Destroy resource on trigger Terraform

0
votes

I'm trying to decide whether to use Ansible or Terraform for a project. This project is doing scientific computations on cloud servers. I want to be able to say "here's an input file, go grab a computer with 16vCPUs. When everything's done, copy the output file back and destroy the resource". Is there a way for me to tell terraform "destroy/take action on this resource when you detect a command is done or some api is hit"?

1
terraform
As far as I know there is no way to do this. Terraform applies will always end up in a specific state which will be remembered in your state file. My first guess on how to realise this is to use a lambda function. The function can use the AWS SDKs to provision EC2 instances, manage their state (start/terminate) as well start execution of your job. You can also remember started instances/running jobs somewhere (like in SSM), so your lambda function can take care of terminations after the job is done.tpschmidt

1 Answers

1
votes

Is there a way for me to tell terraform "destroy/take action on this resource when you detect a command is done or some api is hit"?

If it's detectable via API hit then you can use local-exec Provisioner and use curl to hit the api endpoint in loop (in a wrapping shell script), polling the status of the API to deduce if the task is done or not. If you do so, make sure to give appropriate timeout value to this provisioner.

For the cleanup sequence (post API status is affirmative), declare the dependency explicitly to ensure Terraform is able to follow the execution accordingly.

Having explained all this, your end to end objective is best suited with a combination of IaC + Config mgmt tool. If I had to do it, I'd have preferred to use Terraform + Ansible combination in following outline

  1. A shell script invoking Terraform to provision the 16vCPUs resource with all necessary depdendency
  2. From within Terraform, invoke local-exec provisioner to launch ansible for appropriately configuring the instance, copying the file and launching remote execution etc.
  3. Let the control come back to shell script which will start polling the status of the task based on API polling using curl
  4. As and when shell script detects the task is done, it'd have copied the remote file locally (this step can be made better but that's a topic for another discussion)
  5. Invoke Terraform again, with destroy this time, to tear down entire environment.

I'd further recommend to have it tied up in a jenkins workflow (if you are using jenkins already) giving control to other user's and still having full visibility and auditing in place.