I want to modify existing VPC by removing the black holed routetabes and update it with new route tables - the routetables i want to modify are created manually (not by the terraform). is that possible in terraform? any sample templates i can refer? Many Thanks,
Deepak
If you have existing infrastructure in AWS and you want to manage it with Terraform, you need to use the Terraform import command.
First, write the Terraform code that matches the route tables you already have. For example:
resource "aws_route_table" "example" {
vpc_id = "${aws_vpc.main.id}"
}
Next, look up the route table ID of the existing route table, and use the import command to have Terraform link the Terraform code above to that existing table:
terraform import aws_route_table.example rtb-12345678
You can also try out a tool like Terraforming which can generate the code and import the state automatically.
Related
I have created resource stub for importing iam customer managed policy as below.
resource "aws_iam_policy" "customer_managed_policy" {
name = var.customer_managed_policy_name
policy = "{}"
}
The import command used is:
$ terraform import -var 'customer_managed_policy_name=ec2-readonly' aws_iam_policy.customer_managed_policy arn:aws:iam::<account ID>:policy/ec2-readonly
This works fine for first time. But If I want to make it dynamic in order to import any number of policies, I don't know how to do.
Because "aws_iam_policy" resource will use policy name and policy data/json as attributes, for them by using for_each or list, multiple resources can be created but in import command I need to pass policy arn which is different.
I think there is a misunderstanding on how terraform works.
Terraform maps 1 resource to 1 item in state and the state file is used to manage all created resources.
To import "X" resources, "X" resources must exist in your terraform configuration so "X" can be mapped to state.
2 simple ways to achieve this would be by using "count" or "for_each" to map "X" resources to state. Therefore being able to import "X" resources.
Now, it is important to noticed that after you import a resource, if your terraform configuration it's not equal to the imported resource, once you run terraform apply, terraform will be update all imported resources to match your terraform configuration file.
I am trying to import existing AWS resources through Terraform import cmd.
Programatically I am able to take AWS resource ID through Resource tagging API but then I can not find a proper way to map it to Terraform type.
For example EC2 instance i-abcd has to be imported in Terraform through the following cmd:
terraform import aws_instance.foo i-abcd
Is there any way that I can determine the Terraform type of the i-abcd knowing that it is an instance in AWS?
Something like a dictionary:
AWS Resource type | Terraform Resource type
instance | aws_instance
Is there any solution like the above one out there or any workarounds to create it without too many manual mappings?
Thanks in advance!
I can import AWS resources using AWS CDK (python) like this
# lookup existing VPC
vpc = ec2.Vpc.from_lookup(self,"vpc",vpc_id=vpcID,)
#lookup existing Security group
sec_group = ec2.SecurityGroup.from_lookup_by_id(self,'SG',sgID)
I cannot find proper documentation or example of doing the same in terraform cdktf
CDKTF(Terraform) provides data sources to fetch information from resources created outside of Terraform, therefore you can use the DataAwsVpc method.
I have a production environment that is configured to have a domain name that points to a load-balancer. This is already working, and it was configured using Route53.
I am using Terraform to deploy the infrastructure, including the Route53 record.
The Route53 record was set manually.
I would like for Terraform to manage the Route53 record in subsequent deployments. However, when I run an update to update the infrastructure and include the Route53 record, I get this error:
Error: Error applying plan:
1 error(s) occurred:
* module.asg.aws_route53_record.www: 1 error(s) occurred:
* aws_route53_record.www: [ERR]: Error building changeset:
InvalidChangeBatch: [Tried to create a resource record set
[name='foo.com.', type='A'] but it already exists]
Well, at first, this error makes sense, because the resource already exists. But, given this, how can I overcome this issue without causing downtime?
I've tried to manually edit the state file to include the route53 record, but that failed with the same error...
I'm happy to provide more information if necessary. Any suggestions that you might have are welcome. Thank you.
You can use terraform import to import the existing Route53 resource into your current terraform infrastructure. Here are the steps:
Init terraform with your desire workspace via terraform init.
Define your aws_route53_record exactly the same as the existing resource that you have
resource "aws_route53_record" "www" {
// your code here
}
Import the desired resource
terraform import aws_route53_record.www ZONEID_RECORDNAME_TYPE_SET-IDENTIFIER
For example:
terraform import aws_route53_record.www Z4KAPRWWNC7JR_dev.example.com_CNAME
After import successfully, this will save the state of the existing resource.
Do terraform plan to check the resource
You now can update to your existing resource
You have to import the record into your Terraform state with the terraform import command. You should not edit the state manually!
See the resource Docs for additional information on how to import the record.
Keeping it here for new visitors.
In the later versions of aws provider(~3.10), they offer an argument allow_overwrite defaults to false.
No need to edit state file (not recommended) or do terraform import.
allow_overwrite - (Optional) Allow creation of this record in Terraform to overwrite an existing record, if any. This does not affect the ability to update the record in Terraform and does not prevent other resources within Terraform or manual Route 53 changes outside Terraform from overwriting this record. false by default. This configuration is not recommended for most environments.
from: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record#allow_overwrite
I am trying to import the existing resources into Terraform state. But I want to automate the import along with a terraform resource creation script.
I am creating a ELB and 2 instances in existing VPC, so first I have to import the existing VPC into my state file by using the name tag of the VPC. But I am seeing the import is working only by using the id key. Is it possible to import using other parameters apart from ID?
No you can't use other tags, you have to use the VPC ID to import your VPC
https://www.terraform.io/docs/providers/aws/r/vpc.html
https://www.terraform.io/docs/import/usage.html
You can achieve this using filter field.
e.g.
data "aws_vpc" "selected" {
filter = "tag:name=value"
}