Importing AWS EC2 resources back to Terraform

Terraform is a great Infrastructure as Code tools where it allow you to define and deploy all your resources to the public cloud such as AWS, Azure, GCP and more. Terraform is a stateful IAC tools where it will use a state file call terraform.tfstate store the state of your resources, keep track the metadata, and also map the terraform code with the real world resources.

Terraform uses this local state to create plans and make changes to your infrastructure. Prior to any operation, Terraform does a refresh to update the state with the real infrastructure.

The primary purpose of Terraform state is to store bindings between objects in a remote system and resource instances declared in your configuration. When Terraform creates a remote object in response to a change of configuration, it will record the identity of that remote object against a particular resource instance, and then potentially update or delete that object in response to future configuration changes.

Step in this demo:

  1. Create a new terraform file call ec2.tf and create 1 EC2 resource using the script
  2. Double check the EC2 instance up and running using the AWS console
  3. Manually create a new EC2 instance using the AWS console
  4. Create a new empty EC2 resource in terraform script
  5. Import the manually created EC2 instance back into the terraform
  6. Update the new EC2 using the terraform script
  7. Destroy everything

1. Create new terraform file

Now we need to first create the terraform file in your working directory, you may names the file whatever name you like just make sure that the file extension is .tf.

provider "aws" {
    region = "ap-southeast-1"
}

resource "aws_instance" "ec2_from_terraform" {
    ami = "ami-0c20b8b385217763f" # Ubuntu AMI in ap-southeast-1
    instance_type = "t3a.micro"
    
    tags = {
        Name = "Terraform Deploy Demo"
    }
}

After created the file and copy the script, you need to run the terraform init to initialise and download all the plugin and module which you may include in your terraform script.

Then deploy the resource by using terraform apply –auto-approve

Once the deployment is done, you will find 2 new files in your working directory, which is the terraform.tfstate and terraform.tfstate.backup. By opening the terraform.tfstate file, you will see the metadata of the resources that you just created.

2. Check the EC2 resource in AWS console

Login to the AWS EC2 console, you will see the new deployed EC2 instance is up and running. This mean that all our deployment is working as per expected.

3. Manually create a new EC2 using the AWS console

Next, create a new EC2 manually using the AWS EC2 console, remember that all the resource created outside the terraform script, terraform can’t control and modify the resource because terraform have no idea about what’s the resources available.

So to be able to manage those resources that created manually outside the terraform, you need to manually import it back to our terraform state.

Click on the launch instance in EC2 console and just select the AMI, then use all the default setting for all configuration, since this is for the demo purpose.

Once the new EC2 instance is up and running, then will proceed to the next step.

4. Create a new empty EC2 resource in Terraform

Manually import it back to the terraform state file, so that you can manage the resources using code in the future.

Now go back to the terraform script, you need to create an empty EC2 resource.

provider "aws" {
    region = "ap-southeast-1"
}

resource "aws_instance" "ec2_from_terraform" {
    ami = "ami-0c20b8b385217763f" # Ubuntu AMI in ap-southeast-1
    instance_type = "t3a.micro"
    
    tags = {
        Name = "Terraform Deploy Demo"
    }
}

resource "aws_instance" "ec2_from_console" {
    
}

To be able to manually import the resource back to the terraform state, you need to get the EC2 instance id, to get the instance id, just go to the AWS EC2 console, then copy the id.

5. Import the EC2 resource back in Terraform

Using the following script to import the resource back to your terraform state, remember to replace the instance id with your own instance id.

terraform import aws_instance.ec2_from_console i-09f380396b6b19402

Check back the terraform.tfstate again, you will see the the new instance id already imported to the state file and now you can actually manage the EC2 resource using the terraform script.

6. Update the new EC2 using the Terraform

To confirm that, you can try to run the terraform plan to see the result, you should get the following error message when you try to run the terraform plan, this is because the resource only imported to your state file, you need to manually update your terraform script in order to manage it.

Because of there are 2 require field when creating the EC2 resource which is the ami and instance_type, for simplicity, just copy the value from terraform.tfstate.

provider "aws" {
    region = "ap-southeast-1"
}

resource "aws_instance" "ec2_from_terraform" {
    ami = "ami-0c20b8b385217763f" # Ubuntu AMI in ap-southeast-1
    instance_type = "t3a.micro"
    
    tags = {
        Name = "Terraform Deploy Demo"
    }
}

# This is the resource that we use to control the EC2 imported from console.
resource "aws_instance" "ec2_from_console" {
    ami = "ami-0c20b8b385217763f"
    instance_type = "t2.micro"
    
    tags = {
        Name = "Terraform Deploy Demo - Manually"
        Others = "Tag added by the terraform script"
    }
}

Now run the terraform plan again, you should see the plan detail.

Apply the change by using the terraform apply –auto-approve, the any changes that you done in the terraform script, now will be update back to the remote EC2 resource, in this example, I added a new tag to the EC2 instance, next you need to login to EC2 console to double check is that new tag being added or not.

Refresh the EC2 console again, select the newly imported instance, than go to the tags, yes, now we get another newly added tag Others: Tag added by the terraform script

This mean that we already gain the control on the resource from our terraform.

7. Destroy all the demo resource

Once the demo is done, it’s time to destroy the resources if you are not using for any other purpose, this is a good practise so that you will not be charge for extra.

terraform destroy — auto-approve will help to clean up all the resource that we just deployed.

I believe in the actual production environment, terraform import rarely will be use, this is because you should never ever create the resources manually outside of the terraform, but just in case that the resources already created and must be take back the control in terraform, then terraform import is what you actually looking for.

I hope that this post will help you understand a little bit about what’s terraform import is and how you can use the terraform import to take back the control of the resources created outside of the terraform.

To know more about the Terraform state file: https://www.terraform.io/docs/state/index.html

To know more about the Terraform import: https://www.terraform.io/docs/import/index.html

Leave a Reply

google.com, pub-3772983857049267, DIRECT, f08c47fec0942fa0
%d bloggers like this: