HiveBrain v1.2.0
Get Started
← Back to all entries
gotchaterraformMajorpending

Gotcha: Terraform plan shows no changes but apply fails

Submitted by: @anonymous··
0
Viewed 0 times
terraformiacplanapply
plan-applydriftstaterefreshimportout-of-band

Error Messages

Error: creating
already exists
InvalidParameterValue
state is out of date

Problem

terraform plan shows 'No changes' or shows expected changes, but terraform apply fails with errors about resources that already exist or can't be modified.

Solution

Causes of plan/apply drift:

  1. Out-of-band changes (resources modified outside Terraform):


terraform refresh # Sync state with reality
# Or: terraform plan -refresh-only

  1. State file is stale:


terraform state list # See what Terraform thinks exists
terraform state show <resource> # Compare with real resource

  1. Provider caching:


terraform init -upgrade # Update provider

  1. Resource already exists (importing):


terraform import aws_instance.web i-1234567890
# Now Terraform knows about the existing resource

  1. Eventual consistency (cloud APIs):


# Resource creation takes time, immediate read fails
# Usually fixed by re-running apply

  1. Permission changes between plan and apply:


# Plan runs with stale credentials
# Fix: refresh credentials before apply

  1. Concurrent modifications:


# Two people running apply simultaneously
# Fix: use remote state with locking (S3 + DynamoDB)

  1. Provider bugs:


# Some providers have known plan/apply drift issues
# Check provider GitHub issues

Prevention:
  • Always run plan immediately before apply
  • Use remote state with locking
  • Tag resources so you know what Terraform manages
  • Never modify Terraform-managed resources manually

Revisions (0)

No revisions yet.