Importing existing AWS resources into Terraform

I have a beginner question about importing existing AWS resources such as: S3, Cloudfront, and R53 into Terraform.

For example, below I have the provider config information as well as the resource.

// Provider configuration
terraform {
required_providers {
aws = {
source = “hashicorp/aws”
version = “~> 4.0”

provider “aws” {
region = “us-east-1”
profile = “TestAccount”

resource “aws_s3_bucket” “bucket” {
bucket = “TestBucket”


resource “aws_cloudfront_distribution” “distribution” {

default_cache_behavior = {
target_origin_id = “something”
viewer_protocol_policy = “allow-all”

allowed_methods = ["GET", "HEAD",]
cached_methods  = ["GET", "HEAD"]
compress        = true
query_string    = true


The question(s) I have;

When I run the specific import commands to import my existing S3 bucket and Cloudfront distribution from AWS, I assume those resources will show up on my .tfstate file? Do I still need to add more to the resource config file on my

Or, once I have imported it, I can add changes on top of what has already been set?
Kind of confused about the next steps for making additional changes to my existing resources through terraform. My goal is to convert my existing S3 bucket and Cloudfront configurations that have been already created on the AWS console onto terraform.

Also, when I run the import command for Cloudfront ditribution, I get the following errors;

Error: Unsupported argument

│ on line 26, in resource “aws_cloudfront_distribution” “distribution”:
│ 26: default_cache_behavior = {

│ An argument named “default_cache_behavior” is not expected here. Did you mean to define a block of type “default_cache_behavior”?


Error: Unsupported argument

│ on line 36, in resource “aws_cloudfront_distribution” “distribution”:
│ 36: viewer_certificate = {

│ An argument named “viewer_certificate” is not expected here. Did you mean to define a block of type “viewer_certificate”?

Even though initially I did not have the Default cache behaviour & Viewer certificate resources. It was asking for those resource arguments to be added, but now it’s stating that it is not expected here which leaves me stuck.

You always need code for every resource that is being managed by Terraform, so you’ll need to create whatever you need and then import the existing resource. It is recommended to then run terraform plan to see if any changes are being suggested, as you might have missed something in your code. Terraform will change the resource to match exactly what your code says, so if you aren’t careful you might change something you are intending to after initial import.

There is a difference between an argument of type map, which is indicated by name = { ... } and a block, which is indicated by block { ... }. For the aws_cloudfront_distribution resource you are wanting blocks (as suggested by the error message) so remove the =.