Importing existing AWS resources into Terraform

Dini95 · August 4, 2023, 1:16pm

I have a beginner question about importing existing AWS resources such as: S3, Cloudfront, and R53 into Terraform.

For example, below I have the provider config information as well as the resource.

// Provider configuration
terraform {
required_providers {
aws = {
source = “hashicorp/aws”
version = “~> 4.0”
}
}
}

provider “aws” {
region = “us-east-1”
profile = “TestAccount”
}

resource “aws_s3_bucket” “bucket” {
bucket = “TestBucket”

}

resource “aws_cloudfront_distribution” “distribution” {

default_cache_behavior = {
target_origin_id = “something”
viewer_protocol_policy = “allow-all”

allowed_methods = ["GET", "HEAD",]
cached_methods  = ["GET", "HEAD"]
compress        = true
query_string    = true

}

The question(s) I have;

When I run the specific import commands to import my existing S3 bucket and Cloudfront distribution from AWS, I assume those resources will show up on my .tfstate file? Do I still need to add more to the resource config file on my main.tf?

Or, once I have imported it, I can add changes on top of what has already been set?
Kind of confused about the next steps for making additional changes to my existing resources through terraform. My goal is to convert my existing S3 bucket and Cloudfront configurations that have been already created on the AWS console onto terraform.

Also, when I run the import command for Cloudfront ditribution, I get the following errors;

Error#1
Error: Unsupported argument
│
│ on main.tf line 26, in resource “aws_cloudfront_distribution” “distribution”:
│ 26: default_cache_behavior = {
│
│ An argument named “default_cache_behavior” is not expected here. Did you mean to define a block of type “default_cache_behavior”?

Error#2

Error: Unsupported argument
│
│ on main.tf line 36, in resource “aws_cloudfront_distribution” “distribution”:
│ 36: viewer_certificate = {
│
│ An argument named “viewer_certificate” is not expected here. Did you mean to define a block of type “viewer_certificate”?

Even though initially I did not have the Default cache behaviour & Viewer certificate resources. It was asking for those resource arguments to be added, but now it’s stating that it is not expected here which leaves me stuck.

stuart-c · August 4, 2023, 2:03pm

You always need code for every resource that is being managed by Terraform, so you’ll need to create whatever you need and then import the existing resource. It is recommended to then run terraform plan to see if any changes are being suggested, as you might have missed something in your code. Terraform will change the resource to match exactly what your code says, so if you aren’t careful you might change something you are intending to after initial import.

There is a difference between an argument of type map, which is indicated by name = { ... } and a block, which is indicated by block { ... }. For the aws_cloudfront_distribution resource you are wanting blocks (as suggested by the error message) so remove the =.

Topic		Replies	Views
Import Existing AWS Infrastructure AWS hcp-terraform	6	342	December 16, 2022
Import existing infrastructure into Terraform Terraform Providers	3	1513	December 21, 2021
Terraform import examples Terraform	13	9091	October 7, 2022
Error: Provider configuration not present Terraform	2	2662	September 3, 2019
Terraform plan failing after aws vpc import AWS	3	2309	January 10, 2023

Importing existing AWS resources into Terraform

Related topics