Is terraform destroy needed before terraform apply?

Question

Is terraform destroy needed before terraform apply? If not, what is a workflow you follow when updating existing infrastructure and how do you decide if destroy is needed?

Answer 1

No terraform destroy is not needed before terraform apply.

Your Terraform configuration (*.tf and *.tfvars files) describes the desired state of your infrastructure. It says "this is how I want my infrastructure to be."

You use the terraform tool to plan and apply changes to get your infrastructure into the desired state you have described. You can make those changes incrementally without destroying anything.

A typical workflow might be:

• make changes to .tf and .tfvars files
• refresh state
• plan changes
• review the planned changes
• apply those changes

If you wanted to completely destroy that infrastructure you'd use terraform plan -destroy to see what Terraform intends to destroy. If you are happy with that you'd then use terraform destroy to destroy it.

Typically, destroy is rarely used, unless you are provisioning infrastructure for a temporary purpose (e.g., builds) or testing your ability to provision from a clean slate with different parameters. Even then, you could use a count parameter on resources to temporarily provision resources by increasing the count, then decreasing it again when no longer needed.

Answer 2

More comments after @mwielbut's answer.

Instead of option apply + destroy, you need to run terraform with option taint + apply

Normally we don't need run terraform destroy at all. It is a really dangerous option, especially for a production environment.

with option plan and apply, it is good enough to update the infrastructure with code.

But if you do need to destroy some resources and re-build something which is already created, you can use the option of taint, which is the right answer for your question, it is so important and missed in @mwielbut's answer.

The terraform taint command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply.

This command will not modify infrastructure but does modify the state file in order to mark a resource as tainted. Once a resource is marked as tainted, the next plan will show that the resource will be destroyed and recreated and the next apply will implement this change.

Refer:

command taint: https://www.terraform.io/docs/commands/taint.html

a sample of option taint: https://www.terraform.io/docs/modules/usage.html

Answer 3

Terraform destroy destroys all the resources and it is not required if you want to apply incremental changes. Destroy should be only used if you want to destroy the whole infrastructure.

Answer 4

No need to use the destroy command before apply. as long as you are in testing period you can use destroy command or destroy the complete infra you can use destroy command

You can use below flow

terraform init terraform plan terraform apply

if you made any manual changes that needs to update in your state file, use below command to update the state file.

Terrafrom refresh

Answer 5

You don't need to run to terraform destroy . If you have made any changes to you infrastructure, [added/ removed a resource], on next terraform plan & terraform apply, the changes will be reflected automatically

Answer 6

Terraform apply always refreshes the Terraform state, so if you change anything, it auto recognizes the changes, lets say you've updated your NSG rules, added new VM, deleted old VM, so when you run terraform apply again, your old state gets updated with the new state where you've Added/Updated/Deleted.

If you use terraform destroy, it just kills the entire state and you'll be back to the new state if you are running terraform apply.

You need to use terraform destroy only if you think you just want to bring down your infrastructure and you don't really need it.

For minor - major changes like Adding Components, Updating Rules, Deleting other things, you can use plan and apply without any problem.

Answer 7

Simply NO.

You don't need to run terraform apply before terraform destroy? Your terraform (.tf) files describe the state of your infrastructure.

terraform apply always refresh your infrastructure. And it identifies the state of infrastructure and updates it.

terraform destroy only use is to bring down and completely wipe down your infrastructure. (You have to think twice before using it) you can use terraform plan and terraform refresh to ensure the state of the infrastructure.

Answer 8

You could always manually destroy your instances, after only running your terraform apply. Then when you run terraform apply it will create brand new instances without the terraform destroy.

Answer 9

No! you don't need to run terraform destroy when you need a modification of resources! This is the beauty of Infra-as-Code.

Here are some more details on Terraform init, plan, apply and destroy -

1. terraform init command is used to initialize a working directory containing Terraform configuration files. This is the first command that should be run after writing a new Terraform configuration or cloning an existing one from version control. It is safe to run this command multiple times.

2. terraform plan command creates an execution plan. By default, creating a plan consists of: a) Reading the current state of any already-existing remote objects to make sure that the Terraform state is up-to-date. b) Comparing the current configuration to the prior state and noting any differences. c) Proposing a set of change actions that should, if applied, make the remote objects match the configuration.

3. terraform apply command executes the actions proposed in a Terraform plan. (you can do an apply without plan however it's not a best practice)

4. terraform destroy command is a convenient way to destroy all remote objects managed by a particular Terraform configuration.

Answer 10

Core Terraform workflows: The core Terraform workflow has five steps:

Write - Author infrastructure as code.

Terraform init - it’ll automatically download and install partner and community provider directly to the local disk so that it can be used by other commands Plugin_Installation, Backend_Initialization, ChildModule_Installation and Community and third party plugin

Terraform plan - Preview changes before applying.

Terraform Apply - Provision reproducible infrastructure.

Terraform destroy - It will destroy your infrastructure.