I had provisioned some resources over AWS which includes EC2 instance as well, but then after that we had attached some extra security groups to these instances which now been detected by terraform and it says it'll rollback it as per the configuration file.
Let's say I had the below code which attaches a Security Group to my EC2 instance -
vpc_security_group_ids = ["sg-xxxx"]
but now my problem is how can I update terraform.tfstate file so that it should not detach manually attached security groups.
I can solve it as below:
terraform refresh command which will update the state file.But that is only feasible for a small kind of setup, what if we have a complex scenario - do we have any other mechanism in Terraform which would detect the drift and update it?
There is no way Terraform will update your source code when detecting a drift on AWS.
The process you mention is right:
terraform plan. It will refresh the state and show you if there is still a difference