The way HashiCorp Terraform keeps track of resources that are managed via the Terraform code is through the use the Terraform State (.tfstate) file. This file is a sort of registry of all the resources and the configuration of them as was last deployed or updated when the terraform apply command was run. The next time terraform plan is run, it will use this state file to figure out what changes need to be made to make the actual Azure resources, or even other resource types managed by the Terraform project, match the Terraform code in the project.
If you have existing resources that have been previously created, and need to now have them managed by Terraform, you will need to perform the following steps:
- Write the Terraform code in the project for the existing resources that need to be managed. You need to be sure to set the configurations exactly how the resources are correctly configured in the environment.
- Run the
terraform importcommand to tell Terraform to add the existing resource to the Terraform State, since it will now be managed via Terraform.
Once the existing resources are imported into the Terraform State, then the Terraform project will be able to mange those resources the same as any other in the project.
Write Terraform for Existing Azure Resource
When writing the Terraform code for an existing resource, you’ll need to make sure to configure it exactly how the resource is already set up. You want to go through and compare all the resource attributes that can be managed on the resource by the Azure Terraform Provider and write the Terraform code as explicitly as necessary to make sure the code matches the existing resources configuration.
resource "azurerm_virtual_network" "terrafirm-hub-vnet" {
# resource configuration here
}When defining the resource, you’ll want to make sure the Terraform resource name (example of terrafirm-hub-vnet in the previous snippet) is unique within the Terraform project. Terraform requires each resource to have a unique name in the project, as this is used to identify the resource within the Terraform State. This is the same for new resources being adde to Terraform code, as well as existing resources being imported.
Import Existing Azure Resource into Terraform
Once the Terraform code is written for an existing resource, the terraform import command is used to tell Terraform to import an existing Azure resource into the Terraform project. When running this command, there are 2 attributes that need to be supplied:
$ terraform import [Terraform Resource Path] [Azure Resource ID][Terraform Resource Path]– This is the unique path and identifier for the Terraform Resource in the Terraform code that consists of the resource type and local name for theresource.[Azure Resource ID]– This is the Azure Resource ID for the existing Azure Resource. This allows the Azure Terraform Provider to lookup the existing resource in Azure when the resource is imported and later managed.
Using the previous Terraform resource example, here is a sample terraform import command to import an existing Azure resource:
$ terraform import "azurerm_virtual_network.terrafirm-hub-vnet" "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/terrafirm-rg/providers/Microsoft.Network/virtualNetworks/terrafirm-hub-vnet"The Terraform Resource Path is the path that uniquely identifies the resource in the Terraform project. It is made up of the Resource Type and the Local Name of the Terraform resource separated by a period (.). In the above resource example, the resource path is azurerm_virtual_network.terrafirm-hub-vnet. For resources within Terraform Modules, then the syntax for defining the Terraform Resource Path is a little more complex (not covered in this article).
The Azure Resource ID is the full Azure Resource Manager (ARM) ID within Microsoft Azure for the existing resource. This ID is generated by Microsoft Azure and can be found within the Azure Portal for the existing resource if you are unsure what the full Resource ID is for the existing Azure Resource being imported into the Terraform project.
To lookup the Azure Resource ID for an existing resource, simply navigate to the resource within the Azure Portal, and open the Properties pane for the resource. The Resource ID value on the Properties pane for the Azure Resource is the ID that is needed here.
Here’s a screenshot highlighting where the Azure Resource ID is for an Azure Virtual Network in the Azure Portal:
I hope this helps you import some existing Azure resources into your Terraform project!
About the Author
Chris Pietschmann
Chris Pietschmann is a Microsoft MVP, HashiCorp Ambassador, and Microsoft Certified Trainer (MCT) with 20+ years of experience designing and building Cloud & Enterprise systems. He has worked with companies of all sizes from startups to large enterprises. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive.
IPv4 Address CIDR Range Reference and Calculator
Azure Functions: Extend Execution Timeout Past 5 Minutes
Terraform: Use for_each to deploy multiple resources
Azure Regions: Interactive Map of Global Datacenters
Terraform: If/Else Conditional Resource and Module Deployment
Properly Shutdown Azure VM to Save Money
