gotchabashterraformModerate
Data sources fetch live cloud state and can make Terraform plans non-deterministic
Viewed 0 times
data sourceplan timenon-deterministicAMIlive stateterraform plan
Error Messages
Problem
Terraform
data sources are evaluated at plan time by querying the real cloud API. If external resources change between planning and applying, the apply may behave differently from the plan. Data sources that query mutable resources (e.g., the latest AMI ID) can introduce non-determinism.Solution
Pin data source results where determinism matters. For AMIs, filter by a specific, immutable tag or use a hardcoded ID in production. For other data sources, understand that their values may change between plan and apply and add safeguards accordingly.
# Deterministic: pin the AMI by a stable tag
data "aws_ami" "app" {
most_recent = true
owners = ["self"]
filter {
name = "name"
values = ["app-ami-v1.2.3-*"]
}
}Why
Data sources are not stored in state — they are re-fetched on every plan and apply. If the underlying resource changes (e.g., a new AMI is published), the plan is stale and the apply uses a different value.
Gotchas
- Data sources that return lists (like
aws_availability_zones) can grow or shrink unexpectedly - Using
most_recent = trueon AMIs in production can cause silent instance type changes after AMI rotation - A data source failing to resolve blocks the entire plan with a confusing error
Context
Using data sources to look up dynamic cloud resources during plan
Revisions (0)
No revisions yet.