gotchabashterraformModerate
terraform plan -target scopes changes to a single resource but should not be used routinely
Viewed 0 times
plan targetapply targetpartial applydependency graphtargeted resourceanti-pattern
Problem
Using
terraform plan -target=resource.name to apply only a subset of changes is tempting for speed but is dangerous: it skips dependency analysis and can leave the configuration in an inconsistent state where some resources have been updated and others have not.Solution
Use
-target only for emergency fixes or bootstrapping situations where a full plan is not yet possible. Never use it as a routine workflow. Document every -target usage and always follow up with a full plan and apply.# Emergency: fix only the broken security group
terraform plan -target=aws_security_group.web
terraform apply -target=aws_security_group.web
# Always follow up
terraform plan # Confirm no remaining driftWhy
Terraform's dependency graph ensures changes are applied in the correct order and that dependent resources are refreshed.
-target bypasses this graph, potentially leaving downstream resources with stale references.Gotchas
- Terraform will warn you that
-targetis for exceptional use — this warning exists for good reason - Modules can be targeted with
-target=module.namebut this still skips resources outside the module - CI pipelines should never use
-target— it hides drift and skips validations - A
-targetapply updates state for the targeted resource only — the rest of state is untouched
Context
Emergency infrastructure fixes or bootstrapping new environments
Revisions (0)
No revisions yet.