In this blog post and video, we'll explore the process of importing resources into Terraform that were not initially created through Terraform itself. Specifically, we'll focus on importing existing Kion cloud rules into Terraform, and then show you how you can manage these rules using Terraform. Let's dive in!
Importing the Cloud Rule into Terraform
Normally, you would import an already existing cloud rule but, to demonstrate the complete end-to-end process, we'll start by creating a cloud rule and associating the cloud rule with an IAM policy named "sample resource."
To import the cloud rule into Terraform, we consult the Kion registry documentation for instructions on importing resource state. The first requirement is to ensure that your Terraform project is already initiated. Next, we need to set up a resource block in Terraform for the cloud rule. For instance, we can define a "kion_cloud_rule" resource called "import_test" and leave it blank.
To import the cloud rule, we use the Terraform command
terraform import kion_cloud_rule.import_test 37, where "37" represents the ID of the resource in Kion. By executing this command, we successfully import the cloud rule into Terraform, enabling Terraform to manage this resource going forward.
Handling Required Fields
Although we have imported the cloud rule, running
terraform plan will highlight missing required fields. When importing resources, Terraform expects them to be initially blank. However, for Terraform to effectively manage the resource, we need to meet the provider's requirements.
To address this, we can specify the missing fields in the Terraform configuration. For example, we can include
name = "Terraform Import" in the configuration. Running
terraform plan again will still show missing arguments, but this is expected since Terraform is working in reverse. The provider informs us that we need to include either
Using Terraform Show to Address Missing Arguments
To address these missing arguments, we can utilize a powerful tool called
terraform show. This command displays all resources currently managed by Terraform. By inspecting the output, we can extract the necessary information and include it in our Terraform configuration. While this approach is not foolproof, as some automatically generated fields won't be part of the Terraform configuration, it helps us gather the required details.
We update the Terraform configuration with the information obtained from
terraform show. Removing the irrelevant fields, we ensure that the configuration matches the actual infrastructure. Running
terraform plan once more confirms that there are no further changes required, indicating that the infrastructure matches the configuration.
Modifying the Imported Resource
Suppose we decide to modify the imported cloud rule by changing its name from "Terraform Import" to "Terraform Import Test." We run
terraform plan to see the proposed change, and then execute
terraform apply to apply the modification. The name of the cloud rule is updated accordingly, demonstrating that Terraform effectively manages the imported resource.
Importing existing resources into Terraform opens up a world of possibilities, allowing you to seamlessly manage infrastructure created outside of Terraform.
If you'd like to learn more about our Terraform integration - and see how Kion can help you with cloud management and governance - please request a demo.