To avoid data loss in prod, you best be using lifecycle {
prevent_destroy = true
}
https://developer.hashicorp.com/terraform/tutorials/state/re...> trying to get some old module to work in a new cloud environment where a bunch of assumptions about how things are done no longer apply Square hole type energy. Just because you can coerce the code to run doesn't mean it's a good idea. New environment, new assumptions, new code. Copy-paste what's relevant, but in a new project. > getting totally confused because what they see in the code doesn’t match reality Terraform compares state to detect drift? When reality doesn't match code, you clobber reality or you update the code. > It Prevents Drift! > This is true if and only if, you only ever, ever, ever, create code to change things in your environment. It at least makes drift obvious, even if it requires attention for it to be addressed. > code is, in my opinion, really not good at being documentation Unlike comments, IaC "can't" be inaccurate after applying. > But in my experience, the effort to keep your code up-to-date is a sink for engineering time. If the code is out of date, it's because you made a click change and didn't update the code. When this happens, terraform tells you exactly what changed in simple scenarios, and in more complex scenarios you can use import blocks to rein things in. > Yes it’s a clickbait headline. You clicked on it, didn’t you? Got me good. The article is a good launchboard for discussion. Overall, the IaC scene has plenty of room for growth. Terraform import blocks and code generation is helping reduce the problem of "I clicked in the portal now I gotta update the code" because you can sync both ways. Code updates infra, infra can be used to generate code. |