This error occurs when Terraform detects that a resource is in a degraded or incomplete state and must be destroyed and recreated. Learn how to handle tainted resources and fix this issue.
When Terraform marks a resource as tainted, it means the resource exists in your infrastructure but may not be fully functional or has become corrupted. Terraform automatically marks resources as tainted when it detects incomplete creation (such as failed provisioner commands) or infers that an object is in a degraded state. During the next terraform apply, Terraform will destroy and recreate the tainted resource to restore it to a known-good state.
Run terraform plan to see which resource is tainted and review the logs to understand why. Look for provisioner failures or API errors.
terraform planAllow Terraform to replace the tainted resource by running apply. This will destroy and recreate it.
terraform applyFor Terraform 0.15.2+, use the -replace flag to replace a specific resource without affecting others. Preview the changes first with plan:
terraform plan -replace="aws_instance.example"
terraform apply -replace="aws_instance.example"If you believe Terraform incorrectly marked the resource as tainted, remove the taint mark:
terraform untaint aws_instance.exampleNote: The taint command is deprecated since Terraform 0.15.2. Use -replace flag instead.
If provisioners are failing, review and fix the provisioner scripts. Ensure:
- Provisioner commands are idempotent and error-free
- Network connectivity is available when provisioners run
- Required software/tools are installed on the target resource
- Scripts handle edge cases and failures gracefully
If a resource continues to fail creation repeatedly, consider using lifecycle rules to handle failures gracefully. The lifecycle { create_before_destroy = true } option can help prevent state inconsistencies. For module resources, reference them with the full path: terraform replace 'module.my_module.aws_instance.example'. If you need to manually fix state issues, use terraform state rm to remove a resource entirely and terraform import to re-import it from your infrastructure.
Error: Error installing helm release: cannot re-use a name that is still in use
How to fix "release name in use" error in Terraform with Helm
Error: Error creating GKE Cluster: BadRequest
BadRequest error creating GKE cluster in Terraform
Error: External program failed to produce valid JSON
External program failed to produce valid JSON
Error: Unsupported argument in child module call
How to fix "Unsupported argument in child module call" in Terraform
Error: network is unreachable
How to fix "network is unreachable" in Terraform