Removing invalid state from Terraform#

Terraform keeps a cache of state files in the .terraform directory stored in Terraform Cloud so that it can be accessed by everyone in the organization. For existing resources Terraform has to import the state for a defined resource otherwise it will fail. Sometimes the state is invalid or an API will return an unexpected code and Terraform will fail to proceed.

The example below passed the error from the Cloudflare API via Terraform Cloud to the user but does not indicate the error. After verifying the state manually some resource records were already removed from the zone and triggered an 81044 error. But the state was not removed and Terraform Cloud could not find the resource record to remove from the state database.

$ terraform plan
....
https://app.terraform.io/app/user/workspace/runs/run-8Tf9nJgTlBc145aJ

Waiting for the plan to start...

Terraform v1.1.9
on linux_amd64
Configuring remote state backend...
Initializing Terraform configuration...
cloudflare_record.example-cname: Refreshing state... [id=a0855897b610475638338e4294fc1234]
cloudflare_zone.example: Refreshing state... [id=c297ab60fff965b80a431edfdcef1234]
cloudflare_record.example-google-site-verification: Refreshing state... [id=46d1f92edcba534905fd1eb2a6a01234]
cloudflare_zone_settings_override.example-override: Refreshing state... [id=c297ab60fff965b80a431edfdcef1234]
cloudflare_record.example-cname-www: Refreshing state... [id=36e674c7e79af8e5d9f933dc26811234]

│ Error: Record does not exist. (81044)



...

One option could be to recreate the missing resource record and try to import it again but this is not a good idea. As the state is still in the state database, but the resource record is not in the zone anymore the better option is to remove the invalid state from the state database with the command terraform state rm <resource name>.

$ terraform state rm cloudflare_record.example-cname-www
Removed cloudflare_record.example-cname-www
Successfully removed 1 resource instance(s).

Running the command terraform plan will now detect the missing resource record and will also try to recreate them. It also notices that other objects have been changed and will put them in the defined state again.

$ terraform plan
...
https://app.terraform.io/app/user/workspace/runs/run-7Tf9nJrTlBc145aJ

Waiting for the plan to start...

Terraform v1.1.9
on linux_amd64
Configuring remote state backend...
Initializing Terraform configuration...
cloudflare_zone.example: Refreshing state... [id=c297ab60fff965b80a431edfdcef1234]
cloudflare_zone_settings_override.example-override: Refreshing state... [id=c297ab60fff965b80a431edfdcef1234]

Note: Objects have changed outside of Terraform
...

While these errors are not fatal they can be a sign of a problem with the tooling. On the other side, it also shows that deviations from the expected state can be detected easily and also be corrected. Infrastructure-as-Code solutions like Terraform and Terraform Cloud enable you to create and manage your infrastructure in a single place.