Resource vs Data Source Differences in Terraform
Why This Is Important
Understanding the difference between resources and data sources is fundamental to working with Terraform effectively. This distinction appears frequently on the Terraform Associate exam and is essential for making correct architectural decisions in real-world infrastructure automation. Confusing these two concepts can lead to unintended infrastructure changes or failed configurations.
What Are Resources?
A resource in Terraform represents an infrastructure object that Terraform creates, updates, and manages throughout its lifecycle. When you define a resource, you are telling Terraform to provision and maintain that piece of infrastructure.
Resource syntax example:
resource "aws_instance" "web" {
ami = "ami-12345678" instance_type = "t2.micro"}
Key characteristics of resources:
- Terraform has full lifecycle control (create, read, update, delete)
- Changes to resource blocks can modify or destroy infrastructure
- Resources are tracked in the Terraform state file
- Use the resource keyword in configuration
What Are Data Sources?
A data source allows Terraform to fetch and use information about infrastructure that exists outside of Terraform's management or was created by another Terraform configuration. Data sources are read-only queries.
Data source syntax example:
data "aws_ami" "ubuntu" {
most_recent = true
owners = ["099720109477"]
}
Key characteristics of data sources:
- Read-only operations - they never create, modify, or delete infrastructure
- Used to query existing resources or external information
- Use the data keyword in configuration
- Referenced using data.<TYPE>.<NAME> syntax
How They Work Together
Data sources and resources often complement each other. A common pattern is using a data source to look up information needed to configure a resource:
data "aws_vpc" "existing" {
default = true
}
resource "aws_subnet" "new" {
vpc_id = data.aws_vpc.existing.id
cidr_block = "10.0.1.0/24"}
In this example, the data source queries an existing VPC, and the resource creates a new subnet within that VPC.
Key Differences Summary
| Aspect | Resource | Data Source |
|---|
| Keyword | resource | data |
| Purpose | Create and manage infrastructure | Query existing infrastructure |
| Lifecycle | Full CRUD operations | Read-only |
| Reference | <TYPE>.<NAME> | data.<TYPE>.<NAME> |
| State Impact | Creates state entries | Stores query results in state |
Exam Tips: Answering Questions on Resource vs Data Source Differences1.
Look for keywords in the question: If the question mentions "querying," "fetching," or "looking up" existing infrastructure, the answer likely involves data sources. If it mentions "creating," "provisioning," or "managing," think resources.
2.
Pay attention to the block syntax: Questions may show code snippets. The
data keyword always indicates a data source, while the
resource keyword indicates a managed resource.
3.
Remember the reference pattern: Data sources require the
data. prefix when referenced (e.g.,
data.aws_ami.ubuntu.id), while resources do not use this prefix.
4.
Consider the lifecycle implications: When a question asks what happens during
terraform destroy, remember that data sources are not destroyed because they represent external infrastructure that Terraform does not manage.
5.
Think about use cases: Common data source scenarios include looking up AMI IDs, querying existing VPCs, or retrieving availability zones. Common resource scenarios involve creating EC2 instances, S3 buckets, or security groups.
6.
Watch for trick questions: Some questions may present scenarios where either could technically work, but one is more appropriate. Using a data source to reference existing infrastructure is preferred over importing resources you do not want to manage.