Is it possible to change the destroy order?

Step 1 - I create a cdn in azure
Step 2 - I create a dns on amazon pointing to the cdn’s cname
Step 3 - I create a custom domain

(this above works perfectly for creating)

however to destroy the error
because I would have to destroy the dns first, the destroy order should be

Step 2 destroy the dns
Step 3 destroy the custom domain
Step 1 destroy the cdn

is it´s posible?

Hi @marciojsilva,

There’s no way to arbitrarily re-order the resource destruction, as it is defined by being the inverse of the order of creation. There is the create_before_destroy lifecycle option, but that only inverts the order of operations between create/update and destroy.

It would be highly unusual for 2 resources to require being both created and destroyed in the same order if there were a true dependency between the two. Can you show an example of the configuration for these resources?

Hi jbardin, thanks your help

create_before_destroy lifecycle i don’t think it will work here

the idea is as follows

Step 1 - I create the CDN in Azure
Step 2 - I create the CDN EndPoint
Step 3 - to create the Endpoint’s Custom Domain, I need to create a dns, and my provider is on Amazon, after creating this DNS I can create the custom domain

to destroy
If I try to destroy the CDN directly(terraform destroy),
it says that first I need to delete the DNS, so here my problems begin, if I go and delete the record directly on the portal, I can do it
destroy, if it doesn’t, it doesn’t destroy the CDN

I get a message like this
deleting “custom Domain: cannot delete custom domain. please remove the DNS CNAME records and try again”

Can I create 2 tfstate in the same code?

because I can create a delete CI pointing to separate tfstate

if it doesn’t work, i’m thinking about using amazon cli and deleting the record before terraform destroy

It’s hard to say exactly what is going on here without actual configuration to see. Some resources do have unusual behaviors, so it isn’t entirely impossible that the custom domain requires dns but cannot be deleted before the dns entry. It still seems very unusual, and may be worth bringing up with the provider to see if they can work around it in some way if this is really the case.

It will take some scripting to work around the described situation. You cannot currently manage multiple states from a single plan+apply workflow, so multiple terraform steps would be required for that approach. You could also directly call the aws cli like you mentioned, or even try calling it from a destroy-time provisioner on a null_resource (however that has additional drawbacks like only being able to execute once on a complete terraform destroy action).

Thanks @jbardin ,
I made it through Amazon CLI in a CI .

but I’ll try to talk to my provider, to see if there is a way around it.

I was reading on the internet and I saw more people with similar problems, but on different objects, maybe an idea to improve our terraform was to create a destroy_on

Thanks you help

Marcio Silva