Does terraform need origial code to run terraform destroy?
i am deploying aws terraform into new aws accounts per client. My terraform is continuously evolving, and it seems when i want to destroy, i need the original terraform code to destroy?
I was hoping if i have access to backend s3 state, then by pointing to that backend and running terraform destroy(from anywhere, without having the original terraform, just having terragform binary), it should destroy everything. This seems to work most of the time. But for one of my infras i get this error:
Error: Provider configuration not present
│
│ To work with module.s3Module.aws_s3_bucket.this (orphan) its original
│ provider configuration at
│ module.s3Module.provider["registry.terraform.io/hashicorp/aws"] is
│ required, but it has been removed. This occurs when a provider
│ configuration is removed while objects created by that provider still exist
│ in the state. Re-add the provider configuration to destroy
│ module.s3Module.aws_s3_bucket.this (orphan), after which you can remove the
│ provider configuration again
I am able to successfully destroy infra if i run destroy using the original terraform code, but this should be a common problem i am thinking. While my code is versioned and i can run destroy using the original version, i feel it should be more convinient than this. What am i missing?
Is there a way to get around this problem?
Lets say i deployed terraform code version v1.0, but my latest code is version v3.0 and i want to run destroy that doesnt depend on those versions. I created a gitlab pipeline that points to required s3 backend and runs destroy. this works most of the time but sometimes it complains about providers.
Short answer - yes. Terraform commands are executed against Terraform code, not against state files. State files are noting more then a "by-product" used to track the latest applied configuration.
Long answer - probably not necessarily. While I have no experience with your particular need (although I did have to manually update my state files on more then 1 occasion), quick Google search led me to this answer: https://discuss.hashicorp.com/t/destroying-resources-with-state-file-only/31833/3
There are different 2 approaches mentioned in the above forum post. I'd personally be probably more inclined to use the seconds mentioned approach of simply creating an empty main.tf file configured to use your backend (where your state file lays) and run the destroy command agains this empty TF config.
To quote the mentioned post:
To make it simple for future reference. Just create a terraform configuration with a local backend pointing to that state file. E.g.
In main.tf:
terraform { backend "local" { path="your_statefile_here.json" } }You can hopefully then terraform init and terraform destroy as usual.