Terraform destroy, should I care? Why do I need it? How can I create such a pipeline in Azure DevOps?
So if you know the answer to the two first questions, you can move directly to my GitHub repo and download terraform destroy pipeline -> link. If you don’t know how to configure terraform pipeline in Azure DevOps check my previous article: https://azureway.cloud/terraform-deploy-pipeline-in-azure-devops.
The short answer to the first question, yes you should! Why?
The main rule in Terraform, if you create a resource in terraform, you must edit/remove it using Terraform. But it should be using a pipeline? Of course not, but you need to:
- have access to terraform state – sometimes the state is stored in private storage, so you cannot access it from your device. Then you need to use some pipeline or jump host
But what will happen when I decide to remove resources from Azure, and state from Azure Storage?
Well, that depends on the type of resource to be removed and the tooling I used. Why? Have you heard about soft delete?
Key Vault has a soft delete feature enables, so when you try to remove KV via Azure Portal it will not be deleted. So if you try to create it again via Terraform, Terraform will show an error that this resource exists.
However, if you destroy the KV via terraform destroy, it will work just fine!
Additionally, Azure Service Bus namespace is removed within 4 hours.
Short recap, if you manage resources using terraform, then you need to handle both edits and deletions by terraform.
Cheers!