Exclude resource from being destroyed

[Ionut Cadariu]

Hello,

I'd like to destroy my current environment created using Terraform but keep some of the resources untouched (ex: I'd like to keep my current VPC setup: aws_vpc, aws_internet_gateway, aws_vpn_gateway, etc).

From what I've read Terraform does not have an exclude option right now so I was wondering what workaround do you use to kill part of your resources?

Thank you,

Ionut 

[Lowe Schmidt]

Comment out all the things you don't want and run terraform apply should do the trick. 

--

Lowe Schmidt | +46 723 867 157

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/8590339d-710a-4447-9e1e-b78723cd43a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[David Adams]

You can add `-target aws_subnet.a_public -target aws_subnet.b_public ...` etc to your `terraform plan -destroy` and `terraform destroy` commands to limit their extent. I would recommend trying one thing at a time, and carefully verifying the plan output and the summary count to be sure it's going to destroy exactly the resources you think it will. (I suspect you will be fine, but there has been some flakiness in past versions around dependent resources when dealing with targetted applies and destroys.)

-dave

On Tue, Aug 16, 2016 at 9:17 AM, Ionut Cadariu <ionut....@gmail.com> wrote:

Hello Lowe,

This was what I was thinking initially (as a work around) but it seems that it's not working since it just output a lot of errors afterwards:

$ terraform plan -destroy

Error configuring: 16 error(s) occurred:

* aws_security_group.ssh_sg: missing dependency: aws_vpc.main

* aws_security_group.nat_sg: missing dependency: aws_vpc.main

* aws_security_group.pub_elb_sg: missing dependency: aws_vpc.main

* aws_security_group.priv_elb_sg: missing dependency: aws_vpc.main

* aws_security_group.pub_sg: missing dependency: aws_vpc.main

* aws_security_group.priv_sg: missing dependency: aws_vpc.main

* aws_security_group.rds_sg: missing dependency: aws_vpc.main

* aws_subnet.a_public: missing dependency: aws_vpc.main

* aws_subnet.a_private: missing dependency: aws_vpc.main

* aws_subnet.b_public: missing dependency: aws_vpc.main

* aws_subnet.b_private: missing dependency: aws_vpc.main

* aws_route_table.public_rt: missing dependency: aws_vpc.main

* aws_route_table.public_rt: missing dependency: aws_internet_gateway.igw

* aws_route_table.public_rt: missing dependency: aws_vpn_gateway.vgw-visma

* aws_route_table.private_rt: missing dependency: aws_vpc.main

* aws_route_table.private_rt: missing dependency: aws_vpn_gateway.vgw-visma

Best regards,

Ionut

You received this message because you are subscribed to a topic in the Google Groups "Terraform" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/terraform-tool/xL-VJkT3OMw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAC-wWcTrsakGUU4zdSO6MZO5hH-xmai6JJRE%2BMienMLWYLmQ4Q%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Ionut

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAANkY-%3DWyBpBxokZr_itMNUjMmF2kcSkc8nDRKPjyXq0gNLcKw%40mail.gmail.com.

[Ionut Cadariu]

Hey Dave and Lowe,

I have tried in the past using both -target and commenting out/moving some of the .tf files which resources I wanted to remain untouched but the problem is that in my case I have a lot of dependencies and I also have a lot of resources defined which makes adding them difficult. I hoped that someone with more experience will have a better solution than what I have tried :(

Thank you again guys for your help.

To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAN3s8zZB64F4ZEdyuWak_jBtxV%2B5Uo93a%3DTeRKsfWgsNMAewRA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Ionut

[David Maze]

On Tuesday, August 16, 2016 at 7:27:24 AM UTC-4, Ionut Cadariu wrote:

I'd like to destroy my current environment created using Terraform but keep some of the resources untouched (ex: I'd like to keep my current VPC setup: aws_vpc, aws_internet_gateway, aws_vpn_gateway, etc).

From what I've read Terraform does not have an exclude option right now so I was wondering what workaround do you use to kill part of your resources?

The last set of Terraform things I built up I created in several different parts to avoid exactly this problem: my VPC is in one set of modules, my database (Amazon RDS) in the next, my application in a third.  Since the data is stored in remote state in S3, it's possible for the more-downstream modules to pull the outputs from the more-upstream modules (e.g., the application gets the VPC ID) without risk of accidentally destroying things I really cared about.

If you're already in this state...the one useful suggestion I have is to edit your existing .tf files to add lifecycle { prevent_destroy = true } to the things you really want to keep (see https://www.terraform.io/docs/configuration/resources.html) for an extra protection against accidentally deleting them.  I probably also would clean this up by incrementally commenting out things you don't want and "terraform apply" them (Lowe Schmidt's suggestion).