search

stavxyz / terraform-aws-backend

A Terraform module for your AWS Backend + a guide for bootstrapping your terraform managed project
Apache License 2.0
53 stars 32 forks source link

How to destroy deployment, but keep the state bucket (with logs)? #9

Closed Vadim-Zenin closed 5 years ago

Vadim-Zenin commented 5 years ago

Hello,

I created remote buckets as explained, deployed some applications with many modules. How to destroy one deployment, but keep the state bucket (with logs)?

terraform destroy Error: Error running plan: 1 error(s) occurred: module.backend.aws_s3_bucket.tf_backend_bucket: aws_s3_bucket.tf_backend_bucket: the plan would destroy this resource, but it currently has lifecycle.prevent_destroy set to true. To avoid this error and continue with the plan, either disable lifecycle.prevent_destroy or adjust the scope of the plan using the -target flag.

stavxyz commented 5 years ago

@Vadim-Zenin this is a good use case, and one that I think will be pretty common actually. Thank you for bringing this up.

There are numerous issues upstream that refer to this situation:

https://github.com/hashicorp/terraform/issues/2253 https://github.com/hashicorp/terraform/issues/3874 https://github.com/hashicorp/terraform/issues/4149

Looks like this is a yet-to-be-solved problem. Inverse targeting would be perfect for the use case you described.

For now, I wonder if we could make prevent_destroy toggle-able with a variable? I am not sure if universal properties like lifecycle can do variable interpolation...

I don't know a solution off the top of my head, but check out those issues and the other bits here and let me know what you think.

sebbuku commented 5 years ago

Wouldn't removing it from the state with: terraform state rm module.backend.aws_s3_bucket.tf_backend_bucket allow you to delete the rest of the infrastructure and then re-import it? I had a similar case too and it worked for me, or I understood something wrong?

stavxyz commented 5 years ago

Wouldn't removing it from the state with: terraform state rm module.backend.aws_s3_bucket.tf_backend_bucket allow you to delete the rest of the infrastructure and then re-import it?

If you run terraform state rm module.backend.aws_s3_bucket.tf_backend_bucket and then terraform refresh will terraform re-add the bucket to the statefile? I ask because I wondered if terraform destroy first runs a refresh...

I would be happy to find out that removing the bucket from the statefile and then running terraform destroy would result in terraform behaving in the following way: when tf is computing what to destroy, it would refer to the statefile. Since the statefile no longer contains the backend bucket, terraform's destroy plan will not include it. Does that sound right @sebbuku ?

sebbuku commented 5 years ago

@samstav I think you then have to re-import it with terraform import module.backend.aws_s3_bucket.tf_backend_bucket

stavxyz commented 5 years ago

Closing in favor of https://github.com/samstav/terraform-aws-backend/issues/16