Reputation: 71
Terraform - AWS - How to prevent EBS volumes from being deleted?
I'm fairly new to Terraform so I'm hoping the issue is something I'm doing wrong.
I have some instances which need separate EBS volumes attached. These are defined as three separate Terraform resources:
aws_instance
aws_ebs_volume
aws_volume_attachment
When the instances boot, within AWS console the volumes say they have 'Delete on termination' protection, yet Terraform still destroys them:
If you use the 'block_device' mapping within the aws_instance resource definition you can prevent it from being terminated:
https://www.terraform.io/docs/providers/aws/r/instance.html#delete_on_termination-1
But this does option not appear in the ebs_volume resource:
https://www.terraform.io/docs/providers/aws/r/ebs_volume.html
How do I stop Terraform from deleting my EBS volumes?
I tried doing this, but it just stops the terraform destroy job from running:
lifecycle = {
prevent_destroy = true
}
Thanks
Upvotes: 5
Views: 7281
Answers (4)
Reputation: 156
In my opinion, the best thing to do is to hardcode the volume id in the attachment like this:
resource "aws_volume_attachment" "etc-attachment" {
volume_id = "vol-0fc0c123261262855"
instance_id = aws_instance.main.id
force_detach = true
device_name = "/dev/sdc"
}
and don't include a resource "aws_ebs_volume" ".." {..}.
That way, whenever you use terraform destroy, the volume won't be destroyed.
Upvotes: 0
Reputation: 11
if you want to prevent your ec2 instance for accidental deletion, you can use the below command on your create ec2 instance resource section,
disable_api_termination= "true"
I have verified couple of time it's working fine.
Happy learning....!!
Upvotes: 1
Reputation: 4491
It is doing exactly what the documentation says it will do, so Terraform will not allow a terraform destroy, if you need it to do this then I suggest moving these resources to their own terraform directory away from other resources.
prevent_destroy (bool) - This flag provides extra protection against the destruction of a given resource. When this is set to true, any plan that includes a destroy of this resource will return an error message.
Upvotes: 1
Reputation: 2430
In general, terraform destroy will destroy all resources. If you would rather destroy only specific resources, you can use for example: terraform destroy -target=aws_instance.some_name
For your EBS volume example, you would also have to destroy the aws_volume_attachment resource.
Upvotes: 0
Related Questions
- EC2 volume: how do I set it so that it WILL delete on termination?
- Delete EBS volume when termination EC2 Instance, via terraform
- Destroy AWS resources of a failed/canceled Terraform apply
- How to add EBS volume to ECS instance in Terraform
- EC2-EBS root storage "Delete on Termination" set to True
- Deleting EBS volumes not in use
- How to detach/remove EBS volumes from AWS EMR using Terraform?
- Terraform-AWS 0.10.3: Unable to destroy cluster with instance that has deleted AMI
- How to remove an AWS Instance volume using Terraform
- How to enable 'delete on termination' for EBS volumes using Java AWS SDK?