Skip to main content

Destroy

The terraform destroy command destroys all resources managed by your Terraform configuration. It’s a convenience alias for terraform apply -destroy.

What It Does

When you run terraform destroy, Terraform:
  • Generates a destruction plan showing all resources to be deleted
  • Determines the correct destruction order based on dependencies
  • Prompts for confirmation before proceeding
  • Destroys resources in the proper sequence
  • Updates the state file to reflect removed resources
  • Removes all managed infrastructure while preserving the state file

When to Use It

Run terraform destroy when you want to:
  • Tear down temporary development or testing environments
  • Remove all infrastructure in a workspace before deletion
  • Clean up resources after a project is complete
  • Start fresh with a clean slate
  • Decommission an entire environment
Warning: This is a destructive operation with no undo. Always verify before confirming.

Basic Usage

1

Preview the destruction plan

See what will be destroyed before proceeding:
terraform plan -destroy
Example output:
Terraform will perform the following actions:

  # aws_instance.web will be destroyed
  - resource "aws_instance" "web" {
      - ami                    = "ami-0c55b159cbfafe1f0" -> null
      - instance_type          = "t2.micro" -> null
      - id                     = "i-0123456789abcdef" -> null
      - public_ip              = "54.123.45.67" -> null
      # (15 unchanged attributes hidden)
    }

  # aws_security_group.web will be destroyed
  - resource "aws_security_group" "web" {
      - id                     = "sg-0123456789abcdef" -> null
      - name                   = "web-sg" -> null
      # (8 unchanged attributes hidden)
    }

Plan: 0 to add, 0 to change, 2 to destroy.
2

Run terraform destroy

Destroy all managed resources:
terraform destroy
Terraform prompts for confirmation:
Plan: 0 to add, 0 to change, 5 to destroy.

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value:
3

Confirm destruction

Type yes to proceed:
  Enter a value: yes

aws_instance.web: Destroying... [id=i-0123456789abcdef]
aws_instance.web: Still destroying... [id=i-0123456789abcdef, 10s elapsed]
aws_instance.web: Destruction complete after 15s
aws_security_group.web: Destroying... [id=sg-0123456789abcdef]
aws_security_group.web: Destruction complete after 2s

Destroy complete! Resources: 5 destroyed.
4

Verify destruction

Confirm all resources were removed:
terraform state list
Expected output: (empty - no resources remain)

Common Flags and Options

Auto-Approval

-auto-approve Skip the confirmation prompt: 
terraform destroy -auto-approve
Example output: 
aws_instance.web: Destroying... [id=i-0123456789abcdef]
aws_instance.web: Destruction complete after 15s

Destroy complete! Resources: 5 destroyed.
Warning: Extremely dangerous. Use only in automated environments with safeguards.

Targeting Resources

-target=RESOURCE Destroy only specific resources: 
terraform destroy -target=aws_instance.web
Example output: 
Plan: 0 to add, 0 to change, 1 to destroy.

Warning: Resource targeting is in effect

Do you really want to destroy all resources?
  Enter a value: yes

aws_instance.web: Destroying... [id=i-0123456789abcdef]
aws_instance.web: Destruction complete after 15s

Destroy complete! Resources: 1 destroyed.
Multiple targets: 
terraform destroy \
  -target=aws_instance.web \
  -target=aws_security_group.web
Warning: Destroying specific resources may leave orphaned dependencies.

State Management

-backup=PATH Specify a custom backup location for the state file: 
terraform destroy -backup=terraform.tfstate.backup
-lock=false Disable state locking (dangerous): 
terraform destroy -lock=false
-lock-timeout=DURATION Wait for a state lock: 
terraform destroy -lock-timeout=5m

Output Control

-no-color Disable colored output: 
terraform destroy -no-color
-compact-warnings Show warnings in compact form: 
terraform destroy -compact-warnings

Performance

-parallelism=N Limit concurrent destroy operations (default: 10): 
terraform destroy -parallelism=5
Use case: Reduce parallelism to avoid API rate limits during destruction.

Best Practices

Always Preview First

Review what will be destroyed: 
# Preview destruction
terraform plan -destroy

# Review output carefully

# Then destroy
terraform destroy

Verify Workspace

Ensure you’re in the correct workspace: 
# Check current workspace
terraform workspace show
# Output: production

# DANGER: Are you sure you want to destroy production?
# Switch to correct workspace if needed
terraform workspace select dev

terraform destroy

Backup State Before Destruction

Create a manual backup: 
# Backup state file
cp terraform.tfstate terraform.tfstate.pre-destroy.$(date +%Y%m%d)

# Then destroy
terraform destroy

Protect Critical Resources

Use lifecycle rules to prevent accidental destruction: 
resource "aws_db_instance" "production" {
  # ... configuration ...
  
  lifecycle {
    prevent_destroy = true
  }
}
Example error when trying to destroy: 
Error: Instance cannot be destroyed

Resource aws_db_instance.production has lifecycle.prevent_destroy set,
but the plan calls for this resource to be destroyed.

