Hi!
I have a problem where the Terraform state doesn’t match the real infrastructure anymore, because parts of the real infrastructure on Azure were moved manually in Azure portal 
So when Terraform now refreshes its state it attempts to access an Azure resource, which no longer exists, and fails as a result.
I would like to know if there is some way I can do something like terraform refresh to reconcile the Terraform state with the real infrastructure. Specifically I would like to remove resources from the Terraform state which no longer exist physically. Is this possible or do I have to do this manually using terraform state rm?
Thanks!
Hi @knutwannheden!
Terraform automatically performs the refresh operation as part of creating a plan, and it makes a best effort to incorporate any remote “drift” the providers are able to detect, but it’s not always possible to successfully reconcile automatically due either to the result becoming ambiguous or due to limitations in the provider’s interpretation of the error results from upstream.
In situations where Terraform cannot automatically reconcile the remote system with the prior state, you can manually tell Terraform what’s been deleted by asking Terraform to “forget” those objects, deleting the binding from the Terraform instance to the remote object.
The terraform state rm command is how you can ask Terraform to “forget”:
terraform state rm 'azure_example.example[0]'
Note that when you run this command Terraform will no longer consider itself as managing the remote object associated with that instance. That’s fine and desirable when the remote object has been deleted, but if you use this with an object that hasn’t been deleted then that object will live on in the remote system but no longer be tracked by Terraform.
1 Like
Hi @apparentlymart!
Thank you for your very detailed answer. I have seen the terraform state rm command and was afraid this is the only option. I was hoping there would be an admittedly dangerous option to get terraform refresh to delete all resources from the state which no are no longer available (or don’t appear to be available). In rare situations this might be a useful tool. But possibly it is too dangerous or has other caveats I am unaware of.
Hi @knutwannheden,
The terraform refresh command will do that when possible, but it can sometimes fail for the same reasons I was describing in my previous comment. It is also risky because certain kinds of misconfiguration – e.g. selecting the wrong region for a multi-region remote service – can make an object appear to be missing even though it still exists.
The implicit refresh that happens in terraform plan or terraform apply can also be mislead by provider misconfigurations, but it has the advantage that you get an opportunity to review its proposed changes before committing the result to the remote state storage.
Hi @apparentlymart,
Thank you very much for elaborating. I will check why exactly the provider failed then.