2015-02-26 19:37:08 +01:00
|
|
|
---
|
|
|
|
layout: "docs"
|
|
|
|
page_title: "Command: taint"
|
|
|
|
sidebar_current: "docs-commands-taint"
|
|
|
|
description: |-
|
|
|
|
The `terraform taint` command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply.
|
|
|
|
---
|
|
|
|
|
|
|
|
# Command: taint
|
|
|
|
|
|
|
|
The `terraform taint` command manually marks a Terraform-managed resource
|
|
|
|
as tainted, forcing it to be destroyed and recreated on the next apply.
|
|
|
|
|
|
|
|
This command _will not_ modify infrastructure, but does modify the
|
|
|
|
state file in order to mark a resource as tainted. Once a resource is
|
|
|
|
marked as tainted, the next
|
|
|
|
[plan](/docs/commands/plan.html) will show that the resource will
|
|
|
|
be destroyed and recreated and the next
|
|
|
|
[apply](/docs/commands/apply.html) will implement this change.
|
|
|
|
|
|
|
|
Forcing the recreation of a resource is useful when you want a certain
|
|
|
|
side effect of recreation that is not visible in the attributes of a resource.
|
|
|
|
For example: re-running provisioners will cause the node to be different
|
|
|
|
or rebooting the machine from a base image will cause new startup scripts
|
|
|
|
to run.
|
|
|
|
|
|
|
|
Note that tainting a resource for recreation may affect resources that
|
|
|
|
depend on the newly tainted resource. For example, a DNS resource that
|
|
|
|
uses the IP address of a server may need to be modified to reflect
|
|
|
|
the potentially new IP address of a tainted server. The
|
|
|
|
[plan command](/docs/commands/plan.html) will show this if this is
|
|
|
|
the case.
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
2019-06-04 00:36:38 +02:00
|
|
|
Usage: `terraform taint [options] address`
|
2015-02-26 19:37:08 +01:00
|
|
|
|
2019-06-04 00:36:38 +02:00
|
|
|
The `address` argument is the address of the resource to mark as tainted.
|
2019-11-09 01:25:36 +01:00
|
|
|
The address is in
|
|
|
|
[the resource address syntax](/docs/internals/resource-addressing.html) syntax,
|
|
|
|
as shown in the output from other commands, such as:
|
2019-08-20 01:23:30 +02:00
|
|
|
|
2019-06-04 00:36:38 +02:00
|
|
|
* `aws_instance.foo`
|
|
|
|
* `aws_instance.bar[1]`
|
2019-10-28 18:04:38 +01:00
|
|
|
* `aws_instance.baz``[\"key\"]` (quotes in resource addresses must be escaped on the command line, so that they are not interpreted by your shell)
|
2019-09-19 19:40:29 +02:00
|
|
|
* `module.foo.module.bar.aws_instance.qux`
|
2015-02-26 19:37:08 +01:00
|
|
|
|
|
|
|
The command-line flags are all optional. The list of available flags are:
|
|
|
|
|
2015-02-26 19:56:45 +01:00
|
|
|
* `-allow-missing` - If specified, the command will succeed (exit code 0)
|
|
|
|
even if the resource is missing. The command can still error, but only
|
|
|
|
in critically erroneous cases.
|
|
|
|
|
2015-02-26 19:37:08 +01:00
|
|
|
* `-backup=path` - Path to the backup file. Defaults to `-state-out` with
|
|
|
|
the ".backup" extension. Disabled by setting to "-".
|
|
|
|
|
2017-04-04 19:48:59 +02:00
|
|
|
* `-lock=true` - Lock the state file when locking is supported.
|
|
|
|
|
|
|
|
* `-lock-timeout=0s` - Duration to retry a state lock.
|
|
|
|
|
2015-02-26 19:37:08 +01:00
|
|
|
* `-state=path` - Path to read and write the state file to. Defaults to "terraform.tfstate".
|
2017-03-15 18:20:26 +01:00
|
|
|
Ignored when [remote state](/docs/state/remote.html) is used.
|
2015-02-26 19:37:08 +01:00
|
|
|
|
|
|
|
* `-state-out=path` - Path to write updated state file. By default, the
|
2016-08-08 02:59:28 +02:00
|
|
|
`-state` path will be used. Ignored when
|
2017-03-15 18:20:26 +01:00
|
|
|
[remote state](/docs/state/remote.html) is used.
|
2017-08-22 20:47:30 +02:00
|
|
|
|
|
|
|
## Example: Tainting a Single Resource
|
|
|
|
|
|
|
|
This example will taint a single resource:
|
|
|
|
|
|
|
|
```
|
|
|
|
$ terraform taint aws_security_group.allow_all
|
2019-08-28 19:47:14 +02:00
|
|
|
The resource aws_security_group.allow_all in the module root has been marked as tainted.
|
2017-08-22 20:47:30 +02:00
|
|
|
```
|
|
|
|
|
2019-10-24 21:53:45 +02:00
|
|
|
## Example: Tainting a single resource created with for_each
|
|
|
|
|
|
|
|
This example will taint a single resource created with for_each:
|
|
|
|
|
|
|
|
```
|
2020-10-05 23:43:32 +02:00
|
|
|
$ terraform taint 'module.route_tables.azurerm_route_table.rt["DefaultSubnet"]'
|
2019-10-24 21:53:45 +02:00
|
|
|
The resource module.route_tables.azurerm_route_table.rt["DefaultSubnet"] in the module root has been marked as tainted.
|
|
|
|
```
|
|
|
|
|
2020-10-05 23:43:32 +02:00
|
|
|
~> Note: In most `sh` compatible shells, double quotes and spaces can be
|
|
|
|
escaped by wrapping the argument in single quotes. This however varies between
|
|
|
|
other shells and operating systems, and users should use the appropriate escape
|
|
|
|
characters based on the applicable quoting rules for their shell to pass the
|
|
|
|
address string, including quotes, to Terraform.
|
2019-10-24 21:53:45 +02:00
|
|
|
|
2017-08-22 20:47:30 +02:00
|
|
|
## Example: Tainting a Resource within a Module
|
|
|
|
|
|
|
|
This example will only taint a resource within a module:
|
|
|
|
|
|
|
|
```
|
2019-06-04 00:36:38 +02:00
|
|
|
$ terraform taint "module.couchbase.aws_instance.cb_node[9]"
|
2019-08-28 19:47:14 +02:00
|
|
|
Resource instance module.couchbase.aws_instance.cb_node[9] has been marked as tainted.
|
2017-08-22 20:47:30 +02:00
|
|
|
```
|
2019-11-09 01:25:36 +01:00
|
|
|
|
|
|
|
Although we recommend that most configurations use only one level of nesting
|
|
|
|
and employ [module composition](/docs/modules/composition.html), it's possible
|
|
|
|
to have multiple levels of nested modules. In that case the resource instance
|
|
|
|
address must include all of the steps to the target instance, as in the
|
|
|
|
following example:
|
|
|
|
|
|
|
|
```
|
|
|
|
$ terraform taint "module.child.module.grandchild.aws_instance.example[2]"
|
|
|
|
Resource instance module.child.module.grandchild.aws_instance.example[2] has been marked as tainted.
|
|
|
|
```
|