Requirement
Migration of terraform.tfstatefile from any backend to terraform cloud.
Problem
With old backend, the terraform plan does not show any drift for tfe_provider resources.
After changing backend in the configuration, from any backend (local or S3) to terraform cloud, running terraform plan shows drift detected for all the tfe resources with below note:
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan
tfe_organization.this: Refreshing state... [id=xxxxxx]
tfe_project.this["external"]: Refreshing state... [id=prj-xxxxxx]
tfe_oauth_client.this: Refreshing state... [id=oc-xxxxxxx]
tfe_workspace.this["tf-tfc"]: Refreshing state... [id=ws-xxxxxxx]
tfe_variable.this["github_pat"]: Refreshing state... [id=var-xxxxxxx]
tfe_variable.this["github_pat"]: Drift detected (delete)
tfe_workspace.this["tf-tfc"]: Drift detected (update)
tfe_oauth_client.this: Drift detected (delete)
tfe_project.this["external"]: Drift detected (delete)
Cause
The cause for this behaviour is that the Terraform Cloud token needed by the tfe_provider is not configured properly on the terraform cloud workspace.
Solution
- Generate an organization token for the terraform cloud organization.
- Create an environment variable in the workspace called TFE_TOKEN and store the organization token in the variable.
- Now the terraform plan should run as expected without showing any drift.