Hi all,
I want to destroy all default VPC for entire region, but i don’t want use lambda function or bash or python script. I would like to do it in terraform;
Maybe i will need a little module named destroy
aws_destroy “default-vpc” {
id = vpc-ieiehdkjkf
}
Hi, Terraform doesn’t work like that. and modules are not “functions”.
Terraform should have created the resource (VPC, in this case) to destroy it.
(or atleast it should be made to believe 
that it has created the resource)
*** You can always import an existing resource and then delete it.
As the “default vpc” is something that is “already present”, you should import it … using the “terraform import …” commands and then proceed to “terraform destroy” it.
I think you can start by checking the “terraform import …” syntax for the “vpc resource”.
HTH,
Shantanu Gadgil
Hi @DRAKUN,
As @shantanugadgil noted, Terraform is designed to manage only objects that it created, so that you can use it in an account where some objects are managed by other software.
Because Terraform did not create the default VPCs it cannot destroy them. While you could use terraform import to tell Terraform to take ownership of the VPCs, in which case Terraform would then assume it is responsible for managing them moving foward, to do that just to delete them will be a lot of work compared to just a simple script using the AWS CLI or SDK, because that is not a use-case Terraform is designed to deal with. Specifically, you’d need to:
resource "aws_vpc" block into a Terraform configuration with count set to zero.terraform import to import each existing default VPC to an instance index for that resource.terraform apply to have Terraform see that count = 0 and thus there should not be any instances of that resource, and thus plan to destroy them.Step 2 here is not really any simpler than just scripting the AWS CLI, and so this approach doesn’t seem to have any benefit.
While I agree with everything @apparentlymart has said, we’ve added support for this to our cloudposse/awsutils provider by using the awsutils_default_vpc_deletion resource so we can better automate for compliance/remediation. Note, this intentionally violates the principle that terraform should only manage objects that it created.
This is now supported natively with this release Release v4.0.0 · hashicorp/terraform-provider-aws · GitHub
resource "aws_default_vpc" "default" {
force_destroy = true
}
Thanks for sharing that, @osterman!
Indeed, this is an interesting design variant that is slightly unusual compared to most resource types, but is a reasonable pragmatic way to meet this common use-case.
The first unusual thing here is that this resource type allows Terraform to take ownership of an object it didn’t create without explicitly importing it first. The design assumption is that since this resource type is only for taking ownership of that existing object this reduces the typical risk of accidentally making two systems own the same object, although you must still take care to avoid that situation.
The second unusual thing is that this resource type supports declaring that the object shouldn’t exist. Normally Terraform resources are additions to the desired remote system state, but there’s no reason in principle why Terraform can’t take ownership of the space where a particular object would normally be, and make sure it stays deleted on subsequent runs.
These two unusual characteristics call for using this resource type with a little extra care and consideration than might be needed for other resource types, but it’s a concise and pragmatic solution to the problem.