How to Remove a Resource from terraform state when it no longer exists and causes errors during runs in TFE

Introduction-:

This article outlines the step-by-step procedure to safely remove a Terraform-managed resource from the state in Terraform Enterprise (TFE)/HCP Terraform when the resource no longer exists in the actual cloud infrastructure, but is still exist in the Terraform state and causing error during refresh and its not getting removed from state file automatically. This scenario commonly results in errors during the terraform plan or terraform apply phases due to stale or invalid resource references.

Example -: This can happen with any resource and with any error during plan phase.

You might encounter an error similar to the following:

Error when reading or editing ComputeResourcePolicy "projects/example-project/regions/us-central1/resourcePolicies/sample-resource-policy-invalid": googleapi: Error 400: Invalid value for field 'resourcePolicy': 'sample-resource-policy-invalid'. Must be a match of regex '[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}', invalid

In this case, a google_compute_resource_policy named sample-resource-policy-invalid did not conform to the required naming conventions defined by GCP. The user corrected the name to a valid format in the Terraform configuration. However, the error persisted because the invalid policy reference was still present in the Terraform state, even though the actual resource had already been deleted in the cloud environment and not present in code as well .

Note - You may receive any other error as well , above one is just for example .
 

Prerequisites 

• Confirmation that the resource no longer exists in the infrastructure Or code and is safe to remove from Terraform state

Expected Outcome

The invalid resource (e.g., a google_compute_resource_policy with an outdated name) will be removed from the Terraform state. After removal, future Terraform runs in TFE will no longer fail due to this resource, and state refreshes will complete without errors.

Procedure

Step 1-: Terraform by default refreshes the state before plan and apply, which will fail if the resource is unreadable or invalid.

To prevent this, add the following environment variables in your TFE workspace:

TF_CLI_ARGS_plan="-refresh=false"
TF_CLI_ARGS_apply="-refresh=false"

These will disable automatic refresh during both plan and apply stages.

Step 2 -: Limit Terraform's action to the specific resource type you want to remove using TF_CLI_ARGS environment varibale .

Example - Add this environment variable in TFE workspace:

TF_CLI_ARGS="-target=<resource address>"

This tells Terraform to only evaluate the targeted resource during execution.

Step 3 -: Add the removed block in the code to remove the resource from the state . Modify the Terraform Configuration 
Remove the resource block from your existing Terraform configuration and replace it with the removed block. 

removed {
from = null_resource.null
}

- from: Specifies the address of the resource you are removing (e.g., aws_instance.example).

Now perform the TF plan , evaluate the plan and make sure it is same as per expectation and do the TF apply .
 

Additional Information

• https://www.hashicorp.com/en/blog/new-terraform-planning-options-refresh-false-refresh-only-replace
• https://support.hashicorp.com/hc/en-us/articles/360043619873-How-to-Target-Resources-in-a-Run
• https://developer.hashicorp.com/terraform/cli/config/environment-variables#:~:text=TF_CLI_ARGS_plan%3D%22%2Drefresh%3Dfalse%22