DEV Community

Aisalkyn Aidarova
Aisalkyn Aidarova

Posted on

LAB: Terraform Dependencies (Implicit vs Explicit)

#tutorial #devops #terraform #aws

📁 Project Structure 

terraform-dependency-lab/
│
├── main.tf
├── variables.tf
├── terraform.tfvars
├── outputs.tf
└── providers.tf
Enter fullscreen mode Exit fullscreen mode

🔹 1. providers.tf 

terraform {
  required_version = ">= 1.5.0"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = var.aws_region
}
Enter fullscreen mode Exit fullscreen mode

🔹 2. variables.tf (NO HARDCODING) 

variable "aws_region" {
  description = "AWS region"
  type        = string
}

variable "project_name" {
  description = "Project name"
  type        = string
}

variable "instance_type" {
  description = "EC2 instance type"
  type        = string
}

variable "common_tags" {
  description = "Common tags"
  type        = map(string)
}
Enter fullscreen mode Exit fullscreen mode

🔹 3. terraform.tfvars 

aws_region    = "us-east-2"
project_name  = "dep-lab"
instance_type = "t2.micro"

common_tags = {
  Owner = "Student"
  Lab   = "Dependencies"
}
Enter fullscreen mode Exit fullscreen mode

🔹 4. main.tf

🔸 Part 1: Implicit Dependency 

resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"

  tags = merge(var.common_tags, {
    Name = "${var.project_name}-vpc"
  })
}

resource "aws_subnet" "subnet" {
  vpc_id     = aws_vpc.main.id   # ✅ IMPLICIT DEPENDENCY
  cidr_block = "10.0.1.0/24"

  tags = merge(var.common_tags, {
    Name = "${var.project_name}-subnet"
  })
}
Enter fullscreen mode Exit fullscreen mode

👉 Explanation:

  • aws_subnet depends on aws_vpc automatically
  • No depends_on needed

🔸 Part 2: Explicit Dependency (Real Scenario) 

resource "aws_security_group" "sg" {
  name   = "${var.project_name}-sg"
  vpc_id = aws_vpc.main.id

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = var.common_tags
}
Enter fullscreen mode Exit fullscreen mode

🔸 EC2 Instance 

resource "aws_instance" "ec2" {
  ami           = data.aws_ami.amazon_linux.id
  instance_type = var.instance_type
  subnet_id     = aws_subnet.subnet.id
  vpc_security_group_ids = [aws_security_group.sg.id]

  tags = merge(var.common_tags, {
    Name = "${var.project_name}-ec2"
  })
}
Enter fullscreen mode Exit fullscreen mode

🔸 Data Source (Dynamic AMI) 

data "aws_ami" "amazon_linux" {
  most_recent = true

  owners = ["amazon"]

  filter {
    name   = "name"
    values = ["al2023-ami-*-x86_64"]
  }
}
Enter fullscreen mode Exit fullscreen mode

🔹 5. Explicit Dependency Example (FORCE ORDER)

⚠️ Simulate hidden dependency 

resource "null_resource" "setup" {
  provisioner "local-exec" {
    command = "echo EC2 should be ready"
  }

  depends_on = [aws_instance.ec2]   # ✅ EXPLICIT DEPENDENCY
}
Enter fullscreen mode Exit fullscreen mode

🔹 6. outputs.tf 

output "vpc_id" {
  value = aws_vpc.main.id
}

output "subnet_id" {
  value = aws_subnet.subnet.id
}

output "ec2_id" {
  value = aws_instance.ec2.id
}
Enter fullscreen mode Exit fullscreen mode

🔹 🚀 How to Run (Step-by-Step) 

cd terraform-dependency-lab

terraform init
terraform plan
terraform apply
Enter fullscreen mode Exit fullscreen mode

✅ Implicit Dependency

  • VPC → Subnet → EC2 created in order
  • No depends_on used

✅ Parallel Execution

  • Security group may create in parallel with subnet

✅ Explicit Dependency

  • null_resource runs only after EC2

Show graph: 

terraform graph | dot -Tpng > graph.png
Enter fullscreen mode Exit fullscreen mode

Explain:

  • Arrows = dependencies
  • Graph = Terraform brain

🔹 💡 Interview-Level Takeaways

  • Terraform uses implicit dependencies via references
  • Builds dependency graph (DAG)
  • Executes parallel when possible
  • Uses depends_on when dependency is hidden

Top comments (0)