Terraform's clients OS upgrade strategy

I have a Terraform environment which deploys VM from my company’s internal OS images.
They are updated on monthly basis and the latest image is using to build VM.
When new image come up existing VM will be updated by Terraform which means reinstalled from scratch. It means I lost all data I got on upgraded VM.
As I deploy VM with two disks, one for OS and another for data I would like to keep data disk untouched.

What is your way to upgrade operating system on Terrafrom VM without loosing data on them?

You need to be able to separate the application and it’s data/configurations so it can survive a patch cycle (redploy new OS image). Your application code can be hosted in a repository where it can be fetched on demand. Secrets needed by the application can persist in a parameter store (like Vault). Keeping your application data on a separate EBS volume is a good start.