Bird
Raised Fist0
Terraformcloud~5 mins

Terraform apply -replace flag - Commands & Configuration

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction
Sometimes you want to force Terraform to destroy and recreate a specific resource without changing the rest of your infrastructure. The -replace flag helps you do exactly that during the apply step.
When a resource is stuck in a bad state and you want to recreate it without affecting others.
When you want to update a resource that requires replacement but don't want to change your whole plan.
When debugging infrastructure issues by recreating a single resource.
When a resource's configuration changed outside Terraform and you want to sync by recreating it.
When you want to test changes on a resource by forcing its replacement safely.
Config File - main.tf
main.tf
terraform {
  required_version = ">= 1.5.0"
}

provider "aws" {
  region = "us-east-1"
}

resource "aws_s3_bucket" "example_bucket" {
  bucket = "example-terraform-replace-flag"
  acl    = "private"
}

This Terraform configuration creates a simple AWS S3 bucket named "example-terraform-replace-flag" in the us-east-1 region. The terraform block ensures the Terraform version is 1.5.0 or newer, which supports the -replace flag.

The aws_s3_bucket resource defines the bucket with private access.

Commands
Initializes the Terraform working directory, downloads provider plugins, and prepares the environment.
Terminal
terraform init
Expected OutputExpected
Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure.
Applies the Terraform configuration to create the S3 bucket without asking for confirmation.
Terminal
terraform apply -auto-approve
Expected OutputExpected
aws_s3_bucket.example_bucket: Creating... aws_s3_bucket.example_bucket: Creation complete after 3s [id=example-terraform-replace-flag] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
-auto-approve - Skips interactive approval before applying changes.
Forces Terraform to destroy and recreate the S3 bucket resource while leaving other resources untouched.
Terminal
terraform apply -replace=aws_s3_bucket.example_bucket -auto-approve
Expected OutputExpected
aws_s3_bucket.example_bucket: Destroying... [id=example-terraform-replace-flag] aws_s3_bucket.example_bucket: Destruction complete after 2s aws_s3_bucket.example_bucket: Creating... aws_s3_bucket.example_bucket: Creation complete after 3s [id=example-terraform-replace-flag] Apply complete! Resources: 1 added, 0 changed, 1 destroyed.
-replace - Specifies the resource to force replace.
-auto-approve - Skips confirmation prompt.
Lists all resources currently tracked in the Terraform state to verify the resource exists after replacement.
Terminal
terraform state list
Expected OutputExpected
aws_s3_bucket.example_bucket
Key Concept

If you remember nothing else from this pattern, remember: the -replace flag forces Terraform to destroy and recreate a specific resource during apply without affecting others.

Common Mistakes
Using -replace with an incorrect resource address.
Terraform will error because it cannot find the resource to replace.
Use the exact resource address as shown in terraform state list, including module paths if any.
Forgetting to use -auto-approve and expecting no prompt.
Terraform will pause and wait for manual confirmation, blocking automation.
Add -auto-approve to skip confirmation when running in scripts or automation.
Expecting -replace to update the resource without destroying it.
-replace always destroys and recreates the resource, which may cause downtime or data loss.
Use -replace only when you want a full replacement; otherwise, update configuration normally.
Summary
Initialize Terraform with terraform init to prepare the environment.
Apply the configuration normally with terraform apply to create resources.
Use terraform apply -replace=resource_address to force recreate a specific resource.
Verify the resource state with terraform state list after replacement.

Practice

(1/5)
1. What does the -replace flag do when used with terraform apply?
easy
A. Only plans changes without applying them
B. Skips the creation of new resources
C. Forces Terraform to destroy and recreate a specific resource
D. Updates all resources without destroying any

Solution

  1. Step 1: Understand the purpose of the -replace flag

    The -replace flag tells Terraform to destroy and recreate a specific resource during apply.

  2. Step 2: Compare with other apply behaviors

    Normally, Terraform updates resources in place if possible, but -replace forces full replacement of the targeted resource.

