Imagine you’re managing your Lego city with Terraform. Normally, Terraform decides when to build, update, or tear down buildings based on your configuration. But sometimes you need special rules:

• “Always build the new hospital before tearing down the old one.”
• “Never destroy the power plant, no matter what.”
• “Ignore cosmetic changes like paint color.”

Terraform’s lifecycle rules give you this control. They let you override default behavior to protect critical resources, manage dependencies, and avoid downtime.

Key Concepts

1. create_before_destroy

• Ensures new resource is created before the old one is destroyed.
• Prevents downtime during replacement.

resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  lifecycle {
    create_before_destroy = true
  }
}

2. prevent_destroy

• Protects critical resources from accidental deletion.
• Terraform will throw an error if you try to destroy it.
• Useful for production databases, log buckets, or state storage.

resource "aws_s3_bucket" "logs" {
  bucket = "prod-logs"

  lifecycle {
    prevent_destroy = true
  }
}

3. ignore_changes

• Tells Terraform to ignore specific attributes during updates.
• Prevents unnecessary changes when external systems modify values.
• Useful when tags are managed by another system (e.g., AWS Config).

resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  lifecycle {
    ignore_changes = [tags]
  }
}

Hands‑On Lab / Demo

Lab: Lifecycle Rules in Action

1. Try to run terraform destroy → Terraform blocks deletion.

Define an EC2 instance with rolling replacement:

resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  lifecycle {
    create_before_destroy = true
  }
}

→ New instance is created before old one is destroyed.

Define a critical S3 bucket:

resource "aws_s3_bucket" "critical" {
  bucket = "critical-data"

  lifecycle {
    prevent_destroy = true
  }
}

Pro Tips & Best Practices

• Use prevent_destroy for critical resources (databases, buckets).
• Use create_before_destroy to avoid downtime during upgrades.
• Use ignore_changes carefully - don’t ignore attributes that affect functionality.
• Document lifecycle rules in your code for clarity.
• Test lifecycle behavior with terraform plan before applying.

Summary & Cheatsheet

• Lifecycle rules = Control resource behavior.
• create_before_destroy: Avoid downtime.
• prevent_destroy: Protect critical resources.
• ignore_changes: Ignore external modifications.

Quick mnemonic: Create First, Prevent Loss, Ignore Noise

The Hackers Notebook

Lifecycle rules are Terraform’s safety nets and control levers. They let you protect critical resources, avoid downtime, and ignore irrelevant changes. By mastering lifecycle rules, you gain confidence that your infrastructure behaves exactly as intended.