- The OpenTofu Language
- Resources
- Resource Blocks
Resource Blocks
Resources are the most important element in the OpenTofu language. Each resource block describes one or more infrastructure objects, such as virtual networks, compute instances, or higher-level components such as DNS records.
Resource Syntax
Resource declarations can include a number of advanced features, but only a small subset are required for initial use. More advanced syntax features, such as single resource declarations that produce multiple similar remote objects, are described later in this page.
A resource
block declares a resource of a given type ("aws_instance")
with a given local name ("web"). The name is used to refer to this resource
from elsewhere in the same module, but has no significance outside
that module's scope.
The resource type and name together serve as an identifier for a given resource and so must be unique within a module.
Within the block body (between {
and }
) are the configuration arguments
for the resource itself. Most arguments in this section depend on the
resource type, and indeed in this example both ami
and instance_type
are
arguments defined specifically for the aws_instance
resource type.
Resource names must start with a letter or underscore, and may contain only letters, digits, underscores, and dashes.
Resource Types
Each resource is associated with a single resource type, which determines the kind of infrastructure object it manages and what arguments and other attributes the resource supports.
Providers
Each resource type is implemented by a provider, which is a plugin for OpenTofu that offers a collection of resource types. A provider usually provides resources to manage a single cloud or on-premises infrastructure platform. Providers are distributed separately from OpenTofu itself, but OpenTofu can automatically install most providers when initializing a working directory.
In order to manage resources, a module must specify which providers it requires. Additionally, most providers need some configuration in order to access their remote APIs, and the root module must provide that configuration.
For more information, see:
- Provider Requirements, for declaring which providers a module uses.
- Provider Configuration, for configuring provider settings.
OpenTofu usually automatically determines which provider to use based on a
resource type's name. (By convention, resource type names start with their
provider's preferred local name.) When using multiple configurations of a
provider (or non-preferred local provider names), you must use the provider
meta-argument to manually choose an alternate provider configuration. See
the provider
meta-argument for more details.
Resource Arguments
Most of the arguments within the body of a resource
block are specific to the
selected resource type. The resource type's documentation lists which arguments
are available and how their values should be formatted.
The values for resource arguments can make full use of expressions and other dynamic OpenTofu language features.
There are also some meta-arguments that are defined by OpenTofu itself and apply across all resource types. (See Meta-Arguments below.)
Documentation for Resource Types
Every provider has its own documentation, describing its resource types and their arguments.
Most publicly available providers are distributed on the Public Terraform Registry, which also hosts their documentation. When viewing a provider's page on the OpenTofu Registry, you can click the "Documentation" link in the header to browse its documentation. Provider documentation on the registry is versioned, and you can use the dropdown version menu in the header to switch which version's documentation you are viewing.
To browse the publicly available providers and their documentation, see the Public Terraform Registry.
Provider documentation previously existed as part of OpenTofu's core documentation. Although some provider documentation might still be hosted here, the Public OpenTofu Registry is now the main home for all public provider docs.
Resource Behavior
For more information about how OpenTofu manages resources when applying a configuration, see Resource Behavior.
Removing Resources
If you remove a resource block from your configuration, OpenTofu will destroy it as a default behavior.
However, there are instances when you want to remove a resource from your configuration without destroying the corresponding infrastructure object. In such cases, you can remove it from the OpenTofu state while allowing it to persist in the remote system.
To achieve this, follow these steps:
- Delete the resource from your configuration.
- Add a removed block instead, specifying the resource address you want to "forget" in the
from
attribute.
For example:
The address in the from
attribute cannot include instance keys (for example, "aws_instance.web[0]").
Upon executing tofu plan
, OpenTofu will indicate that the resource is slated for removal from the state but will not
be destroyed.
The removed
block can be used to remove specific resources or modules containing multiple resources. For example:
Meta-Arguments
The OpenTofu language defines several meta-arguments, which can be used with any resource type to change the behavior of resources.
The following meta-arguments are documented on separate pages:
depends_on
, for specifying hidden dependenciescount
, for creating multiple resource instances according to a countfor_each
, to create multiple instances according to a map, or set of stringsprovider
, for selecting a non-default provider configurationlifecycle
, for lifecycle customizationsprovisioner
, for taking extra actions after resource creation
Custom Condition Checks
You can use precondition
and postcondition
blocks to specify assumptions and guarantees about how the resource operates. The following example creates a precondition that checks whether the AMI is properly configured.
Custom conditions can help capture assumptions, helping future maintainers understand the configuration design and intent. They also return useful information about errors earlier and in context, helping consumers more easily diagnose issues in their configurations.
Refer to Custom Condition Checks for more details.
Operation Timeouts
Some resource types provide a special timeouts
nested block argument that
allows you to customize how long certain operations are allowed to take
before being considered to have failed.
For example, aws_db_instance
allows configurable timeouts for create
, update
and delete
operations.
Timeouts are handled entirely by the resource type implementation in the
provider, but resource types offering these features follow the convention
of defining a child block called timeouts
that has a nested argument
named after each operation that has a configurable timeout value.
Each of these arguments takes a string representation of a duration, such
as "60m"
for 60 minutes, "10s"
for ten seconds, or "2h"
for two hours.
The set of configurable operations is chosen by each resource type. Most
resource types do not support the timeouts
block at all. Consult the
documentation for each resource type to see which operations it offers
for configuration, if any.