Introduction

Infrastructure drift occurs when manual changes bypass Terraform, causing state to diverge from reality. This guide covers detection and remediation strategies.

Symptoms

  • terraform plan shows changes for untouched resources
  • Resources exist in AWS but not in state
  • terraform refresh modifies state unexpectedly
  • Team members made manual console changes

Step-by-Step Fix

  1. 1.Detect drift with plan:
  2. 2.```bash
  3. 3.terraform plan -detailed-exitcode
  4. 4.# 0 = no changes, 1 = error, 2 = changes present
  5. 5.`
  6. 6.Refresh state carefully:
  7. 7.```bash
  8. 8.# Review before applying
  9. 9.terraform plan -refresh-only -out=refresh.plan
  10. 10.terraform show refresh.plan
  11. 11.terraform apply refresh.plan
  12. 12.`
  13. 13.Import unmanaged resources:
  14. 14.```bash
  15. 15.terraform import aws_instance.web i-abc123def456
  16. 16.terraform import aws_s3_bucket.data my-existing-bucket
  17. 17.`