update examples and other tweaks

trujillo-adam · trujillo-adam · commit c78924aa64b8 · 2025-10-27T16:38:44.000-07:00
diff --git a/content/terraform/v1.13.x/docs/language/meta-arguments/count.mdx b/content/terraform/v1.13.x/docs/language/meta-arguments/count.mdx
@@ -19,12 +19,6 @@ You can use the `count` argument as a conditional for creating resources. For ex
 
 </Tip>
 
-### `count` object
-
-In blocks where `count` is set, an additional `count` object is available in expressions, so you can modify the configuration of each instance. This object has the following attribute:
-
-- `count.index`: The distinct index number starting with `0` corresponding
-  to this instance.
 
 In the folllowing example, Terraform creates four `aws_instance.server` resources that use the same AMI and instance type. The `count.index` attribute gives each `aws_instance` a unique `Name` tag:
 
@@ -47,6 +41,10 @@ The `count` meta-argument accepts numeric [expressions](/terraform/language/expr
 
 ### Referring to instances
 
+In blocks where `count` is set, Terraform creates an additional `count` object that you can use in expressions to modify the configuration of each instance. This object has the following attribute:
+
+- `count.index`: The distinct index number starting with `0` corresponding to this instance.
+
 Terraform makes a distinction between the block containing the `count` argument and the instances associated with it. Terraform identifies instances index number starting at `0`.
 
 - `<TYPE>.<NAME>` or `module.<NAME>`, for example, `aws_instance.server` refers to the resource block.
@@ -62,7 +60,6 @@ the module index as the module's name suffices to reference the module.
 
 Within nested [`provisioner`](/terraform/language/block/resource#provisioner) or [`connection`](/terraform/language/block/resource#connection) blocks, the special `self` object refers to the current resource instance, not the `resource` block as a whole.
 
-
 ### How to choose between `count` and `for_each`
 
 `count` and [`for_each`](/terraform/language/meta-arguments/for_each) perform a similar function. Use the `count` argument when you want to create nearly identical instances. Use `for_each` when some instance arguments must have distinct values that can't be directly derived from an
diff --git a/content/terraform/v1.13.x/docs/language/meta-arguments/depends_on.mdx b/content/terraform/v1.13.x/docs/language/meta-arguments/depends_on.mdx
@@ -81,51 +81,9 @@ You can use `depends_on` in the following Terraform configuration blocks:
 - [`resource` blocks](/terraform/language/block/resource)
 
 ## Example use cases 
-<!-- TODO: refine examples -->
-The following use cases describe common patterns for the `depends_on` argument.
-
-### Specify a dependency on another `resource` block
-
-In the following example, the `aws_iam_instance_profile` resource references the `aws_iam_role` resource, instructing Terraform to create the upstream resource first. The `aws_iam_role_policy` resource configures an IAM policy that lets the EC2 instance access the S3 API.
-
-Terraform infers that it must create the instance profile before the EC2 instance, but it cannot infer that the software running in the EC2 instance needs access to the S3 API in order to boot properly. As a result, the configuration explicitly instructs Terraform to create the `aws_iam_role_policy` first:
-
-```hcl
-resource "aws_iam_role" "example" {
-  name = "example"
-  assume_role_policy = "..."
-}
-
-resource "aws_iam_instance_profile" "example" {
-  role = aws_iam_role.example.name
-}
-
-resource "aws_iam_role_policy" "example" {
-  name   = "example"
-  role   = aws_iam_role.example.name
-  policy = jsonencode({
-    "Statement" = [{
-      "Action" = "s3:*",
-      "Effect" = "Allow",
-    }],
-  })
-}
 
-resource "aws_instance" "example" {
-  ami           = "data.aws_ami.example.id"
-  instance_type = "t2.micro"
-  iam_instance_profile = aws_iam_instance_profile.example
-  depends_on = [
-    aws_iam_role_policy.example
-  ]
-}
-
-data "aws_ami" "example" {
-  # AMI configuration
-}
-```
+The following use cases describe common patterns for the `depends_on` argument.
 
-Note that the `aws_iam_role` resource is partially defined. Refer to the [AWS provider documentation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) for all configuration settings.
 
