Skip to content

Instantly share code, notes, and snippets.

Created January 19, 2016 18:48
  • Star 22 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Terraform: taint all resources from one module
for resource in `terraform show -module-depth=1 | grep module.${module} | tr -d ':' | sed -e 's/module.${module}.//'`; do
terraform taint -module ${module} ${resource}
Copy link

makennedy-clgx commented Aug 21, 2019

Version that also allows for exceptions to what gets taint and some helpers to make the cmd a little nicer to deal with


array_contains () {
    local array="$1[@]"
    local seeking=$2
    local in=1
    for element in "${!array}"; do
        if [[ ${seeking} == *"${element}"* ]]; then
    return $in

if [ -z "$1" ]; then
    echo "Current modules"
    terra state list | grep "\.module\." | cut -f 2 -d "." | sort | uniq
    echo "----"
    echo "Enter module to taint"
    read module

excluded_resources=('google_compute_address.ip_address' 'google_compute_disk')

echo "Tainting all resources in ${module} excluding ${excluded_resources[*]}"
read -p "Press [Enter] key to start..."

for resource in $(terraform state list |                    # Get a list of all the 'resources'
                    grep "^module.${module}" |          # Filter to the specific module
                    grep -v "\.module\." |              # Ignore sub modules
                    sed "s/module\.${module}\.//g" |    # replace the module.* to get resource sans module prefix
                    sed -E "s/\[(.*)\]/.\1/g"           # replace the [#] suffix with .# (needed by taint command)
                    ); do
	if array_contains excluded_resources ${resource}; then
		echo "<<< Skipping ${resource} >>>"
	    echo "--- Tainting ${resource} ---"
	    bash -c "terraform taint --module=${module} `echo ${resource} | tr -d '[:space:]'`"

Copy link

Invading this gist with 😱 POWERSHELL! :trollface:

 ~\source\terraform show | Select-String -Pattern "module.ingress.([\-\.\w]+)" | %{ $_.Matches[0].Groups[1].Value } | ?{ -Not $_.StartsWith("data.") } | %{ ~\source\terraform.exe taint "module.ingress.$_" }

Copy link

deadanon commented Sep 8, 2020

For the lazy 1 liner crowd

for x in $(terraform state list | grep module.name_to_search); do terraform taint $x; done

Copy link

A bit late, but this still pops up on google:

terraform state list | grep module.module_name | xargs -n1 terraform taint

Copy link

| xargs -n1 terraform taint

Very nice, just want I was looking for. Thanks

Copy link

For those who needs a makefile recipe:

taint_module: ## Recreate entire module `MODULE="module.cassandra-cluster" make taint_module`
	for resource in `terraform state list | grep module.${MODULE}`; do terraform taint $$resource; done

Copy link

terraform state list|grep <MODULE_FULL_PATH> | xargs terraform taint ; terraform plan -out plan; terraform apply plan -auto-approve

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment