Terraform show and plan not matching

0
votes

I am beginner in terraform in a (dangerous) live environment.

I ran a script for creating 3 new accounts in AWS Organizations. Two got generated and due to service limit error I couldn't create one.

To add to it, there was a mistake of the parent-id in the script. I rectified the accounts on the console by moving it to the right parent ID.

That leaves me with one account to be created.

After making the necessary changes in the service limit, I tried running the script. The plan shows 3 accounts to be added 2 to be destroyed. There's no way these accounts can be deleted and added. (Since the script is now version controlled - I can't run just for this one account).

Here's what I did - I modified the terraform state (the parent id) in the S3 bucket. Ensured that terraform show is reflecting the new changes. The terraform plan still shows 3 accounts to add and 2 to destroy.

How do I get this fixed? Any help is deeply appreciated.

Thanks.

2
terraform
You edited the Terraform state file manually?Jai Govindani
Yes (as directed by my senior). I see that the "terraform show" picks the latest modifications of the OU that we have to make. Yet "terraform plan" shows up x accounts to add and y to delete.mgs
If Terraform wants to destroy the existing buckets, it means that the current config doesn’t match the Terraform code. Can you identify in “terraform plan” which field/parameter of the bucket is causing a “Forces replacement”? Or better yet can you upload the full output of “terraform plan” as a gist?Jai Govindani
Also, avoid modifying state directly/manually as much as possible, especially if you’re new to Terraform.Jai Govindani

2 Answers

0
votes

The code is source of truth when working with Infrastructure as Code, even if you change state file, you need to update the code as well as state file.

There is no way Terraform can update source code when detecting a drift on your resouces.

So you need:

1- write the manual changes you done in AWS into the Terraform code.

2- Do a terraform plan. It will refresh the state and show you if there is still a difference

0
votes

If modifying the state file like me, do it at your own risk. I followed how to clean your terraform state and performed the surgery!

Ensure that the code is reflected properly to pick the changes.