Understanding Dependencies in Terraform
When defining infrastructure in Terraform, resources often rely on each other. There are two ways of handling those dependencies:
- Implicit: Terraform automatically determines the order of resource creation based on dependencies
- Explicit: We define what order should be explicitly
In this blog post you will see examples for both and also understand differences between Terraform Implicit vs Explicit Dependencies.
Implicit
Terraform automatically detects implicit dependencies when a resource references another resource’s attributes.
resource "aws_lambda_event_source_mapping" "test" {
event_source_arn = aws_dynamodb_table.test.stream_arn
function_name = aws_lambda_function.test.arn
starting_position = "LATEST"
}
Here, Terraform knows that aws_lambda_function.this must be created before aws_lambda_event_source_mapping.this because its function_name attribute depends on it.
As you can see there is no need to manually specify depends_on, however it could be a bit harder to debug if any issue ordering happen.
Explicit
Sometimes, Terraform doesn’t detect dependencies correctly, especially when using indirect relationships. In these cases, we use explicit dependencies via depends_on.
Scenario:
We need to install Python packages inside a Lambda Layer.
Then, we want to zip the installed dependencies before uploading to AWS.
If Terraform doesn’t enforce an order, the zipping process might run before dependencies are installed, causing a broken deployment.
data "archive_file" "layer_code" {
type = "zip"
output_path = "/tmp/test.zip"
source_dir = "${path.module}/src/functions/test/layer/"
depends_on = [
terraform_data.test_lambda_revision # Ensures dependencies are installed first
]
}
Now, Terraform waits for test_lambda_revision to install the dependencies using Docker before zipping the package.
Why is Explicit Dependency important here?
- Prevents zipping an incomplete package before dependencies are installed.
- Ensures correct order of execution even if Terraform doesn’t automatically detect it.
- Avoids deployment failures due to missing dependencies in Lambda.
What about destroying resources with implicit vs explicit dependincies?
When resources need to be destroyed Terraform takes reverse order, meaning that for implicit dependency since aws_lambda_event_source_mapping depends on Lambda function, it needs to destroy Lambda first and then event source mapping.
Same goes for the explicit destroy and depends_on will enforce deletion order. Since layer_code used for zipping source code, depends on
terraform_data.test_lambda_revision for installing packages, layer_code will be deleted first which make sense.
Conclusion
Terraform automatically handles dependencies based on resource references (implicit dependencies), but sometimes we need to manually enforce order using depends_on (explicit dependencies).
Explicit dependencies (depends_on) are needed when Terraform might not detect the correct order, such as when dealing with external scripts, file generation, or indirect dependencies.
When destroying resources, both implicit and explicit dependencies ensure Terraform removes resources in the correct sequence, preventing errors where a resource is deleted before its dependencies.
Top comments (0)