terraform/website/docs/commands/taint.html.markdown

86 lines
3.2 KiB
Markdown
Raw Normal View History

2015-02-26 19:37:08 +01:00
---
layout: "docs"
page_title: "Command: taint"
sidebar_current: "docs-commands-taint"
description: |-
The `terraform taint` command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply.
---
# Command: taint
The `terraform taint` command manually marks a Terraform-managed resource
as tainted, forcing it to be destroyed and recreated on the next apply.
This command _will not_ modify infrastructure, but does modify the
state file in order to mark a resource as tainted. Once a resource is
marked as tainted, the next
[plan](/docs/commands/plan.html) will show that the resource will
be destroyed and recreated and the next
[apply](/docs/commands/apply.html) will implement this change.
Forcing the recreation of a resource is useful when you want a certain
side effect of recreation that is not visible in the attributes of a resource.
For example: re-running provisioners will cause the node to be different
or rebooting the machine from a base image will cause new startup scripts
to run.
Note that tainting a resource for recreation may affect resources that
depend on the newly tainted resource. For example, a DNS resource that
uses the IP address of a server may need to be modified to reflect
the potentially new IP address of a tainted server. The
[plan command](/docs/commands/plan.html) will show this if this is
the case.
## Usage
Usage: `terraform taint [options] name`
The `name` argument is the name of the resource to mark as tainted.
The format of this argument is `TYPE.NAME`, such as `aws_instance.foo`.
The command-line flags are all optional. The list of available flags are:
2015-02-26 19:56:45 +01:00
* `-allow-missing` - If specified, the command will succeed (exit code 0)
even if the resource is missing. The command can still error, but only
in critically erroneous cases.
2015-02-26 19:37:08 +01:00
* `-backup=path` - Path to the backup file. Defaults to `-state-out` with
the ".backup" extension. Disabled by setting to "-".
2017-04-04 19:48:59 +02:00
* `-lock=true` - Lock the state file when locking is supported.
* `-lock-timeout=0s` - Duration to retry a state lock.
2015-02-26 19:45:39 +01:00
* `-module=path` - The module path where the resource to taint exists.
By default this is the root path. Other modules can be specified by
a period-separated list. Example: "foo" would reference the module
"foo" but "foo.bar" would reference the "bar" module in the "foo"
module.
2015-02-26 19:37:08 +01:00
* `-no-color` - Disables output with coloring
* `-state=path` - Path to read and write the state file to. Defaults to "terraform.tfstate".
Ignored when [remote state](/docs/state/remote.html) is used.
2015-02-26 19:37:08 +01:00
* `-state-out=path` - Path to write updated state file. By default, the
`-state` path will be used. Ignored when
[remote state](/docs/state/remote.html) is used.
## Example: Tainting a Single Resource
This example will taint a single resource:
```
$ terraform taint aws_security_group.allow_all
The resource aws_security_group.allow_all in the module root has been marked as tainted!
```
## Example: Tainting a Resource within a Module
This example will only taint a resource within a module:
```
$ terraform taint -module=couchbase aws_instance.cb_node.9
The resource aws_instance.couchbase.11 in the module root.couchbase has been marked as tainted!
```