Skip to main content

Remove Infra with the Terraform Destroy step

This topic describes how to add a Terraform Destroy step to remove any provisioned infrastructure, just like running the terraform destroy command. See destroy from Terraform.

The Terraform Destroy step is independent of any other Terraform provisioning steps. It's not restricted to removing the infrastructure deployed in its stage. It can remove any infrastructure you've provisioned using Harness.

Before You Begin

Important: Install Terraform on Delegates

Terraform must be installed on the Delegate to use a Harness Terraform Provisioner. You can install Terraform manually or use the INIT_SCRIPT environment variable in the Delegate YAML.

See Build custom delegate images with third-party tools.

# Install TF  
curl -O -L
mv ./terraform /usr/bin/
# Check TF install
terraform --version

Review: What Gets Destroyed?

When you add Terraform Plan and Apply steps, you specify the Terraform script that Harness will use for provisioning. You add a Provisioner Identifier to each step to identify the provisioning.

When you destroy the provisioned infrastructure, you specify the same Provisioner Identifier in the Terraform Destroy step. The Provisioner Identifier enables Harness to locate the same Terraform script used for provisioning.

Step 1: Add the Terraform Destroy Step

You can add the Terraform Destroy step in the following places:

  • The Execution steps of a stage.
  • The steps of an Infrastructure's Dynamic Provisioning section.
  • The Rollback steps of a stage's Execution or Infrastructure using Dynamic Provisioning.

In Name, enter a name for the step. You can use the name to reference the Terraform Destroy settings.

Step 2: Configuration Type

There are three options:

  • Inline: Removes the provisioned resources you identify using Provisioner Identifier and other settings.
  • Inherit from Plan: Removes the resources defined in the Harness Terraform Plan step that you identify using Provisioner Identifier. Similar to terraform plan -destroy.
  • Inherit from Apply: Removes the resources defined in the Harness Terraform Apply step that you identify using Provisioner Identifier. Similar to terraform destroy.

Step 3: Reference the Provisioner Identifier

In Provisioner Identifier, enter the same Provisioner Identifier you used in the Terraform Apply step that provisioning the resources you want to destroy.

Click Apply Changes.

The Terraform Destroy step is added.

Command line options


Currently, the Terraform command line option is behind the feature flag CDS_TERRAFORM_CLI_OPTIONS_NG. Contact Harness Support to enable the feature.

This setting allows you to set the Terraform CLI options for Terraform commands depending on the Terraform step type. For example: -lock=false, -lock-timeout=0s.

Skip Terraform Refresh

Terraform refresh command won't be running when this setting is selected.

Working directory cleanup

Each Terraform step runs in a specific working directory on the delegate.

The Terraform working directory is located at /opt/harness-delegate/./terraform-working-dir/.

To that directory path, Harness adds additional directories that are named after the organization, account, project, and provisionerId (from the step) such that the final working directory is /opt/harness-delegate/./terraform-working-dir/org-name/account-name/project-name/provisionerId/.

In this final working directory, Harness stores the Terraform configuration and all fetched files such as var-files and backend-config.

Once the Terraform step execution is complete, Harness cleans up the main working directory /opt/harness-delegate/./terraform-working-dir/.

If you generate any local resources on the delegate in the directory where Terraform configurations are located, those resources are also removed. If you need those resources, make sure to generate them outside the Terraform working directory.

Terraform variable files

You can specify Terraform variables inline and fetch remote variable files during run time. For more information, go to Specify Terraform variables.

See Also