Learnwithdevopsengineer
Posts
⚠️ Terraform Drift: Infra Says One Thing, State Says Another

⚠️ Terraform Drift: Infra Says One Thing, State Says Another

A local Docker simulation that shows exactly how Terraform catches state drift — and why it matters in real production.

Arbaz M
August 21, 2025

When Terraform Thinks It Exists… But It’s Gone

Ever run terraform plan and been shocked that Terraform wants to recreate something?

That’s drift.
Terraform’s state says the resource exists, but reality doesn’t.

That’s exactly what we recreated in my latest simulation.

What Happened

I used Terraform to deploy an Nginx container with Docker.
It ran perfectly — serving on http://localhost:8080.

Then I deleted it manually with docker rm -f.
To Terraform, though, it still existed… because the state file remembered it.

The Debugging

Here’s the key:

Terraform tracks resources in state
Manual changes outside Terraform break that alignment
Next time you run plan, Terraform says: “This container is missing, I’m going to recreate it.”

That mismatch — state vs. reality — is drift.

📩 Want 24 more real-world DevOps failures like this — with scripts you can actually run?
👉 Subscribe to my newsletter here: learnwithdevopsengineer.beehiiv.com/subscribe

📂 Takeaway Code Snippet

Container defined in Terraform:

resource "docker_container" "web" {
  name  = "tf-demo-nginx"
  image = docker_image.nginx.name
  ports {
    internal = 80
    external = 8080
  }
}

Manual drift (outside Terraform):

docker rm -f tf-demo-nginx

Terraform catches it:

terraform plan
# -> shows container missing, proposes to recreate

▶️ Full Walkthrough

👉 I recorded the entire drift demo + fix step by step. Watch it here: https://youtu.be/vgaDMukl_2M

Why It Matters

Drift is harmless in a local Docker demo.
But in production it can mean:

Missing firewall rules
Wrong VM sizes
Or even deleted databases

That’s why teams run scheduled Terraform plans in CI/CD — to catch drift before it becomes an outage.

👋 Final Note

If you enjoyed this breakdown, hit subscribe to this newsletter.
Every week I share real DevOps failures you can actually reproduce — so you never get caught off guard in production.

— Arbaz
📺 YouTube: Learn with DevOps Engineer
📬 Newsletter: learnwithdevopsengineer.beehiiv.com/subscribe