Feature Request: Automatically Taint resource if different resource is being replaced

[ajchiarello]

I have sometimes run into an issue where my terraform script fails because it needs to replace a resource (such as a certificate) but the API of the target system (an F5 load-balancer in my case) will not allow the certificate to be replaced because it is used by other resources. Terraform dependencies don't resolve this, and currently I'm doing some external scripting in my pipeline to detect when these resources are being replaced, and tainting the appropriate other resources to allow the process to succeed. I also use Terragrunt to manage these deployments, and it seemed to me that it would be better and more consistent if I could tell Terragrunt to taint a resource automatically based on the planned replacement of a specific other resource.

[yorinasub17]

I think the key question here is if the dependency crosses terragrunt module boundaries (and thus are in different state files) or not. If they cross state boundaries, then this is terragrunt's responsibility, while if they don't, then this is terraform's responsibility.

In either case, this will require some advanced processing of terraform internals for terragrunt to handle which is not something we intend to do with terragrunt.

[ajchiarello]

Thanks for the explanation. In my case, it is not crossing state boundaries, so it would not fall into Terragrunt's purview as you have described it.