Detect and Fix Terraform Drift
When the real cloud no longer matches your state. Reconcile without nuking resources.
Problem
Someone changed a resource in the console. `terraform plan` now wants to revert their change — or worse, recreate the resource.
Root cause
Terraform compares your config to the recorded state, not the live cloud, then computes what needs to change. Out-of-band changes show up as drift.
Solution
Refresh state without changing infra
terraform plan -refresh-onlyAccept the drift into state
terraform apply -refresh-onlyOr fold the change into config
Update the `.tf` files to match what you want, then run a normal `plan`/`apply`.
Adopt a resource created outside Terraform
terraform import aws_s3_bucket.logs my-existing-bucketFrequently asked questions
Related fixes
Terraform
4 minFix Terraform "Error acquiring the state lock"
What to do when Terraform refuses to plan because the state is locked — and how to avoid it.
#state#backend#dynamodb
Terraform
4 minFix Terraform Provider Version Mismatch
Lock-file drift after a CI upgrade — how to align providers across environments.
#providers#lockfile
Weekly digest
One DevOps fix in your inbox each week
Short, practical, no fluff. Real errors, real fixes — straight from production postmortems.