upstream/terraform
1
0
Fork 0
mirror of https://github.com/hashicorp/terraform.git synced 2026-02-18 18:29:44 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
terraform/website/docs/cli/commands/taint.mdx
Leah Bush 70a724614c add emojis
2025-05-29 11:26:31 -05:00

67 lines
3.5 KiB
Text
Raw Blame History

---
page_title: terraform taint command reference
description: |-
The `terraform taint` command marks specified objects in the Terraform state as tainted.
---
⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️
> [!IMPORTANT]
> **Documentation Update:** Product documentation previously located in `/website` has moved to the [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs) repository, where all product documentation is now centralized. Please make contributions directly to `web-unified-docs`, since changes to `/website` in this repository will not appear on developer.hashicorp.com.
⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️
# `terraform taint` command
The `terraform taint` command marks specified objects in the Terraform state as tainted. Use the `terraform taint` command when objects become degraded or damaged. Terraform prompts you to replace the tainted objects in the next plan you create.
This command is deprecated. Instead, add the `-replace` option to your [`terraform apply` command](/terraform/cli/commands/apply).
## Recommended Alternative
For Terraform v0.15.2 and later, we recommend using the [`-replace` option](/terraform/cli/commands/plan#replace-address) with `terraform apply` to force Terraform to replace an object even though there are no configuration changes that would require it.
```
$ terraform apply -replace="aws_instance.example[0]"
```
We recommend the `-replace` option because the change will be reflected in the Terraform plan, letting you understand how it will affect your infrastructure before you take any externally-visible action. When you use `terraform taint`, other users could create a new plan against your tainted object before you can review the effects.
## Usage
```
$ terraform taint [options] <address>
```
The `address` argument is the address of the resource to mark as tainted.
The address is in
[the resource address syntax](/terraform/cli/state/resource-addressing),
as shown in the output from other commands, such as:
- `aws_instance.foo`
- `aws_instance.bar[1]`
- `aws_instance.baz[\"key\"]` (quotes in resource addresses must be escaped on the command line, so that they will not be interpreted by your shell)
- `module.foo.module.bar.aws_instance.qux`
This command accepts the following options:
- `-allow-missing` - If specified, the command will succeed (exit code 0)
even if the resource is missing. The command might still return an error
for other situations, such as if there is a problem reading or writing
the state.
- `-lock=false` - Disables Terraform's default behavior of attempting to take
a read/write lock on the state for the duration of the operation.
- `-lock-timeout=DURATION` - Unless locking is disabled with `-lock=false`,
instructs Terraform to retry acquiring a lock for a period of time before
returning an error. The duration syntax is a number followed by a time
unit letter, such as "3s" for three seconds.
For configurations using the [HCP Terraform CLI integration](/terraform/cli/cloud) or the [`remote` backend](/terraform/language/backend/remote) only, `terraform taint`
also accepts the option
[`-ignore-remote-version`](/terraform/cli/cloud/command-line-arguments#ignore-remote-version).
For configurations using
[the `local` backend](/terraform/language/backend/local) only,
`terraform taint` also accepts the legacy options
[`-state`, `-state-out`, and `-backup`](/terraform/language/backend/local#command-line-arguments).
Reference in a new issue View git blame Copy permalink