Feature Friday Automation & Orchestration

Feature Friday: Importing Kion Resources into Terraform

Brandon Shutter

3 min read

In this blog post and video, we'll explore the process of importing resources into Terraform that were not initially created through Terraform itself. Specifically, we'll focus on importing existing Kion cloud rules into Terraform, and then show you how you can manage these rules using Terraform. Let's dive in!

Importing the Cloud Rule into Terraform

Normally, you would import an already existing cloud rule but, to demonstrate the complete end-to-end process, we'll start by creating a cloud rule and associating the cloud rule with an IAM policy named "sample resource."

To import the cloud rule into Terraform, we consult the Kion registry documentation for instructions on importing resource state. The first requirement is to ensure that your Terraform project is already initiated. Next, we need to set up a resource block in Terraform for the cloud rule. For instance, we can define a "kion_cloud_rule" resource called "import_test" and leave it blank.

To import the cloud rule, we use the Terraform command terraform import kion_cloud_rule.import_test 37, where "37" represents the ID of the resource in Kion. By executing this command, we successfully import the cloud rule into Terraform, enabling Terraform to manage this resource going forward.

Handling Required Fields

Although we have imported the cloud rule, running terraform plan will highlight missing required fields. When importing resources, Terraform expects them to be initially blank. However, for Terraform to effectively manage the resource, we need to meet the provider's requirements.

To address this, we can specify the missing fields in the Terraform configuration. For example, we can include name = "Terraform Import" in the configuration. Running terraform plan again will still show missing arguments, but this is expected since Terraform is working in reverse. The provider informs us that we need to include either owner_user_groups or owner_users.

Using Terraform Show to Address Missing Arguments

To address these missing arguments, we can utilize a powerful tool called terraform show. This command displays all resources currently managed by Terraform. By inspecting the output, we can extract the necessary information and include it in our Terraform configuration. While this approach is not foolproof, as some automatically generated fields won't be part of the Terraform configuration, it helps us gather the required details.

We update the Terraform configuration with the information obtained from terraform show. Removing the irrelevant fields, we ensure that the configuration matches the actual infrastructure. Running terraform plan once more confirms that there are no further changes required, indicating that the infrastructure matches the configuration.

Modifying the Imported Resource

Suppose we decide to modify the imported cloud rule by changing its name from "Terraform Import" to "Terraform Import Test." We run terraform plan to see the proposed change, and then execute terraform apply to apply the modification. The name of the cloud rule is updated accordingly, demonstrating that Terraform effectively manages the imported resource.


Importing existing resources into Terraform opens up a world of possibilities, allowing you to seamlessly manage infrastructure created outside of Terraform.

If you'd like to learn more about our Terraform integration - and see how Kion can help you with cloud management and governance - please request a demo.

About the Author

Brandon Shutter

Brandon is a senior solutions architect at Kion.

Start your cloud operations journey.

Request a demo today,