2 min read | by Jordi Prats
When we are deploying infrastructure using terraform we need to understand that we should not be modifying what we have deployed, otherwise terraform will undo these changes if we apply it again. This is actually a good thing to make sure the code reflex the state of the infrastructure but sometimes can be a pain
Let's assume we want to apply some changes that we made on the terraform code but we realize that applying it will also undo some changes that were manually applied for some reason:
$ terraform plan | grep "# module"
# module.pet2cattle.module.base-role.aws_iam_role.iam_role has changed
# module.pet2cattle.data.aws_iam_instance_profile.instance_profile will be read during apply
# module.pet2cattle.aws_autoscaling_group.pet2cattle_asg will be updated in-place
# module.pet2cattle.aws_launch_configuration.pet2cattle_alc must be replaced
# module.pet2cattle.module.base-role.aws_iam_role.iam_role will be updated in-place
If we still want to apply out changes without undoing the changes that are not currently reflexed as code we can take advantage of one of the consequences of not refreshing the state.
If we use the -refresh=false option, terraform won't sync the Terraform state with remote objects before planning the configuration changes. Thus, terraform will not take into account any changes that might've happened outside of terraform. So, if we plan (it's also available for apply operations) using -refresh=false we will only see the changes that have been made on the code side:
$ terraform plan -refresh=false | grep "# module"
# module.pet2cattle.aws_autoscaling_group.pet2cattle_asg will be updated in-place
# module.pet2cattle.aws_launch_configuration.pet2cattle_alc must be replaced
This way we can apply a set of changes without reverting changes that have been applied without using terraform
Posted on 24/01/2022