Is there any way in terraform to restrict on resources modification

I have created the resource group in azure portal using terraform code
but in the azure portal i have added some resources using portal

and more I have created VM using terraform code but I changed the VM name using azure portal.

now if i do terraform apply, as excepted it saying no configuration changes
but how do we stop from azure portal doing these kind of changes? Please suggest. thanks

Terraform assumes it is in sole control of the resources you are managing with it.

You must not make changes via other methods.

Hi @sk8228402,

A typical answer is to use the access control mechanisms built into the target platform to control who can change your infrastructure. Terraform itself cannot prevent you from modifying infrastructure outside of Terraform, and although providers do typically make a best effort to detect and propose to repair changes made outside of Terraform, that isn’t always possible depending on how the remote system is designed.

If you cannot prevent individuals from modifying your infrastructure outside of Terraform using informal guidelines then it may be best to constrain what access those individuals have to the underlying system – either entirely removing their access or making it read-only – and then require changes only be made through your primary change process, which would be to modify source code and then have Terraform running in some kind of automation in response to the changes to that source code.

If only the automation environment where Terraform is running has write access then nobody will be able to make changes to infrastructure without first making code changes.

(I would suggest that you still keep an admin-level account to use in the case of an emergency when your Terraform automation has failed, but to tightly control access to the credentials for that account to ensure that it’s only used in emergencies and not for routine work.)