This topic describes resource dependencies.
When building your infrastructure, you can visualize the dependency graph to understand your infrastructure architecture. This graph shows how resources are connected and depend on each other.
When Terraform executes, it automatically builds a dependency graph from your configuration files to generate an execution plan and refresh the resource status. The following code is an example of a configuration file used to create an ECS instance:
provider "alicloud" {
# Configure your Alibaba Cloud credentials and region information.
# Configure your Alibaba Cloud credentials. For security purposes, we recommend that you do not include your Alibaba Cloud AccessKey and SecretKey directly in this file. We recommend that you use environment variables or other secure methods to set the credentials.
# export ALICLOUD_ACCESS_KEY="<Your Alibaba Cloud AccessKey>"
# export ALICLOUD_SECRET_KEY="<Your Alibaba Cloud SecretKey>"
region = "cn-hangzhou"
}
# Create a VPC.
resource "alicloud_vpc" "my_vpc" {
vpc_name = "main-vpc"
cidr_block = "10.0.0.0/16"
}
# Create a vSwitch.
resource "alicloud_vswitch" "my_vswitch" {
vpc_id = alicloud_vpc.my_vpc.id
cidr_block = "10.0.1.0/24"
zone_id = "cn-hangzhou-h"
vswitch_name = "main-vswitch"
}
# Create a security group.
resource "alicloud_security_group" "my_sg" {
vpc_id = alicloud_vpc.my_vpc.id
name = "main-security-group"
}
# Add a security group rule to allow SSH access.
resource "alicloud_security_group_rule" "allow_ssh" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "22/22"
priority = 1
security_group_id = alicloud_security_group.my_sg.id
cidr_ip = "0.0.0.0/0"
}
# Create an ECS instance.
resource "alicloud_instance" "my_instance" {
instance_name = "Ubuntu20-Instance"
image_id = "ubuntu_20_04_x64_20G_alibase_20240508.vhd" # The image ID of Ubuntu 20.04.
instance_type = "ecs.c6.large" # 2 vCPUs and 4 GiB of memory.
security_groups = [alicloud_security_group.my_sg.id]
vswitch_id = alicloud_vswitch.my_vswitch.id
internet_charge_type = "PayByTraffic"
instance_charge_type = "PostPaid"
system_disk_category = "cloud_efficiency"
password = "Abc@12345" # Set the logon password.
internet_max_bandwidth_out = 10 # If you set the bandwidth to a value greater than 0, an Internet IP address is automatically assigned.
tags = {
Name = "ubuntu20"
}
}The creation of the ECS instance depends on the security group and the vSwitch. This dependency is established by assigning values to the security_groups and vswitch_id properties. When Terraform executes, it uses this dependency graph to determine the correct order of resource operations. In complex scenarios with multiple resources, Terraform runs operations in parallel for resources that do not have dependencies.
Dependencies
Terraform supports two types of dependencies: implicit and explicit. Terraform automatically detects implicit dependencies. Explicit dependencies, however, must be manually declared.
Implicit dependencies
When a resource depends on an attribute from another resource, Terraform can infer this relationship as an implicit dependency.
In this example, the vSwitch and the security group depend on the VPC. The ECS instance depends on the vSwitch and the security group. The security group rule depends on the security group. These are all implicit dependencies.
Terraform detects implicit dependencies through references in property value assignments.
For example, the vswitch_id parameter for the instance references the my_vswitch resource. This establishes an implicit dependency from the instance resource to the vSwitch resource.
Terraform infers implicit dependencies to determine the creation order of resources. This process ensures that all resources in the configuration file are created in the correct order.
In this example, the dependencies and creation order among resources are shown in the following graph:
When Terraform reads the configuration, it creates the resources in the correct order. First, the VPC my_vpc is created, followed by the vSwitch my_vswitch and the security group my_sg. The ECS instance my_instance is created last. After all resources are created, Terraform saves their properties to the status file. It sets the vpc_id parameter in my_vswitch and my_sg to the ID of my_vpc. It also sets the vswitch_id and security_groups parameters for my_instance using the IDs from my_vswitch and my_sg.
Explicit dependencies
Sometimes, a dependency between two resources is not visible to Terraform because it does not involve a direct reference to data. In such cases, you must explicitly declare the dependency using the depends_on argument in your configuration code.
The depends_on argument gives you more control over the order in which Terraform processes resources. You can use depends_on with any resource or module, and its value should be a list of references to other resources in the same configuration.
For example, based on the preceding configuration, assume you need to add access rules for ports 443 and 8080. You also want to ensure that the rule for port 8080 is created only after the rule for port 443 is created. Because this dependency is not visible to Terraform, you must declare it explicitly. You can use depends_on to declare that the rule for port 8080 depends on the rule for port 443:
Because of the depends_on argument, Terraform ensures that the access rule for port 443 is created before the access rule for port 8080. When you execute terraform apply, the access rule for port 8080 is created after the access rule for port 443.
Finally, note that the order in which you define resources in your configuration files does not affect the execution order. Therefore, you can organize your configuration files in a way that makes the most sense to you and your team.