Terraform Importer is a standalone utility to import existing infrastructure into a Terraform state, based on existing Terraform configs. Its target use-case is to facilitate migration between other infrastructure-as-code tools (such as Deployment Manager), and configs generated by the Terrarom Engine.
- Terraform 0.14.8 (consistent with the version of Terraform used by CICD)
- Go 1.14+
Download a pre-built tfimport binary:
VERSION=v0.8.0
wget -O /usr/local/bin/tfimport https://github.com/GoogleCloudPlatform/healthcare-data-protection-suite/releases/download/${VERSION}/tfimport_${VERSION}_linux-amd64
chmod +x /usr/local/bin/tfimportor build it yourself:
git clone https://github.com/GoogleCloudPlatform/healthcare-data-protection-suite
cd healthcare-data-protection-suite
go install ./cmd/tfimportEnter the directory containing Terraform configs:
cd ~/path/to/terraform/configs/Run the importer:
tfimportOn a successful run, the Terraform configs in the current working directory will be initialized and all supported resources will be in the state.
If you now run terraform plan, you should only see planned changes for
differences between the configs and the actual infrastructure.
$ tfimport -h
Usage:
-dry_run bool
Run in dry-run mode, which only prints the import commands
without running them.
-input_dir string
Path to the directory containing Terraform configs. (default ".")
-interactive bool
Interactively ask for user input when import information cannot be
automatically determined. (default true)
-resource_types string
Specific resource types to import, specified as terraform resource
names (e.g. 'google_storage_bucket', 'google_resource_manager_lien').
Provide flag multiple times for multiple values.
Leave empty to import all. (default {})
-terraform_path string
Name or path to the terraform binary to use. (default "terraform")
-version bool
show version and exitSometimes, fields required for import will not be known at plan time. This generally falls into a few cases:
- Another resource must be imported first. The importer will keep trying to plan-and-import as long as it makes progress (i.e. successfully imports some resources, but not all).
- Unknowable fields, including all
random_*resources andgoogle_folder. In this case, the importer will ask the user to input the value. Where possible, it will offer a choice as well.
This tool is complementary to Terraformer.
Terraformer focuses on generating new Terraform configs from existing infrastructure, while the Importer allows you to define and organize your own Terraform configs, including importing resources from within modules.
- AppEngine
- BigQuery
- Billing
- Binary Authorization
- Cloud Build
- Cloud (Stackdriver) Logging
- Cloud DNS
- Cloud Key Management Service
- Cloud Platform
google_billing_account_iam_bindinggoogle_billing_account_iam_membergoogle_billing_account_iam_policygoogle_foldergoogle_folder_iam_bindinggoogle_folder_iam_membergoogle_folder_iam_policygoogle_folder_organization_policygoogle_organization_iam_audit_configgoogle_organization_iam_custom_rolegoogle_organization_iam_membergoogle_organization_policygoogle_projectgoogle_project_iam_bindinggoogle_project_iam_custom_rolegoogle_project_iam_membergoogle_project_organization_policygoogle_project_servicegoogle_project_usage_export_bucketgoogle_service_accountgoogle_service_account_iam_bindinggoogle_service_account_iam_membergoogle_service_account_iam_policy- Unimportable:
- Cloud Pub/Sub
- Cloud SQL
- Cloud Storage
- Compute Engine
google_compute_addressgoogle_compute_firewallgoogle_compute_forwarding_rulegoogle_compute_global_addressgoogle_compute_health_checkgoogle_compute_imagegoogle_compute_instancegoogle_compute_instance_templategoogle_compute_instance_from_templategoogle_compute_interconnect_attachmentgoogle_compute_networkgoogle_compute_network_peeringgoogle_compute_project_metadata_itemgoogle_compute_region_backend_servicegoogle_compute_routegoogle_compute_routergoogle_compute_router_interfacegoogle_compute_router_natgoogle_compute_router_peergoogle_compute_shared_vpc_host_projectgoogle_compute_shared_vpc_service_projectgoogle_compute_subnetworkgoogle_compute_subnetwork_iam_bindinggoogle_compute_subnetwork_iam_membergoogle_compute_subnetwork_iam_policy
- Firebase
- Identity-Aware Proxy
- Kubernetes (Container) Engine
- Resource Manager
- Secret Manager
- Service Networking
kubernetes_config_mapkubernetes_namespacekubernetes_podkubernetes_rolekubernetes_role_bindingkubernetes_servicekubernetes_service_account
- Unimportable:
- Unimportable:
random_idrandom_integer- Unimportable:
- Unimportable: