Most engineers misread the -/+ symbol in a Terraform plan.
That symbol does not mean “update.” It means Terraform is about to destroy one remote object and create a new one in its place.
In this lesson, I break down:
- How provider “ForceNew” arguments trigger replacement
- Why changing an identity field like
namecreates a new object - When
create_before_destroyactually reduces downtime - How
replace_triggered_byturns replacement into a policy decision
Replacement is not random. It is deterministic, defined by the provider schema, and visible at plan time.
Understanding this mechanism prevents accidental outages.
Full lesson on YouTube.