As you all know, Terraform infrastructure’s valuable details are stored in the “[name].tstate” file on our local drive or on an Azure storage container.
In this post, I want to address a common issue that users of Terraform might face when deploying resources in Azure. This issue happens when someone makes manual changes to deployed resources instead of using Terraform code. These changes are made through the Azure portal by accessing the resource group or its resources. This is called “state drift.” It means that the actual infrastructure is different from what Terraform thinks is there.
And because excessive “talk is unproductive and empty”, or like we used to say, in Greece, “too many words are poverty”, I would like to show this with a demo.
I will keep it very simple by deploying an Azure Storage account and then manually updating the settings.
The video below demonstrates the deployment process for a resource group and a storage account within an Azure subscription.
Now that I have deployed the resource (see the image below), I can manually make a change outside of Terraform and check the tfstate file.
To keep your infrastructure in check, Terraform lets you update the state file so it reflects what’s actually going on with your resources. In older versions, you’d use the `refresh` flag for this, but that’s not really a thing anymore. Now, you can use the refresh-only flag with the `plan` or `apply` commands to get the job done.
The video below shows what happens when I run the command “terraform plan -refresh-only.” I have already made a manual change to the storage account that was installed with Terraform. Because of this change, the command output will show the update.
I have tracked the changes made manually in the Azure storage account. Now, I need to update the “main.tf” file. So I edited the main.tf and added the extra line pointed to by the red arrow in the image below.
I will run the Terraform apply command with the -refresh-only flag. The video below shows the results after I made the change and ran the command.
To verify that the “terraform.tfstate” file has been updated, I edited the file and found the new line reflecting the change I made earlier to the “main.tf” file.
My Azure storage account has not changed. The previous modifications I made are still there.
