What is Terraform drift and how do you handle it?
Answer
Terraform drift occurs when the actual state of infrastructure diverges from the Terraform state — usually because someone changed infrastructure manually (console clicks, CLI commands) rather than through Terraform. Detecting drift: terraform plan compares real infrastructure (via API calls) with state and shows differences. terraform refresh updates the state file to match reality without making changes (deprecated in favor of terraform apply -refresh-only). Handling drift options: Accept and reconcile: run terraform apply to revert to the desired Terraform configuration, overwriting the manual change. Accept and adopt: update the Terraform configuration to match the manual change, then run apply (no changes). Prevent drift: use IAM policies to deny direct console access to Terraform-managed resources; enforce change management through Terraform only. Tools like driftctl scan for all untracked resources in your cloud account, revealing what Terraform doesn't know about.
Previous
How do you test Terraform code?
Next
What is the Terraform provider version constraint syntax?
More Terraform / IaC Questions
View all →- Intermediate What is the Terraform state locking mechanism?
- Intermediate How do you handle sensitive values in Terraform?
- Intermediate What are Terraform Provisioners and when should you avoid them?
- Intermediate What is Terraform import?
- Intermediate How do you structure Terraform code for large teams?