I know this is slightly late but…
???
Why are we trying to use Terraform as a general automation platform? I don’t understand. Transient resources, step by step processes, if/then/else is not what Terraform is intended to do or expected to excel at.
“Build a server, create an AMI from it, remove the server” is absolutely a process that Terraform can handle:
- Create a .tf file with the server built, run it to create the server.
- Go grab a cup of coffee and pet your dog.
- Create another .tf file with the AMI created, run it once the server exists to create the AMI
- Go pet the dog again (they like that).
- Create a third .tf file (or modify the first) with the server removed, run it after the AMI is created to remove the server.
That’s the terraform way of handling this. Why are we trying to turn a “descriptive state” tool into an “infrastructure automation” tool?
Terraform isn’t an automation tool. It doesn’t act as and isn’t intended to act as a “execute these tasks line by line till you get to the right ending.” It is a state tool…ephemerality doesn’t play into a state tool because there is no concept of an “ephemeral permanent state”. If you want terraform to create a route 53 record for you, create the record. If you want it to remove a record for you, remove the record. Those are two distinct states of the system. If you want the record to be created for you, do some things and then remove it, that isn’t a state, that’s an automated process…use a different tool.
Toolboxes aren’t filled with hammers. They have a hammer, a couple different screwdrivers, pliers, cutters and wrenches. No one tries to cut wood with a hammer, no one tries to unscrew a bolt with a screwdriver…that is insane…
Yet technical people try to “cut wood with a hammer” all the time…it baffles the mind. Go look at Ansible, Bash, Python, Jenkins/groovy just to name a few…you’ll find it very very easy to grant Profile B temporary access to a thing, do other things, and then revoke that access.
And your employer will appreciate you for not wasting your time trying to fit square pegs into round holes.