Incremental Destruction

Destroy resources in stages using -target: 
# Destroy application tier first
terraform destroy -target=module.application

# Then destroy database tier
terraform destroy -target=module.database

# Finally destroy network
terraform destroy -target=module.network

Avoid Auto-Approve in Production

Never use -auto-approve for production environments: 
# BAD: Dangerous for production
terraform destroy -auto-approve

# GOOD: Requires confirmation
terraform destroy

Handle Dependencies

Terraform automatically handles dependencies: 
# Correct destruction order (Terraform handles this)
aws_instance.web: Destroying...          # Depends on security group
aws_instance.web: Destruction complete
aws_security_group.web: Destroying...    # Destroyed after instance
aws_security_group.web: Destruction complete

Data Backup

Backup critical data before destroying: 
# Backup database
aws rds create-db-snapshot \
  --db-instance-identifier mydb \
  --db-snapshot-identifier mydb-final-snapshot

# Then destroy infrastructure
terraform destroy

CI/CD Considerations

In automated environments, add safeguards: 
# Require manual approval for destruction
if [ "$ENVIRONMENT" = "production" ]; then
  echo "Manual approval required for production destroy"
  exit 1
fi

terraform destroy -auto-approve

Workspace Naming

Use clear workspace names to prevent mistakes: 
# Good workspace names
terraform workspace select dev-alice
terraform workspace select staging-sprint-23
terraform workspace select prod-us-east-1

# Avoid ambiguous names
terraform workspace select test  # Which test environment?

Partial Destruction

Removing Individual Resources

Remove specific resources from state without destroying: 
# Remove from state without destroying
terraform state rm aws_instance.web

# Resource still exists in cloud but Terraform no longer manages it

Destroying Specific Modules

Destroy resources within a module: 
terraform destroy -target=module.application

Understanding Destroy Output

Destruction Progress

aws_instance.web: Destroying... [id=i-0123456789abcdef]
aws_instance.web: Still destroying... [10s elapsed]
aws_instance.web: Destruction complete after 15s

Dependency Order

Terraform destroys in reverse dependency order: 
Destroying in order:
1. aws_instance.web (depends on security group)
2. aws_security_group.web (depends on VPC)
3. aws_vpc.main (no dependencies)

Summary Line

Destroy complete! Resources: 5 destroyed.
This confirms all targeted resources were successfully deleted.

Troubleshooting

Cannot Destroy Due to Dependencies

Error: Error deleting security group: DependencyViolation

The security group cannot be deleted because it is in use by
aws_instance.other
Solution: 
# Destroy dependent resources first
terraform destroy -target=aws_instance.other

# Then destroy the security group
terraform destroy -target=aws_security_group.web

Resources Already Deleted

Error: Error destroying instance: NotFound

The instance i-0123456789abcdef does not exist.
Solution: Remove from state: 
terraform state rm aws_instance.web

Stuck Destroy Operation

If destroy hangs: 
# Enable debug logging
TF_LOG=DEBUG terraform destroy

# Check for:
# - API rate limits
# - Network connectivity
# - Provider bugs

Prevent Destroy Protection

Error: Instance cannot be destroyed

aws_db_instance.production has lifecycle.prevent_destroy set.
Solution: Remove the protection (carefully): 
resource "aws_db_instance" "production" {
  # ...
  lifecycle {
    # prevent_destroy = true  # Commented out
  }
}

State Lock During Destroy

Error: Error acquiring the state lock
Solution: 
# Wait for lock
terraform destroy -lock-timeout=10m

# Or force unlock (dangerous)
terraform force-unlock <lock-id>

Orphaned Resources

If resources are orphaned after partial destroy: 
# Import orphaned resources back into state
terraform import aws_instance.web i-0123456789abcdef

# Then destroy properly
terraform destroy

Recovery from Failed Destroy

If destroy fails partway through: 
# Check state to see what was destroyed
terraform state list

# Fix the error (e.g., permission issues)

# Re-run destroy
terraform destroy
Terraform will only attempt to destroy resources still in state.

Alternative to Destroy

Using Terraform Apply

Destroy can also be done via apply: 
terraform apply -destroy
This is functionally identical to terraform destroy.

Removing Resources from Configuration

Instead of destroying everything:
  1. Remove unwanted resources from .tf files
  2. Run terraform apply
  3. Terraform will destroy removed resources
# Before: main.tf contains aws_instance.web
# After: Removed aws_instance.web from main.tf

terraform apply
# Terraform detects aws_instance.web is no longer in config
# and plans to destroy it

Next Steps

After destroying infrastructure:
  1. Verify resources are deleted in your cloud provider console
  2. Consider deleting the workspace: terraform workspace delete <name>
  3. Archive or delete state files if no longer needed
  4. Clean up any manual resources not managed by Terraform
  5. Document the destruction for audit purposes