Most engineers think ignore_changes “fixes” drift.
It doesn’t.
Terraform’s default behavior is reconciliation. If the real infrastructure changes, Terraform plans to correct it. That is the control loop.
ignore_changes removes specific attributes from that loop.
When you ignore desired_capacity in an Auto Scaling Group, you allow AWS to scale without Terraform forcing it back. That is coexistence between declarative config and reactive systems.
When you ignore a password in SSM, you remove Terraform as a corrective control for that secret. That is silent divergence.
ignore_changes = all goes further. It disables drift detection for the entire resource. Terraform keeps the object in state, but it no longer enforces it.
This is not a convenience flag. It is an ownership declaration.
If you suppress reconciliation, you must replace detection elsewhere.