CodeDeploy command messes with terraform state

Question

In our CI/CD solution, our infrastructure is setup through terraform. The setup includes ECS, CodeDeploy deployment groups etc., As part of initial we setup ECS with a barebones taskdef.

While this is our initial setup, our regular code increments happen through Jenkins and a aws code deploy cli command deploys the latest version of the image on a latest version of task def.

However this poses a problem that any new infra related change on ECS done through terraform on a live environment replaces the task back to the original barebones causing things to break.

Anybody has faced this problem and have a solution?

We want to stick to below as much as possible

1. Infra setup only through terrafdorm
2. Deployments happening through aws code deploy cli commands to effect new deployments.

Is there a way to let terraform know not to worry about taskdef in ECS only and is managed outside of terraform state ?

Answer 1

The lifecycle meta argument can be added to any terraform resource, selectively preventing unwanted updates when you re-apply terraform.

https://www.terraform.io/docs/configuration/meta-arguments/lifecycle.html

prevent_destroy is useful to get a plan time error when you make a change that would destroy a resource.

ignore_changes is going to be your main tool for preventing unwanted updates.