Skip to content

Instantly share code, notes, and snippets.

@devops-school

devops-school/Terraform-taint-untaint-explained.md

Last active May 23, 2023 05:15
Show Gist options
  • Save devops-school/5f7d4d77af506b3d45f1fcbd0f0333e8 to your computer and use it in GitHub Desktop.
Save devops-school/5f7d4d77af506b3d45f1fcbd0f0333e8 to your computer and use it in GitHub Desktop.
Download ZIP
Terraform taint and untaint explained with example programs and tutorials
Raw
Terraform-taint-untaint-explained.md 
$ terraform taint resource.id

resource.id refers to the resource block name and resource ID to taint. Review the resource block we 

previously created:

resource "aws_instance" "example" {
  ami           = "ami-b374d5a5"
  instance_type = "t2.micro"
}

The correct resource and ID to taint this resource would be terraform taint aws_instance.example.
The terraform state list command is used to list resources within a Terraform state.

$ terraform state list
$ terraform plan
$ terraform untaint resource.id
$ terraform plan

Usage and exmaple of terraform taint

Usage: terraform taint [options] address

The address argument is the address of the resource to mark as tainted. The address is in the resource 

address syntax syntax, as shown in the output from other commands, such as:

aws_instance.foo
aws_instance.bar[1]
aws_instance.baz[\"key\"] (quotes in resource addresses must be escaped on the command line, so that 

they are not interpreted by your shell)
module.foo.module.bar.aws_instance.qux

Example: Tainting a Single Resource
$ terraform taint aws_security_group.allow_all
The resource aws_security_group.allow_all in the module root has been marked as tainted.

Example: Tainting a single resource created with for_each

It is necessary to wrap the resource in single quotes and escape the quotes. This example will taint a 

single resource created with for_each:

$ terraform taint 'module.route_tables.azurerm_route_table.rt[\"DefaultSubnet\"]'
The resource module.route_tables.azurerm_route_table.rt["DefaultSubnet"] in the module root has been 

marked as tainted.

Example: Tainting a Resource within a Module

This example will only taint a resource within a module:

$ terraform taint "module.couchbase.aws_instance.cb_node[9]"
Resource instance module.couchbase.aws_instance.cb_node[9] has been marked as tainted.

Example: Tainting a Resource within a Module
terraform taint -module=hosting null_resource.provision_last
Raw
Terraform-untaint.md

Terraform untaint Manually unmark a resource as tainted, restoring it as the primary instance in the state. This reverses either a manual 'terraform taint' or the result of provisioners failing on a resource.

This will not modify your infrastructure. This command changes your state to unmark a resource as tainted. This command can be undone by reverting the state backup file that is created, or by runnin 'terraform taint' on the resource.

---------------
resource "docker_image" "image_id" {
  name = "ghost:latest"
}

# Start the Container
resource "docker_container" "container_id" {
  name  = "ghost_blog"
  image = docker_image.image_id.latest
  ports {
    internal = "2368"
    external = "80"
  }
}
---------------

terraform init
terraform plan
terraform apply
terraform taint docker_container.container_id
terraform plan
terraform untaint docker_container.container_id
terraform plan
terraform taint docker_container.container_id
terraform apply
terraform destroy
@bulletinmybeard
Copy link

bulletinmybeard commented Jul 26, 2022
edited
Loading

Since I'm working with Terraform >= v0.12.0, that was super helpful! Thank you so much for that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment