Table of Contents
Introduction
As Terraform continues to be a popular Infrastructure as Code (IaC) tool, managing cloud infrastructure efficiently can be both rewarding and challenging. However, errors like “Plan does not match configuration” can disrupt the deployment process and create inconsistencies between your desired infrastructure and what is actually deployed.
If you’re encountering this error, it usually means that Terraform has detected differences between your current state file and the configuration defined in your .tf
files. Fixing this error can range from straightforward solutions like refreshing your state to more complex scenarios involving manual state modifications.
This in-depth guide will walk you through the common reasons for this mismatch, troubleshooting techniques, and solutions—from basic to advanced levels. Whether you’re a Terraform beginner or experienced user, this guide aims to help you keep your infrastructure in sync and avoid costly deployment errors.
What Does the “Plan Does Not Match Configuration” Error Mean?
When Terraform throws the “Plan does not match configuration” error, it means there’s a discrepancy between the current state of your infrastructure (represented in the state file) and the configuration you’ve defined in your Terraform files. The error often occurs during terraform plan
or terraform apply
and usually indicates that the changes Terraform is about to apply don’t align with what it thinks the infrastructure should look like.
Understanding the error is key to resolving it and ensuring your infrastructure remains stable. The error can be caused by multiple factors, including manual changes to resources, state drift, outdated state files, or inconsistencies in the provider versions.
Common Causes of the Terraform Plan Mismatch
Several underlying reasons can lead to a mismatch between Terraform’s plan and the configuration. Understanding these reasons is the first step toward resolving the error efficiently.
1. State Drift
- Definition of Drift: Drift occurs when the actual infrastructure changes, but those changes are not reflected in the Terraform state file. This usually happens when someone manually updates resources outside of Terraform (e.g., through a cloud provider’s console or API).
- How Drift Happens: For example, if you manually scale an EC2 instance on AWS, but the change isn’t captured in Terraform, this leads to drift.
- Impact of Drift: When Terraform runs a plan, it assumes the state file is up-to-date. If it’s not, Terraform will try to recreate or modify resources that have already changed, leading to errors.
2. Inconsistent Terraform State Files
- State File Overview: Terraform’s state file is essential for tracking the resources it manages. When Terraform’s state file is out of sync with the actual infrastructure, it generates a plan that doesn’t match the configuration.
- Causes of Inconsistencies: This can happen if the state file is manually altered or corrupted. An outdated state file may also cause Terraform to make incorrect assumptions about the infrastructure.
- Solutions: In many cases, running
terraform refresh
can resolve these issues by re-aligning the state file with the real-time state of the infrastructure.
3. Provider Version Mismatches
- What Are Provider Versions?: Terraform uses providers to interact with specific cloud platforms like AWS, Google Cloud, or Azure. Each provider has a version, and mismatches in these versions can lead to configuration and plan discrepancies.
- How This Affects Terraform: If your environment uses an older or newer provider version than expected, Terraform might plan for changes that aren’t necessary or fail to detect required updates.
- Prevention: To prevent version mismatches, you should lock provider versions in your configuration using the
required_providers
block.
4. Manual Changes to Resources Outside of Terraform
- Explanation: Any changes made outside of Terraform—whether manual or through another automation tool—will not be reflected in the state file. For instance, if an EC2 instance size is changed manually in the AWS console, Terraform will not know about it unless the state is refreshed.
- Why This Causes Mismatches: Terraform will attempt to apply changes that don’t reflect reality, leading to a mismatch between the plan and the actual configuration.
How to Fix “Plan Does Not Match Configuration” Error
Step 1: Detect and Resolve Infrastructure Drift
Drift is one of the most common causes of the “Plan does not match configuration” error. To resolve this issue, follow these steps:
- Run a Plan to Detect Drift
Start by runningterraform plan
to identify discrepancies between the actual infrastructure and the state file.
terraform plan
Review the output to check for any unexpected changes. If drift is detected, you can either accept the drift or fix the manual changes in the cloud provider.
- Manually Import Resources
If a resource was manually created or modified outside of Terraform, you can use theterraform import
command to bring that resource into the Terraform state.
terraform import aws_instance.example i-0abcd1234
- Use
terraform apply
with Caution
If the drift is minor, applying changes might be the simplest way to bring Terraform and the infrastructure back into alignment. However, carefully review the plan before applying to avoid unintended changes.
terraform apply
Step 2: Refresh the State File
Another quick fix for state mismatches is refreshing the state file to reflect the current state of resources in the cloud.
- Run
terraform refresh
This command updates your state file with the latest information from your cloud infrastructure.
terraform refresh
After running this command, re-run terraform plan
to see if the mismatch has been resolved.
- Ensure Consistency Across Workspaces
If you’re using multiple workspaces, ensure that you’re working in the correct workspace where the drift or mismatch occurred.
terraform workspace select production
Step 3: Lock Provider Versions
Mismatched provider versions can lead to discrepancies between the plan and the actual configuration. To prevent this:
- Lock the provider version in your configuration file:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}
- Reinitialize Terraform to download the correct provider versions:
terraform init -upgrade
Step 4: Check for Pending Changes in Cloud Resources
Pending changes or operations in the cloud can also cause Terraform to mismatch. If changes such as resizing, scaling, or stopping resources are in progress, Terraform might not detect them correctly.
- Wait for Pending Changes to Complete
Before runningterraform apply
, ensure that all operations (like autoscaling or resource resizing) have completed successfully in the cloud. - Resynchronize State
If pending changes are applied manually, runterraform refresh
to synchronize the state file.
Advanced Techniques for Resolving Terraform Plan Mismatch
1. Manual State File Modification
In rare cases, you might need to manually edit your Terraform state file to resolve persistent errors. Be careful when modifying the state file, as incorrect edits can cause further inconsistencies.
Steps for Manual Modification:
- Backup your current state file.
- Open the
.tfstate
file in a text editor. - Make necessary adjustments (e.g., updating resource IDs).
- Save and re-run
terraform plan
to check for mismatches.
2. State File Targeting
If the mismatch only affects a subset of your infrastructure, you can target specific resources for plan and apply.
Example:
terraform apply -target=aws_instance.example
This command only applies changes to the specific AWS instance, leaving the rest of your infrastructure untouched.
3. Use Workspaces for Environment Separation
If you’re managing multiple environments (e.g., development, staging, production) and facing frequent mismatches, use Terraform workspaces to keep configurations separated and ensure that you’re working in the correct environment.
Example:
terraform workspace new production
FAQ Section
Q1: What should I do if I see a mismatch error after applying changes?
If you still encounter the error after applying changes, the state file may be out of sync. Running terraform refresh
should resolve the issue.
Q2: How do I prevent state file inconsistencies?
- Use
terraform lock
to ensure consistency between your configurations and provider versions. - Avoid making manual changes outside of Terraform to minimize drift.
Q3: How do I fix errors caused by provider version mismatches?
Lock the provider versions in your configuration using the required_providers
block. Then run terraform init -upgrade
to sync versions.
Conclusion
The “Plan does not match configuration” error in Terraform is not uncommon, but it can be frustrating. By understanding its causes—whether it’s state drift, inconsistent state files, or version mismatches—you can effectively troubleshoot and fix the issue. From basic fixes like refreshing the state to advanced solutions like targeted applies and manual state modification, there’s always a way to resolve this error.
Regularly updating your Terraform configuration, locking provider versions, and avoiding manual changes will help you prevent this error in the future. By keeping your Terraform environment aligned with your actual infrastructure, you ensure smooth deployments and reduced downtime.