From f9e2f7cd54a76d657017dd91b67aef6f5d24f59d Mon Sep 17 00:00:00 2001 From: Rose M Koron <32436232+rkoron007@users.noreply.github.com> Date: Wed, 30 Apr 2025 13:02:19 -0700 Subject: [PATCH] Add provider example to terraform applying (#36965) --- .../language/functions/terraform-applying.mdx | 34 ++++++++++++------- 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/website/docs/language/functions/terraform-applying.mdx b/website/docs/language/functions/terraform-applying.mdx index 078bfc8c2f..7cd525d3d0 100644 --- a/website/docs/language/functions/terraform-applying.mdx +++ b/website/docs/language/functions/terraform-applying.mdx @@ -1,7 +1,7 @@ --- -page_title: terraform.applying reference - Functions - Configuration Language -description: |- - The terraform.applying symbol enables you to determine if Terraform is currently running an apply operation. +page_title: terraform.applying reference - Functions - Configuration Language +description: |- + The terraform.applying symbol enables you to determine if Terraform is currently running an apply operation. --- # The `terraform.applying` symbol @@ -12,23 +12,33 @@ You can use the `terraform.applying` symbol in your configuration to determine i Terraform automatically sets `terraform.applying` to `true` when you run an [apply](/terraform/cli/commands/apply) operation, and `false` during any other operation. The [planning mode](/terraform/cli/commands/plan#planning-modes) you run `terraform apply` in does not affect `terraform.applying`, meaning that even in destroy mode, `terraform.applying` is still `true`. -A common example of where `terraform.applying` can be helpful is when you want to use different credentials if Terraform is either planning or applying. +You can use `terraform.applying` to change Terraform behavior during apply operations. In the following example, Terraform uses your read-only credentials when running a plan operation but uses your write credentials when you run an apply operation: ```hcl locals { aws_read_role_arn = "arn:aws:iam::XXXXX:role/terraform-read" aws_write_role_arn = "arn:aws:iam::XXXXX:role/terraform-full" - # We only need read-only credentials to plan, so if Terraform is applying - # we want to use our AWS role that allows us to write. role_arn = terraform.applying ? local.aws_write_role_arn : local.aws_read_role_arn } + +provider "aws" { + region = "us-west-2" + + assume_role { + role_arn = local.role_arn + } +} + ``` -The `terraform.applying` symbol is an ephemeral value, meaning it is only available during Terraform operations and Terraform does not write this value to plan or state files. Additionally, you can only reference `terraform.applying` in ephemeral contexts: -* In a [write-only argument](/terraform/language/resources/ephemeral/write-only) -* In [ephemeral variables](/terraform/language/values/variables#exclude-values-from-state) -* In [local values](/terraform/language/values/locals#ephemeral-values) -* In [ephemeral resources](/terraform/language/resources/ephemeral) -* In [ephemeral outputs](/terraform/language/values/outputs#ephemeral-avoid-storing-values-in-state-or-plan-files) \ No newline at end of file +The `terraform.applying` symbol is an ephemeral value and is only available during Terraform operations. Terraform does not write ephemeral values to plan or state files. Additionally, you can only reference `terraform.applying` in the following ephemeral contexts: + +- In a [write-only argument](/terraform/language/resources/ephemeral/write-only) +- In [ephemeral variables](/terraform/language/values/variables#exclude-values-from-state) +- In [local values](/terraform/language/values/locals#ephemeral-values) +- In [ephemeral resources](/terraform/language/resources/ephemeral) +- In [ephemeral outputs](/terraform/language/values/outputs#ephemeral-avoid-storing-values-in-state-or-plan-files) +- Configuring providers in the `provider` block +- In [provisioner](/terraform/language/resources/provisioners/syntax) and [connection](/terraform/language/resources/provisioners/connection) blocks