How to disable AWS instance destroy with Terraform?

Techniques to prevent infrastructure destroy in Terraform by protecting selected instances and resources from being accidentally destroyed.

Protect your AWS infrastructure in Production from accidental deletion

Deleting infrastructure is perfectly normal during development, but once you are in production it is important to protect some instances and resources from being accidentally destroyed by Terraform.

Updates:

  • 2020 Jul 03: Updated to Terraform 0.12

Some might say that since we are using Terraform and infrastructure as code, the infrastructure can be recreated in minutes (depending on size and Cloud provider speed), and that is true, so it is not a problem to delete an instance, a database or a VPN, but I believe that once you are in production, it is not acceptable to have your systems and applications down.

Recreating an instance is really easy and a fast operation using AWS and Terraform, but then you have to install software, configure and deploy the application, maybe load data from backup and that can be really time consuming.

In a world of micro-services and cloud-native applications, adding instances and removing them from the pool is fast and desirable, but not everything is a micro-service or has many clones for high availability and fail-over.

Think for example in a Cassandra node or an Elasticsearch node, or a traditional Database node.

Your responsibility is to protect those nodes and only in the case of a hard failure or a planned maintenance replace them.

How to prevent infrastructure destroy in Terraform

How do you protect AWS instances from being destroyed by Terraform, or by a user through the AWS control panel or other tools?

AWS instances have some configuration properties for this:

  • Preserve AWS EBS volumes on Termination
  • Enable AWS EC2 Instance Termination Protection
  • Enable AWS RDS instance Deletion protection (Available Sep 2018)

By default, all AWS EBS root device volumes are deleted when the instance terminates. EC2 and RDS instances can be terminated using the AWS API or the AWS control panel.

To change this behavior, in Terraform I like to include a global variable that indicates if the infrastructure is in production or not.

terraform.tfvars

is_production = false

The variable is_production will be false during the development of Terraform plans and will be changed to true as soon as the infrastructure is in production or live.

Disable EC2 instance deletion

When creating instances, the value of is_production will be used to set the disable_api_termination and delete_on_termination arguments as shown on the example.

aws_ec2_pro_srv1234.tf

resource "aws_instance" "srv1234" {
 ....
 disable_api_termination = var.is_production ? true : false
 instance_initiated_shutdown_behavior = "stop"
 ...
 root_block_device {
 ...
 delete_on_termination = var.is_production ? false : true
}
...
}

If this configuration is in place, the is_production variable is true and the infrastructure has been deployed, you will have to use the AWS console or edit your Terraform resources to change the values of instance_initiated_shutdown_behavior to be able to destroy the instances.

A third configuration property sets the behavior for an instance shutdown, the default behavior is to stop the instance but it can be changed to destroy if needed.

Disable RDS instance deletion

It is also possible to prevent the deletion of a database instance by using de property deletion_protection. The default value of the property if unspecified is false.

aws_rds_pro_rds789.tf

resource "aws_db_instance" "rds789" {
 ....
 deletion_protection  = var.is_production ? true : false
 ...
}

The new functionality to prevent database deletion was included by AWS on Sep 26, 2018.

Controlling these variables can avoid many problems, like when having a Multi-AZ RDS database that has changed availability zone for maintenance or an upgrade from what is specified in Terraform local state. In this case, Terraform thinks that the database needs to be recreated, in the “configured” availability zone and proceeds to destroy the database if the plan is applied. Having deletion_protection enabled will prevent the deletion.

AWS Terraform module
AWS Tutorials
,
Table of Contents
Primary Item (H2)Sub Item 1 (H3)Sub Item 2 (H4)
Sub Item 3 (H5)
Sub Item 4 (H6)

Related Cloud Tutorials

AWS Security Groups’ Best Practices
AWS Security Groups are virtual firewalls that control inbound and outbound traffic to and from Amazon Web Services (AWS) resources, such as EC2 and RDS instances.
AWS and Terraform Naming Best Practices
Terraform and AWS resource naming should follow a company standard. Each company has different requirements and the standard should be adjusted.
How To Debug Terraform
Enable Terraform debug Terraform uses the value from the environment variable TF_LOG to define the LOG level. Available values are TRACE, DEBUG, INFO, WARN or ERROR. Additionally, you can specify a destination file for the log by setting the environment variable TF_LOG_PATH to the full path of the desired destination. Set the debug variables and […]
AWS Tagging Best Practices
Effective infrastructure resource tagging can greatly improve management, IaC, monitoring and cost visibility in AWS.
How to Deploy Applications in Kubernetes using Terraform
How to publish multiple replicas of an Application (from the Docker Registry) and create a NodePort in Kubernetes using Terraform (in 10 seconds)
Terraform logo
HCL
HashiCorp Configuration Language HCL is a domain-specific language developed by HashiCorp, a company known for its infrastructure automation tools such as Terraform, Vault, Consul, and Nomad. HCL is designed specifically for writing configuration files that define infrastructure components and their settings. It is used in HashiCorp’s suite of tools to create and manage infrastructure as […]
AWS Terraform module
IaC
Infrastructure as Code IaC is an approach to managing and provisioning computing infrastructure through machine-readable code and automation, rather than manual processes. In IaC, infrastructure is defined, configured, and managed using code, which can be version-controlled and treated like any other software application. IaC involves: IaC provides several benefits, including improved efficiency, reduced manual errors, […]
AWS S3
AWS S3, is a highly scalable and durable object storage used for data storage, backup, content distribution, data archiving, and as a foundation for building cloud-native applications.
AWS EC2
Amazon Elastic Compute Cloud, is a web service offered by Amazon Web Services (AWS) that provides resizable and scalable compute capacity in the cloud. In simple terms, AWS EC2 allows you to launch and manage virtual machines, known as instances, in the AWS cloud.
AWS AMI
AWS AMI, or Amazon Machine Image, is a pre-configured virtual machine image used to create and launch Amazon Elastic Compute Cloud (EC2) instances
1 2 3

Javier Ruiz

IT Wonder Lab tutorials are based on the rich and diverse experience of Javier Ruiz, who founded and bootstrapped a SaaS company in the energy sector. His company, which was later acquired by a NASDAQ traded company, managed over €2 billion per year of electricity for prominent energy producers across Europe and America. Javier has more than 20 years of experience in building and managing IT companies, developing cloud infrastructure, leading cross-functional teams, and transitioning his own company from on-premises, consulting, and custom software development to a successful SaaS model that scaled globally.

One comment on “How to disable AWS instance destroy with Terraform?”

Leave a Reply

Your email address will not be published. Required fields are marked *


linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram