Bird
Raised Fist0
Terraformcloud~10 mins

Terraform taint and untaint (deprecated) - Step-by-Step Execution

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Process Flow - Terraform taint and untaint (deprecated)
Start
Identify resource
Run 'terraform taint'
Mark resource as tainted
terraform apply
Resource destroyed and recreated
If needed, run 'terraform untaint'
Remove taint mark
terraform apply
Resource left unchanged
End
This flow shows how marking a resource as tainted forces its recreation on next apply, and untainting removes that mark to keep it unchanged.
Execution Sample
Terraform
terraform taint aws_instance.example
terraform apply
terraform taint aws_instance.example
terraform untaint aws_instance.example
terraform apply
Mark a resource as tainted to force recreation and apply (recreates); then taint again, untaint, apply to keep unchanged.
Process Table
StepCommandActionResource State BeforeResource State AfterEffect
1terraform taint aws_instance.exampleMark resource as taintedHealthyTaintedResource flagged for recreation
2terraform applyApply changesTaintedHealthyResource destroyed and recreated
3terraform taint aws_instance.exampleMark resource as taintedHealthyTaintedResource flagged for recreation
4terraform untaint aws_instance.exampleRemove taint markTaintedHealthyResource no longer flagged
5terraform applyApply changesHealthyHealthyResource left unchanged
💡 No more commands; resource is healthy and unchanged.
Status Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4Final
Resource StateHealthyTaintedHealthyTaintedHealthyHealthy
Key Moments - 3 Insights
Why does the resource get destroyed and recreated after 'terraform apply' when tainted?
Because marking a resource as tainted tells Terraform it is broken and must be replaced, so apply destroys and recreates it (see execution_table step 2).
What happens if you run 'terraform apply' without untainting after tainting?
Terraform destroys and recreates the resource once on the next apply. The new resource is not tainted, so subsequent applies leave it unchanged unless tainted again (execution_table step 2).
Does 'terraform untaint' change the actual resource immediately?
No, it only removes the taint mark in Terraform's state. The resource itself is unchanged until next apply (execution_table step 4).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the resource state immediately after running 'terraform taint aws_instance.example'?
AHealthy
BTainted
CRecreated
DDestroyed
💡 Hint
Check the 'Resource State After' column in step 1 of the execution_table.
At which step does the resource get recreated?
AStep 2
BStep 1
CStep 3
DStep 4
💡 Hint
Look for the step where 'Resource State After' changes to 'Healthy' from 'Tainted' indicating recreation in the execution_table.
If you skip 'terraform untaint' after tainting, what happens on the next 'terraform apply'?
AResource is left unchanged
BTerraform throws an error
CResource is recreated again
DResource is deleted permanently
💡 Hint
Refer to key_moments about repeated recreation without untainting.
Concept Snapshot
terraform taint <resource>  # Mark resource as broken
terraform apply                 # Recreates tainted resource
terraform untaint <resource>    # Remove taint mark
terraform apply                 # Keeps resource unchanged

Note: This command is deprecated; use lifecycle blocks or resource replacement strategies instead.
Full Transcript
Terraform taint marks a resource as broken so Terraform will destroy and recreate it on the next apply. Running terraform apply after taint causes the resource to be replaced. Terraform untaint removes this mark so the resource is no longer flagged for replacement. Applying after untaint leaves the resource unchanged. This process helps fix resources without manual state edits. However, taint and untaint commands are deprecated in newer Terraform versions.

Practice

(1/5)
1. What does the terraform taint command do to a resource?
easy
A. Marks the resource to be recreated on the next apply
B. Deletes the resource immediately
C. Prevents the resource from being changed
D. Updates the resource without recreation

Solution

  1. Step 1: Understand the purpose of terraform taint

    This command marks a resource as needing recreation on the next terraform apply.

  2. Step 2: Compare with other options

    It does not delete immediately, prevent changes, or update without recreation.

  3. Final Answer:

    Marks the resource to be recreated on the next apply -> Option A

  4. Quick Check:

    terraform taint = mark for recreation [OK]
Hint: Taint means mark resource for rebuild next apply [OK]
Common Mistakes:
  • Thinking taint deletes resource immediately
  • Confusing taint with preventing changes
  • Assuming taint updates resource in place
2. Which of the following is the correct syntax to unmark a resource previously tainted in Terraform?
easy
A. terraform remove-taint <resource_name>
B. terraform clean <resource_name>
C. terraform untaint <resource_name>
D. terraform reset <resource_name>

Solution

  1. Step 1: Recall the correct command for removing taint

    The command to remove the taint mark is terraform untaint followed by the resource name.

  2. Step 2: Verify other options

    Other commands like remove-taint, clean, or reset do not exist in Terraform.

  3. Final Answer:

    terraform untaint <resource_name> -> Option C

  4. Quick Check:

    Untaint command syntax = terraform untaint [OK]
Hint: Untaint command is terraform untaint resource_name [OK]
Common Mistakes:
  • Using non-existent commands like remove-taint
  • Confusing untaint with terraform apply
  • Omitting the resource name
3. Given the following commands executed in order:
terraform taint aws_instance.example
terraform apply
What will happen to the resource aws_instance.example?
medium
A. Terraform will throw an error
B. The resource will be destroyed and not recreated
C. The resource will remain unchanged
D. The resource will be recreated during apply

Solution

  1. Step 1: Understand effect of taint before apply

    Taint marks the resource to be destroyed and recreated on next apply.

  2. Step 2: Apply triggers recreation

    When terraform apply runs, it destroys the tainted resource and creates a new one.

  3. Final Answer:

    The resource will be recreated during apply -> Option D

  4. Quick Check:

    taint + apply = recreate resource [OK]
Hint: Taint then apply means resource rebuild [OK]
Common Mistakes:
  • Thinking resource is only destroyed without recreation
  • Assuming no change happens after taint
  • Expecting an error from taint command
4. You ran terraform taint aws_instance.example by mistake. Which command fixes this so the resource is not recreated on next apply?
medium
A. terraform untaint aws_instance.example
B. terraform destroy aws_instance.example
C. terraform refresh aws_instance.example
D. terraform plan -refresh=false

Solution

  1. Step 1: Identify how to remove taint

    The terraform untaint command removes the taint mark, preventing recreation.

  2. Step 2: Check other commands

    destroy deletes resource, refresh updates state, and plan -refresh=false skips state refresh but does not remove taint.

  3. Final Answer:

    terraform untaint aws_instance.example -> Option A

  4. Quick Check:

    Untaint removes taint mark [OK]
Hint: Use untaint to cancel taint and keep resource [OK]
Common Mistakes:
  • Using destroy instead of untaint
  • Confusing refresh with untaint
  • Trying to fix with plan options
5. Since terraform taint and terraform untaint are deprecated, which command replaces their functionality to recreate a resource?
hard
A. terraform destroy -replace=<resource_name>
B. terraform apply -replace=<resource_name>
C. terraform refresh -replace=<resource_name>
D. terraform plan -replace=<resource_name>

Solution

  1. Step 1: Understand deprecation and replacement

    Terraform deprecated taint/untaint and recommends terraform apply -replace to recreate resources.

  2. Step 2: Verify other options

    refresh, destroy, and plan do not support -replace to recreate resources.

  3. Final Answer:

    terraform apply -replace=<resource_name> -> Option B

  4. Quick Check:

    Replace flag with apply recreates resource [OK]
Hint: Use apply -replace to recreate resource now [OK]
Common Mistakes:
  • Trying to use -replace with refresh or destroy
  • Not knowing taint/untaint are deprecated
  • Confusing plan with apply for replacement