pulumi-destroy

Destroy all resources in the current stack

$ pulumi destroy

$ pulumi destroy [[-s|--stack]] [stack]

$ pulumi destroy [[-y|--yes]]

$ pulumi destroy --exclude-protected

$ pulumi destroy --remove

$ pulumi destroy --continue-on-error

pulumi destroy [stack] [options]

[stack]
    The name of the stack to destroy. If omitted, the currently selected stack will be used.

--yes
    Skip the confirmation prompt and proceed with the destroy operation automatically. Use with extreme caution, especially in automated scripts.

--force
    Force deletion of protected resources. By default, Pulumi prevents accidental deletion of resources marked as protected. This flag overrides that protection. Use with extreme caution.

--target
    Specify one or more resource URNs (Uniform Resource Names) to selectively destroy only those resources. Can be specified multiple times.

--target-dependents
    When used with --target, also destroys resources that depend on the specified targets, even if they are not explicitly targeted themselves.

--exclude-protected
    Do not destroy resources that are marked as protected. This is the default behavior, but this flag explicitly reiterates it.

--message
    Attach an optional message to the destroy operation, which will be recorded in the stack's history.

--parallel
    Allow up to this many resource operations to run in parallel. Defaults to 15.

--diff
    Display a full diff (detailed changes) of the resources that will be destroyed, not just a summary. This is the default behavior for destroy.

--refresh
    Perform a state refresh operation before executing the destroy, ensuring the Pulumi state is in sync with the actual cloud provider state.

--skip-preview
    Skip the interactive preview step and directly prompt for confirmation to destroy. Does not skip the final confirmation if --yes is not used.

--expect-no-changes
    Return an error if any changes are detected during the destroy operation preview. Useful in CI/CD to ensure idempotency or no unintended side effects.

--json
    Emit output as JSON. Useful for programmatic consumption.

The pulumi destroy command is used to tear down all resources managed by a specific Pulumi stack within your cloud provider. When executed, Pulumi performs a preview to show which resources will be destroyed, prompting for confirmation before proceeding. This operation is irreversible and removes the infrastructure defined in your Pulumi program from the cloud, along with the corresponding state entries in the Pulumi state file. It is crucial to use this command with caution, especially in production environments, as it permanently deletes resources. The command interacts directly with your configured cloud provider (e.g., AWS, Azure, GCP, Kubernetes) using your credentials to delete the provisioned infrastructure. It is an essential part of the Pulumi lifecycle, allowing developers to clean up resources after development, testing, or when an environment is no longer needed.

The pulumi destroy command performs an irreversible operation that permanently deletes cloud resources.
Data Loss: Any data stored within the destroyed resources (e.g., databases, storage buckets) will be lost. Ensure backups are taken if necessary.
Dependency Conflicts: If resources managed by Pulumi have external dependencies not managed by the same stack, deleting them might break other systems.
Protected Resources: Use the --force flag with extreme caution, as it overrides built-in protections against accidental deletion of critical resources. It is recommended to understand the implications of this flag.
Cloud Credentials: The command requires valid cloud provider credentials configured in your environment to perform actions.
State File: While destroy removes resources from the cloud, the stack's state file will still exist (though empty of resources). To remove the stack entirely, follow up with pulumi stack rm.

By default, pulumi destroy presents a detailed preview of all resources to be destroyed and prompts for explicit confirmation before proceeding. This interactive step is a critical safety measure to prevent accidental deletion of infrastructure. To bypass this prompt for automation purposes, the --yes flag can be used.

Pulumi allows users to mark resources as 'protected' in their program using resource options. This mechanism prevents accidental deletion of critical infrastructure. If a protected resource is part of a destroy operation, Pulumi will halt unless the --force flag is explicitly used. Conversely, the --exclude-protected flag can be used to ensure protected resources are never touched during a destroy.

Pulumi, Inc. was founded in 2017, introducing its open-source Infrastructure as Code (IaC) framework in 2018. From its inception, the pulumi destroy command has been a fundamental component of the Pulumi CLI, reflecting the complete lifecycle management philosophy for cloud infrastructure. It was designed to provide a safe and controlled way to decommission resources, building upon the declarative principles established by other IaC tools but extending them with general-purpose programming languages. Its development has focused on robustness, preview capabilities, and providing clear user prompts to prevent accidental deletions, evolving with features like resource protection and targeted destruction to enhance user control and safety.

pulumi up, pulumi preview, pulumi refresh, pulumi state, pulumi stack rm, terraform destroy (conceptual)