How to synchronize state automatic in Terraform

Hello, if someone or customer that change configuration of resource from UI console, then how to synchronize state in terraform. I had customer who not background in coding and not touch with visual studio code, my concern is customer will do change configuration or create resource anything from console, then how to track and detect a new changes in terraform?

I know there is terraform import, but we need resource ID for doing it. but if we dont know resource ID, this is not effective solution… Could you give suggestion, please? thank you

There’s no single definition of what “synchronize state” means, so it’s always going to require some sort of manual intervention based on the situation.

If the change is to a resource managed by Terraform, Terraform can see the change and will make sure the resource conforms to the desired state declared in the configuration by planning to revert that change.

If the change is to something not managed by Terraform then there is no way for Terraform to detect that change, because it has no record of the prior state. If you want to adopt that into the configuration to be managed by Terraform, then you will need to import it. Figuring out the resource ID is a matter of reading the documentation for that resource, and accessing the service in some way to retrieve that information, either programmatically or via the console. There may also be data sources in the provider with in interface to search for a specific resource, then referenced via the import block to complete the import.

Hey, thank you, appreciate for help. Do you have idea how to handle versioning of state file? I put state file on backend as centralize.

If someone want change terraform code, this condition should be no issue, state being synchronized after terraform apply command. However, we want import state, is it better to put seperate state file or same file? I am worry if I had conflict states and mixed of console and terraform.

In addition, terraform is built by modules, then code may not fit or not match configuration from console

You could store the state in something like s3 which can automatically track saved versions.

You can’t sustain trying to match versions of state to users changing things with no controls in place via the console and Terraform simultaneously. You need a single point of control, and that should be Terraform if you are using Terraform. If you have changes being made in two places, there is no source of truth for conflict resolution.

I don’t understand how modules relate to the question. Modules allow you to organize and reuse parts of the configuration, but don’t have anything to do with users changing things from the service console.

Hi, can you give example code how to handle import block from data source? I already tested but, not working

locals {
  vswitches = {
      "0" = "vsw-a"
      "1" = "vsw-b"
    }
}
import {
  for_each = local.vswitches
  to = vswitch.this[each.key]
  id = each.value
}

Error Outcomes:

│ Error: Unsupported argument

│ on main.tf line 23, in import:
│ 23: for_each = local.vswitches

│ An argument named “for_each” is not expected here.


│ Error: Invalid expression

│ on main.tf line 24, in import:
│ 24: to = vswitch.this[each.key]

│ A single static variable reference is required: only attribute access and indexing with constant keys. No calculations, function calls, template
│ expressions, etc are allowed here.


│ Error: Variables not allowed

│ on main.tf line 25, in import:
│ 25: id = each.value

│ Variables may not be used here.


│ Error: Unsuitable value type

│ on main.tf line 25, in import:
│ 25: id = each.value

│ Unsuitable value: value must be known

My expectation is multiple import using for each Import - Configuration Language | Terraform | HashiCorp Developer

That error doesn’t look correct, are you using a current Terraform release (v1.9.8 right now)?

The for_each looks fine if that is the correct data, and you could use a data source as the input instead.

The vswitch.this address doesn’t look correct either, and should have at least 2 parts joined with an underscore.

Anyway, I pick vswitch.this as alicloud_vswitch. I am using “Terraform v1.5.3 on darwin_arm64”, after testing on latest version, its working, but get error. It seems provider/plug-in issue.

Command: terraform plan -generate-config-out=generated.tf

Output:

│ Error: Cannot generate configuration

│ on main.tf line 25, in import:
│ 25: to = alicloud_vswitch.this[each.key]

│ The given import block is not compatible with config generation. The -generate-config-out option cannot be used with import blocks which use for_each, or resources which use
│ for_each or count.

It’s not plugin related, you also need to add the configuration which you want to import into. You are missing the alicloud_vswitch block with at least the corresponding for_each so that Terraform knows how to complete the plan of the imported resources.