 ### Specify a dependency during validation
 
@@ -195,7 +153,7 @@ resource "aws_instance" "api" {
 
   depends_on = [aws_db_instance.api]
 }
-
+```
 
 ### Specify a dependency on the parent module
 
diff --git a/content/terraform/v1.13.x/docs/language/meta-arguments/for_each.mdx b/content/terraform/v1.13.x/docs/language/meta-arguments/for_each.mdx
@@ -37,15 +37,6 @@ resource "aws_iam_user" "the-accounts" {
 }
 ```
 
-### `each` object
-
-In blocks where `for_each` is set, an additional `each` object is
-available in expressions, so you can modify the configuration of each instance.
-This object has the following attributes:
-
-- `each.key`: The map key or set member corresponding to this instance.
-- `each.value`: The map value corresponding to this instance. If a set is provided, this is the same as `each.key`.
-
 ### Limitations on values
 
 The keys of the map or all values in a set of strings must be known values. Otherwise, Terraform returns an error message that `for_each` has dependencies that cannot be determined before apply and that a `-target` may be needed.
@@ -73,6 +64,29 @@ To prevent unexpected behavior during conversion, the `for_each` argument does n
 - [Transform a multi-level nested structure into a flat list](/terraform/language/functions/flatten#flattening-nested-structures-for-for_each).
 - [Combine collections to produce a list of element combinations](/terraform/language/functions/setproduct#finding-combinations-for-for_each).
 
+### Referring to instances
+
+In blocks where `for_each` is set, Terraform creates an additional `each` object that you can use in expressions to modify the configuration of each instance.
+This object has the following attributes:
+
+- `each.key`: The map key or set member corresponding to this instance.
+- `each.value`: The map value corresponding to this instance. If a set is provided, this is the same as `each.key`.
+
+Terraform makes a distinction between the block containing the `for_each` argument and the instances associated with it. Terraform identifies instances by the map key or set member using the value provided to `for_each`.
+
+- `<TYPE>.<NAME>` or `module.<NAME>`: For example, `azurerm_resource_group.rg` refers to the block.
+- `<TYPE>.<NAME>[<KEY>]` or `module.<NAME>[<KEY>]`: For example, `azurerm_resource_group.rg["a_group"]` and `azurerm_resource_group.rg["another_group"]` refer to individual instances.
+
+This is different from resources and modules without [`count`](/terraform/language/meta-arguments/count) or `for_each`, which can be
+referenced without an index or key.
+
+Similarly, resources from child modules with multiple instances are prefixed
+with `module.<NAME>[<KEY>]` when displayed in plan output and elsewhere in the UI.
+For a module without `count` or `for_each`, the address does not contain
+the module index as the module's name suffices to reference the module.
+
+Within nested [`provisioner`](/terraform/language/block/resource#provisioner) or [`connection`](/terraform/language/block/resource#connection) blocks, the special `self` object refers to the current resource instance, not the resource block as a whole.
+
 ### Chain `for_each` between resources
 
 Because a resource using `for_each` appears as a map of objects when used in
@@ -126,23 +140,6 @@ Terraform to expect the instance keys for both to always change together,
 and typically also makes the configuration easier to understand for human
 maintainers.
 
-### Referring to instances
-
-Terraform makes a distinction between the block containing the `for_each` argument and the instances associated with it. Terraform identifies instances by the map key or set member using the value provided to `for_each`.
-
-- `<TYPE>.<NAME>` or `module.<NAME>`: For example, `azurerm_resource_group.rg` refers to the block.
-- `<TYPE>.<NAME>[<KEY>]` or `module.<NAME>[<KEY>]`: For example, `azurerm_resource_group.rg["a_group"]` and `azurerm_resource_group.rg["another_group"]` refer to individual instances.
-
-This is different from resources and modules without [`count`](/terraform/language/meta-arguments/count) or `for_each`, which can be
-referenced without an index or key.
-
-Similarly, resources from child modules with multiple instances are prefixed
-with `module.<NAME>[<KEY>]` when displayed in plan output and elsewhere in the UI.
-For a module without `count` or `for_each`, the address does not contain
-the module index as the module's name suffices to reference the module.
-
-Within nested [`provisioner`](/terraform/language/block/resource#provisioner) or [`connection`](/terraform/language/block/resource#connection) blocks, the special `self` object refers to the current resource instance, not the resource block as a whole.
-
 ### Using sets
 
 The Terraform language doesn't have a literal syntax for [set values](/terraform/language/expressions/type-constraints#collection-types), but you can use the [`toset` function](/terraform/language/functions/toset) to explicitly convert a list of strings to a set:
@@ -183,8 +180,7 @@ variable "subnet_ids" {
 
 resource "aws_instance" "server" {
   for_each = var.subnet_ids
-
-  # (and the other arguments as above)
+  #...
 }
 ```
 
