Terraform-provider-aws: aws_s3_bucket force_destroy option has no effect on pre-existing bucket

Created on 13 Jun 2017  路  11Comments  路  Source: hashicorp/terraform-provider-aws

_This issue was originally opened by @jhoblitt as hashicorp/terraform#10738. It was migrated here as part of the provider split. The original body of the issue is below._

Terraform Version

$ ./bin/terraform --version
Terraform v0.8.0

Affected Resource(s)

  • aws_s3_bucket

Terraform Configuration Files

resource "aws_s3_bucket" "ssh_public_keys" {
  region = "${var.aws_default_region}"
  bucket = "${var.bastion_bucket_name}"
  acl    = "private"
  force_destroy = true
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "1",
      "Effect": "Allow",
      "Principal": "*",
      "Action": [
        "s3:List*",
        "s3:Get*"
      ],
      "Resource": "arn:aws:s3:::${var.bastion_bucket_name}"
    }
  ]
}
EOF
}

Expected Behavior

bucket is deleted then recreated to modify IAM profile

Actual Behavior

$ ./bin/terraform import aws_s3_bucket.ssh_public_keys jhoblitt-bastion-test
aws_s3_bucket.ssh_public_keys: Importing from ID "jhoblitt-bastion-test"...
aws_s3_bucket.ssh_public_keys: Import complete!
  Imported aws_s3_bucket (ID: jhoblitt-bastion-test)
aws_s3_bucket.ssh_public_keys: Refreshing state... (ID: jhoblitt-bastion-test)
$ ./bin/terraform apply
...
aws_s3_bucket.ssh_public_keys: Modifying...
  force_destroy: "false" => "true"
aws_s3_bucket.ssh_public_keys: Modifications complete
Error applying plan:

1 error(s) occurred:

* aws_s3_bucket.s3_public_keys: Error deleting S3 Bucket: BucketNotEmpty: The bucket you tried to delete is not empty
    status code: 409, request id: 3991CB0128E5871C

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

Steps to Reproduce

  1. import an existing bucket
  2. terraform apply
bug servics3
Source
picture hashibot
👍20

Most helpful comment

If anyone comes across this, you have to do an apply first, then a destroy. You can't just add it to the tf file resource then run destroy.

picture et304383 on 7 Dec 2018
👍6

All 11 comments

Any progress on a fix here? Experiencing the same issue.

~ terraform --version
Terraform v0.11.7
+ provider.archive v1.0.3
+ provider.aws v1.19.0
wkentdag picture wkentdag on 22 May 2018
👍2

Yep, facing exactly the same issue, please advise.

$ terraform --version
Terraform v0.11.7
+ provider.aws v1.29.0
+ provider.template v1.0.0
b0ric picture b0ric on 28 Jul 2018

I've seen this same issue on S3 buckets that Terraform created

snemetz picture snemetz on 28 Jul 2018
👍1

I have found this issue also. My case is specifically for s3 remote state assets. When I created the s3 buckets (remote state and logging) initially I saved the local state file. Simulating how to handle those remote state assets ephemerally I imported all my remote state assets into a new state file when I run a plan against that new state file both properties 'acl' and 'force_destroy' both are empty in the state file.

scsarver picture scsarver on 9 Aug 2018

Also ran into this issue. In my case I had a terraform destroy that error'ed before the bucket was destroyed, and now force_destroy has no effect.

willtrking picture willtrking on 18 Sep 2018

+1 Issue

shashanksurya picture shashanksurya on 20 Sep 2018
👍3

a hacky workaround is to just add

"force_destroy": "true"

to the attributes of the aws_s3_bucket resource in your tfstate. Then you can destroy it

b-dean picture b-dean on 2 Oct 2018

If anyone comes across this, you have to do an apply first, then a destroy. You can't just add it to the tf file resource then run destroy.

et304383 picture et304383 on 7 Dec 2018
👍6

Can confirm this is still an issue with Terraform v0.11.11, using aws provider v1.56.0.
In our case, the bucket was originally created with terraform, without force_destory=true set.

fahran picture fahran on 21 Jan 2019

still issue, even if the bucket was previously created with force_destory=true set, but then removed from state and then added again.
the only workaround I see it's to set force_destroy manually

navi86 picture navi86 on 20 Aug 2019

C:\UsersXXXXXX\AppData\Roaming\terraform.d>terraform --version
Terraform v0.12.29

  • provider.aws v2.70.0
  • tags = {
    - "Environment" = "Dev"
    - "Force_destroy" = "true"
    - "Name" = "Terraform bucket"
    } -> null

aws_s3_bucket.A: Destroying... [id=terraform-tf-test-bucket]

Error: error deleting S3 Bucket (terraform-tf-test-bucket): BucketNotEmpty: The bucket you tried to delete is not empty
status code: 409, request id: BF1A2439648F57A9, host id: UCpjN3HdIvzkjP4k/lSobOjy98+aQYZHiR/GPQ0bL92/jFnKyXEl00onXpUZJj+Yi8ApSZnBpng=

Force Destroy has no effect and cannot delete s3 bucket which has some content in it.

GGAbhishek picture GGAbhishek on 31 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

joelittlejohn picture joelittlejohn  路  3Comments
EmmN picture EmmN  路  3Comments
ccslamstack picture ccslamstack  路  3Comments
hazmeister picture hazmeister  路  3Comments
andywirv picture andywirv  路  3Comments