Hey everyone 👋
If you're learning Terraform — or working on any kind of infrastructure automation — you’ve probably run into the mysterious lifecycle block. When I first saw it, I thought it was something only advanced teams used for edge cases.
But once I saw how it can prevent accidental destruction, avoid downtime, and keep Terraform from messing with my manual changes, I realized: this is essential knowledge for anyone building in the cloud.
Let me walk you through the lifecycle meta-argument the way I wish someone had explained it to me 👇
🧸 Think of It Like Building a New House While Still Living in the Old One
Imagine you're living in a house and want to renovate the kitchen. Would you:
- Tear down the old kitchen and then start building the new one?
- Build the new kitchen first, then remove the old one?
Most people (and certainly your stomach) would prefer option 2. And that’s exactly what Terraform’s create_before_destroy setting helps with.
But that’s just one of several options inside the lifecycle block.
⚙️ What Is the lifecycle Block in Terraform?
The lifecycle block is a way to customize how Terraform handles resource updates, replacements, and destruction.
Terraform usually tries to keep things simple: if a resource changes, Terraform updates it. If the change is too big, Terraform deletes and recreates it.
But sometimes… you want more control.
🧠 3 Lifecycle Settings You Should Know
Let’s break them down with real-world examples:
1. create_before_destroy
🚀 Make sure the new thing is built before the old one is destroyed.
lifecycle {
create_before_destroy = true
}
Why it matters:
By default, if you change something like an EC2 AMI ID (switching from Linux to Ubuntu), Terraform will destroy the old EC2 first, then create the new one.
In production, that’s risky.
✅ Use create_before_destroy to avoid downtime — build the new instance first, then clean up the old one.
2. prevent_destroy
🛑 Never let this resource be destroyed — no matter what.
lifecycle {
prevent_destroy = true
}
Why it matters:
You’re managing a production database. A mistake in your Terraform file or an automated pipeline tries to delete it.
With prevent_destroy, Terraform will throw an error and stop, saving your production data from an accidental nuke.
💡 Use this for critical resources like RDS, S3 buckets with logs, or anything you really don’t want to lose.
3. ignore_changes
🎭 Ignore specific changes — even if someone changes them manually.
lifecycle {
ignore_changes = [
tags,
instance_type
]
}
Why it matters:
Let’s say someone in your team manually edits a tag or resizes an EC2 instance. Next time you run terraform plan, Terraform wants to revert it.
But what if that manual change was intentional?
✅ Use ignore_changes to stop Terraform from undoing manual edits to specific attributes (or all of them).
You can even write:
ignore_changes = all
…which tells Terraform: “Ignore everything, even if I change the config.”
💬 Real Use Cases (And What Terraform Would Do)
| 🧪 Scenario | ⚙️ Lifecycle Setting | 🧠 Terraform Behavior |
|---|---|---|
| You change the EC2 AMI | create_before_destroy |
Create new instance first, then destroy the old one |
| You try to destroy a DB | prevent_destroy |
Error — Terraform refuses |
| You manually add tags | ignore_changes = ["tags"] |
Terraform ignores them |
You edit config but add ignore_changes = all
|
Terraform ignores the change | No update proposed |
🔐 Bonus Safety Tip
Even with prevent_destroy, if you delete the resource block from your .tf file entirely and run terraform apply, Terraform will still destroy it — because it no longer knows it should be protected.
💡 Keep that in mind when cleaning up configs!
🧩 Final Thoughts
The lifecycle block is like Terraform’s “safety override” system. It lets you:
- Control how updates and deletions happen
- Prevent critical mistakes
- Work safely in environments with manual tweaks or automated scripts
If you're building anything beyond a hello-world VM, understanding this block can save you hours of pain — and possibly thousands of dollars.
Want to see these in action or ask about your setup? Hit me up on LinkedIn — I’d love to hear how others are using lifecycle to stay safe in Terraform land ☁️🧱
Top comments (0)