Terraform Check if Resource Exists: A How-To Guide

• Introduction
• Step-by-Step Guide
• Code Example
• Additional Notes
• Summary
• Conclusion
• References

Terraform is a powerful tool for managing infrastructure as code, but it doesn't have a built-in "skip if exists" feature. This can be a challenge when dealing with pre-existing resources. This article outlines several strategies to handle such scenarios effectively in Terraform.

Terraform doesn't have a built-in "skip if exists" feature. Here's how to handle pre-existing resources:

1. Data Sources:

• Use data sources to fetch information about existing resources.

• Example: Check for an AWS S3 bucket:

  data "aws_s3_bucket" "example" {
    bucket = "my-bucket-name"
  }

2. Conditional Creation:

• Combine data sources with the count or for_each meta-arguments to conditionally create resources.

• Example: Create an S3 bucket only if it doesn't exist:

  resource "aws_s3_bucket" "example" {
    count = data.aws_s3_bucket.example.id == "" ? 1 : 0
    bucket = "my-bucket-name" 
  }

3. Import Existing Resources:

• The recommended approach is to import existing resources into Terraform's state.

• Example: Import an S3 bucket:

  terraform import aws_s3_bucket.example my-bucket-name

4. Resource Dependencies:

• Use depends_on to ensure resources are created in the correct order.

• Example: Create a security group rule after the security group exists:

  resource "aws_security_group_rule" "example" {
    # ... other configurations ...
    depends_on = [aws_security_group.example]
  }

5. Drift Detection:

• Regularly run terraform plan to detect differences between your configuration and the actual infrastructure.
• Address drift by either updating your configuration or applying the proposed changes.

Important Considerations:

• Avoid manually modifying resources managed by Terraform, as it can lead to inconsistencies.
• Carefully consider the implications of deleting resources, especially in production environments.
• Use version control for your Terraform code to track changes and collaborate effectively.

This Terraform code demonstrates managing existing AWS resources. It checks for an S3 bucket named "my-bucket-name" and only creates it if it doesn't exist. It also creates a security group and a rule for that group, ensuring the rule is added after the group exists. The code uses data sources, conditional creation with the 'count' meta-argument, and resource dependencies to manage these resources safely.

This example demonstrates how to manage pre-existing AWS resources in Terraform.

Scenario: We want to create an S3 bucket and a security group rule. However, we need to handle the possibility that these resources might already exist.

Code:

# Configure the AWS Provider
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.0"
    }
  }
}

# Configure AWS Region
provider "aws" {
  region = "us-west-2"
}

# Check if the S3 bucket already exists
data "aws_s3_bucket" "example" {
  bucket = "my-bucket-name"
}

# Create the S3 bucket only if it doesn't exist
resource "aws_s3_bucket" "example" {
  count = data.aws_s3_bucket.example.id == "" ? 1 : 0
  bucket = "my-bucket-name" 

  tags = {
    Name = "My Example Bucket"
  }
}

# Create a security group
resource "aws_security_group" "example" {
  name = "example"
  description = "Allow TLS inbound traffic"
}

# Create a security group rule, ensuring the security group exists first
resource "aws_security_group_rule" "example" {
  type              = "ingress"
  from_port        = 443
  to_port          = 443
  protocol         = "tcp"
  cidr_blocks      = ["0.0.0.0/0"]
  security_group_id = aws_security_group.example.id

  depends_on = [aws_security_group.example]
}

Explanation:

1. Data Source: We use data "aws_s3_bucket" to check if a bucket named "my-bucket-name" already exists.

2. Conditional Creation: The aws_s3_bucket resource uses the count meta-argument. If the data source finds an existing bucket, count will be 0, and the resource won't be created. Otherwise, it creates the bucket.

3. Resource Dependency: The aws_security_group_rule resource has a depends_on clause, ensuring it's created only after the aws_security_group resource is successfully created.

Workflow:

1. Run terraform plan: This will show you the planned actions, including whether the S3 bucket will be created or skipped.
2. Run terraform apply: This will apply the changes to your infrastructure.
3. Import Existing Resources (if needed): If you have an existing S3 bucket you want to manage with Terraform, use terraform import aws_s3_bucket.example my-bucket-name.

