Create temporary resources during terraform apply (automatically destroy it at the end of apply)

[ejbp]

Terraform Version

Terraform v1.3.1

Use Cases

I want to be able to run commands on an ec2 instance (for example) on the pipeline. Since the pipeline runner is not inside my vpc, and the ec2 instance should to not be open to outside, I need to temporary create a security group, during the apply, that will allow ssh inbound from outside in order to be able to run ansible commands on that ec2 instance (for example) during the apply. At the end, I would like that terraform automatically removes that security group for me.

Attempted Solutions

Currently I have the destroy command on that target, on the next job after the apply. I don't like this solution for many reasons, but specially because if you run terraform apply on your local computer and the developer forgets to destroy the security group manually, the ec2 will be opened to outside until someone runs pipeline or removes it manually.

Proposal

add a generic option for every resource (that makes sense) where you can add "destroy_me_after_apply = true or ephemeral=true". The default would be false, of course. If this option is settled to true, then the resource will be created during the apply and will be removed at the end of the apply.

References

No response