Chintan Boghara

Terraform Associate: Destroy Infrastructure

A Comprehensive Guide to Reviewing, Simulating, and Executing Infrastructure Destruction Using Terraform

Chintan Boghara's photo
Chintan Boghara
·

5 min read

Terraform Associate: Destroy Infrastructure

Table of contents

Infrastructure as Code (IaC) has revolutionized how we manage and provision cloud environments. Terraform, a leading IaC tool, not only allows you to create and update resources but also offers a safe and predictable way to tear down your infrastructure when needed. Whether you're cleaning up after testing, decommissioning unused resources, or simply saving costs, Terraform's destroy command is your go-to tool for removing all the resources defined in your configuration.

In this detailed guide, we'll walk through the process of safely and efficiently destroying your infrastructure using Terraform.

1. Review Your Terraform Configuration

Before initiating any destruction process, it’s critical to understand what you're about to remove. Spend a few moments reviewing your Terraform configuration files to confirm which resources are defined. This helps ensure that you won’t inadvertently delete critical resources or data.

Key Considerations:

  • Double-check resource definitions: Make sure you know what each resource does and whether it is safe to remove.

  • Backup important data: If your resources include databases or file storage, ensure that any necessary data is backed up.

2. Preview Destruction with terraform plan -destroy

Before executing the destruction, you can simulate the process using the terraform plan command with the -destroy flag. This preview step provides a clear picture of which resources will be deleted without making any actual changes.

Run the following command:

terraform plan -destroy

What to Expect

The output will detail the resources that Terraform plans to destroy. For example:

Plan: 0 to add, 0 to change, 5 to destroy.
  - aws_instance.example
  - aws_security_group.allow_ssh_http
  - ...

This step is crucial for verifying that you're about to remove only the intended resources.

3. Execute the Destruction with terraform destroy

After verifying the plan, you can proceed with the destruction. Execute the following command:

terraform destroy

Terraform will present a summary of the resources that will be destroyed and prompt you for confirmation. The output will look something like this:

Terraform will perform the following actions:

  # aws_instance.example will be destroyed
  - resource "aws_instance" "example" {
      ...
    }

  # aws_security_group.allow_ssh_http will be destroyed
  - resource "aws_security_group" "allow_ssh_http" {
      ...
    }

Do you want to perform these actions? Only 'yes' will be accepted to approve.
  Enter a value:

Type yes to confirm, and Terraform will begin the process of destroying your infrastructure.

4. Verify the Destruction

Once Terraform completes the process, it will confirm the destruction with a message like:

Destroy complete! Resources: 5 destroyed.

It's good practice to log in to your cloud provider's dashboard (e.g., AWS, Azure, or GCP) to verify that the resources have indeed been removed. Check that:

  • EC2 Instances or Virtual Machines are terminated.

  • Security Groups, Networks, and Other Resources no longer exist.

5. Handling State Files After Destruction

Terraform maintains a state file (terraform.tfstate) that tracks the current state of your infrastructure. When you destroy resources, this state file is updated to reflect their removal.

Best Practices:

  • State File Cleanup: If you are completely decommissioning an environment, you might want to remove the state file along with any lock files to avoid confusion later.

      rm terraform.tfstate terraform.tfstate.lock.info

  • Remote State Management: If you're using remote backends (e.g., AWS S3, Terraform Cloud), ensure that the state is correctly updated and consider any additional cleanup as needed.

6. Selective Destruction with the -target Flag

Sometimes, you may not want to destroy all resources defined in your configuration. Terraform offers the -target flag, which allows you to destroy specific resources selectively.

For example, to destroy only an EC2 instance:

terraform destroy -target=aws_instance.example

This command will only remove the specified resource (aws_instance.example), leaving the rest of your infrastructure intact.

7. Destroying Infrastructure in Different Workspaces

Terraform workspaces enable you to manage multiple environments (e.g., development, staging, production) within the same configuration. When destroying infrastructure in a specific workspace, make sure you select the correct one.

For example, to destroy infrastructure in the "staging" workspace:

terraform workspace select staging
terraform destroy

This ensures that you only remove resources associated with the selected workspace, preventing accidental deletions in other environments.

Conclusion

Destroying infrastructure with Terraform is a straightforward process, but it must be executed with caution. Here’s a quick recap of the steps:

  1. Review Your Configuration: Ensure you're aware of all defined resources.

  2. Preview with terraform plan -destroy: Simulate the destruction to verify the impact.

  3. Execute with terraform destroy: Confirm and run the destruction command.

  4. Verify the Outcome: Check your cloud provider's dashboard to ensure resources are removed.

  5. Manage State Files: Update or remove state files as necessary.

  6. Use Selective Destruction if Needed: Target specific resources with the -target flag.

  7. Handle Workspaces Appropriately: Select the correct workspace before destroying resources.

Terraform’s ability to manage destruction as effectively as creation makes it an invaluable tool for maintaining clean, cost-efficient, and secure cloud environments. By following these steps, you can confidently tear down your infrastructure, knowing that you’re in full control of the process.

Happy Terraforming!

Reference

  1. Terraform Destroy Command Documentation
    Learn all about the terraform destroy command, including how it works, best practices, and safety considerations when tearing down resources.

  2. Terraform Plan Command Documentation
    Understand how to use the terraform plan -destroy flag to preview the destruction of your resources before execution.

  3. Terraform State Management
    Explore how Terraform manages state files, the importance of state in tracking resource changes, and tips for effective state file handling.

  4. Terraform Workspaces
    Discover how to manage multiple environments with Terraform workspaces, ensuring you destroy resources in the correct environment.

  5. Selective Resource Destruction with the -target Flag
    Learn how to use the -target flag to destroy specific resources, offering granular control over your infrastructure teardown process.

TerraformTerraform AssociateIaC (Infrastructure as Code)DevopsCloudDevSecOpsSREPlatform Engineering