Open in app

Sign in

Write

Sign in

Terraform Cloud Project Bootcamp with Andrew Brown — terraform destroy and terraform.tfstate

Gwen Leigh
3 min readSep 26, 2023

--

This micro shorticle is part of Terraform learning journey following Andrew Brown’s Terraform Cloud Project Beginner Bootcamp.

If you are interested in learning Terraform, you can find the completely free video playlist of the Terraform Bootcamp. This Camp is designed and brought to life by the ExamPro team, Andrew Brown and Andrew Bayko.

Just to view the photos and code, jump to:

terraform.tfstate, the terraform state file which gets autogenerated once you terraform apply is the file that contains the current state of your cloud resources and the provisioning. This state file is dynamic, in the sense that the file gets updated in real time — it gets filled with metadata of your cloud resources when they are up and running via terraform apply, and it gets pretty much empty when there are no provisioned resources running (as a result of terraform destroy).

terraform.tfstate after terraform apply

Currently there is a running bucket on AWS cloud. So all its metadata is stored in terraform’s backend state file which is the terraform.tfstate.

My sample terraform.tfstate file which does no more than provisioning just one bucket. The file got populated with the provisioned resources’ metadata.

{
  "version": 4,
  "terraform_version": "1.5.7",
  "serial": 13,
  "lineage": "a822d3ac-...",
  "outputs": {
    "random_bucket_name_result": {
      "value": "28ucgpk9...",
      "type": "string"
    }
  },
  "resources": [
    {
      "mode": "managed",
      "type": "aws_s3_bucket",
      "name": "example",
      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "acceleration_status": "",
            "acl": null,
            "arn": "arn:aws:s3:::28ucgpk9...",
            "bucket": "28ucgpk9...",
            "bucket_domain_name": "28ucgpk9....s3.amazonaws.com",
            "bucket_prefix": "",
            "bucket_regional_domain_name": "28ucgpk9....s3.us-east-1.amazonaws.com",
            "cors_rule": [],
            "force_destroy": false,
            "grant": [
              {
                "id": "af611d02a463bb927d3d6390ea18e20b0d528b733e90d368c207fd28cf2f696e",
                "permissions": [
                  "FULL_CONTROL"
                ],
                "type": "CanonicalUser",
                "uri": ""
              }
            ],
            "hosted_zone_id": "...",
            "id": "28ucgpk9...",
            "lifecycle_rule": [],
            "logging": [],
            "object_lock_configuration": [],
            "object_lock_enabled": false,
            "policy": "",
            "region": "us-east-1",
            "replication_configuration": [],
            "request_payer": "BucketOwner",
            "server_side_encryption_configuration": [
              {
                "rule": [
                  {
                    "apply_server_side_encryption_by_default": [
                      {
                        "kms_master_key_id": "",
                        "sse_algorithm": "AES256"
                      }
                    ],
                    "bucket_key_enabled": false
                  }
                ]
              }
            ],
            "timeouts": null,
            "versioning": [
              {
                "enabled": false,
                "mfa_delete": false
              }
            ],
          },
        }
      ]
    },
    {
      "mode": "managed",
      "type": "random_string",
      "name": "bucket_name",
      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
      "instances": [
        {
          "schema_version": 2,
          "attributes": {
            "id": "28ucgpk9...",
            "keepers": null,
            "length": 16,
            "lower": true,
            "min_lower": 0,
            "min_numeric": 0,
            "min_special": 0,
            "min_upper": 0,
            "number": true,
            "numeric": true,
            "override_special": null,
            "result": "28ucgpk9...",
            "special": false,
            "upper": false
          },
          "sensitive_attributes": []
        }
      ]
    }
  ],
  "check_results": null
}

terraform.tfstate after terraform destroy

terraform destroy is the best way, and the cleanest way to take down your running resources that have been provisioned using terraform. Manual destruction also does the job, but it is prone to human errors, which often directly translates to your bill at the end of the month. If you want to avoid surprises, run terraform destroy. If you want to double check it, go check your .tfstate file which is good evidence of your current terraform state.

{
  "version": 4,
  "terraform_version": "1.5.7",
  "serial": 16,
  "lineage": "a822...",
  "outputs": {},
  "resources": [],
  "check_results": null
}

Terraform Cloud

Terraform Cloud is a web platform where you can manage the terraform backend states in ther cloud storage. This is the best way to secure your sensitive backend data remotely while freeing yourself from having to manage it locally in a local server.

You can open an account here: app.terraform.io/

The design originally from and by Andrew Brown. But his original lucid chart link is not available yet so I just made a copy myself :D

Resources

Terraform
AWS
Automation
Terraform Cloud
Provisioning

--

--

Gwen Leigh
Gwen Leigh

Written by Gwen Leigh

144 Followers
55 Following

Cloud Engineer to be. Actively building my profile, network and experience in the cloud space. .

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams