Reputation: 196
how to update terraform state with manual change done on resources
I had provisioned some resources over AWS which includes EC2 instance as well, but then after that we had attached some extra security groups to these instances which now been detected by terraform and it says it'll rollback it as per the configuration file.
Let's say I had the below code which attaches a Security Group to my EC2 instance -
vpc_security_group_ids = ["sg-xxxx"]
but now my problem is how can I update terraform.tfstate file so that it should not detach manually attached security groups.
I can solve it as below:
- I would refresh terraform state file with
terraform refreshcommand which will update the state file. - Then I have to update my terraform configuration file manually with the security group ids that were attached manually.
But that is only feasible for a small kind of setup, what if we have a complex scenario - do we have any other mechanism in Terraform which would detect the drift and update it?
Upvotes: 3
Views: 30224
Answers (5)
Reputation: 29
The accepted answer is technically not correct.
As per my testing:
Terraform refresh will update the state file with current live configuration
Terraform plan will only internally update with the live configuration and compare to the code, but not actually update the state file
Terraform apply will update the state file to current live configuration, even if it says no changes to apply (use case = manual change then update TF code to reflect change and now want to update state file)
Upvotes: 2
Reputation: 1867
terraform import <resource>.<resource_name> [unique_id_from_aws]
You may need to temporarily comment out any provider/resource that relies on the output of the manually created resource.
After running the above, un-comment the dependencies and run terraform refresh.
Upvotes: 1
Reputation: 61
You can use terraform import with the id to import the remote changes to your terraform state file. Later use terraform plan to check if the change is reflected in the code.
Upvotes: 6
Reputation: 4721
This can be achieved by updating terraform state file manually but it is not best practice to update this file manually.
Also, if you are updating your AWS resources (created by Terraform) manually or outside terraform code then it defeats the whole purpose of Infrastructure as Code.
If you are looking to manage complex infrastructure on AWS using Terraform then it is very good to follow best practices and one of them is all changes should be done via code.
Hope this helps.
Upvotes: 1
Reputation: 1478
There is no way Terraform will update your source code when detecting a drift on AWS.
The process you mention is right:
- Report manual changes done in AWS into the Terraform code
- Do a
terraform plan. It will refresh the state and show you if there is still a difference
Upvotes: 5
Related Questions
- Change the state key dynamically in Terraform
- How to update Terraform state without apply changes
- AWS on Terraform - How to avoid 'forces new resource'
- Dynamically change the argument for the terraform resource
- Terraform | Change a resource created by a public module
- Is There anyway I can configure/change already created aws Resources using terraform?
- Update and append new properties on exising resource on AWS using Terraform
- Update terraform resource after provisioning
- Update terraform variable from resource
- How to import manual changes into Terraform remote state