Clean command : Remove S3 bucket and DynamoDB table

[qrevel]

Terragrunt is a really nice wrapper to automate the creation of S3 bucket and DynamoDB table.
I'm actually using terragrunt to spawn demo enviroment for different development teams. So each team has access to one or multiple demos environment with similar configuration.
Each demo has its own stack (S3 bucket, DynamoDB table, and Terraform configuration).
Once the demo is finished, I need to clean all the stack.
Unfortunately, I was unable to find any command to clean everything, even the bucket and the table.

Thanks

[brikis98]

Hm, I wonder how common of a use case this would be? Usually, Terraform state and locks are important info, so I wouldn't expect it to be deleted too often. On the other hand, for experimenting, learning, and testing, it would be nice to have an easy way to clean up, so I guess I'm not against a terragrunt-clean command. PRs welcome :)

[ryan-dyer-sp]

Would prefer that the clean only clean specific keys from the bucket related to what was created, not the entire bucket.

[qrevel]

Agree with @ryan-dyer-sp for the default clean behavior. Maybe a --bucket option to also clean the bucket

[tomdavidson]

I want a backend destroy function. The case is for review apps - short lived stage envs that have a 1:1 relationship with a feature branch in trunk-based workflow. Each review app gets its own backend and does not share a backend with other envs.

br, tom

[nilsmeyer]

One possible issue with this is that you can use the same bucket and dynamodb table for multiple terraform states. You can make this safe by checking whether the bucket is empty or you just trust the user to know what they're doing - possibly with a --yes-i-know-what-i-am-doing-nuke-it-please flag.

[Tensho]

Have the same case for short-lived preview apps.

[evya123]

Anything new about this feature? Would be very handy when experimenting

[sergibarroso-datarobot]

+1

[mjozefcz]

+1

[dmytronasyrov]

+1

[YKolokoltsev]

+1

[wosiu]

I achieved exactly that by adding to terragrunt.hcl - in my case I want to remove only a bucket key (a directory) in a bucket and not whole bucket, but this approach can be generalised to whatever you need.

terraform {
  // This is optional cleanup step, it removes remote state after destroying a project (by default terraform keeps the empty state).
  //   Especially helpful for ephemeral deployments, which otherwise would pile up non-used directories in the bucket.
  after_hook "remove remote state file" {
    commands     = ["destroy"]
    execute      = ["aws", "s3", "rm", "s3://${local.bucket_name}/${local.bucket_dir}", "--region", "${local.bucket_region}", "--recursive"]
  }
}

That said, I agree that builtin terragrunt flag would be better, because the above approach requires availability of aws cli and aws creds available for a subprocess, which might not be the case in some setups.

[yhakbar]

We're adding a dedicated backend command as part of the CLI Redesign in #3445.

Currently, the RFC only explores adding the ability to explicitly flush out state related to a particular unit with the following:

terragrunt backend delete

But we could theoretically have something like:

terragrunt backend explode

or

terragrunt backend nuke

The risks involved with programmatically destroying backends is non-trivial, so we'll want to be careful when introducing this capability.

[aslafy-z]

A safer alternative could be a terragrunt backend relocate that would first retrieve the state locally, then remove the remote state.
This way, it is the responsibility of the operator to rm -f the tfstate.