Terraform: `external` data source forces new resources on every terraform apply

Data resources are not diffed against state like managed resources are. Instead, since the data source is assumed to be read-only anyway (and thus there is nothing to update) Terraform just re-reads on each refresh.

However, it sounds like that is not the cause of the problem you are seeing because it is some dependent resource that is seeing a diff, even though the data output is unchanging.

Could you share the output of terraform plan, with any sensitive parts redacted? I think this would help to understand what is going on.

Sure, here is a plan output:

<= data.template_file.ansible_inventory
    rendered: "<computed>"
    template: "[kubenode]\n${node_ip}\n\n[kubemaster]\n${master_ip}\n\n[kubernetes:children]\nkubemaster\nkubenode\n\n[kubernetes:vars]\nkube_cl_name=kube-cl-01-test\naws_region=eu-central-1\naws_asg=kube-minion-test-kube-cl-01-20170206\n"
    vars.%:   "<computed>"

+ null_resource.ansible_inventory
    triggers.%: "<computed>"

+ null_resource.ansible_run
    triggers.%: "<computed>"

<= module.kubernetes.kube-cluster-minion-as.data.external.pub_iplist_as
    program.#:     "1"
    program.0:     "/Users/terraform/providers/aws/eu-central-1-kube-cl-01/.terraform/modules/f19381c1e83f119dc940b65efe0765f6/scripts/aws_as_helper.sh"
    query.%:       "1"
    query.as_name: "kube-minion-test-kube-cl-01-20170206"
    result.%:      "<computed>"

It collects actual info about autoscale instances via aws_as_helper.sh script, which produces such output:

{
  "InstanceId": "i-0fcf5e28bdb8e23d4,i-0e3c49195260a1bbe,i-0cc0151d00ce48526",
  "PublicIpAddress": "54.93.xx.xx,52.59.xx.xx,52.59.xx.xx"
}

After that terraform generates on the fly template for ansible and runs ansible with desired playbook.
The main thing is, if data provided not via external source, ansible runs only once or when values used for triggers were changed. With external data as a source triggers values are not changing, but they are unpredictable before external helper script run.

Do you have depends_on set for your data "external" block? In general it is not a good idea to use that argument on data resources because it forces Terraform to assume that the read must always be deferred until after the dependency has been applied, which means the result can't be known during plan as we usually expect.

Yes, i have depends_on = ["aws_autoscaling_group.ec2_instance_as"] for "external" block, without it it is not possible to update actual data, when for example desired number of instances changes for ASG.

I suggest to pass one or more attributes of the autoscaling group resource into the external program's query or arguments instead of using depends_on; this will allow Terraform to understand when it can run the data source program safely.

Going to close this as a dupe of #11806, since there's a little more discussion on the matter there.

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.