Terraform show and plan not matching

Question

I am beginner in terraform in a (dangerous) live environment.

I ran a script for creating 3 new accounts in AWS Organizations. Two got generated and due to service limit error I couldn't create one.

To add to it, there was a mistake of the parent-id in the script. I rectified the accounts on the console by moving it to the right parent ID.

That leaves me with one account to be created.

After making the necessary changes in the service limit, I tried running the script. The plan shows 3 accounts to be added 2 to be destroyed. There's no way these accounts can be deleted and added. (Since the script is now version controlled - I can't run just for this one account).

Here's what I did - I modified the terraform state (the parent id) in the S3 bucket. Ensured that terraform show is reflecting the new changes. The terraform plan still shows 3 accounts to add and 2 to destroy.

How do I get this fixed? Any help is deeply appreciated.

Thanks.

Answer 1

The code is source of truth when working with Infrastructure as Code, even if you change state file, you need to update the code as well as state file.

There is no way Terraform can update source code when detecting a drift on your resouces.

So you need:

1- write the manual changes you done in AWS into the Terraform code.

2- Do a terraform plan. It will refresh the state and show you if there is still a difference