Skip to main content
The lifecycle block controls how Pulumi manages a resource’s create, update, and delete operations. Supported on unit and component blocks.

Syntax

unit "resource_type" "name" {
  # ... attributes ...

  lifecycle {
    prevent_destroy       = true
    ignore_changes        = ["attribute1", "attribute2"]
    create_before_destroy = true
  }
}
Only one lifecycle block is allowed per resource.

Rules

prevent_destroy

Blocks pulumi destroy and ubx destroy from deleting the resource. Useful for production databases and critical infrastructure. 
unit "aws_rds_instance" "db" {
  engine         = "postgres"
  instance_class = "db.t3.micro"

  lifecycle {
    prevent_destroy = true
  }
}
Generated TypeScript: { retainOnDelete: true }

ignore_changes

Tells Pulumi to ignore drift on specified attributes. The resource won’t be updated even if these attributes change outside of ubx. 
unit "aws_rds_instance" "db" {
  engine   = "postgres"
  password = secret("aws_secrets_manager", "prod/db/password")

  lifecycle {
    ignore_changes = ["password", "latest_restorable_time"]
  }
}
Generated TypeScript: { ignoreChanges: ["password", "latestRestorableTime"] }

create_before_destroy

Creates the replacement resource before destroying the original. Minimises downtime during replacements. 
unit "aws_instance" "web" {
  ami           = ~data.aws_ami.ubuntu.id
  instance_type = "t3.micro"

  lifecycle {
    create_before_destroy = true
  }
}
Generated TypeScript: { deleteBeforeReplace: false }

All Three Combined

unit "aws_rds_instance" "db" {
  engine         = "postgres"
  instance_class = "db.r6g.xlarge"

  lifecycle {
    prevent_destroy       = true
    ignore_changes        = ["password"]
    create_before_destroy = true
  }
}

const db = new aws.rds.Instance("db", {
    engine: "postgres",
    instanceClass: "db.r6g.xlarge",
}, { retainOnDelete: true, ignoreChanges: ["password"], deleteBeforeReplace: false });

Constraints

  • All lifecycle field values must be Resolved<T> — no ~ pending references
  • ignore_changes takes a list of attribute name strings
  • Only one lifecycle block per resource