Is terraform destroy needed before terraform apply?

That would be pretty non-standard, in my opinion. Terraform destroy is only used in cases where you want to completely wipe your infrastructure. One of the biggest features of terraform is that it can do an intelligent delta of your desired infrastructure and your existing infrastructure and only make the changes needed. By performing a refresh, plan and apply you can ensure that terraform:

1. refresh - Has an up-to-date understanding of your current infrastructure. This is important in case anything was changed manually, outside of your terraform script.
2. plan - Prepares a list for you to review of what terraform intends to modify, or delete (or leave alone).
3. apply - Performs the changes laid out in the plan.

By executing these 3 commands in sequence terraform will only perform the changes necessary, in the order required, to bring your environments in line with any changes to your terraform file.

Where I find destroy to be useful is in non-production environments or in cases where you are performing a restructure that's so invasive that starting from scratch would ensure a safer build.

*There are also edge cases where terraform may fail to understand the correct order of operations (do I modify a security group first or a security group rule?), or it will find itself in a dependency cycle and will be unable to perform an operation. In those cases, however, running destroy is a nuclear solution. In general, I would perform the problem change manually (via command line, or AWS Console, if I'm in AWS), to nudge it along and then run a refresh, plan, apply sequence to get back on track.

No terraform destroy is not needed before terraform apply.

Your Terraform configuration (*.tf and *.tfvars files) describes the desired state of your infrastructure. It says "this is how I want my infrastructure to be."

You use the terraform tool to plan and apply changes to get your infrastructure into the desired state you have described. You can make those changes incrementally without destroying anything.

A typical workflow might be:

• make changes to .tf and .tfvars files
• refresh state
• plan changes
• review the planned changes
• apply those changes

If you wanted to completely destroy that infrastructure you'd use terraform plan -destroy to see what Terraform intends to destroy. If you are happy with that you'd then use terraform destroy to destroy it.

Typically, destroy is rarely used, unless you are provisioning infrastructure for a temporary purpose (e.g., builds) or testing your ability to provision from a clean slate with different parameters. Even then, you could use a count parameter on resources to temporarily provision resources by increasing the count, then decreasing it again when no longer needed.

More comments after @mwielbut's answer.

Instead of option apply + destroy, you need to run terraform with option taint + apply

Normally we don't need run terraform destroy at all. It is a really dangerous option, especially for a production environment.

with option plan and apply, it is good enough to update the infrastructure with code.

But if you do need to destroy some resources and re-build something which is already created, you can use the option of taint, which is the right answer for your question, it is so important and missed in @mwielbut's answer.

The terraform taint command manually marks a Terraform-managed resource as tainted, forcing it to be destroyed and recreated on the next apply.

This command will not modify infrastructure but does modify the state file in order to mark a resource as tainted. Once a resource is marked as tainted, the next plan will show that the resource will be destroyed and recreated and the next apply will implement this change.

Refer:

command taint: https://www.terraform.io/docs/commands/taint.html

a sample of option taint: https://www.terraform.io/docs/modules/usage.html

Terraform destroy destroys all the resources and it is not required if you want to apply incremental changes. Destroy should be only used if you want to destroy the whole infrastructure.

No need to use the destroy command before apply. as long as you are in testing period you can use destroy command or destroy the complete infra you can use destroy command

You can use below flow

terraform init terraform plan terraform apply

if you made any manual changes that needs to update in your state file, use below command to update the state file.

Terrafrom refresh

You don't need to run to terraform destroy . If you have made any changes to you infrastructure, [added/ removed a resource], on next terraform plan & terraform apply, the changes will be reflected automatically

Terraform apply always refreshes the Terraform state, so if you change anything, it auto recognizes the changes, lets say you've updated your NSG rules, added new VM, deleted old VM, so when you run terraform apply again, your old state gets updated with the new state where you've Added/Updated/Deleted.

If you use terraform destroy, it just kills the entire state and you'll be back to the new state if you are running terraform apply.

You need to use terraform destroy only if you think you just want to bring down your infrastructure and you don't really need it.

For minor - major changes like Adding Components, Updating Rules, Deleting other things, you can use plan and apply without any problem.

Simply NO.

You don't need to run terraform apply before terraform destroyو Your terraform (.tf) files describe the state of your infrastructure.

terraform apply always refresh your infrastructure. And it identifies the state of infrastructure and updates it.

terraform destroy only use is to bring down and completely wipe down your infrastructure. (You have to think twice before using it) you can use terraform plan and terraform refresh to ensure the state of the infrastructure.

You could always manually destroy your instances, after only running your terraform apply. Then when you run terraform apply it will create brand new instances without the terraform destroy.