π Mutable vs Immutable Infrastructure (Terraform)
𧱠Mutable Infrastructure
Info
Can be changed / modify
- Can be changed/modify
- Change existing resources in place
- Terraform shows
~(update)
π§ Immutable Infrastructure
Success
Immutable == cannot be changed
- Immutable == cannot be changed
- Immutable resource has to be β
-/+(destroy & create) cannot be~(update) - Never allow to modify existing resources
- Replace with new ones
βοΈ Terraform Behavior
Terraform
- Decides replace vs update per resource
- AMI / disk / db name β replacement
- Small config change β in-place update
π Terraform Lifecycle Rules
π What are lifecycle rules?
Note
Lifecycle rules control how Terraform creates, updates, and destroys resources.
Defined inside a resource block using:
lifecycle {
...
}π Terraform Lifecycle Rules
| Lifecycle Rule | Effect on Resource | Purpose | Common Use Case |
|---|---|---|---|
create_before_destroy | Creates new resource first, then deletes old | Avoid downtime during replacement | ALB, ASG, EC2, zero-downtime deployments. Used for immutable deployments |
prevent_destroy | Blocks terraform destroy or replacement | Protect critical resources | Must Add On Prod DBs, VPCs, S3 buckets |
ignore_changes | Terraform wonβt act on listed changes | Ignore specific attribute updates | Tags, autoscaling changes, external updates |
replace_triggered_by | Resource replaced when referenced item changes | Force replacement based on dependency | AMI change, config dependency refresh |
Syntex
lifecycle {
ignore_changes = [tags, user_data] OR ignore_changes = all
}- Forces replacement when another resource changes
lifecycle {
replace_triggered_by = [aws_ami.new.id]
}