You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
resource "aws_subnet" "something" {
# After I create this, this attribute should not be changed.
cidr_block = $very_complecated_computation
lifecycle {
prevent_changes = [ "cidr_block" ]
}
}
Attempted Solutions
When we operate large infrastructure with terraform, it is easy to make mistake. Especially when we write complicated expressions and/or use variables & data resources, it may result in unexpected value.
I know we can check plan to detect unexpected changes by visual inspection. But any human could make mistake. To prevent accidentally changing "important" attribute, I propose this feature.
Proposal
Add prevent_changes lifecycle meta-argument. It takes list of attribute names to reject any plan to change it.
Additional benefit of this proposal is user-friendly behavior. Take an above aws_subnet example, if I erroneously changes cidr_block, terraform not only changes aws_subnet but also changes massive resources that depends on the value of the changed attribute. Understanding root cause of the large plan is tough work. With the prevent_changes, we can easily understand the issue.
References
I quickly searched this repository but did not found any proposal / works related to this proposal.
The text was updated successfully, but these errors were encountered:
Current Terraform Version
Use-cases
Attempted Solutions
When we operate large infrastructure with terraform, it is easy to make mistake. Especially when we write complicated expressions and/or use variables & data resources, it may result in unexpected value.
I know we can check plan to detect unexpected changes by visual inspection. But any human could make mistake. To prevent accidentally changing "important" attribute, I propose this feature.
Proposal
Add
prevent_changes
lifecycle meta-argument. It takes list of attribute names to reject any plan to change it.Additional benefit of this proposal is user-friendly behavior. Take an above
aws_subnet
example, if I erroneously changes cidr_block, terraform not only changesaws_subnet
but also changes massive resources that depends on the value of the changed attribute. Understanding root cause of the large plan is tough work. With theprevent_changes
, we can easily understand the issue.References
I quickly searched this repository but did not found any proposal / works related to this proposal.
The text was updated successfully, but these errors were encountered: