Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Import Oracle Cloud Infrastructure Resources into a Terraform State File

Introduction

There are many benefits of using Terraform to manage your Oracle Cloud Infrastructure (OCI) Resources. One of them is that it brings consistency and reproducibility to your infrastructure deployments. Another is that Terraform configurations can be modularized and reused across projects, making it easy to manage and scale infrastructure configurations. Equally, with Terraform, infrastructure provisioning and management can be automated, leading to consistent and repeatable deployments. Another important aspect is that Terraform maintains a state file that tracks the current state of your infrastructure. This state file is used to plan and apply changes, allowing Terraform to determine what changes need to be made to achieve the desired state.

However, there are situations when not all resources in Oracle Cloud Infrastructure (OCI) are managed by Terraform. This commonly occurs when you provision resources using Terraform, which are then present in the state file, while other resources are manually created by someone else. Later, you may discover that you need these manually created resources to be managed by Terraform.

Consider the following:

• Create a VCN with Terraform so you have a state file and a Terraform configuration file which manages this VCN.

• Manually add a new resource (a compute) in your OCI tenancy.

If you want to manage the newly added compute using the Terraform configuration and state file which you already have, you might use the Terraform import command but there are more steps to follow and you must update the Terraform configuration file.

Terraform v1.5.0 and above supports import blocks. With this approach your existent Terraform code is unchanged. You might want to choose to integrate it into your existent Terraform configuration file but this is not required. The objective is to import OCI resources into a Terraform state file which is not managed by Terraform.

One important aspect is that import block works with CI/CD pipelines. As well it lets you preview an import operation before modifying the state. At the end it all depends on you and the complexity of the use case.

Objectives

• Create resource manually (an OCI Compute Virtual Machine) and import into an existing Terraform state file to be further managed by Terraform.

Prerequisites

• Terraform v1.5.0 and above.

• Infrastructure environment created and managed by Terraform. In this tutorial, we have a VCN with some subnets, security lists, route tables, and so on.

Task 1: Check Existing Infrastructure Created with Terraform

1. Run the terraform state list command to check the OCI resources managed by Terraform configuration file.

   terraform state list
   module.network.data.oci_core_services.all_oci_services
   module.network.oci_core_internet_gateway.igw["igw"]
   module.network.oci_core_nat_gateway.ngw["ngw"]
   module.network.oci_core_route_table.route_table["rt_priv"]
   module.network.oci_core_route_table.route_table["rt_pub"]
   module.network.oci_core_security_list.sl["sl_priv"]
   module.network.oci_core_security_list.sl["sl_public"]
   module.network.oci_core_service_gateway.this["sgw"]
   module.network.oci_core_subnet.subnets["sn1_priv"]
   module.network.oci_core_subnet.subnets["sn1_pub"]
   module.network.oci_core_subnet.subnets["sn2_priv"]
   module.network.oci_core_subnet.subnets["sn3_priv"]
   module.network.oci_core_virtual_network.vcn["vcn1"]
   

   As you can see, we have VCN, subnets, security lists and route tables.

2. Here are my Terraform configuration files.

   ~/workORCL/_MY_OCI_INFRA/oci-vcn> ls -l
   total 120
   -rwxr-xr-x@ 1 fvass  staff    849 Jul 10  2023 main.tf
   drwxr-xr-x@ 3 fvass  staff     96 May 25  2023 modules
   -rwxr-xr-x@ 1 fvass  staff    387 May 25  2023 output.tf
   -rw-r--r--  1 fvass  staff    379 Apr  3 09:18 provider.auto.tfvars
   -rw-r--r--  1 fvass  staff  29040 Apr  3 11:00 terraform.tfstate
   -rw-r--r--  1 fvass  staff    182 Apr  3 11:00 terraform.tfstate.backup
   -rwxr-xr-x@ 1 fvass  staff   6007 Apr  3 10:59 terraform.tfvars
   -rwxr-xr-x@ 1 fvass  staff   2869 May 25  2023 variables.tf
   

Task 2: Create an OCI Compute VM using the OCI Console

Create an OCI Compute VM in the same region where other OCI resources are created in Task 1. For this tutorial, we are creating it in one of the subnet that exists in Task 1 (not required to be in one of those subnet). After you create it get the compute Oracle Cloud Identifier (OCID) as it will be required in further tasks.

