Skip to main content

Delete terraform state lock

In the build pipeline, you will sometimes see errors like this:

Command: cd namespaces/; terraform apply -auto-approve failed.

Error: Error locking state: Error acquiring the state lock: ConditionalCheckFailedException: The conditional request failed
    status code: 400, request id: 8F9C5H04HLD0TVN4V0PQIRRMFBVV4KQNSO5AEMVJF66Q9ASUAAJG

If you see repeated failures trying to acquire the lock on the same namespace, it probably means the lock record has been left in place by mistake, because a previous run failed to release the lock when it should have.

To fix this, you need to delete the lock record.

Command-line method

Save this code as a script.


set -euo pipefail



for key in "${PREFIX}/${NAMESPACE}/terraform.tfstate-md5" "${PREFIX}/${NAMESPACE}/terraform.tfstate"; do

  aws dynamodb delete-item \
    --region eu-west-1 \
    --table-name cloud-platform-environments-terraform-lock \
    --key $json

Invoke it like this:

./ hmpps-book-video-link-prod

AWS Console method

  1. Go to the dynamodb page of the AWS web console (NB: the relevant table is in the eu-west-1 region)
  2. Click on the cloud-platform-environments-terraform-lock table, and then the Items tab
  3. Click Add filter
  4. Enter LockID as the filter attribute, and change String, = to String, contains as the filter criteria
  5. Enter the namespace name as the string value to match, and click Start search

When you find the relevant lock records, delete them. Terraform will recreate any missing records the next time it tries to acquire the lock for that terraform state file.

This page was last reviewed on 14 June 2021. It needs to be reviewed again on 14 September 2021 by the page owner #cloud-platform .
This page was set to be reviewed before 14 September 2021 by the page owner #cloud-platform. This might mean the content is out of date.