  3. Final Answer:

    Forces Terraform to destroy and recreate a specific resource -> Option C

  4. Quick Check:

    -replace flag = force resource replacement [OK]
Hint: Remember: -replace means rebuild that resource only [OK]
Common Mistakes:
  • Thinking -replace updates resources in place
  • Confusing -replace with plan-only mode
  • Assuming it affects all resources
2. Which of the following is the correct syntax to replace a resource named aws_instance.example using Terraform apply?
easy
A. terraform apply -replace=aws_instance.example
B. terraform apply --replace aws_instance.example
C. terraform apply -replace aws_instance.example
D. terraform apply -replace=aws_instance.example.id

Solution

  1. Step 1: Recall the correct flag syntax

    The correct syntax uses an equals sign with the resource address: -replace=resource_address.

  2. Step 2: Check the resource address format

    The resource address is aws_instance.example, so the correct command is terraform apply -replace=aws_instance.example.

  3. Final Answer:

    terraform apply -replace=aws_instance.example -> Option A

  4. Quick Check:

    Correct syntax uses '=' with resource address [OK]
Hint: Use '=' directly after -replace with resource name [OK]
Common Mistakes:
  • Using space instead of '=' after -replace
  • Adding extra flags like --replace
  • Appending .id unnecessarily
3. Given this Terraform command:
terraform apply -replace=aws_s3_bucket.mybucket
What will happen to the resource aws_s3_bucket.mybucket during apply?
medium
A. It will be updated in place without destruction
B. It will be ignored and left unchanged
C. Terraform will only plan changes but not apply
D. It will be destroyed and recreated

Solution

  1. Step 1: Understand the effect of -replace on a resource

    The -replace flag forces Terraform to destroy and recreate the specified resource during apply.

  2. Step 2: Apply this to aws_s3_bucket.mybucket

    Since the command targets aws_s3_bucket.mybucket, Terraform will destroy and then recreate this bucket.

  3. Final Answer:

    It will be destroyed and recreated -> Option D

  4. Quick Check:

    -replace causes destroy and recreate [OK]
Hint: Replace means destroy then create that resource [OK]
Common Mistakes:
  • Thinking it updates resource without destruction
  • Assuming it skips the resource
  • Confusing apply with plan
4. You run terraform apply -replace=aws_instance.web but get an error: Invalid resource address. What is the most likely cause?
medium
A. The resource name is misspelled or does not exist in the state
B. The -replace flag cannot be used with aws_instance resources
C. You forgot to run terraform init before apply
D. The command requires a space instead of '=' after -replace

Solution

  1. Step 1: Analyze the error message

    An 'Invalid resource address' error means Terraform cannot find the resource in the state or the address is wrong.

  2. Step 2: Check resource existence and spelling

    Most likely, the resource aws_instance.web is misspelled or not present in the current Terraform state.

  3. Final Answer:

    The resource name is misspelled or does not exist in the state -> Option A

  4. Quick Check:

    Invalid address = wrong or missing resource name [OK]
Hint: Check resource name spelling and state presence first [OK]
Common Mistakes:
  • Assuming -replace flag is invalid for resource types
  • Thinking terraform init fixes resource address errors
  • Using space instead of '=' causes different errors
5. You want to replace two resources, aws_instance.web and aws_security_group.sg, in a single apply command. Which is the correct way to do this?
hard
A. terraform apply -replace=aws_instance.web,aws_security_group.sg
B. terraform apply -replace=aws_instance.web -replace=aws_security_group.sg
C. terraform apply -replace=aws_instance.web aws_security_group.sg
D. terraform apply -replace aws_instance.web -replace aws_security_group.sg

Solution

  1. Step 1: Understand multiple -replace usage

    Terraform allows multiple -replace flags, each specifying one resource to replace.

  2. Step 2: Evaluate each option

    terraform apply -replace=aws_instance.web -replace=aws_security_group.sg uses two separate -replace flags correctly. terraform apply -replace=aws_instance.web,aws_security_group.sg uses a comma which is invalid. Options C and D use incorrect syntax without '=' or with spaces.

  3. Final Answer:

    terraform apply -replace=aws_instance.web -replace=aws_security_group.sg -> Option B

  4. Quick Check:

    Use multiple -replace flags for multiple resources [OK]
Hint: Use one -replace= per resource to replace multiple [OK]
Common Mistakes:
  • Trying to list multiple resources with commas
  • Using spaces instead of '=' after -replace
  • Combining resources in one -replace flag