DEV Community

aamdevsecops
aamdevsecops

Posted on • Updated on

How to prevent destroy an instance after an update

While stumbling upon stackoverflow to crawl some posts about GCP and Terraform as part of my learning curve, I came across this particular issue:

How can I update an instance as part of the Infrastructure as Code after creation.

After hours of research, manual errors and trials, it turned out that the issue was on plain sight...to quote Benoît Blanc.1. Being enthusiastic about my findings, I wanted to answer.

So, it turns out that:

"Instance Templates cannot be updated after creation with the Google Cloud Platform API. In order to update an Instance Template, Terraform will destroy the existing resource and create a replacement. In order to effectively use an Instance Template resource with an Instance Group Manager resource, it's recommended to specify create_before_destroy in a lifecycle block. Either omit the Instance Template name attribute, or specify a partial name with name_prefix"
2.

Concretly, three options:

1. Use create before destroy lifecycle:

Example:

   resource "google_compute_region_instance_group_manager" "my_service_mig" {
      version {
        instance_template = google_compute_instance_template.my_service_template.id
        name              = "primary"
      }

+ lifecycle {
+   create_before_destroy = true
+ }
}
Enter fullscreen mode Exit fullscreen mode
2. Use prevent_destroy
resource "google_compute_region_instance_group_manager" "my_service_mig" {
      version {
        instance_template = google_compute_instance_template.my_service_template.id
        name              = "primary"
      }

+ lifecycle {
+   prevent_destroy = true
+ }
}
Enter fullscreen mode Exit fullscreen mode
3. Quick and dirty
terraform plan | grep <resource> | grep id 
terraform state rm <resource>
terraform apply
terraform import <resource> <ID>
Enter fullscreen mode Exit fullscreen mode

My original answer, here:

I have a service deployed on GCP compute engine. It consists of a compute engine instance template, instance group, instance group manager, and load balancer + associated forwarding rules etc.

We're forced into using compute engine rather than Cloud Run or some other serverless offering due to the need for…


  1. !!! Spoiler Alert !!!"Well, I keep returning in my mind to the glass onion. Something that seems densely layered, mysterious and inscrutable. But in fact, the centre is in plain sight." - Glass Onion 

  2. registry.terraform.io 

Top comments (0)