Skip to main content

Delete terraform state lock

In the build pipeline, you will sometimes see errors like this:

Command: cd namespaces/live-1.cloud-platform.service.justice.gov.uk/jason-lab/resources; terraform apply -auto-approve failed.

Error: Error locking state: Error acquiring the state lock: ConditionalCheckFailedException: The conditional request failed
    status code: 400, request id: 8F9C5H04HLD0TVN4V0PQIRRMFBVV4KQNSO5AEMVJF66Q9ASUAAJG

If you see repeated failures trying to acquire the lock on the same namespace, it probably means the lock record has been left in place by mistake, because a previous run failed to release the lock when it should have.

To fix this, you need to delete the lock record.

Command-line method

Save this code as a script.

delete-state-lock.sh

#!/bin/bash

set -euo pipefail

NAMESPACE=$1

PREFIX=cloud-platform-terraform-state/cloud-platform-environments

for key in "${PREFIX}/live-1.cloud-platform.service.justice.gov.uk/${NAMESPACE}/terraform.tfstate-md5" "${PREFIX}/live-1.cloud-platform.service.justice.gov.uk/${NAMESPACE}/terraform.tfstate"; do
  json='{"LockID":{"S":"'${key}'"}}'

  echo $json

  aws dynamodb delete-item \
    --region eu-west-1 \
    --table-name cloud-platform-environments-terraform-lock \
    --key $json
done

Invoke it like this:

./delete-state-lock.sh hmpps-book-video-link-prod

AWS Console method

  1. Go to the dynamodb page of the AWS web console (NB: the relevant table is in the eu-west-1 region)
  2. Click on the cloud-platform-environments-terraform-lock table
  3. Click Explore table items
  4. Expand the Filters section and set
    • Atttribute name = LockID
    • Condition = Contains
    • Type = String
    • Value = <Namespace Name>
  5. Hit Run

When you find the relevant lock records, delete them. Terraform will recreate any missing records the next time it tries to acquire the lock for that terraform state file.

Terraform command

To force unlock, you can run this terraform command using the LockID

terraform force-unlock <LockID>
This page was last reviewed on 11 May 2026. It needs to be reviewed again on 11 November 2026 by the page owner #cloud-platform-notify .