This post is mainly a reminder to myself, but if you work with terraform and AWS it might help you too. This is specific to storing the state file in an s3 bucket and using dynamodb.
Say you decide to completely reset a terraform project. All AWS resources had been deleted outside of terraform and now you just need to delete the state file in s3 so you can start all over.
aws s3 rm s3://tf-bucket/state/bounce-project.tfstate
This is based on this terraform backend config:
| |
Now you take your clean setup and run terraform init and
get something like this:
1 2 3 4 5 6 7 8 9 10 11 | Initializing the backend... Successfully configured the backend "s3"! Terraform will automatically use this backend unless the backend configuration changes. Error refreshing state: state data in S3 does not have the expected content. This may be caused by unusually long delays in S3 processing a previous state update. Please wait for a minute or two and try again. If this problem persists, and neither S3 nor DynamoDB are experiencing an outage, you may need to manually verify the remote state and update the Digest value stored in the DynamoDB table to the following value: |
Ruh-roh. There’s something in dynamodb you need but how the heck do you query dynamodb? And what do you query?
Well, the short answer is this:
| |
And then to delete it, you do this:
| |
The value of LockID is made up of <bucket>/<key>-md5 with bucket
and key being from the backend "s3" stanza of the terraform backend
config. Stored with that is an expected md5 digest of the terraform
state file.
To get a full view of the table just run aws --region $region dynamodb
scan --table-name tf-bucket-state-lock and it will dump all the values.