This error occurs when applying a saved Terraform plan file that was created with different provider versions or configurations than your current setup. A plan file is environment-specific and cannot be reused after dependency changes. Resolve it by regenerating the plan and lock file in your current environment.
The "plan file was created with a different set of external dependency selections" error means Terraform detected a mismatch between the provider versions/dependencies recorded in your saved plan file and those currently configured in your Terraform working directory. In Terraform, when you run "terraform plan", it captures not just the resource changes but also the exact provider versions and dependency lock file state at that moment. A saved plan file is tightly coupled to the Terraform configuration and lock file (.terraform.lock.hcl) that created it. If either your configuration or lock file changes after the plan was created, Terraform will refuse to apply that plan because the dependencies no longer match. This is a safety mechanism to prevent applying infrastructure changes with mismatched provider versions, which could lead to unexpected behavior or compatibility issues.
Ensure the .terraform.lock.hcl file matches what was used when the plan was created. If you're in a CI/CD environment, check that your artifact or cache includes the correct lock file:
ls -la .terraform.lock.hcl
cat .terraform.lock.hcl | head -20If the lock file is missing or outdated, this is likely the cause.
Initialize your Terraform working directory with the current configuration and lock file:
terraform initThis command downloads and installs the provider versions specified in your lock file and ensures all dependencies are synchronized. If the lock file has changed, it will update it to match your configuration.
After running terraform init, create a new plan file in the current environment:
terraform plan -out=plan.tfplanThis new plan will be created with the current dependency selections and can be safely applied in this environment. Discard the old plan file that had mismatched dependencies.
If you're working in a multi-platform environment (local development on macOS but CI/CD on Linux), explicitly lock providers for all target platforms:
terraform providers lock -platform=linux_amd64 -platform=darwin_amd64 -platform=darwin_arm64This generates checksums for each platform and adds them to the lock file, ensuring consistency across environments.
Once you've regenerated the plan in the same environment, apply it:
terraform apply plan.tfplanThis applies the infrastructure changes with dependencies that match your current configuration.
CI/CD Best Practices: When using plan in CI and apply in CD, save the entire terraform context into your build artifact:
- The plan file (plan.tfplan)
- The lock file (.terraform.lock.hcl)
- The .terraform directory (or let CD re-initialize)
Then retrieve all of these in the CD stage before running terraform apply. This ensures dependency selections remain consistent.
Cross-Architecture Deployments: Terraform generates platform-specific checksums in the lock file. If you plan on macOS but apply on Linux, lock files won't match unless you explicitly generate checksums for both platforms using "terraform providers lock".
Architecture-Specific Checksums: The lock file includes checksums like "h1:..." which are specific to each platform (linux_amd64, darwin_amd64, etc.). Different platforms require different checksums, which is why cross-architecture deployments fail without explicit platform locking.
Workaround for CI/CD Caching Issues: If your CI/CD system caches .terraform directories, ensure the cache is invalidated when the lock file changes, or skip caching the .terraform directory and always run "terraform init" fresh.
Error: Error installing helm release: cannot re-use a name that is still in use
How to fix "release name in use" error in Terraform with Helm
Error: Error creating GKE Cluster: BadRequest
BadRequest error creating GKE cluster in Terraform
Error: External program failed to produce valid JSON
External program failed to produce valid JSON
Error: Unsupported argument in child module call
How to fix "Unsupported argument in child module call" in Terraform
Error: network is unreachable
How to fix "network is unreachable" in Terraform