Let’s say I have a lot of files in a series of scripts and I want to create the AWS VPC, assign it the CIDRs, etc. If the desire is to actually create everything the first time, and still use the same script to continuously make plan changes - then, my question is: Do you only have to have a Data Source definition, or would you ALSO need a resource definition? I do understand to define the preset values that don’t change in .tfvars and that I also have to have those vars defined in variables.tf
Data sources are to be considered read-only, they are used as a way to pull information about the outside world into the configuration - example: maybe you need to know an ip address for a DNS name and use it in a security group rule.
Changes will only ever be made to entities defined as resources, and that will happen during an “apply” if the managed entities are not in the state described by the resources definitions and the variables.
You should not define a data sources for an entity described by a resources definition in the same configuration (remember that you can have multiple configurations in different folders and they are totally independent of each other)
So you will use the configuration (the collection of script files and variables) to create everything the first time and also to maintain it over time. It is quite common that resource definitions are added to the configuration as the deployment evolves and Terraform will handle this quite well and just add the new resources and update the existing ones as and when needed.