A deposed object occurs when Terraform's "create_before_destroy" lifecycle fails mid-operation, leaving the old resource stuck in state. This happens when resource creation succeeds but destruction fails, or operations are interrupted. Fix by running terraform apply again or manually cleaning up state.
A "deposed object" appears in Terraform when a resource is configured with the "create_before_destroy" lifecycle option and something goes wrong during the replacement process. Normally, Terraform destroys a resource before creating its replacement. However, with "create_before_destroy = true", Terraform reverses this order: it creates the new resource first, then destroys the old one. If the destruction fails or gets interrupted, the old resource becomes "deposed" — it's marked for deletion but still exists in Terraform's state and your actual infrastructure. This mismatch between state and reality is what causes the error. Terraform thinks the resource should be gone, but it's still running. The state file holds two versions of the resource: the new current one and the old deposed one.
The simplest fix is to let Terraform try again. Run:
terraform applyTerraform will attempt to destroy the deposed object in this run. If there were temporary API issues or network problems, this often succeeds. Monitor the output carefully to see if the deposed resource gets cleaned up.
This should be your first attempt — in many cases, transient failures resolve on retry.
Before removing from state, verify the old resource actually exists in your cloud provider:
- Check your AWS/GCP/Azure/etc console for the resource
- Look at resource IDs in terraform state to match them in your provider
- Run terraform show to see current state details
terraform show | grep -A 5 "deposed"This confirms whether the resource is still running or already deleted externally.
If the old resource was manually deleted in your cloud provider but Terraform still thinks it exists, remove it from state:
terraform state rm 'resource_type.resource_name'For example:
terraform state rm 'aws_instance.web_server'Important: This removes BOTH the current and deposed versions from state. Only do this if the resource no longer exists in your infrastructure.
If you removed the resource from state but the infrastructure still exists and you want Terraform to manage it again:
terraform import resource_type.resource_name resource_idFor example:
terraform import aws_instance.web_server i-0123456789abcdef0Check your provider documentation for the correct import syntax for your resource type.
If the resource is too problematic, you can replace it entirely:
1. Remove the resource from state:
terraform state rm 'resource_type.resource_name'2. Manually delete the old resource in your cloud provider
3. Update your Terraform configuration with the new resource definition
4. Run terraform apply to create the new version:
terraform plan
terraform applyThis is the "clean slate" approach when other methods fail.
Understanding create_before_destroy lifecycle:
The "create_before_destroy = true" option is useful for zero-downtime deployments where you need the new resource live before shutting down the old one. However, this introduces complexity: if either step fails, you're left with both resources temporarily.
Preventing deposed objects:
- Avoid interrupting terraform apply operations — if interrupted, the state gets stuck
- Ensure destroy permissions are correct for your service account/IAM role
- Test create-before-destroy in a non-production environment first
- Use state backups before major operations
- Monitor CI/CD logs for timeout issues that cause interruptions
Multiple deposed objects:
If you have multiple deposed resources, you may need to clean them up individually. Run terraform plan to see all deposed instances, then address each one.
State file recovery:
Terraform creates a backup at terraform.tfstate.backup before each state modification. If you accidentally corrupt state during cleanup, you can restore from this backup (local state only, not for remote backends).
Error: Error installing helm release: cannot re-use a name that is still in use
How to fix "release name in use" error in Terraform with Helm
Error: Error creating GKE Cluster: BadRequest
BadRequest error creating GKE cluster in Terraform
Error: External program failed to produce valid JSON
External program failed to produce valid JSON
Error: Unsupported argument in child module call
How to fix "Unsupported argument in child module call" in Terraform
Error: network is unreachable
How to fix "network is unreachable" in Terraform