In the world of IT, the provision and management of infrastructure components have become more complex as technology advancements. A simple example is cloud computing. With the arrival of this concept, individuals and organizations increasingly started to use and adapt to cloud-based technologies and solutions.
Since the usage of cloud resources has increased, provisioning and managing these components became complex, and as a solution, Infrastructure as Code tools were introduced. Using IaC tools, we can automate the above-discussed process through a code.
Terraform is a popular and widely-used IaC tool that uses a simple syntax to declare resources in a configuration file using HCL (HashiCorp Configuration Language). This article will discuss one of its main features, the Destroy command.
Firstly, let’s see what destroying resources in Terraform is.
Destroying resources in Terraform
In Terraform, we use the ‘terraform apply’ command to apply the configurations and related changes we declared in our configuration file. Sometimes, some resources are no longer required to manage. On such occasions, we need to remove them safely.
Let’s understand this through some examples.
Scenario 1: Assume that we have provisioned two Amazon EC2 instances. After several months of use, we understand that only one instance is enough to handle our workload. So we can remove the desired instance from our infrastructure.
Scenario 2: Let’s say that there is a set of resources that do some critical tasks. Before provisioning them in the production environment, we need to conduct some tests in a testing environment. So, after testing them, we have decided to provision them in the production environment. Also, we must delete them from the testing environment as well.
As you can see in the above scenarios, there are situations where we need to remove unnecessary resources. Some common cases are listed below.
- When a user wants to remove a specific resource from the infrastructure.
- When a user wants to remove all the resources from the infrastructure.
There are other situations, but these are the most popular use cases. So removing these resources is called destroying the Terraform resources. But someone can say, Why do we remove them? We can keep them even if they are not utilized.
Next, we see the importance of destroying Terraform resources.
Why do we need to destroy Terraform resources?
Let’s see some adverse effects that can happen when we fail to delete the resources.
Firstly, the cost of provisioning and managing infrastructure resources such as cloud resources can be high. In the first scenario, there are two EC2 instances; we need to remove one because we do not need it. If we do not delete it, it will remain running without any workload, which leads to cost increments.
Same as for the second scenario. The final cost will also include the cost of the resources in the testing environment, even if they are not utilized.
Another effect is increased security risks. When resources are not utilized, they are much more likely to be opened to cyber attackers. They can gain unauthorized access to these resources and perform unwanted and malicious operations, such as accessing sensitive data.
So, removing the unwanted and non-utilized resources from the infrastructure is crucial.
Terraform Destroy command
‘terraform destroy’ is a command provided by Terraform that we can use to destroy resources in our IT infrastructure. The syntax for the destroy command is as follows.
$ terraform destroyWhen using the destroy command, there are several options we can use along with it.
‘-target‘: This option can destroy a specific resource from our infrastructure. For example, we can use this option for the earlier discussed first scenario where we remove only one EC2 instance. Below is a sample code for using this option.
$ terraform destroy -target.aws_instance.myServer‘-auto-approve‘: After executing the ‘terraform destroy’ command, it asks for our confirmation before destroying the resources. So when prompted, we have to type “Yes” and hit enter. With this option, we can automate this process and skip the confirmation. Below is a sample code for using this option with the ‘terraform destroy’ command.
$ terraform destroy -auto-approve‘-var‘ and ‘-var-file‘: We can use these options when we interact with the variables. ‘-var’ is used to set the value for a variable upon executing the destroy command. ‘-var-file’ is used to define the path for the variable file if there is any.
$ terraform destroy -var="s3bucket_count=5"
$ terraform destroy -var-file="path/to/your/varfile/variables.tf"Besides these options, we can use ‘-backup,’ ‘-refresh,’ ‘-force,’ etc. which provide various features.
Let’s review some examples of using the ‘terraform destroy’ command.
Example: Destroying a specific resource from the infrastructure.
Let’s say that we have two text files called ‘myPet.txt’ and ‘myFriend.txt’ in our system, and they were created by a terraform configuration file performing the Terraform workflow: terraform init, plan, and apply.
resource "local_file" "myPet" {
filename = "path/to/your/file/myPet.txt"
content = "I have a dog and its name is Sam"
}
resource "local_file" "myFriend" {
filename = "path/to/your/file/myFriend.txt"
content = "I have a friend and his name is John"
}
$ terraform init
$ terraform plan
$ terraform applyBoth files have some text as the information, but we have decided to remove the ‘myPet.txt’ file from our system.
Since we are destroying a specific resource, we can use the ‘-target’ option with the ‘terraform destroy’ command. Refer to the below code.
$ terraform destroy -target=local_file.myPetAs shown in the above output, we can see a plan showing the resources that will be deleted. Below the plan, we can see Terraform asking for our confirmation. We can type “Yes” and hit enter. Below is the output.
As you can see, the ‘myPet.txt’ file has been successfully destroyed.
Let’s say instead of destroying only the ‘myPet.txt’ file, we need to delete both of them at the same time. Also, we need to skip the confirmation. We can use the below code.
$ terraform destroy -auto-approveAs shown in above, we have used the -auto-approve option to skip the confirmation. After the execution, we can get the below output.
As shown above, we have used the -auto-approve option to skip the confirmation. After the execution, we can get the below output.
Conclusion
As we learned in this article, destroying unnecessary resources from the infrastructure is crucial as it supports cost optimization and helps us to avoid risks related to infrastructure security. We discussed the importance of it with some examples, the syntax of the terraform destroy command, and some options we can use. Finally, we looked at a simple example of efficiently utilizing the terraform destroy command.
So it is our responsibility to utilize this valuable feature and get maximum benefits from it.