> ## Documentation Index > Fetch the complete documentation index at: https://docs.ubiquex.io/llms.txt > Use this file to discover all available pages before exploring further. # unit block > Provision a single cloud resource. The `unit` block provisions a single cloud resource. Maps 1:1 to a Pulumi provider resource. Equivalent to Terraform's `resource` block. ## Syntax ```hcl theme={null} unit "resource_type" "name" { attribute = value } ``` ## Example ```hcl theme={null} unit "aws_rds_instance" "db" { engine = "postgres" engine_version = "15" instance_class = "db.t3.micro" allocated_storage = 20 username = "admin" password = secret("aws_secrets_manager", "prod/db/password") skip_final_snapshot = true } ``` Compiled to: ```typescript theme={null} const db = new aws.rds.Instance("db", { engine: "postgres", instanceClass: "db.t3.micro", allocatedStorage: 20, // ... }); ``` ## Referencing Outputs Use `~` to reference a unit's output attributes (`Pending<T>`): ```hcl theme={null} unit "aws_s3_bucket_v2" "backup" { bucket = "${~unit.aws_rds_instance.db.identifier}-backups" } ``` ## count ```hcl theme={null} unit "aws_s3_bucket_v2" "replicas" { count = 3 bucket = "replica-${count.index}" # 0-based } ``` `count` and `for_each` are mutually exclusive. ## for\_each ```hcl theme={null} unit "aws_s3_bucket_v2" "regional" { for_each = { "us-east-1" = "primary", "eu-west-1" = "secondary" } bucket = "${each.key}-assets" tags = { role = each.value } } ``` ## lifecycle ```hcl theme={null} unit "aws_rds_instance" "db" { engine = "postgres" instance_class = "db.t3.micro" lifecycle { prevent_destroy = true ignore_changes = ["password"] create_before_destroy = false } } ``` | Rule | Effect | | ------------------------------ | -------------------------------- | | `prevent_destroy = true` | Block destruction | | `create_before_destroy = true` | Create new before deleting old | | `ignore_changes = [...]` | Ignore drift on these attributes | ## depends\_on ```hcl theme={null} unit "aws_s3_bucket_v2" "logs" { bucket = "app-logs" depends_on = [unit.aws_iam_role.logger] } ``` ## when ```hcl theme={null} input "enable_logging" { default = "true" } unit "aws_s3_bucket_v2" "logs" { when = input.enable_logging == "true" bucket = "app-logs" } ``` ## cost\_limit ```hcl theme={null} unit "aws_rds_instance" "db" { instance_class = "db.r6g.4xlarge" cost_limit = 500 # $500/month maximum } ``` Requires `UBX_AI_API_KEY`. `ubx validate --cost` warns if estimate exceeds limit; `ubx apply` blocks if exceeded. ## dynamic Blocks ```hcl theme={null} unit "aws_security_group" "web" { name = "web-sg" dynamic "ingress" { for_each = [80, 443] content { from_port = val to_port = val protocol = "tcp" } } } ``` ## Secrets in Attributes ```hcl theme={null} unit "aws_rds_instance" "db" { password = secret("aws_secrets_manager", "prod/db/password") api_key = secret("vault", "secret/prod/api#key") debug = secret("env", "DEBUG_MODE") } ``` See [`secret()`](/v1/language/secret) for all backends. ## View Available Fields ```bash theme={null} ubx docs aws_s3_bucket_v2 --list ubx docs aws_rds_instance --list ubx schema list ``` ## Supported Providers AWS (1,672+ resources), GCP (1,217+ resources), Azure (2,334+ resources).