Using State file as source of truth

Scenario: We provisioned an EC2 instance -AMI1 and attached a Security Group foo to it using terraform.
Later, someone from another team attaches a Security Group foo2 to the AMI1 manually(through AWS console) without our knowledge.
We got the requirement that we need to attach another Security Group foo3 to AMI1.

We then update our terraform file and execute “terraform plan --refresh=false” so it will consider the state file as the source of truth and will not make us aware that there is a resource that will get deleted in case we run terraform apply.

Is using --refresh=false still recommended practice? if yes, how?

Note: The scenario is very common in the big organization where multiple teams work on an infra.

No, this scenario is not (or should not) be common. That is a bad practice. If you are going to manage the infrastructure as a code, don’t mess up things with ad-hoc changes. If you do, then you are on your own.

1 Like