> Why don't cloud providers have a nice way for tools like TF to query the current state of the infra?

They do! In fact, this is my greatest pet peeve with TF, it adds state when it's not needed.

I was doing infra-as-code without TF with AWS long time ago. It went like this:

  env_tag = "${project_name}-${env_name}"  
  aws_instances = conn.describe_instances(filter_by_tag={"env_tag": env_tag})
  if len(aws_instances) != 1:
    conn.launch_aws_instances(tags={"env_tag": env_tag})

AWS has tag-on-create now, making this sort of code reliable. Before that, you could do the same with instance idempotency tokens. GCP also has tags.