I can import AWS resources using AWS CDK (python) like this
# lookup existing VPC
vpc = ec2.Vpc.from_lookup(self,"vpc",vpc_id=vpcID,)
#lookup existing Security group
sec_group = ec2.SecurityGroup.from_lookup_by_id(self,'SG',sgID)
I cannot find proper documentation or example of doing the same in terraform cdktf
CDKTF(Terraform) provides data sources to fetch information from resources created outside of Terraform, therefore you can use the DataAwsVpc method.
Related
I am trying to import existing AWS resources through Terraform import cmd.
Programatically I am able to take AWS resource ID through Resource tagging API but then I can not find a proper way to map it to Terraform type.
For example EC2 instance i-abcd has to be imported in Terraform through the following cmd:
terraform import aws_instance.foo i-abcd
Is there any way that I can determine the Terraform type of the i-abcd knowing that it is an instance in AWS?
Something like a dictionary:
AWS Resource type | Terraform Resource type
instance | aws_instance
Is there any solution like the above one out there or any workarounds to create it without too many manual mappings?
Thanks in advance!
I want to configure my SQS Terraform Script to use an aws provided SSE Key.
I know that you can do this with the follwing code:
resource "aws_sqs_queue" "terraform_queue" {
name = "terraform-example-queue"
kms_master_key_id = "alias/aws/sqs"
kms_data_key_reuse_period_seconds = 300
}
But with this example I need to first create my own KMS Key. In the aws console it is possible to use a default one without creating one by myself. How do I do this in Terraform, what do I have to type in kms_master_key_id?
The default key for any service is given by the alias alias/aws/$service. So when you refer to alias/aws/sqs you're using the default AWS managed KMS key for that service in that region.
This is briefly covered in the AWS user guide:
The alias name cannot begin with aws/. The aws/ prefix is reserved by Amazon Web Services to represent AWS managed CMKs in your account.
I am trying to run Terraform in a private VPC using the AWS provider. Terraform supports overriding various AWS endpoints and so I have been using VPC Endpoints to expose relevant services in my VPC and overriding those endpoints in my provider configuration.
Unfortunately IAM is not supported by VPC Endpoints - I need this API to create some resource for example AWS roles, so how can I use this API in my private VPC from Terraform?
$ terraform -v
Terraform v0.11.13
+ provider.aws v2.17.0
Cloudformation supports VPC endpoints. So you can make a Cloudformation template that creates the IAM resources. Then apply that cloudformation stack via terraform. Then do another Terraform module that refers to those resources as data sources.
Given the constraints of your problem, it is only possible to solve this indirectly.
Docs: Terraform Docs for Cloudformation
Docs for AWS Cloudformation VPC Endpoints
I am trying to import the existing resources into Terraform state. But I want to automate the import along with a terraform resource creation script.
I am creating a ELB and 2 instances in existing VPC, so first I have to import the existing VPC into my state file by using the name tag of the VPC. But I am seeing the import is working only by using the id key. Is it possible to import using other parameters apart from ID?
No you can't use other tags, you have to use the VPC ID to import your VPC
https://www.terraform.io/docs/providers/aws/r/vpc.html
https://www.terraform.io/docs/import/usage.html
You can achieve this using filter field.
e.g.
data "aws_vpc" "selected" {
filter = "tag:name=value"
}
I want to modify existing VPC by removing the black holed routetabes and update it with new route tables - the routetables i want to modify are created manually (not by the terraform). is that possible in terraform? any sample templates i can refer? Many Thanks,
Deepak
If you have existing infrastructure in AWS and you want to manage it with Terraform, you need to use the Terraform import command.
First, write the Terraform code that matches the route tables you already have. For example:
resource "aws_route_table" "example" {
vpc_id = "${aws_vpc.main.id}"
}
Next, look up the route table ID of the existing route table, and use the import command to have Terraform link the Terraform code above to that existing table:
terraform import aws_route_table.example rtb-12345678
You can also try out a tool like Terraforming which can generate the code and import the state automatically.