Always Run Terraform Plan Before Apply
A quick terraform plan can save you from accidentally destroying production resources.
What
terraform plan shows you exactly what changes Terraform will make to your infrastructure before making them. It is a dry run that compares your configuration to the current state and highlights resources that will be created, modified, or destroyed.
Why It Matters
Running terraform apply without reviewing the plan first is like deploying code without testing it. A single typo in a resource name or a removed block can trigger a destroy-and-recreate of critical resources. The plan step is your safety net to catch destructive changes before they happen.
Example
# Generate a plan and save it to a file
terraform plan -out=tfplan
# Review the output carefully:
# + means create
# ~ means modify in-place
# - means DESTROY (watch out!)
# -/+ means destroy and recreate
# Apply only the exact changes you reviewed
terraform apply tfplan
# Example output to watch for:
# aws_db_instance.main: Destroying... [id=mydb]
# ^ This line means your database is about to be deleted!Common Mistake
Running terraform apply directly without reviewing the plan first and accidentally destroying resources because of a configuration typo or a renamed resource block.
Quick Fix
Always use terraform plan -out=tfplan followed by terraform apply tfplan. The saved plan file guarantees you apply exactly what you reviewed, with no surprises from changes made between plan and apply.
Key Takeaways
- 1terraform plan = dry run showing all changes
- 2+ create, ~ modify, - DESTROY, -/+ replace
- 3Save plans with -out=tfplan for exact apply
- 4Never run terraform apply without reviewing plan first
- 5Look for unexpected destroy operations before applying
Was this tip helpful?
Help us improve the DevOpsPath daily collection