Terraform: core: prevent_destroy does not prevent destroy when caused by reducing the count

Created on 24 Mar 2016 · 5Comments · Source: hashicorp/terraform

I do not know if this is a documentation bug or a TF bug or a bug in my expectations.

The situation is that I'm using instance count variables to create/destroy instances. I also am working hard on finding a way to have EIPs persist during instance termination. Well, prevent_destroy = true seems like what I want. Also due to that "diffs don't match" issue, I feel like ignore_changes is also great for me.

So I did this:

resource "aws_eip" "wxmix_test_eip" {
  count = "${var.wxtest_count}"
  depends_on = [ "aws_internet_gateway.main" ]
    instance = "${element(aws_instance.wxtest.*.id, count.index)}"
    vpc = true
  lifecycle {
    prevent_destroy = true
    ignore_changes = ["instance"]
  }
}

I already have 5 test instances. When I plan on reducing to 2 test instances:

terraform plan -var 'wxtest_count=2'
Refreshing Terraform state prior to plan...

null_resource.chef_provision_wxtest.4: Refreshing state... (ID: 1242890369942463320)
null_resource.chef_provision_wxtest.3: Refreshing state... (ID: 5867636346600329267)
null_resource.chef_provision_wxtest.2: Refreshing state... (ID: 6074915431198646171)
...
- aws_eip.wxmix_test_eip.2

- aws_eip.wxmix_test_eip.3

- aws_eip.wxmix_test_eip.4

- aws_instance.wxtest.2

- aws_instance.wxtest.3

- aws_instance.wxtest.4

- null_resource.chef_provision_wxtest.2

- null_resource.chef_provision_wxtest.3

- null_resource.chef_provision_wxtest.4

- null_resource.remote-exec_provision_wxtest.2

- null_resource.remote-exec_provision_wxtest.3

- null_resource.remote-exec_provision_wxtest.4


Plan: 0 to add, 0 to change, 12 to destroy.

This isn't what I expected; the EIP are still being destroyed.

Where does this issue lie? Me, or TF, or the docs?

bug core

Source

Gary-Armstrong

Most helpful comment

I'm clarifying that prevent_destroy is not working as intended :smile: .

I've re-titled this issue and it should get picked up with other core work. There's another issue regarding ignore_changes that is already getting some work done, and this may be picked up in the process.

Thanks again!

catsby on 28 Mar 2016

👍5

All 5 comments

Hey @Gary-Armstrong thanks for writing in. The core problem here is that prevent_destroy is not preventing destroys caused by reducing the count. I believe this is more a TF core problem, not you at all :smile:

catsby on 25 Mar 2016

Thanks @catsby. Are you clarifying that prevent_destroy will only work in the context of a terraform destroy command? I'd ask that the docs be updated, but I'm not going to suggest that anyone drop core work for docs at this point in the dev cycle.

Gary-Armstrong on 25 Mar 2016

I'm clarifying that prevent_destroy is not working as intended :smile: .

Thanks again!

catsby on 28 Mar 2016

👍5

Verified this is broken with a test. Working on it now.

mitchellh on 29 Oct 2016

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.