Is terraform destroy needed before terraform apply?


Terraform destroy will no doubt provide you a clean slate to work with your infrastructure but it is not needed to run terraform destroy before running terraform apply or plan commands.

There is one caution while working with terraform destroy command, it is not advisable to run it on a production environment because it can do some serious damage to your cloud infrastructure setup.

Just to keep everything in sync you can use terraform refersh anytime or even before you apply to terraform configuration.

This blog will help you to understand a bit more on how and when to use terraform destroy and terraform refresh

Table of Content

  1. When to use Terraform destroy?
  2. How to refresh and keep your terraform state(tfstate) file up to date with your infrastructure changes?

1. When to use Terraform destroy?

Well the first golden rule with terraform destroy is you should never use it in the production environment because there is no returning once you execute the terraform destroy.


1.1 Instead use terraform destroy with -target to destroy specific resource

The safe way to run the terraform destroy is along with the -target parameter because once you specify the -target param then you need to pass the resource name which you want to destroy from your cloud infrastructure.

Here is the example command where I am trying to destroy aws_instance with the name jhooq_hello -

1terraform destroy -target aws_instance.jhooq_hello

The benefit of using the above command is - “It will only destroy the aws_instancewith the name jhooq_hello” and you are safe from accidentally deleting all of your infrastructure resources.


1.2 Remove resource from terraform.tfstate file

In the previous step, we have seen how to remove/destroy specific resources using -target parameter.

But suppose if you want to destroy all other resources except one resource then I would recommend you to use terraform state rm <resource-to-exclude-from-destroy> so that you can exclude the resource from getting destroyed.

1terraform state rm aws_instance.jhooq_hello

Now we have excluded the aws_instance.jhooq_hello and you can run the terraform destroy command and it will destroy all other resources.


1.3 Use terraform lifecycle block to prevent destroy

One more recommended way to create and prevent the resource is to use the lifecycle block inside your terraform configuration so that the resource does not get deleted accidentally.

Here is an example terraform configuration -

 1provider "aws" {
 2   region     = "eu-central-1"
 3   access_key = "AKIATQ37NXB2JMXVGYPG"
 4   secret_key = "ockvEN1DzYynDuKIh56BVQv/tMqmzvKnYB8FttSp"
 5}
 6
 7resource "aws_instance" "ec2_example" {
 8
 9   ami           = "ami-0767046d1677be5a0"
10   instance_type =  "t2.micro"
11
12   tags = {
13           Name = "Terraform EC2"
14   }
15   lifecycle {
16     prevent_destroy= true
17   }
18}

If you try to run the terraform destroy command it will throw the following error -

1the plan would destroy this resource, but it currently has lifecycle.preven_destroy set to true. to avoid this error and continue with the plan. either disable or adjust the scope. 

1.4 Use terraform nuke (Only for development purpose)

You can check How to nuke AWS resources and save additional AWS infrastructure cost? for destroying everything in one command but it is only intended for development purposes.


2. How to refresh and keep your local terraform state(tfstate) file up to date with remote terraform state(tfstate)?

Well there is one more important question Will terraform.tfstate file will be in sync if someone has deleted or updated the resource manually?

In such scenario, it is always recommended to use terraform refresh so that the local terraform state(tfstate) and remote terraform state(tfstate) are in sync.

For Example -: Let suppose you have created three aws_instance

  1. aws_instance.ec2_example1
  2. aws_instance.ec2_example2
  3. aws_instance.ec2_example3

And you manually deleted the aws_instance.ec2_example2 from your AWS console.

So using terraform refresh you can sync your both local terraform state(tfstate) and remote terraform state(tfstate).

Now you will have a better understanding of terraform destroy, terraform refresh and when to use both.


Read More -

  1. Install terraform on Ubuntu 20.04, CentOS 8, MacOS, Windows 10, Fedora 33, Red hat 8 and Solaris 11
  2. How to setup Virtual machine on Google Cloud Platform using terraform
  3. Create EC2 Instance on AWS using terraform
  4. How to use Terraform Input Variables
  5. What is variable.tf and terraform.tfvars?
  6. How to use Terraform locals?
  7. How to use Terraform output values?
  8. Understanding terraform count, for_each and for loop?
  9. Cloud-nuke : How to nuke AWS resources and save additional AWS infrastructure cost?
  10. How to use Terraform Dynamic blocks?
  11. How to use Terraform resource meta arguments?
  12. How to use Terraform Data sources?
  13. What is terraform provisioner?
  14. Terraform how to do SSH in AWS EC2 instance?
  15. How Terraform modules works?
  16. How to run specific terraform resource?
  17. How to use Workspaces in Terraform?