DEV Community

Cover image for Terraform: Remove Resource from a Remote State in Azure Storage Account
James Cook
James Cook

Posted on • Originally published at jamescook.dev

Terraform: Remove Resource from a Remote State in Azure Storage Account

Have you been in the situation where cleaning up your Infrastructure as Code (powered by HashiCorp Terraform) to delete deprecated resources resulted in the Terraform apply taking longer than expected? Maybe this is what you are seeing:

azurerm_backup_protected_vm.rs_name: Still destroying... [id=/subscriptions/***/***], 1h19m50s elapsed]
Enter fullscreen mode Exit fullscreen mode

Once the deployment timed out I found that the resource was already deleted via the Azure portal. The Terraform state file still believes it exists and it will continue to fail the deployment, how do I resolve the issue?

What you need

Based on a Windows client, you will need:

You will also need a Azure account that has permissions to access the Azure Storage Container which stores the Terraform state file.

Steps to resolve the problem

First you should clone your repository so you can locally validate the actions you take have worked (you can complete these steps without cloning but you won't be able to follow steps to validate if the actions worked without running the pipeline again).

Create a override.tf in the location where you stored your Terraform configuration files. Within the file set the resource group name, the storage account and container name and key where the remote state file is stored.

terraform {
  backend "azurerm" {
    resource_group_name  = "resource_group_name"
    storage_account_name = "storage_account_name"
    container_name       = "container_name"
    key                  = "stafe_file_location/terraform.tfstate"
  }
}
Enter fullscreen mode Exit fullscreen mode

Once you've done this and saved the file, run az login (in a terminal of your choice) to authenticate with an account that has access to the Storage Account Container you specified above.

πŸš€β― az login
Enter fullscreen mode Exit fullscreen mode

Now you need to set the subscription you are working with. This should be the subscription that your state file manages.

πŸš€β― az account set --subscription "SUBSCRIPTION NAME"
Enter fullscreen mode Exit fullscreen mode

The Azure CLI has now been utilised to complete authentication. You will now need to change the local directory your terminal is using to the location where you have cloned your respoistory. On Windows, changing a directory usually is:

πŸš€β― cd "C:\Users\CloudJames\***\***"
Enter fullscreen mode Exit fullscreen mode

Once you are in the correct directory, run the terraform init to initialise the configuration so it downloads providers, modules, etc...

πŸš€β― terraform init
Enter fullscreen mode Exit fullscreen mode

Once completed, you can run terraform state list to list the resources that are in your remote state file.

πŸš€β― terraform state list
Enter fullscreen mode Exit fullscreen mode

The results should appear like this:

πŸ¦„β― terraform state list
***
***
***
***
azurerm_backup_protected_vm.rs_name
***
***
Enter fullscreen mode Exit fullscreen mode

Find the resource that no longer exists in the Azure environment and take note of the name in full (format is resourcetype.resourcename).

We are now ready to remove the resource from the state file. We will use terraform state rm to achieve this. Here is an example:

πŸš€β― terraform state rm azurerm_backup_protected_vm.rs_name
Enter fullscreen mode Exit fullscreen mode

When ran, you should get an output like the below:

πŸ¦„β― terraform state rm azurerm_backup_protected_vm.rs_name
Removed azurerm_backup_protected_vm.rs_name
Successfully removed 1 resource instance(s).
Enter fullscreen mode Exit fullscreen mode

To validate this has worked (if you cloned the repo as described at the beginning), you just need to run a terraform plan.

πŸš€β― terraform plan
Enter fullscreen mode Exit fullscreen mode

You should not see the resource listed at all for destruction. This will mean you can run your pipeline again for it to continue as normal.

Top comments (0)