Command: taint
The terraform taint command is deprecated. For Terraform v0.15.2 and later, we recommend using the -replace option with terraform apply instead.
terraform taint command informs Terraform that a particular object has become degraded or damaged. Terraform will propose to replace it in the next plan you create.
Usage
terraform taint [options] address
terraform untaint command.
The address must be a valid resource address, such as:
aws_instance.fooaws_instance.bar[1]module.foo.module.bar.aws_instance.baz
Options
-
-allow-missing - If specified, the command will succeed (exit code 0) even if the resource is missing. By default, this is an error because the address may be incorrect.
-
-lock=false - Don’t hold a state lock during the operation. This is dangerous if others might concurrently run commands against the same workspace.
-
-lock-timeout=DURATION - Duration to retry a state lock. Default is 0s.
-
-ignore-remote-version - A rare option used for the remote backend only. See the remote backend documentation for more information.
For configurations using the local backend only, terraform taint also accepts the legacy options -state, -state-out, and -backup.
Example
Mark a single instance as tainted:
terraform taint aws_instance.example
terraform taint 'aws_instance.example[0]'
terraform taint module.web_app.aws_instance.server
Recommended Alternative: -replace
Instead of using terraform taint, we recommend using the -replace option with terraform apply:
terraform apply -replace="aws_instance.example"