Terraform Resource Destruction

Introduction

Welcome to this lab on Terraform resource destruction. A key part of the infrastructure lifecycle is not just creating and updating resources, but also cleanly removing them when they are no longer needed. This process is known as destruction.

Terraform provides a straightforward and safe workflow for destroying infrastructure. The primary command for this is terraform destroy. To prevent accidental deletion, Terraform also offers a way to preview what will be destroyed before you commit to the action.

In this lab, you will learn how to:

• Use terraform plan -destroy to preview a destruction plan.
• Interpret the destruction plan output.
• Execute the terraform destroy command to remove resources.
• Verify that the resources have been successfully removed from both the system and the Terraform state file.

We will work with a simple local_file resource, which allows us to focus on the Terraform workflow without needing cloud provider credentials.

Confirm current project state

Before we begin with the destruction process, let's first verify the current state of our Terraform project. This will help you understand what resources are currently managed by Terraform.

Run the following commands to check the current project state:

First, let's list the files in the project directory:

ls -la

You should see output similar to the following:

total 20
drwxr-xr-x 1 labex labex  110 Oct 15 13:10 .
drwxr-x--- 1 labex labex 4096 Oct 15 13:10 ..
drwxr-xr-x 3 labex labex   23 Oct 15 13:07 .terraform
-rw-r--r-- 1 labex labex 1181 Oct 15 13:07 .terraform.lock.hcl
-rwxrwxr-x 1 labex labex   45 Oct 15 13:10 example.txt
-rw-rw-r-- 1 labex labex  258 Oct 15 13:10 main.tf
-rw-rw-r-- 1 labex labex 1088 Oct 15 13:10 terraform.tfstate

This shows the main.tf file and the terraform.tfstate file that were created by the setup script, along with the example.txt file that was created when the Terraform configuration was applied.

Next, let's check the current Terraform state:

terraform show

You should see output similar to the following:

## local_file.example:
resource "local_file" "example" {
    content              = "This is an example file managed by Terraform."
    directory_permission = "0777"
    file_permission      = "0777"
    filename             = "./example.txt"
    id                   = "ec3adcab998872def2df6200fb03992ac6f237a4"
}

This displays information about the local_file.example resource that is currently managed by Terraform.

Run terraform plan -destroy to preview

In this step, you will learn how to generate a speculative destruction plan. Before destroying any resources, it's a best practice to preview exactly what Terraform intends to do. This prevents accidental deletion of critical infrastructure. The terraform plan -destroy command creates an execution plan that shows which resources will be destroyed, without actually performing the destruction.

All your work will be done in the ~/project directory. The setup script has already created a main.tf file and applied it, creating a file named example.txt.

Now, run the following command in your terminal to see the destruction plan:

terraform plan -destroy

You will see output similar to the following. This output details the plan to destroy the one resource managed by our configuration.

local_file.example: Refreshing state... [id=ec3adcab998872def2df6200fb03992ac6f237a4]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  ## local_file.example will be destroyed
  - resource "local_file" "example" {
      - content              = "This is an example file managed by Terraform." -> null
      - directory_permission = "0777" -> null
      - file_permission      = "0777" -> null
      - filename             = "./example.txt" -> null
      - id                   = "ec3adcab998872def2df6200fb03992ac6f237a4" -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.

────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Confirm destruction plan output

In this step, we will analyze the output from the previous command. Understanding the plan is crucial for using Terraform safely.

Look at the output from terraform plan -destroy. Notice these key elements:

1. Resource Action: The line ## local_file.example will be destroyed clearly states the intended action. The - symbol in front of resource "local_file" "example" is Terraform's notation for destruction. Any line prefixed with - indicates something will be removed.

2. Attribute Changes: The output shows all the attributes of the resource and indicates they will be changed to null, which signifies deletion. For example: - filename = "./example.txt" -> null.

3. Plan Summary: The final line, Plan: 0 to add, 0 to change, 1 to destroy., provides a high-level summary of the entire plan. This is the most important line to check for a quick confirmation of the planned actions.

By reviewing this plan, you can be confident that only the local_file.example resource will be affected. This confirmation step is vital in real-world scenarios where a misconfiguration could lead to the unintended destruction of important resources. There are no commands to run in this step; it is focused on understanding the process.

Run terraform destroy to remove resources

In this step, you will execute the destruction plan. Now that you have reviewed the plan and are confident about the changes, you can proceed with the actual destruction.

The terraform destroy command will first present the same destruction plan for a final review and then prompt you for confirmation before proceeding.

Run the following command in your terminal:

terraform destroy

Terraform will display the plan again and ask for your approval.

local_file.example: Refreshing state... [id=ec3adcab998872def2df6200fb03992ac6f237a4]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  ## local_file.example will be destroyed
  - resource "local_file" "example" {
      - content              = "This is an example file managed by Terraform." -> null
      - directory_permission = "0777" -> null
      - file_permission      = "0777" -> null
      - filename             = "./example.txt" -> null
      - id                   = "ec3adcab998872def2df6200fb03992ac6f237a4" -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value:

To confirm the destruction, type yes and press Enter.

yes

After you confirm, Terraform will proceed with destroying the resource and will output the progress.

local_file.example: Destroying... [id=ec3adcab998872def2df6200fb03992ac6f237a4]
local_file.example: Destruction complete after 0s

Destroy complete! Resources: 1 destroyed.

This confirms that the local_file resource has been successfully destroyed.

Verify file removed from filesystem

In this step, you will verify that the resource destruction had the intended effect on the system. Since our resource was a local file named example.txt, destroying the resource should have deleted this file from the filesystem.

You can verify this by trying to list the file using the ls command.

Run the following command in your terminal:

ls example.txt

Since the file has been deleted, the command will fail and you will see an error message from the operating system. This error is the expected outcome and confirms that the resource was successfully destroyed.

ls: cannot access 'example.txt': No such file or directory

This verification step is important because it confirms that Terraform's actions in the state file are reflected in the real world.

Check empty terraform.tfstate file

In this step, you will inspect the Terraform state file (terraform.tfstate) to see how it reflects the resource destruction. The state file is a JSON file that keeps track of the resources managed by Terraform and their current state.

After all resources in a configuration are destroyed, the state file is not deleted. Instead, it is updated to reflect that it is no longer managing any resources. The resources array within the state file will become empty.

Let's examine the contents of the state file. Use the cat command to display it:

cat terraform.tfstate

The output will be a JSON object. Notice that the resources key now points to an empty array [].

{
  "version": 4,
  "terraform_version": "1.13.3",
  "serial": 3,
  "lineage": "f25aaab8-c186-2b16-1bae-fe9ba25f81e4",
  "outputs": {},
  "resources": [],
  "check_results": null
}

This confirms from Terraform's perspective that there are no more resources under its management for this configuration. The state is now clean.

Summary

Congratulations on completing the lab! You have successfully walked through the process of destroying infrastructure managed by Terraform.

In this lab, you learned:

• The importance of previewing changes with terraform plan -destroy to prevent accidental deletions.
• How to read and understand a destruction plan, paying attention to the summary and resource-level changes.
• How to execute the destruction of resources using the terraform destroy command and the required confirmation step.
• How to verify that a resource has been successfully destroyed by checking both the real-world system and the Terraform state file (terraform.tfstate).

Mastering the destroy workflow is just as important as mastering resource creation. It ensures you can manage the full lifecycle of your infrastructure cleanly and safely.