Terraform Pt. 2 - Importing and stuff...

Table of Contents

Plowing a brownfield 

Rarely you get the luxury of deploying infra in a pristine, greenfield environment. Most of the time you'll have already pre-existing components to deal with, either deployed by a predecessor (who did this?!? 😡), or by yourself when with a bated breath you were cautiously pressing the "review and launch" button 🤞.   

Terraform would have no idea about the current state since none of these objects were were originally crated through terraform apply and there is no tfstate file with records of their existence. 

So, how do you bring these into the Terraform fold?

Terraform import

Like the name suggest, terraform has the ability to import resources....but although this command does a lot of the heavy lifting, the process is not devoid of some involvement and cleanup on your part. 

The general steps are:

  1. create a folder and a super basic .tf file for the object your are about to import
  2. initialize via terraform init
  3. run terraform import <the type of resource you are importing + it's id>
  4. using the information from your tfstate file as input, update the .tf file you originally created
  5. iterate through step 4 until you get to this state:
    "No changes. Your infrastructure matches the configuration"


Let's say you have an AWS EC2 instance you'd like to import. Create a .tf file with barebones structure similar to the one below.

terraform {
 required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "~> 3.0"
  provider "aws" {
    region = "us-east-1" 
resource "aws_instance" "this" { ami = "unknown" instance_type = "unknown" }

Execute terraform import aws_instance.this i-00cf9f9d15dd7c03d

A successful import will result in the following message:

The part where it tells you that "These resources are now in your Terraform state and will henceforth be managed by Terraform." is a bit misleading though. They are in your tfstate, but in order to actually manage them, as I motioned before, you'll need to update your .tf file with the information in your tfstate file. 

To illustrate the point, here's the output from running terraform plan. Notice that it is planning on replacing the imported value of for the AMI, with the "unknown" one we still have in the .tf file.  

Once you update your .tf file with the AMI information and the instance type of t2.micro however, you'd be able to now manage that EC2 with Terraform.

Importing at scale

The above process may be OK if you don't have many resources, but it certainly would be a bit of a burden if you have a larger environment. 

I anticipate Terraform to solve that natively in near future, but in the interim, there are some third party developed tools that can enumerate and import your infrastructure. 

The two that I came across are:

Have not tried Terraformer but here's a sample of what Former2 produced when I had it generate a terraform file of two S3 buckets:

If someone out there reads this and knows of a better tool or method to do this job, I'd love to learn about it.

Additional resources

Terraform Pt.3 - the backend...


You should also read:

First Steps in Terraforming

Why Terraform Cloud agnostic - skills learned deploying to AWS are transferable when working with other hyperscalers like Azure or GCP...and even applicable…