gotchaterraformMajorpending
Gotcha: Terraform destroy dependencies can cause failures
Viewed 0 times
destroydependenciesforce-destroystateterraform
Error Messages
Error deletingDependencyViolationBucketNotEmptyhas attachedProblem
terraform destroy fails because resources have implicit dependencies or external references that Terraform does not track.
Solution
Common destroy problems and solutions:
resource "aws_s3_bucket" "data" {
force_destroy = true # Deletes all objects first
}
# Add explicit dependency so SG is destroyed last
depends_on = [aws_instance.web]
# Detach policies before destroying role
# Use aws_iam_role_policy_attachment, not inline policies
# Destroy EC2 instances and load balancers first
# Use targeted destroy: terraform destroy -target=aws_instance.web
- Use -target for ordered destruction
- Add lifecycle { create_before_destroy = true } where needed
- Check for resources created outside Terraform
- Use terraform state list to see what will be destroyed
terraform state rm <resource> # Remove from state without destroying
- S3 bucket not empty:
resource "aws_s3_bucket" "data" {
force_destroy = true # Deletes all objects first
}
- Security group in use by another resource:
# Add explicit dependency so SG is destroyed last
depends_on = [aws_instance.web]
- IAM role with attached policies:
# Detach policies before destroying role
# Use aws_iam_role_policy_attachment, not inline policies
- VPC with active ENIs:
# Destroy EC2 instances and load balancers first
# Use targeted destroy: terraform destroy -target=aws_instance.web
- General approach:
- Use -target for ordered destruction
- Add lifecycle { create_before_destroy = true } where needed
- Check for resources created outside Terraform
- Use terraform state list to see what will be destroyed
- Nuclear option (dangerous):
terraform state rm <resource> # Remove from state without destroying
Revisions (0)
No revisions yet.