Terraform
The terraform.applying symbol
Note: The terraform.applying
symbol is available in Terraform v1.10 and later.
You can use the terraform.applying
symbol in your configuration to determine if Terraform is currently running an apply operation.
Terraform automatically sets terraform.applying
to true
when you run an apply operation, and false
during any other operation. The planning mode you run terraform apply
in does not affect terraform.applying
, meaning that even in destroy mode, terraform.applying
is still true
.
You can use terraform.applying
to change Terraform behavior during apply operations. In the following example, Terraform uses your read-only credentials when running a plan operation but uses your write credentials when you run an apply operation:
locals {
aws_read_role_arn = "arn:aws:iam::XXXXX:role/terraform-read"
aws_write_role_arn = "arn:aws:iam::XXXXX:role/terraform-full"
role_arn = terraform.applying ? local.aws_write_role_arn : local.aws_read_role_arn
}
provider "aws" {
region = "us-west-2"
assume_role {
role_arn = local.role_arn
}
}
The terraform.applying
symbol is an ephemeral value and is only available during Terraform operations. Terraform does not write ephemeral values to plan or state files. Additionally, you can only reference terraform.applying
in the following ephemeral contexts:
- In a write-only argument
- In ephemeral variables
- In local values
- In ephemeral resources
- In ephemeral outputs
- Configuring providers in the
provider
block - In provisioner and connection blocks