Terraform is an excellent tool for managing and deploying any type of infrastructure. In an ideal world you would use it at the start of all your projects, however this is not always possible and sometimes you might have to use it in a project that has already been started.
In the following post we are going to see how to import existing infrastructure into terraform.
First of all we are going to use an storage account as the backend for our terraform state, so make sure that you have a valid Azure subscription and create and storage account in the Azure portal and create a container inside named tf-state.
Once this is done create the following file and copy the settings from your storage account:
backend.tfvars
# storage account settings
storage_account_name = "stcloudarchitect"
container_name = "tf-state"
key = "<your-key>"
resource_group_name = "rg-cloudarchitect-blog-prod-01"
Next, create a file called main.tf where we will write the configuration of our azure terraform resources:
main.tf
terraform {
required_version = ">= 0.12.6"
backend "azurerm" {}
}
provider azurerm {
version = "~> 2.2.0"
features {}
}
Once the backend and main files have been created we can initialise our terraform backend using the following command:
terraform init -backend-config=backend.tfvars
So in order to start importing resources into our file we need to create a dummy place holder in the main.tf file:
resource "azurerm_mysql_server" "db-cloudarchitect" {
}
We will use this as an empty shell where we are going to import our resource.
Once we have done this, we will get the Id of our resource, in this case the id of the MySQL database resource is not visible in the azure portal so we will use the following az-cli command to get it:
az resource list --query "[?name=='db-cloudarchitect']".[id] --output tsv
Once the command has been run, we will use the id returned by that command to import the resource into terraform.
terraform import azurerm_mysql_server.db-cloudarchitect /subscriptions/.../resourceGroups/rg-cloudarchitect-blog-prod-01/providers/Microsoft.DBforMySQL/servers/db-cloudarchitect
If everything worked well our resource has been imported into the terraform state, but in order to use it we will get all the properties in the state to update our terraform code, so we will use the following commands to get the current properties of our resource:
terraform state list
terraform state show <your resource>
Copy paste the configuration into the file main.tf replacing the empty shell and then use terraform plan.
As expected there might be some missing properties, the next step can be painstaking if you have complex resources such as an aks cluster because we need to go to terraform documentation and fill in all the missing properties.
Once all the missing properties have been added and the ones that are not necessary removed, we can use terraform plan and then apply.
resource "azurerm_mysql_server" "db-cloudarchitect" {
location = "francecentral"
name = "db-cloudarchitect"
resource_group_name = "rg-cloudarchitect-blog-prod-01"
sku_name = "B_Gen5_1"
ssl_enforcement = "Disabled"
tags = {}
version = "5.7"
storage_profile {
auto_grow = "Enabled"
backup_retention_days = 7
geo_redundant_backup = "Disabled"
storage_mb = 51200
}
administrator_login="azureadmin"
administrator_login_password =""
timeouts {}
}
So now our resource can be managed by terraform!
The biggest advantage of this approach is that you can bring existing infrastructure into terraform management so you can migrate your current infrastructure little by little. Furthermore, it allows you to industrialise your manually deployed resources using the portal.
As for the moment the biggest disadvantage is that there is manual and cleaning work to do and each resource should be imported manually, in future versions terraform will provide the complete configuration of the resource (minus the confidential values).
Happy terraforming!
Hello!
I’m currently working at Cycloid and we built a DevOps Framework, oriented on IaC.
In order to convert an existing infrastructure to Terraform, we developed Terracognita: https://www.cycloid.io/terracognita we added support for Azure provider.
We also built Inframap to get a diagram of your infrastructure.
It’s totally opensource, don’t hesitate to try it and give some feedback 😉