List of Ephemeral Resources released by Top Terraform Providers

Avatar
Julie
  • Updated

Note: Ephemeral resources are available in Terraform v1.10.0 and later.

What is an ephemeral resource?

    • You can think of them as temporary resources.
    • They are newly read during each phase of Terraform evaluation.
    • They are never stored in state. 
    • Ephemeral resources always produce ephemeral values.

What is an ephemeral value?

    • Input variables and outputs can now be defined as ephemeral.
    • Think of them as temporary values used during runs.
    • Not all resources support ephemeral values as inputs (check with you provider documentation).
    • These values are not stored in state files.
    • ephemeralasnull function 
      • This function takes a value of any type and returns a similar value of the same type with any ephemeral values replaced with non-ephemeral null values and all non-ephemeral values preserved.
      • Currently, there is no way to reverse ephemerality. If you no longer wish to maintain ephemerality, you can use this function to set the value to null. 

Example configuration

In this configuration, we are using an ephemeral resource to get information about an existing Key Vault Secret. This secret must exist in Azure. For more information, see Ephemeral: azurerm_key_vault_secret.

terraform {
  #...
}


provider "azurerm" {
  features {
    key_vault {
      purge_soft_deleted_secrets_on_destroy = true
      recover_soft_deleted_secrets          = true
    }
  }
}


data "azurerm_client_config" "current" {}


variable "name" {}


resource "azurerm_resource_group" "example" {
  #...
}


# This data will be stored in state.
data "azurerm_key_vault" "example" {
  name                = var.name
  resource_group_name = azurerm_resource_group.example.name
}


# Use this to access information about an EXISTING Key Vault Secret.
# No data stored in state.
ephemeral "azurerm_key_vault_secret" "example" {
  name         = var.name
  key_vault_id = data.azurerm_key_vault.example.id
}

How are these being released by Provider Teams?

Each provider team will add newly released ephemeral resources to their CHANGELOG.md (e.g., Terraform Kubernetes Provider). You can find ephemeral resources listed in provider documentation (e.g., Ephemeral: aws_kms_secrets)

 

AWS

v5.81.0

aws_ssm_parameter

v5.77.0

aws_kms_secrets

aws_lambda_invocation 

aws_secretsmanager_secret_version

 

AzureRM 

v4.11.0

azurerm_key_vault_certificate

azurerm_key_vault_secret

 

Google and Google-beta

v6.13.0

google_service_account_access_token 

google_service_account_id_token

google_service_account_jwt 

google_service_account_key

 

Kubernetes

v2.34.0

kubernetes_certificate_signing_request_v1

kubernetes_token_request_v1

Articles in this section

See more

Related articles