DEV Community

aamdevsecops
aamdevsecops

Posted on • Edited on

How to prevent destroy an instance after an update

While stumbling upon stackoverflow to crawl some posts about GCP and Terraform as part of my learning curve, I came across this particular issue:

How can I update an instance as part of the Infrastructure as Code after creation.

After hours of research, manual errors and trials, it turned out that the issue was on plain sight...to quote Benoît Blanc.1. Being enthusiastic about my findings, I wanted to answer.

So, it turns out that:

"Instance Templates cannot be updated after creation with the Google Cloud Platform API. In order to update an Instance Template, Terraform will destroy the existing resource and create a replacement. In order to effectively use an Instance Template resource with an Instance Group Manager resource, it's recommended to specify create_before_destroy in a lifecycle block. Either omit the Instance Template name attribute, or specify a partial name with name_prefix"
2.

Concretly, three options:

1. Use create before destroy lifecycle:

Example:

   resource "google_compute_region_instance_group_manager" "my_service_mig" {
      version {
        instance_template = google_compute_instance_template.my_service_template.id
        name              = "primary"
      }

+ lifecycle {
+   create_before_destroy = true
+ }
}
Enter fullscreen mode Exit fullscreen mode
2. Use prevent_destroy
resource "google_compute_region_instance_group_manager" "my_service_mig" {
      version {
        instance_template = google_compute_instance_template.my_service_template.id
        name              = "primary"
      }

+ lifecycle {
+   prevent_destroy = true
+ }
}
Enter fullscreen mode Exit fullscreen mode
3. Quick and dirty
terraform plan | grep <resource> | grep id 
terraform state rm <resource>
terraform apply
terraform import <resource> <ID>
Enter fullscreen mode Exit fullscreen mode

My original answer, here:

I have a service deployed on GCP compute engine. It consists of a compute engine instance template, instance group, instance group manager, and load balancer + associated forwarding rules etc.

We're forced into using compute engine rather than Cloud Run or some other serverless offering due to the need for…


  1. !!! Spoiler Alert !!!"Well, I keep returning in my mind to the glass onion. Something that seems densely layered, mysterious and inscrutable. But in fact, the centre is in plain sight." - Glass Onion 

  2. registry.terraform.io 

Top comments (0)

AWS GenAI Live!

GenAI LIVE! is a dynamic live-streamed show exploring how AWS and our partners are helping organizations unlock real value with generative AI.

Tune in to the full event

DEV is partnering to bring live events to the community. Join us or dismiss this billboard if you're not interested. ❤️