When you manually change infrastructure that is managed by Terraform, several things can happen, and it can lead to inconsistencies between the actual infrastructure state and the state stored in the Terraform state file. Here’s what you need to be aware of:
Consequences of Manual Changes:
1.State Drift:
The most immediate consequence is that the actual state of the infrastructure will differ from what is recorded in the Terraform state file. This is known as “state drift.”
2. Terraform Plan Differences:
When you run terraform plan, Terraform will detect that the actual state of the infrastructure has changed from the state stored in the state file. The terraform plan output will show the differences and what changes Terraform will apply to bring the infrastructure back in line with the state file.
3. Potential for Conflict:
Manual changes can lead to conflicts when applying future Terraform plans. For example, if you manually change the configuration of a resource, and then Terraform tries to update that same resource based on its state file, it might result in unexpected behavior or errors.
4. Loss of Changes:
If you manually update a resource and then run terraform apply, Terraform may overwrite your manual changes with the configuration defined in the Terraform configuration files, effectively losing your manual updates
Example Scenario:
1. Manually Change an EC2 Instance Type:
Suppose you have an EC2 instance managed by Terraform, and you manually change its instance type from t2.micro to t2.small using the AWS Management Console.
2. Run terraform plan:
When you run terraform plan, Terraform will detect that the instance type in the actual state (t2.small) differs from the state file (t2.micro). The plan will show that it wants to change the instance type back to t2.micro.
3. Run terraform apply:
If you proceed with terraform apply, Terraform will update the EC2 instance to match the configuration in the state file, changing the instance type back to t2.micro.
How to Handle Manual Changes:
To handle manual changes appropriately, you have a few options:
1. Import the Changes:
If you’ve created new resources manually, you can use the terraform import command to bring those resources under Terraform management. This updates the state file to include the manually created resources
terraform import aws_instance.example i-1234567890abcdef02. Refresh the State:
You can use terraform refresh to update the Terraform state file with the actual state of the infrastructure. This doesn’t modify the infrastructure but updates the state file to match the actual state.
terraform refresh3. Adjust the Terraform Configuration:
Update your Terraform configuration files to match the manual changes. Then, run terraform plan and terraform apply to ensure that the Terraform state file and configuration files are in sync with the actual state.
Best Practices to avoid the this issue:
Avoid Manual Changes: Where possible, avoid making manual changes to resources managed by Terraform. Instead, make changes in your Terraform configuration files and apply them using Terraform.
Use Version Control: Keep your Terraform configuration files under version control. This makes it easier to track changes and revert to previous states if necessary.
Regularly Plan and Apply: Regularly run terraform plan and terraform apply to ensure that your infrastructure remains consistent with your Terraform configuration and state file.
