Ignore Autoscaling Changes

Adds ignore_changes = [read_capacity, write_capacity] to DynamoDB tables, preventing Terraform from reverting autoscaler adjustments.

When to use this rule

Use this when: Your DynamoDB tables use Application Auto Scaling for read/write capacity, and every terraform plan shows capacity diffs.

Do not use this when: Your DynamoDB tables use PAY_PER_REQUEST (on-demand) billing mode, which has no read/write capacity attributes. Or you manually manage provisioned capacity without auto scaling.

Why this rule exists

DynamoDB tables with auto scaling enabled have their read and write capacity adjusted continuously by AWS Application Auto Scaling. Terraform sees these changes on every plan and proposes reverting them.

The fix is straightforward (add ignore_changes) but requires modifying every DynamoDB resource in every module. With upstream terraform-aws-modules, you cannot add this without forking.

Repository	Issue	Title
hashicorp/terraform	#27360	A method to override configuration and meta arguments within a module

Affected resources

Resource	Service	Why
`aws_dynamodb_table`	Amazon DynamoDB	Capacity attributes managed by Application Auto Scaling

Known limits

Only affects aws_dynamodb_table. Does not cover aws_dynamodb_global_table or other DynamoDB resources.
Does not ignore changes to other auto-scaled attributes like GSI capacity.

What this rule does

Adds a lifecycle { ignore_changes = [...] } block to each matching resource. Terraform and OpenTofu will ignore external changes to the listed attributes on subsequent plans.

Ignored attributes: read_capacity, write_capacity

Before and after

Before (upstream module)After (with Ignore Autoscaling Changes applied)

resource "aws_dynamodb_table" "this" {
  # ... resource configuration ...

  tags = var.tags
}

resource "aws_dynamodb_table" "this" {
  # ... resource configuration ...

  tags = var.tags

  lifecycle {
    ignore_changes = [
      read_capacity,
      write_capacity,
    ]
  }
}

The only change is the rule transformation. All existing arguments, outputs, and module behavior remain identical.

Real-world scenario

A DynamoDB table with auto scaling adjusted read capacity from 5 to 50 during a traffic spike. The next terraform plan proposed reverting capacity back to 5, which would have caused throttling during peak hours.

Default configuration

This rule ships with the following defaults. Custom parameterization via the registry is planned for a future release.

Parameter	Type	Default	Description
`ignore_changes`	`list(string)`	`["read_capacity", "write_capacity"]`	Lifecycle attributes to ignore
`resource_types`	`list(string)`	`["aws_dynamodb_table"]`	Target resource type patterns

How to enable

URL query parameterOrganization defaults

Add ?rules=pofix/ignore_autoscaling_changes to your HTTPS module source:

module "example" {
  source = "https://soc2.compliance.tf/terraform-aws-modules/s3-bucket/aws?version=5.0.0&rules=pofix/ignore_autoscaling_changes"
}

Configure via the compliance.tf API. See Getting Started with Operational Rules.

Failure modes

Scenario	Result
Applied to a PAY_PER_REQUEST table	No-op. The table has no read_capacity or write_capacity attributes to ignore.
You switch from PROVISIONED to PAY_PER_REQUEST	The ignore_changes block has no effect on PAY_PER_REQUEST tables. No action needed.

Terraform and OpenTofu compatible

This rule works with both Terraform (1.x+) and OpenTofu (1.6+). The generated HCL uses standard lifecycle meta-arguments supported by all versions.

Help us improve this page

Operational Rules are a new feature. We'd love your feedback on this rule page — what's useful, what's missing, what's confusing. Share feedback.