diff --git a/content/terraform/v1.13.x/docs/language/meta-arguments/lifecycle.mdx b/content/terraform/v1.13.x/docs/language/meta-arguments/lifecycle.mdx
@@ -190,7 +190,7 @@ In the following example, Terraform replaces `aws_appautoscaling_target` each ti
 
 ```hcl
 resource "aws_appautoscaling_target" "ecs_target" {
-   ...
+   # ...
    lifecycle {
    replace_triggered_by = [
       aws_ecs_service.svc.id
@@ -199,25 +199,21 @@ resource "aws_appautoscaling_target" "ecs_target" {
 }
 ```
 
-### Apply custom conditions
+### Validate the AMI for creating instances
 
-The following example includes several configurations that illustrate how to define `precondition` and `postcondition` arguments in the `lifecycle` meta-argument.
+In the following example, the `precondition` block ensures that the AMI ID retrieved from the `data` block includes `x86_64` as its `architecture` attribute. The `postcondition` block specifies that the EC2 instance must be allocated a public DNS hostname. When either condition is not met, Terraform returns the `error_message` for the failed condition:
 
-The following `data` block instructs Terraform to retrieve the ID of the `ami-abc123` AMI:
 
 ```hcl
 data "aws_ami" "example" {
+  most_recent= true
   owners = ["amazon"]
   filter {
     name   = "image-id"
-    values = ["ami-abc123"]
+    values = ["ami-*"]
   }
 }
-```
-
-In the following code, the `precondition` block specifies that the AMI ID retrieved from the `data` block must include `x86_64` as its `architecture` attribute. The `postcondition` block specifies that the EC2 instance must be allocated a public DNS hostname. When either condition is not met, Terraform returns the `error_message` for the failed condition:
 
-```hcl
 resource "aws_instance" "example" {
   instance_type = "t3.micro"
   ami           = data.aws_ami.example.id
@@ -235,8 +231,9 @@ resource "aws_instance" "example" {
   }
 }
 ```
+### Validate that a root storage volume is encrypted
 
-The following `data` block retrieves the root storage volume connected to the `aws_instance.example` EC2 instance using the `volume_id` attribute. When a `data` resource verifies the result of a managed resource declared in the same configuration, you must define the check in a `postcondition` block in the resource so that Terraform waits for changes to the managed resource to complete before reading the data resource.
+In the following example, the `data` block retrieves the root storage volume connected to the `aws_instance.example` EC2 instance using the `volume_id` attribute. When a `data` resource verifies the result of a managed resource declared in the same configuration, you must define the check in a `postcondition` block in the resource so that Terraform waits for changes to the managed resource to complete before reading the data resource.
 
 ```hcl
 data "aws_ebs_volume" "example" {
@@ -252,11 +249,39 @@ data "aws_ebs_volume" "example" {
     }
   }
 }
+
+data "aws_ami" "example" {
+  most_recent= true
+  owners = ["amazon"]
+  filter {
+    name   = "image-id"
+    values = ["ami-*"]
+  }
+}
+
+resource "aws_instance" "example" {
+  instance_type = "t3.micro"
+  ami           = data.aws_ami.example.id
+}
+
 output "api_base_url" {
   value = "https://${aws_instance.example.private_dns}:8433/"
 }
 ```
 
+The validation fails in this example, so Terraform prints the following message to the console:
+
+```shell-session
+│ Error: Resource postcondition failed
+│
+│   on main.tf line 31, in data "aws_ebs_volume" "example":
+│   31:       condition     = self.encrypted
+│     ├────────────────
+│     │ self.encrypted is false
+│
+│ The server's root volume is not encrypted.
+```
+
 ### Validate ephemeral resources
 
 In the following example, the `aws_ssm_parameter` ephemeral resource has a `precondition` to ensure that compliance mode is enabled to secure production secrets, and a `postcondition` to ensure the generated password meets password requirements:
