'Terraform plan showing differences after importing resources from deleted state
The infrastructure was built into AWS with Terraform source code. The state files are gone and now i'm trying to import the existing infrastructure into Terraform, rebuilding the state and syncing with the source code.
Any resource that i run terraform import, the import process has no errors. But when i run terraform plan (without doing any modifications, just after import), Terraforms shows that need to modify or even destroy resources. I used terraform refresh, checked all the IDs and resources names/ARNs but the same result.
For example, i have a Security Group with the sg-12345678910111213 ID. This resource need to be imported, so i used the command below:
terraform import -var-file=secrets.tfvars aws_security_group.sg-rds sg-12345678910111213
aws_security_group.sg-rds: Importing from ID "sg-12345678910111213"...
aws_security_group.sg-rds: Import prepared!
Prepared aws_security_group for import
aws_security_group.sg-rds: Refreshing state... [id=sg-12345678910111213]
Import successful!
The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
When I run terraform plan -var-file=secrets.tfvars, I have the following output:
# aws_security_group.sg-rds will be updated in-place
~ resource "aws_security_group" "sg-rds" {
id = "sg-12345678910111213"
~ ingress = [
- {
- cidr_blocks = [
- "10.123.0.40/32",
]
- description = ""
- from_port = 3306
- ipv6_cidr_blocks = []
- prefix_list_ids = []
- protocol = "tcp"
- security_groups = [
- "sg-12345678910111213",
]
- self = false
- to_port = 3306
},
+ {
+ cidr_blocks = [
+ "10.123.0.40/32",
]
+ description = ""
+ from_port = 3306
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 3306
},
+ {
+ cidr_blocks = []
+ description = ""
+ from_port = 3306
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = [
+ "sg-12345678910111213",
]
+ self = false
+ to_port = 3306
},
]
name = "SG_RDS"
+ revoke_rules_on_delete = false
tags = {
"Name" = "SG_RDS"
}
# (5 unchanged attributes hidden)
# (1 unchanged block hidden)
}
This is my security group resource source code:
resource "aws_security_group" "sg-rds" {
name = "SG_RDS"
description = "Allows incoming database connections"
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
security_groups = [aws_security_group.sg-ec2.id]
}
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
cidr_blocks = ["10.123.0.40/32"]
}
tags = {
Name = "SG_RDS"
}
}
The rules in the existing SG:
Rules in the AWS control panel
The source code has not changed to have drifts in the configuration (the diff apparently shows that) and this happens with all the resources that i imported.
I cannot destroy/change any resource without impacting negatively on the project.
This is my current terraform version and providers:
Terraform v0.14.5
- provider registry.terraform.io/hashicorp/aws v3.26.0
- provider registry.terraform.io/hashicorp/random v3.0.1
- provider registry.terraform.io/hashicorp/tls v3.0.0
Solution 1:[1]
I also encountered the same issue, the solution for me was to remove the resource from the state with "terraform state rm resource_name.example azure-id".
After that I changed the name of the resource to resource_name.example2 in my TF configuration and imported it with "terraform import resource_name.example2 azure-id".
Than I repeated the same operation and removed "resource_name.example2" changed my TF configuration back to "resource_name.example" and ran "terraform import resource_name.example azure-id", and it worked! I'm assuming it's a bug because I didnt change any of the resource configuration. I just removed it and imported it again to the state.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | richardec |