I would like to import the pre-installed ELB which is not made by Terraform, As far as I know, provisioned EC2s (not created by Terraform) are modified with no problems.
Please refer to: Modifying Infrastructure With Terraform | Terraform Tutorial | #4 - YouTube
All I want to know is to enable provisioned ELB with the Access logs. (* I don’t want to provision a new ELB)
Following is the code I run.
data “aws_elb_service_account” “main” {}
resource “aws_s3_bucket” “elb_logs” {
bucket = “”
acl = “private”
policy = <<POLICY
{
“Id”: “Policy”,
“Version”: “2012-10-17”,
“Statement”: [
{
“Action”: [
“s3:PutObject”
],
“Effect”: “Allow”,
“Resource”: “arn:aws:s3:::/AWSLogs/*”,
“Principal”: {
“AWS”: [
“${data.aws_elb_service_account.main.arn}”
]
}
}
]
}
POLICY
}
resource “aws_lb” “foobar” {
arn = “arn:aws:elasticloadbalancing:ap-northeast-1::loadbalancer/app//7c6a359c72a9a02e”
name = “”
internal = false
load_balancer_type = “application”
subnets = [
“”,
“”,
]
access_logs {
bucket = “${aws_s3_bucket.elb_logs.bucket}”
}
}
Hi @zitrocy,
Terraform is a desired state declarative system rather than an imperative system, and so there is no way to directly tell Terraform to update something or to create something. Instead, we can only describe a current state and a desired state and ask Terraform to propose a transition from current to desired.
If you want to get Terraform to propose updating this existing object then you’ll need to import this object so that Terraform believes that it’s solely responsible for managing it:
terraform import 'aws_lb.foobar' 'arn:aws:elasticloadbalancing:ap-northeast-1::loadbalancer/app//7c6a359c72a9a02e'
After you run the above command, Terraform will bind this remote object to aws_lb.foobar in your Terraform state. After this, Terraform will believe it is the exclusive owner of this object and so you should not modify it in any other way than Terraform.
Once it’s imported, you can make Terraform propose to update this object by changing the configuration so that it no longer matches the remote object. The AWS provider should then notice the difference and propose updating the object to match the new configuration.
If you don’t intend to manage this object using Terraform moving forward then I would not recommend using Terraform here and instead it would be better to make the change you intend to make using some other imperative system, such as the AWS CLI.
1 Like