Don’t believe terraform plan for all the thing

by Daniel Pham
Published: Updated:

terraform plan – Hey guys, I’m back with a new post about this command related to Terraform.

As a DevOps engineer, I usually to using Terraform on my work, day by day. And I wanna talk some small experiences about it with you guys.

terraform plan is not a real plan

Everytime I write some Terraform code to create some stuff on my infrastructure, yes, I have to run the command terraform plan to make sure nothing will be destroyed without any noticed.

I may know that when I talk this thing, some guys can yelling me like “everybody know this shit, stupid”.

But this is not the main point, I wanna talk about the point “plan is not a real plan”.

You already know that terraform plan will checking the current state for all resources on the infrastructure. And then compare with your new code and list all the changes to you.

That’s a plan right? You think you can know everything with the list of changes. But no, not easy like that.

I wrote a previous post with my experience about error Postgres pq tupple concurrently updated. You may don’t know this shit were happened to me even when I ran the command terraform plan first and it’s showed everything looking good. Nothing be brokend and all looks like supporting. Like this one:

  # module.user-rds-postgres-trade.postgresql_grant.rds_postgres_grant_table["user.01"] will be updated in-place
  ~ resource "postgresql_grant" "rds_postgres_grant_table" {
        id                = "user.01_db_public_table"
      ~ privileges        = [
          + "DELETE",
          + "INSERT",
          + "SELECT",
          + "UPDATE",
        # (5 unchanged attributes hidden)

  # module.user-rds-postgres-trade.postgresql_grant.rds_postgres_grant_table["user.02"] will be updated in-place
  ~ resource "postgresql_grant" "rds_postgres_grant_table" {
        id                = "user.02_db_public_table"
      ~ privileges        = [
          + "DELETE",
          + "INSERT",
          + "SELECT",
          + "UPDATE",
        # (5 unchanged attributes hidden)

Plan: 5 to add, 5 to change, 0 to destroy.

But when I run the next command terraform apply then this shit error were came.

Error: could not execute revoke query: pq: tuple concurrently updated

│   with module.user-rds-postgres-trade.postgresql_grant.rds_postgres_grant_table["user.01"],
│   on ../../modules/user-rds-postgres/ line 90, in resource "postgresql_grant" "rds_postgres_grant_table":
90: resource "postgresql_grant" "rds_postgres_grant_table" {

I told about this error in my previous post above.

You see, even the terraform plan showing everything fine but not sure it will real fine when you run terraform apply. It’s may break something you don’t know.

That the reason why I want to mention it’s not a real plan here and you shouldn’t believe it for all the thing. Should double-check carefully.

My suggestion

I suggest you guys 3 things:

  • Keeping in mind that never trust terraform plan 100%. Always double-check all the things, all the changes.
  • If you have the budget as well, let run terraform apply in the Development environment first. I know most of you guys always has the Development environment to do stuff. But still some cases, they’re only running a single environment for product only, there is no more budget (I faced it once).
  • If you can’t have the Development environment available. Let try to split your Terraform code to smaller thing and then try it with your personal environment like your AWS account. Sometime, you have to sacrifice a bit to make sure you will not break something.


This post I’m not telling you guys about the technical issues or tricks or guides. I’m just want to sharing with you about my experience when working with Terraform. You may face the case like me or not. But if you’re facing it, just keep in mind about my suggestion.

0 0 votes
Article Rating

You may also like

Notify of
Inline Feedbacks
View all comments

DevOps Lite is a personal blog specializing in technology with main topics about DevOps, DevSecOps, SRE and System Administrator. Articles are shared for free and contributed to the community.



Subscribe my Newsletter for new blog posts. Stay updated from your inbox!

© 2021-2024 – All rights reserved.

Please write sources “” when using articles from this website.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Would love your thoughts, please comment.x

Adblock Detected

Please support us by disabling your AdBlocker extension from your browsers for our website.