Recommended approach to add and manage new TF resources to existing VPC (not managed by TF)?

Hello all,
we have existing AWS VPC with several already existing resources in it like [1] subnets, RTs, IGWs, EIPs, etc
I need to add new resources to this particular VPC with Terraform. The new resources are [2] new subnets, RTs, IGWs, EIPs, EKSs (and a lot more).
I don’t want to manage this VPC with TF (at least for a while) - in this case what would be the best approach to manage those new [2] resources ? Should I refer to this VPC with data source only ? Should I import it ?
What do you recommend ?
And why :slight_smile:

Hi @przemolb!

Importing this object into a Terraform configuration will tell Terraform that it’s responsible for that object, which seems like the opposite of what you want.

Excluding that option then, the alternatives are all different variations of making your Terraform configuration refer to the existing object.

By far the simplest answer would be to hard-code the existing VPC ID into your Terraform configuration. If it seems unlikely to ever change (e.g. because other systems are depending on it) then there may be no benefit to the additional complexity of trying to determine the ID dynamically.

However, if you do want to look it up dynamically then indeed a data source would be the typical way to do that. You can either look up VPCs directly by their own attributes using the aws_vpc data source, or you can publish that VPC ID somewhere else and then use a corresponding Terraform provider data source to read it. For example, if you save the VPC ID in an AWS SSM Parameter Store parameter then you could read it using the aws_ssm_parameter data source.

Each of these options I’ve described adds a further level of indirection from the original VPC ID, so which one to pick will depend on how you expect your system to evolve in future. If you have no concrete plans to change this VPC ID then I would probably choose to just hard-code its ID to start, and then revisit only later once there’s a clearer idea of what kinds of external change the Terraform configuration ought to be able to accept.