Auto Apply
This lesson will cover how you can run a terraform apply command without any confirmation message.
We'll cover the following
Auto apply#
It is possible to skip the Terraform plan confirmation in a different way. You can use the -auto-approve flag.
Let’s test this out using the same Terraform code to run the command terraform apply -auto-approve.
Terraform will create the AWS SQS queue without stopping to ask you to confirm.
📝Note: Once you are done with the project, do not forget to run
terraform destroyand then confirm with yes to delete all of the resources in this project.
-auto-approve flag#
We wanted to show the -auto-approve flag to highlight a key difference between its use and that of passing a plan to the apply command.
The difference is that when you pass a plan to the apply command, the apply command will execute that exact plan. This means that if something has changed in your infrastructure and that plan is no longer possible, Terraform will give you an error. It is a safeguard where you are explicitly saying to Terraform “go and execute exactly this plan”. With the auto apply flag, on the other hand, you are saying to Terraform, “go and work out what to do, generate a plan and then go and do it without asking me to confirm”.
For this reason, using the -auto-approve flag is potentially more dangerous and not recommended in most scenarios. If Terraform destroys your database, it will go ahead and do it without asking you to confirm.
Conclusion#
This is why, if you are building Terraform into a build deploy pipeline, you want to use a plan file and pass it to apply. That method allows you to review the plan and know for sure that Terraform will only be executing exactly the plan that you reviewed.
