Many companies choose to adopt infrastructure as code later in there cloud journey. There will come a time when you may need to import existing azure resources into terraform.
Terraform uses the state file to understand the resources that need to be managed. In this article we will go over how to import the following azure resources into terraform:
- Azure Resource Group
- Network Security Group
How does Import Work in Terraform
When importing resources into terraform, your tfstate file will be updated with the resources that are in your environment. As of this writing, terraform does not create the configuration files for you. This means you will still need to create the resources groups in your terraform code.
Although this poses an extra step in the process it eliminates having to recreate your infrastructure completely. Before you run the “terraform import” command it would be best to create the appropriate configuration resources beforehand.
Now we will start to import existing azure resources into terraform.
Import existing azure resource group into terraform
Creating an azure resource group in the azure portal is pretty easy. To import the existing resource group into terraform we will need to identify the resource Id. Sign into the azure portal and go to your resource group. Under the settings you should see a properties field.
In the .tf file we will need to create an azure resource group with the properties above.
resource "azurerm_resource_group" "homelabrsg" {
name = "homelab"
location = "East US"
}Then run the command swaping out the correct subscription id:
terraform import azurerm_resource_group.homelabrg/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/homelabrsgIf all goes well and no errors you should get an import successful command. When importing a resource sometimes there may be attributes that you don’t fully have in your configuration. If I was to do a terraform plan right now the output would look like this.
The name from our configuration file not matching up is triggering a destroy and rebuild. We also need to create a tag so that it matches our environment as well. Change the name in the resource group to be homelabrsg, create a tag, and do another terraform plan.
resource "azurerm_resource_group" "homelabrsg" {
name = "homelabrsg"
location = "East US"
tags = {
"environment" = "production"
}
}
When we see that no changes are going to be made then we have successfully imported and matched up our resources.
Import azure network security group into terraform
The import for the network security group works the same way as the resource group. Using the resource id from the azure portal we will import in the resources using the same command.
Your configuration file now needs to add the existing resource group.
resource "azurerm_network_security_group" "homelabsg" {
name = "homelab-security-group"
location = azurerm_resource_group.homelabrsg.location
resource_group_name = azurerm_resource_group.homelabrsg.name
security_rule {
name = "AllowAnyRDPInbound"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}Run the following command to import in the security group into terraform.
terraform import azurerm_network_security_group.homelabsg /subscriptions/0000000-0000-0000-0000-0000/resourceGroups/homelabrsg/providers/Microsoft.Network/networkSecurityGroups/homelab-security-group
Conclusion
Now you had the chance to import existing azure resources into terraform, you can now apply these same concepts to other resources. The terraform registry provides you with the resources that can be imported and the format needed for the command.
Thanks, this really helped!
yea no problem. if you have a lot of resources check out terrafy https://letmetechyou.com/import-your-entire-azure-environment-using-terrafy/