Remember:

• Regularly run terraform plan to detect drift.
• Use version control for your Terraform code.
• Be cautious when deleting resources, especially in production.

• Idempotency: While Terraform strives for idempotency (applying the same configuration multiple times should have the same end state), handling pre-existing resources requires careful consideration to avoid unexpected behavior.
• State File: Terraform's state file keeps track of the resources it manages. Importing existing resources updates the state file to reflect their presence.
• Manual vs. Automated: Deciding whether to import existing resources or let Terraform manage them depends on factors like the resource's lifecycle and your control over its creation.
• Error Handling: When using count for conditional creation, consider error handling if the data source itself might fail (e.g., due to permissions issues).
• Alternatives to count: While count is commonly used, the for_each meta-argument can be more flexible, especially when dealing with multiple resources.
• Partial Application: You can use the -target flag with terraform apply to manage specific resources while leaving pre-existing ones untouched.
• Modules: When working with modules, be mindful of how they handle pre-existing resources. Document any assumptions or requirements clearly.
• Terraform Cloud/Enterprise: These platforms offer features like drift detection and approval workflows that can enhance your ability to manage pre-existing resources safely.
• Best Practices:
  • Favor importing existing resources over conditional logic when possible for a cleaner and more manageable infrastructure.
  • Clearly document any resources managed outside of Terraform to avoid confusion.
  • Regularly review and update your Terraform code and infrastructure to minimize drift.

This article outlines strategies for managing pre-existing resources in Terraform, given the lack of a built-in "skip if exists" feature:

| Method | Description

By leveraging these techniques, you can effectively manage pre-existing resources in your Terraform projects, ensuring a smoother and more robust infrastructure automation experience. Remember to prioritize importing existing resources when feasible and to always consider the potential impact of your code, especially in production environments. By adhering to best practices and utilizing Terraform's capabilities effectively, you can confidently manage your infrastructure as code, even when dealing with resources that predate your Terraform configurations.

• How to check existing resource through script? : r/Terraform | Posted by u/Abject-Bear7276 - 9 votes and 17 comments
• Only create resources that don't already exist - Terraform ... | Hello - I’m working on my first terraform project and am hitting a snag. I’d appreciate any advice or guidance folks could offer! Thanks in Advance! Background: Goal and Problem Goal: I am looking for a way to create a terraform resource only when a real-world resource of the same name doesn’t already exist. My basic setup includes: terraform version Terraform v1.5.7 on darwin_amd64 + provider registry.terraform.io/hashicorp/http v3.4.0 a data source to get me a list of extant items (Unf...
• In terraform how to skip creation of resource if the resource already ... | Dec 7, 2022 ... In a Terraform project there are situations where a Developer feels a need to pre-check if the resource exists or not and many times I also ...
• Validate that if it already exists, skip the creation from scratch and ... | I have written the terraform module with EC2 instance creation and for EC2 login I have added an instance profile with SSM IAM role creation and policy attachment in the same file. while re-deploying the code in another region using the modules including the EC2 module I’m facing the below error. ERROR: dev-ssm-role already exist Is there any way it can validate that if it already exists to skip the creation from scratch and just attach the instance profile to EC2 and execute the remaining co...
• how to check if azure resource exists or not using terraform | Data Sources Data sources allow Terraform to use the information defined outside of Terraform, defined by another separate Terraform configuration, or modified by functions. Data Source - Terraform Problem Data sources are a great way to find details...
• kubernetes namespace already created fails · Issue #1406 ... | Terraform Version, Provider Version and Kubernetes Version Terraform version: Terraform v0.15.5 on windows_amd64 + provider registry.terraform.io/cloudflare/cloudflare v2.21.0 + provider registry.t...
• Create resource dependencies | Terraform | HashiCorp Developer | Since the instance must exist before the Elastic IP can be created and attached, Terraform must ensure that aws_instance.example_a is created before it ...
• Detecting and Managing Drift with Terraform | Jun 7, 2018 ... This comparison allows Terraform to detect which resources need to be created, modified, or destroyed and forms a plan. A Terraform plan is a ...
• Skip terraform resource if it exists - DevOps Stack Exchange | Nov 13, 2022 ... No there is no way to tell Terraform to skip creating a resource if it already exists. Is there a reason why you want to skip resource creation?