Terraform
Destruction and Deletion
Terraform Cloud workspaces have two primary delete actions:
- Destroying infrastructure deletes resources managed by the Terraform Cloud workspace by triggering a destroy run.
- Deleting a workspace deletes the workspace itself without triggering a destroy run.
In general, you should perform both actions in the above order when destroying a workspace to ensure resource cleanup for all of a workspace's managed infrastructure.
Destroy Infrastructure
Destroy plans delete the infrastructure managed by a workspace. We recommend destroying the infrastructure managed by a workspace before deleting the workspace itself. Otherwise, the unmanaged infrastructure resources will continue to exist but will become unmanaged, and you must go into your infrastructure providers to delete the resources manually.
Before queuing a destroy plan, enable the Allow destroy plans toggle setting on this page.
Automatically Destroy
You can schedule a run to destroy all resources in a workspace at a specific date and time. This ephemeral workspace entitlement reduces your infrastructure spend by helping you automatically destroy resources that you only need temporarily, such as development environments.
After Terraform Cloud performs an auto destroy run, it unsets the auto-destroy
flag on the workspace. If you continue using the workspace, you can schedule another future auto destroy run to remove any new resources.
Note: Automatic destroy plans do not prompt you for apply approval in the Terraform Cloud user interface. We recommend only using this setting for development environments.
You can schedule an auto destroy run using the Terraform Cloud web UI, or the workspace API.
To schedule an auto destroy run in Terraform Cloud:
- Navigate to the workspace's Settings > Destruction and Deletion page.
- Under Automatically destroy, click Set up auto destroy.
- Enter the desired date and time. Terraform Cloud defaults to your local time zone for scheduling and displays how long until the scheduled operation.
- Click Confirm auto destroy.
To cancel a scheduled auto destroy run in Terraform Cloud:
- Navigate to the workspace's Settings > Destruction and Deletion page.
- Under Automatically destroy, click Edit next to your scheduled run's details.
- Click Remove.
You can schedule notifications to alert you 12 and 24 hours before an auto destroy run, and to report auto destroy run results.
Delete Workspace
Terraform does not automatically destroy managed infrastructure when you delete a workspace.
After you delete the workspace and its state file, Terraform can no longer track or manage that infrastructure. You must manually delete or import any remaining resources into another Terraform workspace.
By default, workspace administrators can only delete unlocked workspaces that are not managing any infrastructure. Organization owners can force delete a workspace to override these protections. Organization owners can also configure the organization's settings to let workspace administrators force delete their own workspaces.
Data Retention Policies
Define configurable data retention policies for workspaces to help reduce object storage consumption. You can define a policy that allows Terraform to soft delete the backing data associated with configuration versions and state versions. Soft deleting refers to marking a data object for garbage collection so that Terraform can automatically delete the object after a set number of days.
Once an object is soft deleted, any attempts to read the object will fail. Until the garbage collection grace period elapses, you can still restore an object using the APIs described in the configuration version documentation and state version documentation. After the garbage collection grace period elapses, Terraform permanently deletes the archivist storage.
The organization policy is the default policy applied to workspaces, but members of individual workspaces can override the policy for their workspaces. The workspace policy always overrides the organization policy.