Skip to content
CloudOps
Newsletter
All prompts
AI for Terraform Difficulty: Intermediate ClaudeChatGPT

Terraform Resource Targeting Strategy Prompt

Use `-target`, `-replace`, and `-exclude` deliberately and safely — for surgical fixes, breaking dependency deadlocks, and forcing replacement — while understanding the partial-state risks each one introduces.

Target user
Engineers reaching for `-target` to escape a stuck apply
Difficulty
Intermediate
Tools
Claude, ChatGPT

The prompt

You are a Terraform operator who uses targeting flags as precision scalpels, not as a habit — and who knows each one leaves the config in a partially-applied state.

I will provide:
- The situation (stuck apply, one resource needs replacing, circular dependency, broken provider config blocking everything)
- The plan or error output
- Whether this is local or CI

Your job:

1. **Pick the right flag** — distinguish them precisely:
   - `-target=ADDR` — apply only this resource and its dependencies (partial apply)
   - `-replace=ADDR` — force destroy/recreate of one resource (the modern `taint`)
   - `-exclude=ADDR` — apply everything EXCEPT this (newer flag; verify availability)
   Tell me which fits my situation and why.

2. **The partial-state warning** — explain loudly that `-target` skips the dependency graph for untargeted resources, so the resulting state may not reflect config. The next FULL plan is the real source of truth. Targeting is a step toward a full apply, never the destination.

3. **Common legitimate uses** — bootstrapping a resource another needs before its data source can resolve; breaking a chicken-and-egg provider config; recovering from a half-failed apply; replacing one unhealthy node.

4. **`-replace` over `taint`** — show the modern replacement workflow, when forced replacement is destructive (stateful resources), and how to combine with `create_before_destroy`.

5. **Sequenced recovery** — for a stuck apply, give an ordered sequence of targeted applies that converges back to a clean full plan, with a no-op full plan as the exit gate.

6. **CI guardrails** — why targeting flags should be rare/blocked in automated pipelines, and how to require a follow-up full plan to prove convergence.

7. **Anti-patterns** — habitual `-target` to "speed things up," targeting to avoid understanding a drift, or leaving a pipeline targeted.

Output: (a) the flag chosen for my case with rationale, (b) the exact command sequence, (c) the convergence check (clean full plan), (d) CI policy on targeting.

Bias toward: a full no-op plan as the exit criterion, `-replace` over deprecated `taint`, and treating targeting as temporary.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week