Terraform: How do I force a resource update after running a null resource?

Question

thats my terraform-code:

resource "aws_s3_bucket_object" "file_upload" {
  for_each = fileset("init_conf/", "*")
  bucket = aws_s3_bucket.conf_bucket.id
  acl    = "private"
  key    = "config/${local.service_name}/${each.value}"
  source = "init_conf/${each.value}"
  source_hash = filemd5("init_conf/${each.value}")
  kms_key_id = "arn:aws:kms:##################:###################"
  server_side_encryption = "aws:kms"
  

  tags = merge(tomap({
               "Name" = local.service_name,
  }), local.default_tags)
}


resource "null_resource" "cert" {

  triggers = {
    always_run = "${timestamp()}"
  }

  provisioner "local-exec" {
    command = "openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout ${path.cwd}/init_conf/${var.cname}.key -out ${path.cwd}/init_conf/${var.cname}.crt"
  }
}

After the execution of terraform apply, the status of the: resource "aws_s3_bucket_object" "file_upload" is refreshed first and only then the: provisioner "local-exec" is executed. What I want, however, is that the: provisioner "local-exec" is executed first, which generates a certificate for me and stores it, and only then does the file upload with the: resource "aws_s3_bucket_object" "file_upload".

Can someone help ?

Answer 1

You can add:

depends_on = [null_resource.cert]  

to your aws_s3_bucket_object.file_upload:

resource "aws_s3_bucket_object" "file_upload" {
  for_each = fileset("init_conf/", "*")
  bucket = aws_s3_bucket.conf_bucket.id
  acl    = "private"
  key    = "config/${local.service_name}/${each.value}"
  source = "init_conf/${each.value}"
  source_hash = filemd5("init_conf/${each.value}")
  kms_key_id = "arn:aws:kms:##################:###################"
  server_side_encryption = "aws:kms"
  
  depends_on = [null_resource.cert] 

  tags = merge(tomap({
               "Name" = local.service_name,
  }), local.default_tags)
}