Terraform :depends_on resource created with count

0
votes

I have created a set of NAT gateway with count

resource "aws_nat_gateway" "nat_gateway_ec1_dev" {
  count         = 3

}

And I would like to this as dependence resource while creating route table in which I am also using count

resource "aws_route_table" "route_table_ics_ec1_dev_private" {
  vpc_id = module.vpc_dev.vpc_id
  count  = 3
  depends_on = [
     ##HOW TO ADD NAT GATEWAY DEPENDCIE HERE
    ]

}

My question how can I add the NAT gateway dependencies in the route_table resource ?? Since both resources are created with count i can't statically specify the name here

1
terraformterraform-provider-aws
Why are you setting a depends _on here instead of just letting Terraform automatically work this out when you set a route to use the NAT gateway?ydaetskcoR
This example may or not be a good one, but the question is valid; in more complex plans it is sometimes necessary to manually express dependencies.Paul J

1 Answers

0
votes

We don't usually need to use depends_on because in most cases the dependencies between objects are implied by data flow between them. In this case, this would become true when you write the route block describing the route to the NAT gateway:

resource "aws_route_table" "route_table_ics_ec1_dev_private" {
  vpc_id = module.vpc_dev.vpc_id
  count  = 3

  route {
    cidr_block     = "0.0.0.0/0"
    nat_gateway_id = aws_nat_gateway.nat_gateway_ec1_dev[count.index].id
  }
}

Because the configuration for that route depends on the id of the NAT gateway, Terraform can see that it must wait until after the NAT gateway is created before it starts creating the route table.

depends_on is for more complicated situations where the data flow between objects is insufficient because the final result depends on some side-effects that are implied by the remote API rather than explicit in Terraform. One example of such a situation is where an object doesn't become usable until an access policy is applied to it in a separate step, such as with an S3 bucket and an associated bucket policy:

resource "aws_s3_bucket" "example" {
  # ...
}

resource "aws_s3_bucket_policy" "example" {
  bucket = aws_s3_bucket.example.bucket
  policy = # ...
}

In the above, Terraform can understand that it must create the bucket before creating the policy, but if something elsewhere in the configuration is also using that S3 bucket then it might be necessary for it to declare an explicit dependency on the policy to make sure that the necessary access rules will be in effect before trying that operation:

  # Service cannot access the data from the S3 bucket
  # until the policy has been activated.
  depends_on = [aws_s3_bucket_policy.example]

Neither count and for_each make any difference to depends_on: dependencies between resources in Terraform are always for entire resource and data blocks, not for the individual instances created from them. Therefore in your case if an explicit dependency on the NAT gateway were needed (which is isn't) then you would write it the same way, regardless of the fact that count is set on that resource:

  # Not actually needed, but included for the sake of example.
  depends_on = [aws_nat_gateway.nat_gateway_ec1_dev]