How To Import An Existing Azure Resource Into Terraform Cloud

There are times when you have written code to deploy a resource to Azure but that resource was already created. In this instance, Terraform Cloud is unable to create the resource and tells you to instead import it into the Terraform state. The process is similar to manually editing Terraform Cloud state file, with the exception that you do not need to upload anything back to Terraform Cloud once the resource is imported.

In short, the procedure using the terraform CLI involves:

1. Reconfiguring the Terraform Cloud Workspace's main terraform {} code block on your local machine to use the backend "remote" {} backend instead of the cloud {} backend
2. Initializing the Terraform code on your local machine
3. Importing the resource into Terraform Cloud
4. Restoring your original backend and re-initializing it, locally

Note: This assumes you already have the Terraform CLI installed on your local machine. If you don't, follow these instructions to set it up.

Procedure Using Terraform import Blocks

As of Terraform 1.5.0, you can now code an import {} block instead of running a terraform import command.

import {
  id = "/subscriptions/my_subscription_id/resourceGroups/my_resource_group_name/providers/Microsoft.ContainerService/managedClusters/my_cluster_name"
  to = azurerm_kubernetes_cluster.my_cluster_name
}

Procedure Using Terraform's CLI

• Ensure you have a copy of the Terraform code downloaded to your machine

• In your main terraform block (I like to use providers.tf), temporarily comment out the cloud {} code block

  terraform {
  #  cloud {
  #    hostname = "app.terraform.io"
  #    organization = "my_organization"
  #    workspaces {
  #      tags = ["my_app"]
  #    }
  #  }
  }

• Still in providers.tf, configure a backend "remote" {} code block inside the main terraform {} code block

  terraform {
  #  cloud {
  #    hostname = "app.terraform.io"
  #    organization = "my_organization"
  #    workspaces {
  #      tags = ["my_app"]
  #    }
  #  }
   
    backend "remote" {
      hostname = "app.terraform.io"
      organization = "my_organization"
      workspaces {
        name = "my_workspace_name"
      }
    }
  }

• Execute on your machine: terraform init -reconfigure

• Import the resource using terraform import resource.resource_name_here /resource/id/here

  terraform import azurerm_kubernetes_cluster.my_cluster_name /subscriptions/my_subscription_id/resourceGroups/my_resource_group_name/providers/Microsoft.ContainerService/managedClusters/my_cluster_name

  import {
    id = "/subscriptions/my_subscription_id/resourceGroups/my_resource_group_name/providers/Microsoft.ContainerService/managedClusters/my_cluster_name"
    to = azurerm_kubernetes_cluster.my_cluster_name
  }

• If the resource lives inside a module, you must include the module in the resource path. For example, if the workspace calls on module my_module to spin up a k8s cluster, you would execute:

  terraform import module.my_module.azurerm_kubernetes_cluster.my_cluster_name /subscriptions/my_subscription_id/resourceGroups/my_resource_group_name/providers/Microsoft.ContainerService/managedClusters/my_cluster_name

  import {
    id = "/subscriptions/my_subscription_id/resourceGroups/my_resource_group_name/providers/Microsoft.ContainerService/managedClusters/my_cluster_name"
    to = azurerm_kubernetes_cluster.my_cluster_name
  }

• Remove the temporary backend "remote" {} code block from providers.tf and uncomment the original cloud {} code block:

  terraform {
    cloud {
      hostname = "app.terraform.io"
      organization = "my_organization"
      workspaces {
        tags = ["my_app"]
      }
    }
  }

• Execute on your machine: terraform init -reconfigure