What are drift and imports?
Drift is when real infrastructure no longer matches your code — someone made a change in the console, or a process modified a resource. Importing is the reverse: bringing an existing, unmanaged resource under IaC control. Both are about keeping code and reality in sync.
Why it matters
In any real organization, infrastructure gets changed outside your code — emergency fixes, other teams, legacy resources. If you cannot detect drift and import what exists, your IaC slowly becomes fiction. Handling this is what makes infrastructure as code trustworthy rather than aspirational.
What to learn
- What causes drift and why it is inevitable
- Detecting drift with a plan or dedicated command
- Reconciling: update code or revert reality
- Importing existing resources into state
- Generating configuration for imported resources
- Preventing drift with policies and locked-down access
- Refactoring state safely with moves
Common pitfall
Fixing a production issue by hand in the console and never bringing the change
back into code. The next apply will try to revert your fix, causing a second
incident. After any emergency manual change, update the code to match
immediately, so the next apply is a no-op rather than a surprise.
Resources
Primary (free):
- Terraform — Import · docs
- Terraform — Manage resource drift · docs
- Terraform — State move · docs
Practice
Create a resource by hand in your cloud console, then import it into Terraform state and write matching configuration so a plan shows no changes. Separately, modify a managed resource in the console and run a plan to see the drift. Done when both the imported and the drifted resource are back under code control.
Outcomes
- Explain what causes infrastructure drift.
- Detect drift with a plan and decide how to reconcile.
- Import an existing resource into IaC management.
- Restore code-reality sync after an emergency manual change.