Difference between revisions of "Terraform meta-argument: depends on"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
Line 3: Line 3:
  
 
* [[Terraform: depends_on|Terraform]]: <code>[[Terraform: depends_on|depends_on]]</code> for [[modules]] (https://github.com/hashicorp/terraform/blob/v0.13/CHANGELOG.md), [[Terraform 0.13.0]] (Aug 2020)
 
* [[Terraform: depends_on|Terraform]]: <code>[[Terraform: depends_on|depends_on]]</code> for [[modules]] (https://github.com/hashicorp/terraform/blob/v0.13/CHANGELOG.md), [[Terraform 0.13.0]] (Aug 2020)
 +
 +
== Official example ==
 +
<pre>
 +
resource "aws_iam_role" "example" {
 +
  name = "example"
 +
 +
  # assume_role_policy is omitted for brevity in this example. Refer to the
 +
  # documentation for aws_iam_role for a complete example.
 +
  assume_role_policy = "..."
 +
}
 +
 +
resource "aws_iam_instance_profile" "example" {
 +
  # Because this expression refers to the role, Terraform can infer
 +
  # automatically that the role must be created first.
 +
  role = aws_iam_role.example.name
 +
}
 +
 +
resource "aws_iam_role_policy" "example" {
 +
  name  = "example"
 +
  role  = aws_iam_role.example.name
 +
  policy = jsonencode({
 +
    "Statement" = [{
 +
      # This policy allows software running on the EC2 instance to
 +
      # access the S3 API.
 +
      "Action" = "s3:*",
 +
      "Effect" = "Allow",
 +
    }],
 +
  })
 +
}
 +
 +
resource "aws_instance" "example" {
 +
  ami          = "ami-a1b2c3d4"
 +
  instance_type = "t2.micro"
 +
 +
  # Terraform can infer from this that the instance profile must
 +
  # be created before the EC2 instance.
 +
  iam_instance_profile = aws_iam_instance_profile.example
 +
 +
  # However, if software running in this EC2 instance needs access
 +
  # to the S3 API in order to boot properly, there is also a "hidden"
 +
  # dependency on the aws_iam_role_policy that Terraform cannot
 +
  # automatically infer, so it must be declared explicitly:
 +
  depends_on = [
 +
    aws_iam_role_policy.example
 +
  ]
 +
}
 +
</pre>
  
 
== Errors ==
 
== Errors ==

Revision as of 14:16, 15 March 2023


Official example

resource "aws_iam_role" "example" {
  name = "example"

  # assume_role_policy is omitted for brevity in this example. Refer to the
  # documentation for aws_iam_role for a complete example.
  assume_role_policy = "..."
}

resource "aws_iam_instance_profile" "example" {
  # Because this expression refers to the role, Terraform can infer
  # automatically that the role must be created first.
  role = aws_iam_role.example.name
}

resource "aws_iam_role_policy" "example" {
  name   = "example"
  role   = aws_iam_role.example.name
  policy = jsonencode({
    "Statement" = [{
      # This policy allows software running on the EC2 instance to
      # access the S3 API.
      "Action" = "s3:*",
      "Effect" = "Allow",
    }],
  })
}

resource "aws_instance" "example" {
  ami           = "ami-a1b2c3d4"
  instance_type = "t2.micro"

  # Terraform can infer from this that the instance profile must
  # be created before the EC2 instance.
  iam_instance_profile = aws_iam_instance_profile.example

  # However, if software running in this EC2 instance needs access
  # to the S3 API in order to boot properly, there is also a "hidden"
  # dependency on the aws_iam_role_policy that Terraform cannot
  # automatically infer, so it must be declared explicitly:
  depends_on = [
    aws_iam_role_policy.example
  ]
}

Errors

Related

See also

Advertising: