I am using the Terraform community version and the remote state (S3)
I face a challenge of detecting the drift in the AWS real-world infrastructure since the last apply, and it’s requested to run repeatedly with the same output so the I guess the state file shall sit unchanged for the next use.
Please note that it’s NOT the gap between my Terraform configuration files and real-world infrastructure, and there are other teams modifying the Terraform configuration files quite often,
I have not figured out any Terraform out-of-box function for it. The “refresh” CLI is close but it reconciles the state file, also “refresh” can’t dump to a new file when using remote state according to doc (https://www.terraform.io/docs/commands/refresh.html)
Here is my thought about how to make it, while looks not good enough because the state file is changed by “refresh”
- issue “terraform state pull” to save the current remote state file to local, and name it old.state
- issue “terraform refresh” to reconcile the state file with the latest real-world state
- issue “terraform state pull” to save the new remote state file to local, and name it new.state
- run Linux diff to compare old.state and new.state
- issue “terraform state push -force” to reverse the remote state to the state in line with old.state if there is drift detected because the old.state has a lower “serial” value than the new.state
Any advice on how to make it?