I have a long blog post about to be published on this.
Terraform is great at linking together resources into groupings (modules), and modules into higher-level modules, etc. It represents a true environment, and makes it reusable. But its “scope of execution” is that higher config, and
refresh, as Martin pointed out, gets very expensive.
People work around this via “terraservices”, wrapping Terraform in things like Terragrunt… and losing all of the definition (i.e. functions) of higher-level services.
Since they do this anyways, I am looking at an approach to:
terraform plandetect just which files in a config, and therefore by extension which resources, have changed.
planjust on those resources
apply -target(or just use the
planoutput from the previous step) to limit it to just those.
It recreates the “let’s change just a few things” from terraservices, while keeping intact the Terraform goodness of grouping together modules into higher-level abstractions.
I can do this externally, I want to do it internally.
Does this work? Is there interest in
terraform itself providing this capability?