Introduction

Sometimes, you want to force Terraform to replace a resource even if it thinks the resource is fine. Terraform used to have commands called taint and untaint to mark resources for replacement or to undo that marking. These commands are now deprecated and replaced by better methods.

When a resource is broken or misconfigured but Terraform does not detect it as changed.

When you want to force recreate a resource without changing its configuration.

When you accidentally marked a resource for replacement and want to cancel that.

When debugging infrastructure issues by forcing resource replacement.

When migrating from older Terraform versions that used taint and untaint commands.

Commands

Apply the current Terraform configuration to create or update resources as needed.

Terminal

terraform apply

Expected OutputExpected

Terraform used the selected providers to generate the following execution plan. Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Terraform will perform the following actions: # aws_instance.example will be created + resource "aws_instance" "example" { + ami = "ami-0c55b159cbfafe1f0" + instance_type = "t2.micro" } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Enter a value: yes aws_instance.example: Creating... aws_instance.example: Creation complete after 10s [id=i-1234567890abcdef0] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

This command replaces the provider for the resource, which can force Terraform to treat the resource as needing replacement. This is a modern alternative to taint.

Terminal

terraform state replace-provider aws_instance.example registry.terraform.io/hashicorp/aws

Expected OutputExpected

Replaced provider for aws_instance.example in state

This command tells Terraform to replace the specified resource during the next apply. It is the recommended way to force resource replacement instead of taint.

Terminal

terraform apply -replace=aws_instance.example

Expected OutputExpected

Terraform used the selected providers to generate the following execution plan. Plan: 1 to replace, 0 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Terraform will replace the following resource: # aws_instance.example must be replaced - resource "aws_instance" "example" { - ami = "ami-0c55b159cbfafe1f0" -> null - instance_type = "t2.micro" -> null } Plan: 1 to replace, 0 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Enter a value: yes aws_instance.example: Destroying... aws_instance.example: Destruction complete after 5s aws_instance.example: Creating... aws_instance.example: Creation complete after 10s [id=i-0987654321fedcba0] Apply complete! Resources: 1 added, 0 changed, 1 destroyed.

→

-replace - Forces replacement of the specified resource during apply

Key Concept

If you remember nothing else, remember that taint and untaint are deprecated and you should use 'terraform apply -replace' to force resource replacement.

Common Mistakes

Using 'terraform taint' or 'terraform untaint' commands in recent Terraform versions.

These commands are deprecated and may not work or be removed in future versions.

Use 'terraform apply -replace=resource_name' to mark resources for replacement.

Not running 'terraform apply' after marking a resource for replacement.

Marking alone does not change infrastructure; apply is needed to execute changes.

Always run 'terraform apply' after marking resources to apply changes.

Summary

Run 'terraform apply' to create or update resources as defined in your configuration.

Use 'terraform apply -replace=resource_name' to force Terraform to replace a resource instead of the deprecated taint command.

Avoid using 'terraform taint' and 'terraform untaint' as they are deprecated and replaced by better commands.