c5c1f31db3
When using the enhanced remote backend, a subset of all Terraform operations are supported. Of these, only plan and apply can be executed on the remote infrastructure (e.g. Terraform Cloud). Other operations run locally and use the remote backend for state storage. This causes problems when the local version of Terraform does not match the configured version from the remote workspace. If the two versions are incompatible, an `import` or `state mv` operation can cause the remote workspace to be unusable until a manual fix is applied. To prevent this from happening accidentally, this commit introduces a check that the local Terraform version and the configured remote workspace Terraform version are compatible. This check is skipped for commands which do not write state, and can also be disabled by the use of a new command-line flag, `-ignore-remote-version`. Terraform version compatibility is defined as: - For all releases before 0.14.0, local must exactly equal remote, as two different versions cannot share state; - 0.14.0 to 1.0.x are compatible, as we will not change the state version number until at least Terraform 1.1.0; - Versions after 1.1.0 must have the same major and minor versions, as we will not change the state version number in a patch release. If the two versions are incompatible, a diagnostic is displayed, advising that the error can be suppressed with `-ignore-remote-version`. When this flag is used, the diagnostic is still displayed, but as a warning instead of an error. Commands which will not write state can assert this fact by calling the helper `meta.ignoreRemoteBackendVersionConflict`, which will disable the checks. Those which can write state should instead call the helper `meta.remoteBackendVersionCheck`, which will return diagnostics for display. In addition to these explicit paths for managing the version check, we have an implicit check in the remote backend's state manager initialization method. Both of the above helpers will disable this check. This fallback is in place to ensure that future code paths which access state cannot accidentally skip the remote version check.
6.4 KiB
layout, page_title, sidebar_current, description
| layout | page_title | sidebar_current | description |
|---|---|---|---|
| docs | Command: import | docs-commands-import | The `terraform import` command is used to import existing resources into Terraform. |
Command: import
Hands-on: Try the Import Terraform Configuration tutorial on HashiCorp Learn.
The terraform import command is used to
import existing resources
into Terraform.
Usage
Usage: terraform import [options] ADDRESS ID
Import will find the existing resource from ID and import it into your Terraform state at the given ADDRESS.
ADDRESS must be a valid resource address. Because any resource address is valid, the import command can import resources into modules as well as directly into the root of your state.
ID is dependent on the resource type being imported. For example, for AWS
instances it is the instance ID (i-abcd1234) but for AWS Route53 zones
it is the zone ID (Z12ABC4UGMOZ2N). Please reference the provider documentation for details
on the ID format. If you're unsure, feel free to just try an ID. If the ID
is invalid, you'll just receive an error message.
~> Warning: Terraform expects that each remote object it is managing will be bound to only one resource address, which is normally guaranteed by Terraform itself having created all objects. If you import existing objects into Terraform, be careful to import each remote object to only one Terraform resource address. If you import the same object multiple times, Terraform may exhibit unwanted behavior. For more information on this assumption, see the State section.
The command-line flags are all optional. The list of available flags are:
-
-backup=path- Path to backup the existing state file. Defaults to the-state-outpath with the ".backup" extension. Set to "-" to disable backups. -
-config=path- Path to directory of Terraform configuration files that configure the provider for import. This defaults to your working directory. If this directory contains no Terraform configuration files, the provider must be configured via manual input or environmental variables. -
-input=true- Whether to ask for input for provider configuration. -
-lock=true- Lock the state file when locking is supported. -
-lock-timeout=0s- Duration to retry a state lock. -
-no-color- If specified, output won't contain any color. -
-parallelism=n- Limit the number of concurrent operation as Terraform walks the graph. Defaults to 10. -
-provider=provider- Deprecated Override the provider configuration to use when importing the object. By default, Terraform uses the provider specified in the configuration for the target resource, and that is the best behavior in most cases. -
-state=path- Path to the source state file to read from. Defaults to the configured backend, or "terraform.tfstate". -
-state-out=path- Path to the destination state file to write to. If this isn't specified the source state file will be used. This can be a new or existing path. -
-var 'foo=bar'- Set a variable in the Terraform configuration. This flag can be set multiple times. Variable values are interpreted as HCL, so list and map values can be specified via this flag. This is only useful with the-configflag. -
-var-file=foo- Set variables in the Terraform configuration from a variable file. If aterraform.tfvarsor any.auto.tfvarsfiles are present in the current directory, they will be automatically loaded.terraform.tfvarsis loaded first and the.auto.tfvarsfiles after in alphabetical order. Any files specified by-var-fileoverride any values set automatically from files in the working directory. This flag can be used multiple times. This is only useful with the-configflag. -
-ignore-remote-version- When using the enhanced remote backend with Terraform Cloud, continue even if remote and local Terraform versions differ. This may result in an unusable Terraform Cloud workspace, and should be used with extreme caution.
Provider Configuration
Terraform will attempt to load configuration files that configure the provider being used for import. If no configuration files are present or no configuration for that specific provider is present, Terraform will prompt you for access credentials. You may also specify environmental variables to configure the provider.
The only limitation Terraform has when reading the configuration files is that the import provider configurations must not depend on non-variable inputs. For example, a provider configuration cannot depend on a data source.
As a working example, if you're importing AWS resources and you have a configuration file with the contents below, then Terraform will configure the AWS provider with this file.
variable "access_key" {}
variable "secret_key" {}
provider "aws" {
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
}
Example: Import into Resource
This example will import an AWS instance into the aws_instance resource named foo:
$ terraform import aws_instance.foo i-abcd1234
Example: Import into Module
The example below will import an AWS instance into the aws_instance resource named bar into a module named foo:
$ terraform import module.foo.aws_instance.bar i-abcd1234
Example: Import into Resource configured with count
The example below will import an AWS instance into the first instance of the aws_instance resource named baz configured with
count:
$ terraform import 'aws_instance.baz[0]' i-abcd1234
Example: Import into Resource configured with for_each
The example below will import an AWS instance into the "example" instance of the aws_instance resource named baz configured with
for_each:
Linux, Mac OS, and UNIX:
$ terraform import 'aws_instance.baz["example"]' i-abcd1234
PowerShell:
$ terraform import 'aws_instance.baz[\"example\"]' i-abcd1234
Windows cmd.exe:
$ terraform import aws_instance.baz[\"example\"] i-abcd1234