The terraform.applying symbol

You can use the terraform.applying symbol in your configuration to determine if Terraform is currently running an apply operation.

Terraform automatically sets terraform.applying to true when you run an apply operation, and false during any other operation. The planning mode you run terraform apply in does not affect terraform.applying, meaning that even in destroy mode, terraform.applying is still true.

A common example of where terraform.applying can be helpful is when you want to use different credentials if Terraform is either planning or applying.

locals {
  aws_read_role_arn  = "arn:aws:iam::XXXXX:role/terraform-read"
  aws_write_role_arn = "arn:aws:iam::XXXXX:role/terraform-full"

  # We only need read-only credentials to plan, so if Terraform is applying 
  # we want to use our AWS role that allows us to write.
  role_arn = terraform.applying ? local.aws_write_role_arn : local.aws_read_role_arn
}

The terraform.applying symbol is an ephemeral value, meaning it is only available during Terraform operations and Terraform does not write this value to plan or state files. Additionally, you can only reference terraform.applying in ephemeral contexts:

• In a write-only argument
• In ephemeral variables
• In local values
• In ephemeral resources
• In ephemeral outputs