Working with hidden dependencies in Terraform

In order for Terraform to function properly it has to build a dependency graph. There may be situations where dependencies are hidden because we do not reference them. We can make these dependencies visible to Terraform with the depends_on Meta-Argument.

Think of all kind of permissions. We typically do not have to reference permissions explicitly to set up our resources. Thus the dependency is hidden to Terraform and resource creation may fail. To overcome this we can use depends_on in our resources to help Terraform build the dependency graph and create our resources in the correct order.

# Terraform pseudo code
resource1 {
...
depends_on = [
  resource2,
]
...
}
resource2 {
...
}

Fixing hidden dependencies is the easy part. The hard part though may be to spot them. If resource2 is already present when we create resource1 we will not recognize that we missed out something. We will only run into errors if we destroy our infrastructure and recreate it from scratch.

A good starting point to check for hidden dependencies is the dependency graph. If there are resources in our graph that have no dependencies at all (rather than the Terraform provider) there might be something wrong.

Contact