Bird
Raised Fist0
Terraformcloud~5 mins

Terraform taint and untaint (deprecated) - Commands & Configuration

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction
Sometimes, you want to force Terraform to replace a resource even if it thinks the resource is fine. Terraform used to have commands called taint and untaint to mark resources for replacement or to undo that marking. These commands are now deprecated and replaced by better methods.
When a resource is broken or misconfigured but Terraform does not detect it as changed.
When you want to force recreate a resource without changing its configuration.
When you accidentally marked a resource for replacement and want to cancel that.
When debugging infrastructure issues by forcing resource replacement.
When migrating from older Terraform versions that used taint and untaint commands.
Commands
Apply the current Terraform configuration to create or update resources as needed.
Terminal
terraform apply
Expected OutputExpected
Terraform used the selected providers to generate the following execution plan. Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Terraform will perform the following actions: # aws_instance.example will be created + resource "aws_instance" "example" { + ami = "ami-0c55b159cbfafe1f0" + instance_type = "t2.micro" } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Enter a value: yes aws_instance.example: Creating... aws_instance.example: Creation complete after 10s [id=i-1234567890abcdef0] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
This command replaces the provider for the resource, which can force Terraform to treat the resource as needing replacement. This is a modern alternative to taint.
Terminal
terraform state replace-provider aws_instance.example registry.terraform.io/hashicorp/aws
Expected OutputExpected
Replaced provider for aws_instance.example in state
This command tells Terraform to replace the specified resource during the next apply. It is the recommended way to force resource replacement instead of taint.
Terminal
terraform apply -replace=aws_instance.example
Expected OutputExpected
Terraform used the selected providers to generate the following execution plan. Plan: 1 to replace, 0 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Terraform will replace the following resource: # aws_instance.example must be replaced - resource "aws_instance" "example" { - ami = "ami-0c55b159cbfafe1f0" -> null - instance_type = "t2.micro" -> null } Plan: 1 to replace, 0 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Enter a value: yes aws_instance.example: Destroying... aws_instance.example: Destruction complete after 5s aws_instance.example: Creating... aws_instance.example: Creation complete after 10s [id=i-0987654321fedcba0] Apply complete! Resources: 1 added, 0 changed, 1 destroyed.
-replace - Forces replacement of the specified resource during apply
Key Concept

If you remember nothing else, remember that taint and untaint are deprecated and you should use 'terraform apply -replace' to force resource replacement.

Common Mistakes
Using 'terraform taint' or 'terraform untaint' commands in recent Terraform versions.
These commands are deprecated and may not work or be removed in future versions.
Use 'terraform apply -replace=resource_name' to mark resources for replacement.
Not running 'terraform apply' after marking a resource for replacement.
Marking alone does not change infrastructure; apply is needed to execute changes.
Always run 'terraform apply' after marking resources to apply changes.
Summary
Run 'terraform apply' to create or update resources as defined in your configuration.
Use 'terraform apply -replace=resource_name' to force Terraform to replace a resource instead of the deprecated taint command.
Avoid using 'terraform taint' and 'terraform untaint' as they are deprecated and replaced by better commands.

Practice

(1/5)
1. What does the terraform taint command do to a resource?
easy
A. Marks the resource to be recreated on the next apply
B. Deletes the resource immediately
C. Prevents the resource from being changed
D. Updates the resource without recreation

Solution

  1. Step 1: Understand the purpose of terraform taint

    This command marks a resource as needing recreation on the next terraform apply.

  2. Step 2: Compare with other options

    It does not delete immediately, prevent changes, or update without recreation.

  3. Final Answer:

    Marks the resource to be recreated on the next apply -> Option A

  4. Quick Check:

    terraform taint = mark for recreation [OK]
Hint: Taint means mark resource for rebuild next apply [OK]
Common Mistakes:
  • Thinking taint deletes resource immediately
  • Confusing taint with preventing changes
  • Assuming taint updates resource in place
2. Which of the following is the correct syntax to unmark a resource previously tainted in Terraform?
easy
A. terraform remove-taint <resource_name>
B. terraform clean <resource_name>
C. terraform untaint <resource_name>
D. terraform reset <resource_name>

Solution

  1. Step 1: Recall the correct command for removing taint

    The command to remove the taint mark is terraform untaint followed by the resource name.

  2. Step 2: Verify other options

    Other commands like remove-taint, clean, or reset do not exist in Terraform.

  3. Final Answer:

    terraform untaint <resource_name> -> Option C

  4. Quick Check:

    Untaint command syntax = terraform untaint [OK]
Hint: Untaint command is terraform untaint resource_name [OK]
Common Mistakes:
  • Using non-existent commands like remove-taint
  • Confusing untaint with terraform apply
  • Omitting the resource name
3. Given the following commands executed in order:
terraform taint aws_instance.example
terraform apply
What will happen to the resource aws_instance.example?
medium
A. Terraform will throw an error
B. The resource will be destroyed and not recreated
C. The resource will remain unchanged
D. The resource will be recreated during apply

Solution

  1. Step 1: Understand effect of taint before apply

    Taint marks the resource to be destroyed and recreated on next apply.

  2. Step 2: Apply triggers recreation

    When terraform apply runs, it destroys the tainted resource and creates a new one.

  3. Final Answer:

    The resource will be recreated during apply -> Option D

  4. Quick Check:

    taint + apply = recreate resource [OK]
Hint: Taint then apply means resource rebuild [OK]
Common Mistakes:
  • Thinking resource is only destroyed without recreation
  • Assuming no change happens after taint
  • Expecting an error from taint command
4. You ran terraform taint aws_instance.example by mistake. Which command fixes this so the resource is not recreated on next apply?
medium
A. terraform untaint aws_instance.example
B. terraform destroy aws_instance.example
C. terraform refresh aws_instance.example
D. terraform plan -refresh=false

Solution

  1. Step 1: Identify how to remove taint

    The terraform untaint command removes the taint mark, preventing recreation.

  2. Step 2: Check other commands

    destroy deletes resource, refresh updates state, and plan -refresh=false skips state refresh but does not remove taint.

  3. Final Answer:

    terraform untaint aws_instance.example -> Option A

  4. Quick Check:

    Untaint removes taint mark [OK]
Hint: Use untaint to cancel taint and keep resource [OK]
Common Mistakes:
  • Using destroy instead of untaint
  • Confusing refresh with untaint
  • Trying to fix with plan options
5. Since terraform taint and terraform untaint are deprecated, which command replaces their functionality to recreate a resource?
hard
A. terraform destroy -replace=<resource_name>
B. terraform apply -replace=<resource_name>
C. terraform refresh -replace=<resource_name>
D. terraform plan -replace=<resource_name>

Solution

  1. Step 1: Understand deprecation and replacement

    Terraform deprecated taint/untaint and recommends terraform apply -replace to recreate resources.

  2. Step 2: Verify other options

    refresh, destroy, and plan do not support -replace to recreate resources.

  3. Final Answer:

    terraform apply -replace=<resource_name> -> Option B

  4. Quick Check:

    Replace flag with apply recreates resource [OK]
Hint: Use apply -replace to recreate resource now [OK]
Common Mistakes:
  • Trying to use -replace with refresh or destroy
  • Not knowing taint/untaint are deprecated
  • Confusing plan with apply for replacement