Testing Terraform Import in v.1.5.0+ with Azure Resources

Yesterday I attended HashiDays London, which was an awesome day of sessions covering numerous HashiCorp Products. In particular, the Terraform, Boundary, Vault and Consul updates and sessions were really interesting, and I left with a huge list of things that I’ll be testing out in my lab in the coming weeks! You can catch up on sessions on-demand if you missed the event here: https://live.hashidays.com/on-demand.

HashiDays London Banner
HashiDays London

One of the new features announced was the ability to use config driven import within Terraform, allowing resources to be imported into Terraform State and then managed using Terraform moving forward. This is something that will be extremely useful for organisations who adopt Terraform midway through an application or environment lifecycle and wish to bring existing resources under management.

In this post I’ll run through a quick test of the import feature using some Azure Resources!

Config Driven Import

To start this process, I have two Public IP Addresses in an Azure Resource Group:

Test Azure Resource Group with two Public IP Addresses in
Test Azure Resource Group with two Public IP Addresses in

Next, I will start with a blank configuration in VSCode, with just a Provider block for the AzureRM Provider – as this is what I’ll be using to manage these Resources:

VSCode showing AzureRM Provider block
VSCode showing AzureRM Provider block

We can now start to define the import blocks, which will define the Resource that our existing (non-Terraform) Resources will be imported to. For this we need to define the resource type to import into, and the Resource ID from Azure:

Import blocks ready to be imported
Import blocks ready to be imported

If you wish to try this sample the code is available below – just update your Subscription:

import {
    to = azurerm_resource_group.rg1
    id = "/subscriptions/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-import-test"
}
import {
    to = azurerm_public_ip.pip1
    id = "/subscriptions/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-import-test/providers/Microsoft.Network/publicIPAddresses/pip-a"
}
import {
    to = azurerm_public_ip.pip2
    id = "/subscriptions/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-import-test/providers/Microsoft.Network/publicIPAddresses/pip-b"
}

Now that we are setup and ready to import, we can run the following command to generate a TF file for us to inspect:

terraform plan -generate-config-out new.tf

We will then see the plan that confirms resources will be imported if we run apply:

Terraform Plan showing Resources to be imported
Terraform Plan showing Resources to be imported

Warning! At the current time, config generation is experimental!

We will also have a new file called “new.tf” that lists out the configuration for resources to be imported:

Generated configuration
Generated configuration

We can now check this file and ensure we are happy. Once we are ready to proceed – we simply run apply, and these Resources will then be imported:

Resources imported!
Resources imported!

✅ We have now imported Resources created outside of Terraform! As a test – you can try changing Resource specific elements (names/SKUs for example) within Terraform, and then see these changes reflected back during an apply phase – which demonstrates Terraform now managing imported resources.

Skip to content