You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The aws_security_group_rule,aws_route, aws_iam_role_policy_attachment can all lead to drift that Terraform is unable to correct because they don't allow for exclusively managing the containing resource (security group, route table, IAM role respectively).
This is probably not an exhaustive list of resources like this.
This can cause issues where changes can be introduced to these resources and Terraform is unaware of them and unable to correct them. As a general rule, I push colleagues to use the exclusive managing resources but it's a regular thing that comes up during code review. It would be helpful if we could lint on this instead (with the normal opt out via comments where appropriate).
Would you be open to a pull request (or potentially one per resource) that adds a non default enabled rule that forbids the use of eg aws_security_group_rule in favour of aws_security_group rule blocks?
The text was updated successfully, but these errors were encountered:
tomelliff
changed the title
New rule(s) request/proposal: enforce drift drift detecting Terraform resources over those that don't
New rule(s) request/proposal: enforce drift detecting Terraform resources over those that don't
Aug 15, 2023
The
aws_security_group_rule
,aws_route
,aws_iam_role_policy_attachment
can all lead to drift that Terraform is unable to correct because they don't allow for exclusively managing the containing resource (security group, route table, IAM role respectively).This is probably not an exhaustive list of resources like this.
This can cause issues where changes can be introduced to these resources and Terraform is unaware of them and unable to correct them. As a general rule, I push colleagues to use the exclusive managing resources but it's a regular thing that comes up during code review. It would be helpful if we could lint on this instead (with the normal opt out via comments where appropriate).
Would you be open to a pull request (or potentially one per resource) that adds a non default enabled rule that forbids the use of eg
aws_security_group_rule
in favour ofaws_security_group
rule blocks?The text was updated successfully, but these errors were encountered: