific attributes that might be modified outside Terraform.
triggered_by – Ensures that a resource is recreated (destroyed and recreated) when specific referenced resources or variables change.

Enhance Your Productivity with Microsoft Copilot

Effortless Integration
AI-Powered Assistance

Get Started Now

Create a Directory for Your Terraform Files

cd ~/Labs &amp;&amp; mkdir lifecycle-lab &amp;&amp; cd lifecycle-lab

1	cd ~/Labs && mkdir lifecycle-lab && cd lifecycle-lab

Create a main.tf File

vi main.tf

1	vi main.tf

Define the Azure Provider in main.tf

# Azure Provider for East US

provider "azurerm" {

  features {}

  resource_provider_registrations = "none"

  subscription_id = "b70f2b66-b08e-4775-8273-89d81847a0c2"  # Replace with your subscription id

}




resource "azurerm_resource_group" "lifecycle-group" {

  name     = "lifecycle-group"

  location = "East US"

}




resource "azurerm_storage_account" "lifecyclegroupstorage" {

  name                     = "lifecyclegroupstorage"

  resource_group_name      = azurerm_resource_group.lifecycle-group.name

  location                 = azurerm_resource_group.lifecycle-group.location

  account_tier             = "Standard"

  account_replication_type = "LRS"




  # Uncomment one at a time to see the effect of each lifecycle argument

  lifecycle {

  #  create_before_destroy = true

  #  prevent_destroy = true

  #  ignore_changes = [name]

     replace_triggered_by = [azurerm_storage_account.triggeringresource.name]

  }

}




resource "azurerm_storage_account" "triggeringresource" {

  name                     = "triggeringresource"

  resource_group_name      = azurerm_resource_group.lifecycle-group.name

  location                 = azurerm_resource_group.lifecycle-group.location

  account_tier             = "Standard"

  account_replication_type = "LRS"

}

# Azure Provider for East US

provider "azurerm" {

features {}

resource_provider_registrations = "none"

subscription_id = "b70f2b66-b08e-4775-8273-89d81847a0c2" # Replace with your subscription id

}

resource "azurerm_resource_group" "lifecycle-group" {

name = "lifecycle-group"

location = "East US"

}

resource "azurerm_storage_account" "lifecyclegroupstorage" {

name = "lifecyclegroupstorage"

resource_group_name = azurerm_resource_group.lifecycle-group.name

location = azurerm_resource_group.lifecycle-group.location

account_tier = "Standard"

account_replication_type = "LRS"

# Uncomment one at a time to see the effect of each lifecycle argument

lifecycle {

# create_before_destroy = true

# prevent_destroy = true

# ignore_changes = [name]

replace_triggered_by = [azurerm_storage_account.triggeringresource.name]

}

resource "azurerm_storage_account" "triggeringresource" {

name = "triggeringresource"

resource_group_name = azurerm_resource_group.lifecycle-group.name

location = azurerm_resource_group.lifecycle-group.location

account_tier = "Standard"

account_replication_type = "LRS"

}

Initialize Terraform

terraform init

1	terraform init

Plan Terraform Deployment

terraform plan

1	terraform plan

Apply Terraform Configuration

terraform apply -auto-approve

1	terraform apply -auto-approve

Task 1: Create Before Destroy

Edit the main.tf file and change the name of the Storage Account to lifecyclegroupstorage1.
Apply the changes:

terraform apply -auto-approve

1	terraform apply -auto-approve

Notice that first, the destroy is triggered, and then the creation.
Uncomment the lifecycle rule

create_before_destroy and change the name back to lifecyclegroupstorage.

1	create_before_destroy and change the name back to lifecyclegroupstorage.

Apply again:

terraform apply -auto-approve

1	terraform apply -auto-approve

Notice that first, the create is triggered, and then the destroy.

Task 2: Prevent Destroy

Comment out create_before_destroy and uncomment prevent_destroy.
Attempt to destroy the resources:

terraform destroy -auto-approve

1	terraform destroy -auto-approve

Terraform will not destroy this resource, even when you run terraform destroy. Any attempt to destroy it will result in an error.

Task 3: Ignore Changes

Edit the main.tf file:
- Change the name of the Storage Account to lifecyclegroupstorage2.
- Uncomment ignore_changes.
- Comment prevent_destroy.
Apply the changes:

terraform apply -auto-approve

1	terraform apply -auto-approve

Notice that no change will be done.

Task 4: Replace Triggered By

Edit the main.tf file:
- Change the name of the Storage Account from triggeringresource to triggeringresource1.
- Comment ignore_changes.
- Uncomment replace_triggered_by.
Apply the changes:

terraform apply -auto-approve

1	terraform apply -auto-approve

Notice that although we have made no changes to lifecyclegroupstorage, it is also being destroyed and recreated.

Cleanup

terraform destroy -auto-approve

cd ~/Labs &amp;&amp; rm -rf lifecycle-lab

terraform destroy -auto-approve

cd ~/Labs && rm -rf lifecycle-lab

Start your career on Azure without leaving your job! Get Certified in less than a Month

Experienced Authorized Instructor led Training
Live Hands-on Labs

Subscribe now

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.