A precondition failed error occurs when a lifecycle precondition block evaluates to false in Terraform 1.2+. Fix it by reviewing the condition logic, input variables, and ensuring assumptions are met before applying.
In Terraform 1.2 and later, you can add preconditions and postconditions to resource, data source, and output blocks via the lifecycle meta-argument. A precondition is a validation check that Terraform evaluates after generating a plan but before creating the resource. When a precondition's condition expression evaluates to false, Terraform halts the operation and displays the error_message you defined. This is Terraform's way of enforcing assumptions about your infrastructure configuration—ensuring certain conditions are true before proceeding. Unlike variable validation (which runs immediately on input), preconditions run later in the planning phase and can reference other configuration objects, making them powerful for cross-validation.
When a precondition fails, Terraform displays the error_message you defined in the precondition block. This message should explain why the condition failed.
Error: Resource precondition failed
on main.tf line 42, in resource "aws_instance" "example":
42: precondition {
condition = contains(["us-east-1", "us-west-2"], var.aws_region)
var.aws_region is "eu-west-1"
Your message: AWS instance can only be created in us-east-1 or us-west-2The error shows:
- Which file and line the precondition is on
- The condition expression that failed
- The actual values involved
- Your custom error_message
Study this output to understand what assumption was violated.
Review the variables referenced in your precondition. Use terraform console or print statements to check their actual values:
terraform console
> var.aws_region
"eu-west-1"
> var.environment
"production"Or check your terraform.tfvars or environment variables:
# Check what variables are being passed
cat terraform.tfvars
# Check environment variables
env | grep TF_VAREnsure the values passed match what your precondition expects. If using automation, verify that the correct variables are being provided.
Check your precondition block in the resource definition. Verify the condition expression is correct:
resource "aws_instance" "example" {
# ... configuration ...
lifecycle {
precondition {
condition = can(data.aws_ami.ubuntu.id) # Ensure data source exists
error_message = "Ubuntu AMI data source lookup failed."
}
}
}Common mistakes:
- Using wrong operators (== instead of contains, != instead of !=)
- Referencing properties that don't exist on the object
- Using self (not allowed in preconditions—use resource references instead)
- Logic errors in boolean expressions
Test the condition expression independently using 'terraform console' if needed:
terraform console
> contains(["us-east-1", "us-west-2"], var.aws_region)
true # or false, depending on the variableOnce you understand why the precondition failed, fix it by either:
Option 1: Update the input variables
Update your terraform.tfvars or pass different values:
# terraform.tfvars
aws_region = "us-east-1" # Change from eu-west-1
environment = "production"Or via CLI:
terraform apply -var="aws_region=us-east-1"Option 2: Modify the precondition logic
If the condition is too restrictive, update it in your configuration:
lifecycle {
precondition {
# Add eu-west-1 to allowed regions
condition = contains(["us-east-1", "us-west-2", "eu-west-1"], var.aws_region)
error_message = "AWS instance can only be created in specified regions."
}
}Option 3: Check data source prerequisites
If the precondition checks a data source (like looking up an AMI), ensure that data source can resolve:
terraform plan # Verify data sources fetch successfully
terraform console
> data.aws_ami.ubuntu.id # Check if it resolvesOnce you've adjusted your configuration:
# Generate a new plan to verify the precondition now passes
terraform plan
# If the plan looks good, apply the changes
terraform applyTerraform will evaluate the precondition again. If it passes, the plan will proceed to creating/modifying resources. If it still fails, you'll get the same error and can iterate further.
Preconditions vs Postconditions:
- Preconditions run before resource creation (after planning). They validate assumptions.
- Postconditions run after resource creation. They validate guarantees the resource must meet.
Preconditions vs Variable Validation:
- Variable validation runs immediately when variables are evaluated, cannot reference other configuration objects.
- Preconditions run during the planning phase and can reference resources, data sources, and outputs.
Where Preconditions Can Be Used:
- Resource blocks: lifecycle { precondition { ... } }
- Data source blocks: lifecycle { precondition { ... } }
- Output blocks: lifecycle { precondition { ... } }
Important Limitations:
- Cannot use 'self' in preconditions (not defined until after plan)
- Preconditions must reference at least one object from elsewhere in configuration
- If multiple preconditions are defined, all must pass; Terraform reports all failures
Terraform Version:
Preconditions and postconditions require Terraform 1.2.0 or later. If you're on an older version, upgrade to use this feature.
Error: Error rendering template: template not found
How to fix "template not found" error in Terraform
Error: Error generating private key
How to fix 'Error generating private key' in Terraform
Error creating Kubernetes Service: field is immutable
How to fix "field is immutable" errors in Terraform
Error: Error creating local file: open: permission denied
How to fix "Error creating local file: permission denied" in Terraform
Error: line endings have changed from CRLF to LF
Line endings have changed from CRLF to LF in Terraform