Skip to content
Latchkey

terraform taint: Usage, Modern Replacement & CI Errors

Force a resource to be recreated on the next apply.

terraform taint marks a resource for recreation. It is deprecated in favor of the planning-time -replace option, which is safer because you review the plan before anything is destroyed.

What it does

Tainting flags a resource as degraded so the next apply destroys and recreates it. The standalone terraform taint mutates state immediately; the modern terraform apply -replace=<address> (and plan -replace) achieves the same recreation but only as part of a reviewable plan.

Common usage

Terminal
# Modern, preferred: recreate as part of a reviewed plan
terraform plan -replace="aws_instance.web"
terraform apply -replace="aws_instance.web"

# Legacy (deprecated) standalone command
terraform taint aws_instance.web

Common error in CI: taint deprecation / address not found

Pipelines on the old command get "The taint command is deprecated. Use the -replace option ..." or "resource ... not found" for a wrong/for_each address. Fix: switch to terraform apply -replace="<address>", quoting bracketed addresses (aws_instance.web[0]). Confirm the address with terraform state list. -replace recreates exactly one instance and shows the destroy/create in the plan for review.

Key options

OptionPurpose
-replace=ADDRForce recreation via plan/apply (preferred)
<address>Legacy taint target

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →