Free Preparation Discussions
MENU
HashiCorp Terraform-Associate-004 Exam - Topic 7 Question 6 Discussion
Topic #: 7
Exhibit:
resource "azurerm_linux_web_app" "app" {
name = "example-app"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
service_plan_id = azurerm_service_plan.plan.id
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.app.id]
}
}
resource "azurerm_role_assignment" "kv_access" {
scope = azurerm_key_vault.kv.id
role_definition_name = "Key Vault Secrets User"
principal_id = azurerm_user_assigned_identity.app.principal_id
}
Two resource blocks are shown: azurerm_linux_web_app and azurerm_role_assignment. When provisioned, the web app will use the role assignment during creation, so the role assignment must be created first. How do you ensure the azurerm_role_assignment resource is created first?
Rationale for Correct Answer: depends_on explicitly adds a dependency edge in Terraform's graph. By adding depends_on = [azurerm_role_assignment.kv_access] to the web app resource, you force Terraform to create the role assignment first, even if Terraform can't infer the dependency from attribute references.
Analysis of Incorrect Options (Distractors):
B: create_before_destroy is a lifecycle setting relevant to replacement behavior, not initial create ordering between independent resources.
C: File/block order does not control creation order; Terraform uses its dependency graph.
D: count controls quantity, not ordering.
Key Concept: Dependency graph and explicit dependencies via depends_on.
====================
Currently there are no comments in this discussion, be the first to comment!