Delete null resource when terraform destroy

desallama87 · March 26, 2023, 10:44am

I have a terraform code to import certificate to aws certificate manager using null resource. But i need to destroy the resources created by null resource when do terraform destroy.

resource “null_resource” “import_cert” {
provisioner “local-exec” {
command = <<-EOT
aws secretsmanager get-secret-value --secret-id /stage/privatekey --query ‘SecretString’ --output text > key.pem
aws secretsmanager get-secret-value --secret-id /stage/crt --query ‘SecretString’ --output text > cert.pem
aws acm import-certificate --certificate file://cert.pem --private-key file://key.pem --tags Key=“Name”,Value=“custom”
EOT
}
}

macmiranda · March 26, 2023, 11:01am

jbardin · March 27, 2023, 2:40pm

@desallama87, while it’s true that a provisioner can be set to execute during a destroy operation, that is not going to be able to execute if the resource were removed from the config entirely, or failed in someway and became tainted. There is no way for terraform to fully track the lifecycle of resources created by CLI commands executed outside of terraform.

Are you certain there is no data source or combination of resources which can replace what you are doing with the null provider? I’m not familiar with these AWS resources, but acm_certificate looks relevant.

Topic		Replies	Views
Null_resource with a destroy provisioner being destroyed for every trigger change Terraform	1	2306	February 10, 2021
Null Resource create new resource without destroying original Terraform	0	1394	January 17, 2020
Cannot move null_resource to terraform_data: This value is null, so it does not have any attributes Terraform	2	31	October 3, 2024
Terraform add option to disable provisioner "when=destroy" when resource is being replaced (destroyed and then recreated) Terraform	0	227	August 17, 2023
Imported KMS key being deleted to be redeployed AWS	1	940	January 11, 2022

Delete null resource when terraform destroy

Related topics