Terraform doesn't track changes for computed resources in EC2 #17742
Comments
|
Hi @zealvora! You are correct in your suspicion that Terraform cannot detect changes to computed values. Terraform's current model is that if a computed attribute is not specified in configuration then the server gets to decide any value for that, unless the configuration is later updated to explicitly set that attribute. We've been thinking about having Terraform show information about changes detected during the refresh phase, which is what would be needed to make the change you described here visible. In that case, before printing out the rendered plan Terraform would also show a diff between the prior state and the refreshed state, allowing you to see what has changed outside of Terraform separately from the planned changes based on the configuration. We won't be working on that immediately due to our focus currently being elsewhere, but we're planning to prototype that idea some more at a later date, some time after the next major release. |
|
I have a different spin on this. When running a very simple deployment just as your example. It creates the EC2 instance and pulls all the information into the state file. When i run a 'terraform plan' with ZERO changes, it forgets it seems to forget it just deployed an instance. If i run 'Terraform show' it shows the state file correctly. Running 'Terraform refresh' simply states 'Empty or non-existent state file.' and overwrites the state file with bare bones content. It seems to be unabvle to see the current state in AWS. |
|
Hi @jigill! It sounds like you're seeing something different than what was reported here. I'd suggest opening a new issue and filling out the new issue template so we can hopefully better understand what's going on for you. |
|
I have similar issue... I am using VCS GitLab and configured with Terraform cloud workspace. When I do "terraform plan" locally on my laptop through cli... It shows Plan as per my expectation. but when I plan queue using Terraform Cloud. Plan shows: "No changes. Infrastructure is up-to-date." |
|
I'm wondering if this should be closed out given the new drift detection output available in Terraform CLI version 0.15.4 and later? |
|
Ahh yes @bflad, you're right that Terraform v1.0 and later now include the very thing I was describing in my earlier comment, but the other context here didn't catch my eye when I was looking for issues related to that after we implemented it. Thanks for the note! Given that, I'm going to close this issue. Since this issue is also now pretty old anyway, I'd ask that if anyone has any related feedback please open new issues about it, rather than commenting here, because we'll want to consider new feedback in the context of modern Terraform and thus will need the information requested in our various issue templates for different kinds of issues. Thanks! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Hi
I have created a simple EC2 resource in terraform with the following template:
resource "aws_instance" "myec2" {
ami = "ami-d874e0a0"
instance_type = "t2.micro"
}
Thus during the terraform apply, it automatically computed various values including security-groups, subnets, ebs volume type etc.
In the EC2 instance which was created, it had the security group named "default" and same was reflected in the state file. I now remove that security group and add new one to the EC2 instance manually from the console.
I wanted to verify if terraform detect the changes. So, on next run of terraform plan, I get output which states:
I wonder why terraform did not detect change in security group of the EC2 instance ? Does it not track changes for computed values ?
The text was updated successfully, but these errors were encountered: