✅ Terraform Resource Deletion Checklist

Here’s a Terraform Resource Deletion Checklist to ensure a smooth and safe removal process.

1️⃣ Pre-Deletion Steps (Planning & Backup)

Run terraform plan -destroy to review what will be removed.
Check dependencies (ensure no other resources rely on this).
Communicate with the team to confirm the resource is no longer needed.
Take backups:

  • Store Terraform state (terraform state pull > backup.tfstate).
  • Backup resource data (DB snapshots, config files, logs, etc.).
  • Export cloud resource details (aws s3 ls, kubectl get all, etc.).
    Tag resources as deleted or deprecated (if cloud provider supports tagging).

2️⃣ Move Terraform Config to _deleted/

Rename resource in Terraform config (deleted_<resource_name> or deprecated_).
Move resource .tf files to _deleted/ for future reference.
Commit changes to Git (git mv resource.tf _deleted/resource.tf).

3️⃣ Terraform State Management

Decide on removal method:

  • If removing the resource permanently: Use terraform destroy.
  • If keeping the resource but removing Terraform tracking: Use terraform state rm.
    Run terraform state rm <resource> if manually decommissioning.
    Run terraform apply to update Terraform without managing the resource.

4️⃣ Execute Resource Deletion

Manually delete if required (e.g., S3 buckets with force_destroy = false).
Run terraform destroy -target=<resource> if deleting a single resource.
Run full terraform destroy if cleaning up an entire module.
Verify the deletion in the cloud console (AWS/GCP/Azure).

5️⃣ Post-Deletion Cleanup

Verify Terraform state (terraform state list to confirm it’s gone).
Check logs & alerts to ensure no unintended impact.
Remove any references to the deleted resource (security groups, IAM roles, DNS records).
Document the change in a ticket or internal notes.

6️⃣ Final Validation & Cost Check

Confirm the resource no longer exists in cloud billing (avoid zombie resources).
Run a cost analysis (aws cost explorer, gcloud billing, az cost).
Monitor infrastructure for 24-48 hours for any unintended side effects.