{"id":12945,"date":"2020-04-21T13:40:19","date_gmt":"2020-04-21T13:40:19","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=12945"},"modified":"2021-11-12T05:39:45","modified_gmt":"2021-11-12T05:39:45","slug":"terraform-taint-and-untaint-explained-with-example-programs-and-tutorials","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/terraform-taint-and-untaint-explained-with-example-programs-and-tutorials\/","title":{"rendered":"Terraform taint and untaint explained with example programs and tutorials"},"content":{"rendered":"\n<p><strong>What is meaning of taint?<\/strong><\/p>\n\n\n\n<p>a trace of a bad or undesirable substance or quality.<\/p>\n\n\n\n<p><strong>What is tainted?<\/strong><\/p>\n\n\n\n<p>spoiled; damaged in quality, taste, or value:<\/p>\n\n\n\n<p><strong>What is Terraform taint?<\/strong><\/p>\n\n\n\n<p>The terraform taint command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply.<\/p>\n\n\n\n<p><strong>Use case of Terraform taint?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It could use it to something like re-creating an EC2 instance if someone logged in and made some manual changes.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>Use taint mostly to force rolling deploys of ASGs for webservices when tf wouldn&#8217;t normally require it.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>Can use it to force a rebuild of certain resources without doing a full destroy &#8211; though usually only during development phase. A full build might take 20-30 mins where we want to test a single update.<\/li><\/ul>\n\n\n\n<p><strong>Behaviours of terraform taint<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>This command will not modify infrastructure, but does modify the state file in order to mark a resource as tainted.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>Once a resource is marked as tainted, the next plan will show that the resource will be destroyed and recreated and the next apply will implement this change.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>Forcing the recreation of a resource is useful when you want a certain side effect of recreation that is not visible in the attributes of a resource. For example: re-running provisioners will cause the node to be different or rebooting the machine from a base image will cause new startup scripts to run.<\/li><\/ul>\n\n\n\n<p><strong>Failed Provisioners and Tainted Resources<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>If a resource successfully creates but fails during provisioning, Terraform will error and mark the  resource as &#8220;tainted&#8221;. A resource that is tainted has been physically created, but can&#8217;t be considered safe to use since provisioning failed.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>When you generate your next execution plan, Terraform will not attempt to restart provisioning on the same resource because it isn&#8217;t guaranteed to be safe. Instead, Terraform will remove any tainted resources and create new resources, attempting to provision them again after creation.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>Terraform also does not automatically roll back and destroy the resource during the apply when the failure happens, because that would go against the execution plan: the execution plan would&#8217;ve said a resource will be created, but does not say it will ever be deleted. If you create an execution plan with a tainted resource, however, the plan will clearly state that the resource will be destroyed because it is tainted.<\/li><\/ul>\n\n\n\n<p><strong>Manually Tainting Resources<\/strong><\/p>\n\n\n\n<p>In cases where you want to manually destroy and recreate a resource, Terraform has a built in taint function in the CLI. This command will not modify infrastructure, but does modify the state file in order to mark a resource as tainted. Once a resource is marked as tainted, the next plan will show that the resource will be destroyed and recreated and the next apply will implement this change.<\/p>\n\n\n\n<p><strong>To taint a resource, use the following command:<\/strong><\/p>\n\n\n\n<script src=\"https:\/\/gist.github.com\/devops-school\/5f7d4d77af506b3d45f1fcbd0f0333e8.js\"><\/script>\n\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_52460\"><figure class=\"wp-block-embed wp-block-embed-youtube is-type-video is-provider-youtube epyt-figure\"><div class=\"wp-block-embed__wrapper\"><iframe loading=\"lazy\"  id=\"_ytid_29854\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_52460\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><\/div><\/figure><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>What is meaning of taint? a trace of a bad or undesirable substance or quality. What is tainted? spoiled; damaged in quality, taste, or value: What is&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[5129],"tags":[],"class_list":["post-12945","post","type-post","status-publish","format-standard","hentry","category-terraform"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/12945","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=12945"}],"version-history":[{"count":3,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/12945\/revisions"}],"predecessor-version":[{"id":24865,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/12945\/revisions\/24865"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=12945"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=12945"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=12945"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}