ansible-destroy.yml

---
- name: Destroy Terraform Infrastructure on AWS

  hosts: all
  connection: local

#  vars_prompt:

#  - name: aws_region
#    prompt: AWS region 
#    default: "eu-central-1" 
#    private: false
    
#  - name: bucket_timestamp
#    prompt: Timestamp suffix on the backend bucket (tfstate-vmon-[timestamp]) 
#    private: false

  tasks:

    - name: Capture deployment variables from local state file
      ansible.builtin.include_vars:
        file: ansible-state.json
  
#    - name: Set S3 bucket names
#      ansible.builtin.set_fact:
#        backend_bucket: "tfstate-vmon-{{ bucket_timestamp }}"
#        meta_bucket: "meta-vmon-{{ bucket_timestamp }}"

    - debug:
        msg: "backend_bucket: {{ backend_bucket }}, meta_bucket: {{ meta_bucket }}, aws_region: {{ aws_region }}"
  
    - name: Destroy the configuration
      command: terraform destroy -var="meta_bucket={{ meta_bucket }}" -var="region={{ aws_region }}" --auto-approve 
      register: tf_infrastructure_destroyed

    - name: Disable DDB Deletion Protection
      command: aws dynamodb update-table --table-name tfstate-lock-vmon --no-deletion-protection-enabled
      register: ddb_protection_disabled

    - name: Destroy DDB table
      community.aws.dynamodb_table:
        name: tfstate-lock-vmon
        state: absent
        hash_key_name: LockID
        region: "{{ aws_region }}"
      register: destroyed_ddb_table

    - name: Destroy S3 bucket 
      amazon.aws.s3_bucket:
        name: "{{ backend_bucket }}"
        state: absent
        force: true
        region: "{{ aws_region }}"
      register: destroyed_bucket 

    - name: Cleanup local directory
      shell: 
        rm -rf .terraform/terraform.tfstate
        rm .terraform.lock.hcl
        rm tfplan
        rm -rf modules/grafana/.terraform/terraform.tfstate
        rm modules/grafana/.terraform.lock.hcl
        rm modules/grafana/tfplan        
      register: cleanup_complete