[bmcgavin]

As tags aren't necessarily immutable, it's probably advisable to use the full hash in most situations anyway.

This is a useful trick in situations where the image changing under your feet isn't very important.

[koolba]

You can have that indirection itself in a data element that does the lookup of the image and returns the digest: https://registry.terraform.io/providers/hashicorp/aws/latest...

So the data element would lookup the tag, and the specific hash is used in the deployment. No funky replace triggers needed.

[mrmattyboy]

Sure, you're right in most cases. In the use-case I had, it's a private registry with "immutable" tags (at least enough to stop accidental overwrites - and it is a homelab, so if someone else did it, I'd have worse problems ;))

The point was more about using null_triggers (or `terraform_data` I see) and using the trigger replacement, with the docker resources as purely an illustration.