I would like to know how to get the existing resources on subscription level in Terraform. As far as I understand, azurerm_resources provides them on a resource group basis.
In principle this is the same as in How can I get active address space of tagged Azure VNets inside Terraform?, but on subscription level.
EDIT:
I think it turns out to be a problem of using
type = Microsoft.Resources/ResourceGroups
that somehow does not seem to be a valid type for data sources. When I changed the type back to
type=Microsoft.Network/virtualNetworks
the logic actually worked.
the same way:
terraform import resource_type_name.example resourceId
example from official docs:
terraform import azurerm_policy_assignment.assignment1 /subscriptions/00000000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/assignment1
https://www.terraform.io/docs/providers/azurerm/r/policy_assignment.html
Related
I'm using Terraform to create some resources. One of the side effects of creating the resource is the creation of another resource (let's call this B). The issue is that I can't access B to edit it in terraform because terraform considers it as "out of the state". I can't also import B in the state before the terraform apply is started because B does not exist.
Is there any solution to add (import) a remote resource to the state while running the apply command?
I'm thinking about this as a general question, if there was no solution I can also share the details of the resources I'm creating.
More details:
When I create a "Storage Account" on Azure using Terraform and enable static_website, Azure automatically creates a storage_container named $web. I need to edit one of the attributes of the $web container but Terraform tells me it is not in the current state and needs to be imported. Storage Account is A, Container is B
Unfortunately I do not have an answer to your specific question of importing a resource during an apply. The fundamental premise of Terraform is that it manages resources from creation. Therefore, you need to have a (in this case, azurerm_storage_container) resource declared, before you can import the current state of that resource into your state.
In an ideal world you would be able to explicitly create the container first and specify that the storage account uses that, but a quick look in the docs does not suggest that is an option (and I think is something you have already tried). If it is not exposed in Terraform, that is likely because it is not exposed by the Azure API (Disclaimer: not an Azure user)
The only (bad) answer I can think to suggest, is that you define an azurerm_storage_container data resource in your code, dependent on the the azurerm_storage_account resource, that will be able to pull back the details of the created container. You could then potentially have a null_resource that calls a local-exec provisioner that can fire a CLI command, using the params taken from the data resource to allow you to use the Azure CLI tools to edit the container.
I really hope someone else can come along with a better answer tho :|
Our terraform remote state file in Azure has been completely destroyed and we're now faced with the challenge of recreating the state file from scratch. My option is to use the Terraform import command, using the following simple syntax:
terraform import <Terraform Resource Name>.<Resource Label> <Azure Resource ID>
To import the existing resource group for example, I will create the following configuration in a main.tf file.
provider "azurerm" {
version="1.39.0"
}
# create resource group
resource "azurerm_resource_group" "rg"{
name = "rg-terraform"
location = "uksouth"
}
Now, the problem I have is as follows:
When the existing Azure resources were originally created, they were assigned names that used an extremely complex naming convention, with some characters even being randomly generated. To further compound matters, they were all unique and there are hundreds of them. All would have been rosy if they were assigned a simplistic name like "main", as is used commonly in a lot of Terraform examples, but unfortunately, that's not the case.
My question therefore, is this:
When putting together my main.tf configuration file to be used for the Import, is it an absolute requirement that my "Resource Label" (given in my Import command) has to match the original "Resource Label" name from when the resource was created?
If it is a mandatory requirement, is there any way I could retrieve the original "Resource Label" from Azure in the same way that I can for instance obtain the "Azure Resource ID" from the Azure Portal or even an Az CLI query?
How can I ensure any child resources such as Subnets are included in the Import, without having to trawl manually through the Azure Portal to identify each one of them?
No, absolutely not. Choose whatever you want.
No, Azure generally does not know about this label, it is something terraform internal.
Unfortunately you need to import each and every resource manually and separately.
Have you made absolutely sure the current state file is lost? The storage location was not versioned? Does no developer still have a local copy of the state file laying around?
I have already installed my azure environment with a VM, a storage account and a data base server, and it works fine, but now i want to export the ARM template in order to automate the whole proccess to my customers. The problem is that when exporting this message shows up:
error
So the question is how do i export an ARM template correctly from Azure with all my resources without having to do much fixing my final template?
that is expected. some resource types cannot be exported. you'd have to take a look at the api definition and use that to export those (say at resources.azure.com)
Simple: use bicep. Azure Resource Manager's transpiler (it's a sweeter syntax that solves your needs)
In Bicep the directive you're looking for in your Azure Resource Manager "ARM" template is keyword "existing"
https://github.com/Azure/bicep/blob/main/docs/tutorial/05-loops-conditions-existing.md
keyword "existing" lets you reference a resource without a complete definition.
Otherwise you need to provide the entire ARM definition for the object.
Export failures per resource type occur when a given resource types schema is not available. We are looking into how we can autogenerate schemas for Azure resource providers and onboarding them to this new process, improving the overall success of the Export Template API.
is there any code generator for Azure Terraform?
Actually i am trying to add Azure app service to existing resource group. For this we need a state configuration file, which can be generated only ( Terraform import ) if we have full Terraform code already written for that resource group.
I saw, Using Terraform to import existing resources on Azure and Update existing app service with Terraform ,but here i am talking about the thousands of resource groups.
Thanks
Gill
You would, to my knowledge, need to use terraform import against all of the existing resources that you have / want to consumse via terraform.
In saying that if you only want to manage the Azure App Service with Terraform and not everything else you can just simply pass all the requirements for the resource in and only manage this in the terraform state file.
Hi Lachie thanks for reply, I Found the solution using AZ2TF tool.
Thanks to Mr Agarciamiravet, who explained all the steps to use AZ2TF tool ( by using Docker) at
https://recetasdevops.com/migra-tu-infraestructura-actual-de-azure-a-terraform-con-py-az2tf/
this worked very well for me.
Thanks
Gill
Given that managed resource groups are mandatory for creating an Azure Databricks cluster, is there any way that I can tag the resource group in order to comply with the tagging policy on my subscription?
I am using the template here to deploy my resources.
Based on the post I found:,
Since Feb 10 2020, the Databricks resource will propagate any tags applied to the Databricks resource to the managed resources it created.
I think the solution is more simpler now by tagging Databricks resource directly.
Hope this answer (by others) works for everyone seeing this post.
Any tags that you use when creating the Databricks workspace will be used for the managed resource group as well so just make sure you add the needed tags to the workspace when creating it. I know this works when creating the workspace from the Azure Portal but I can't see any reason this wouldn't work when using ARM templates (or Terraform for that matter).
Also, I'm also pretty sure that future changes will be propagated to said resource group.