How to release existing resources from Terraform management

Some days ago I wrote an article how one can bring existing resources under Terraform management. While this is a valid scenario, the opposite could also be needed. This blog post demonstrates several methods how one can release existing resources from Terraform management – maybe to bring them under control of some other tool.

Scenario

In this blog post we will have a look at the different methods to release resources from Terraform management. I used the following Terraform configuration to deploy three resources.

provider "azurerm" {
    features{}
}

resource "azurerm_resource_group" "rgr1" {
  name                     = "t-rgr-tfdemo-01"
  location                 = "West Europe"
}

resource "azurerm_storage_account" "storageaccount1" {
  name                     = "tstotfdemo01"
  resource_group_name      = azurerm_resource_group.rgr1.name
  location                 = azurerm_resource_group.rgr1.location
  account_kind             = "StorageV2"
  account_tier             = "Standard"
  account_replication_type = "LRS"
  is_hns_enabled           = "false"
}

resource "azurerm_storage_account" "storageaccount2" {
  name                     = "tstotfdemo02"
  resource_group_name      = azurerm_resource_group.rgr1.name
  location                 = azurerm_resource_group.rgr1.location
  account_kind             = "StorageV2"
  account_tier             = "Standard"
  account_replication_type = "LRS"
  is_hns_enabled           = "true"
}

I am not using any variables here to enhance the readability of the code.

In the real world, we should have those resources deployed in Azure.

Deployed Azure resources

Analyze what you are currently managing

Imagine the code above has been used to deploy resources to Azure. Before you remove anything from Terraform management it’s important that you exactly understand what you are managing and if everything is up-to-date. This might be obvious when you look at this small piece of code and compare it with what you see in the Azure portal, but not necessarily when you have a much more complex setup. So take your time to understand what is going on by using the Terraform CLI. Let’s first analyze what resources are under Terraform control and analyze some details.

terraform state list

This will return a list of resources that are under Terraform management from state.

terraform state list

If everything was applied correctly and is up-to-date, this output should correspond to your configuration files. If needed you can dig a little deeper into the various resources by showing details of a specific resource from the Terraform state. Use the Terraform internal resource id specify what you are interested in.

terraform state show terraform_id
terraform state show azurerm_storage_account.storageaccount1

This will return the details of the specified resource.

1

You can also get all state details at once. Just be aware that depending on the amount of managed resources that could return lots of information. With the previous command you can be more specific in getting data from the Terraform state.

terraform show

Remove everything from Terraform Management

Everything Terraform needs is either stored in the configuration and variable files, in modules and in the Terraform state (locally or remote). That means that if you want to get rid of Terraform you just delete all of these files and never re-use them. Job done. In many cases you will do this because you want to bring those resources under control of some other tools and procedures (e.g. ARM templates). The onboarding process to those of course totally depends on the future tools you will use. But this onboarding process can be very complex and it might be easier and more pure to just re-deploy your resources from scratch – at least if the application you are touching allows this.

Remove specific Resources from Terraform Management

Another approach is to not release all resources that are under Terraform management, but only specific specific resources. This is not a very common, but still a valid scenario. Let’s assume you want to remove just one of the resources from the example code – an Azure storage account – from Terraform management. Let’s check out the options.

Remove resource block from config file

Using this option you would just edit your configuration files and remove the code block of the resource you don’t want to manage anymore. The sample code would now look like this.

provider "azurerm" {
    features{}
}

resource "azurerm_resource_group" "rgr1" {
  name                     = "t-rgr-tfdemo-01"
  location                 = "West Europe"
}

resource "azurerm_storage_account" "storageaccount1" {
  name                     = "tstotfdemo01"
  resource_group_name      = azurerm_resource_group.rgr1.name
  location                 = azurerm_resource_group.rgr1.location
  account_kind             = "StorageV2"
  account_tier             = "Standard"
  account_replication_type = "LRS"
  is_hns_enabled           = "false"
}

After running terraform plan/apply you would get this result.

terraform apply

The resource will be destroyed because Terraform knows from its state, that this resource still exists in the real world (in Azure). Because it has been removed from the code, Terraform assumes it needs to be destroyed/deleted. If this is the goal, feel free to continue, but make sure you understand this behavior before you type “yes”.

Remove resource from state

Another scenario would be releasing the resource from Terraform management without deleting it. That way the resource will stay around and you can afterwards either start managing it manually or bring it under the control of some other tool. To make this happen, we need to force Terraform to forget that this resource was ever managed and ever existed. For that, the resource needs to be removed from the Terraform state.

terraform state rm terraform_id
terraform state rm azurerm_storage_account.storageaccount2

This command will remove the resource from state and is no longer managed. You can then analyze the state to see if the resource has been removed from there.

terraform state list

terraform state list

State does not know anything about that resource now, but the resource still lives on Azure where it remains untouched. Next we also need to remove the resource from the configuration file by deleting the the appropriate resource code block. If you don’t do that, Terraform will try to re-create the resource because based on its state it thinks, that this resource has not yet been been deployed. So remove the resource block, save the file and hit terraform plan/apply. Now the configuration file, the state and the real world are in-sync and Terraform thinks that no changes are needed (in case you did not modify anything else in your configuration file). With that, the resource has been properly released from Terraform management but continues to live on Azure.

2

That’s it. With the shown procedures it’s now up to you to decide, how exactly you want to release a resource from Terraform management. Make sure you understand the differences before you apply anything to the real world environments.

Cheers,
Marcel

About Marcel Zehner

Microsoft Azure MVP
This entry was posted in Azure and tagged , , , , , , , . Bookmark the permalink.

1 Response to How to release existing resources from Terraform management

  1. Pingback: How to bring existing Azure resources under Terraform management | marcelzehner.ch

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s