Bird
Raised Fist0
Terraformcloud~20 mins

Terraform taint and untaint (deprecated) - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Terraform Taint Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
What happens when you run terraform taint on a resource?
You have a resource managed by Terraform. You run terraform taint on it. What is the immediate effect on Terraform's state and next apply?
ATerraform immediately deletes the resource from the cloud provider without waiting for <code>terraform apply</code>.
BTerraform removes the resource from its state file permanently, so it will no longer manage it.
CTerraform marks the resource as needing replacement, so the next <code>terraform apply</code> will destroy and recreate it.
DTerraform pauses the resource, preventing any changes until manually resumed.
Attempts:
2 left
💡 Hint
Think about what 'taint' means in real life: marking something as broken or needing replacement.
service_behavior
intermediate
2:00remaining
What is the effect of terraform untaint on a tainted resource?
You have previously marked a resource as tainted. You now run terraform untaint on it. What happens to the resource in Terraform's state and next apply?
ATerraform removes the tainted mark, so the resource will not be replaced on the next apply.
BTerraform immediately recreates the resource in the cloud provider.
CTerraform deletes the resource from the state file and cloud provider.
DTerraform locks the resource to prevent any changes until unlocked.
Attempts:
2 left
💡 Hint
Untaint means to remove the 'broken' mark.
Architecture
advanced
2:00remaining
Why is terraform taint considered deprecated in Terraform 1.1+?
Terraform 1.1 and later versions mark terraform taint as deprecated. What is the main reason for this deprecation?
ABecause tainting caused permanent deletion of resources which was unsafe.
BBecause Terraform now supports <code>terraform apply -replace</code> which replaces resources without modifying state manually.
CBecause Terraform no longer manages state files locally.
DBecause tainting was replaced by a new command that pauses resources.
Attempts:
2 left
💡 Hint
Think about safer ways to replace resources without manual state changes.
security
advanced
2:00remaining
What security risk can arise from using terraform taint improperly in a shared environment?
In a team using remote state, what security or operational risk can happen if someone taints a critical resource without coordination?
AUncoordinated tainting can cause unexpected resource replacement, leading to downtime or data loss.
BTainting encrypts the resource state making it inaccessible to others.
CTainting disables resource access permissions permanently.
DTainting automatically exposes resource secrets in logs.
Attempts:
2 left
💡 Hint
Think about what happens if a resource is replaced unexpectedly in production.
Best Practice
expert
2:00remaining
Which Terraform command is recommended over terraform taint for replacing a resource in Terraform 1.1+?
You want to replace a resource safely without manually modifying the state. Which command should you use instead of terraform taint?
A<code>terraform refresh</code> to update the state and then <code>terraform apply</code>
B<code>terraform destroy -target=resource_address</code> followed by <code>terraform apply</code>
C<code>terraform state rm resource_address</code> then <code>terraform apply</code>
D<code>terraform apply -replace=resource_address</code>
Attempts:
2 left
💡 Hint
Look for a command that replaces a resource during apply without manual state edits.

Practice

(1/5)
1. What does the terraform taint command do to a resource?
easy
A. Marks the resource to be recreated on the next apply
B. Deletes the resource immediately
C. Prevents the resource from being changed
D. Updates the resource without recreation

Solution

  1. Step 1: Understand the purpose of terraform taint

    This command marks a resource as needing recreation on the next terraform apply.

  2. Step 2: Compare with other options

    It does not delete immediately, prevent changes, or update without recreation.

  3. Final Answer:

    Marks the resource to be recreated on the next apply -> Option A

  4. Quick Check:

    terraform taint = mark for recreation [OK]
Hint: Taint means mark resource for rebuild next apply [OK]
Common Mistakes:
  • Thinking taint deletes resource immediately
  • Confusing taint with preventing changes
  • Assuming taint updates resource in place
2. Which of the following is the correct syntax to unmark a resource previously tainted in Terraform?
easy
A. terraform remove-taint <resource_name>
B. terraform clean <resource_name>
C. terraform untaint <resource_name>
D. terraform reset <resource_name>

Solution

  1. Step 1: Recall the correct command for removing taint

    The command to remove the taint mark is terraform untaint followed by the resource name.

  2. Step 2: Verify other options

    Other commands like remove-taint, clean, or reset do not exist in Terraform.

  3. Final Answer:

    terraform untaint <resource_name> -> Option C

  4. Quick Check:

    Untaint command syntax = terraform untaint [OK]
Hint: Untaint command is terraform untaint resource_name [OK]
Common Mistakes:
  • Using non-existent commands like remove-taint
  • Confusing untaint with terraform apply
  • Omitting the resource name
3. Given the following commands executed in order:
terraform taint aws_instance.example
terraform apply
What will happen to the resource aws_instance.example?
medium
A. Terraform will throw an error
B. The resource will be destroyed and not recreated
C. The resource will remain unchanged
D. The resource will be recreated during apply

Solution

  1. Step 1: Understand effect of taint before apply

    Taint marks the resource to be destroyed and recreated on next apply.

  2. Step 2: Apply triggers recreation

    When terraform apply runs, it destroys the tainted resource and creates a new one.

  3. Final Answer:

    The resource will be recreated during apply -> Option D

  4. Quick Check:

    taint + apply = recreate resource [OK]
Hint: Taint then apply means resource rebuild [OK]
Common Mistakes:
  • Thinking resource is only destroyed without recreation
  • Assuming no change happens after taint
  • Expecting an error from taint command
4. You ran terraform taint aws_instance.example by mistake. Which command fixes this so the resource is not recreated on next apply?
medium
A. terraform untaint aws_instance.example
B. terraform destroy aws_instance.example
C. terraform refresh aws_instance.example
D. terraform plan -refresh=false

Solution

  1. Step 1: Identify how to remove taint

    The terraform untaint command removes the taint mark, preventing recreation.

  2. Step 2: Check other commands

    destroy deletes resource, refresh updates state, and plan -refresh=false skips state refresh but does not remove taint.

  3. Final Answer:

    terraform untaint aws_instance.example -> Option A

  4. Quick Check:

    Untaint removes taint mark [OK]
Hint: Use untaint to cancel taint and keep resource [OK]
Common Mistakes:
  • Using destroy instead of untaint
  • Confusing refresh with untaint
  • Trying to fix with plan options
5. Since terraform taint and terraform untaint are deprecated, which command replaces their functionality to recreate a resource?
hard
A. terraform destroy -replace=<resource_name>
B. terraform apply -replace=<resource_name>
C. terraform refresh -replace=<resource_name>
D. terraform plan -replace=<resource_name>

Solution

  1. Step 1: Understand deprecation and replacement

    Terraform deprecated taint/untaint and recommends terraform apply -replace to recreate resources.

  2. Step 2: Verify other options

    refresh, destroy, and plan do not support -replace to recreate resources.

  3. Final Answer:

    terraform apply -replace=<resource_name> -> Option B

  4. Quick Check:

    Replace flag with apply recreates resource [OK]
Hint: Use apply -replace to recreate resource now [OK]
Common Mistakes:
  • Trying to use -replace with refresh or destroy
  • Not knowing taint/untaint are deprecated
  • Confusing plan with apply for replacement