Executing 'terraform apply' 2x reverts changes

cyrfer · March 4, 2024, 7:17pm

I am using CDKTF (Typescript) to deploy AWS infrastructure. This resource gets added, then removed, every other deploy.
aws.iamPolicyAttachment.IamPolicyAttachment

I tracked the issue down to terraform without CDKTF. I "cd"ed into the directory “cdktf.out/stacks/<my_stack>” and ran “terraform apply” twice. The first time, my policy is attached. The second time, my policy is removed.

I’ve been using CDKTF for a while and I have not yet experienced this before.

Is running “terraform apply” expected to produce different results every other run?

jbardin · March 4, 2024, 10:51pm

Hi @cyrfer,

The resulting Terraform configuration and/or plan outputs would help identify why you are seeing the changes.

This might be something like data source that attempts to locate a managed resource from the same configuration. When that’s attempted, the data source output will flip-flop between the resource not existing at first, then existing in the next plan, and so on.

cyrfer · March 5, 2024, 10:10pm

Hi @jbardin

Thank you for confirming the behavior I see is expected.

I have IAM Policy document that is basically hard coded, but with some values (ARNs) from the resources of the same stack.

I will look for a hint in the plan output and “configuration”. If you have more ideas, I will benefit greatly.

Thank you,
John