Note: This VM is not managed by Terraform at this time.

Task 3: Create the import_block.tf File

Create a file named import_block.tf (you can give it a different name) in the same folder where the Terraform code is located.

• import_block.tf.

  import {
    to = oci_core_instance.demo_inst_1
    id = "ocid1.instance.oc1.iad.anuwcljswe6j4fqcqxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  }
  

  • id: OCID of your compute created in Task 2.
  • to: The instance address that resource will have in your state file.

We will import a compute resource using the oci_core_instance type. The resource name will be demo_inst_1. When we run the terraform plan command, Terraform will read this file and recognize that it needs to import a new resource into the existing state file.

Task 4: Run the terraform plan Command

Run the following command. This argument generate-config-out will generate a file with the Terraform configuration for the compute created in Task 2.

terraform plan --generate-config-out=compute.tf

The output should look like:

Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.
╷
│ Warning: Config generation is experimental
│
│ Generating configuration during import is currently experimental, and the generated configuration format may change in future versions.
╵

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Terraform has generated configuration and written it to compute.tf. Please review the configuration and edit it as necessary before adding it to version control.

Now, we have a compute.tf file.

~/workORCL/_MY_OCI_INFRA/oci-vcn> ls -ltr
total 144
-rwxr-xr-x@ 1 fvass  staff    387 May 25  2023 output.tf
drwxr-xr-x@ 3 fvass  staff     96 May 25  2023 modules
-rwxr-xr-x@ 1 fvass  staff   2869 May 25  2023 variables.tf
-rw-r--r--  1 fvass  staff    379 Apr  3 09:18 provider.auto.tfvars
-rwxr-xr-x@ 1 fvass  staff   6007 Apr  3 10:59 terraform.tfvars
-rw-r--r--  1 fvass  staff    182 Apr  3 11:00 terraform.tfstate.backup
-rw-r--r--  1 fvass  staff  29040 Apr  3 11:00 terraform.tfstate
-rwxr-xr-x@ 1 fvass  staff    855 Apr  3 11:12 main.tf
-rw-r--r--  1 fvass  staff    142 Apr  3 11:12 import_block.tf
-rw-r--r--  1 fvass  staff   4421 Apr  3 11:17 compute.tf

Task 5: Run the terraform apply Command

Run the following command to add compute to your Terraform state file.

terraform apply

The output should look like:

Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.

Now, apply the configuration.

Task 6: Check the State File

Run the terraform state list command and see that the oci_core_instance.demo_inst_1 is present.

~/workORCL/_MY_OCI_INFRA/oci-vcn> terraform state list
oci_core_instance.demo_inst_1
module.network.data.oci_core_services.all_oci_services
module.network.oci_core_internet_gateway.igw["igw"]
module.network.oci_core_nat_gateway.ngw["ngw"]
module.network.oci_core_route_table.route_table["rt_priv"]
module.network.oci_core_route_table.route_table["rt_pub"]
module.network.oci_core_security_list.sl["sl_priv"]
module.network.oci_core_security_list.sl["sl_public"]
module.network.oci_core_service_gateway.this["sgw"]
module.network.oci_core_subnet.subnets["sn1_priv"]
module.network.oci_core_subnet.subnets["sn1_pub"]
module.network.oci_core_subnet.subnets["sn2_priv"]
module.network.oci_core_subnet.subnets["sn3_priv"]
module.network.oci_core_virtual_network.vcn["vcn1"]

Task 7: Remove the import_block.tf File

At this point, we can remove the import_block.tf file safely. It will be ignored by Terraform anyway.

Task 8: Test on Compute

You may change the shape of your compute. In compute.tf change the memory_in_gbs from shape_config and run terraform plan to see the change.

The output should look like:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # oci_core_instance.demo_inst_1 will be updated in-place
  ~ resource "oci_core_instance" "demo_inst_1" {
        id                  = "ocid1.instance.oc1.iad.anuwcljswe.........."
        # (20 unchanged attributes hidden)

      ~ shape_config {
          ~ memory_in_gbs                 = 16 -> 32
            # (8 unchanged attributes hidden)
        }

        # (7 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Related Links

• Terraform Import Blocks

Acknowledgments

• Author - Francisc Vass

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Import Oracle Cloud Infrastructure Resources into a Terraform State File

F96284-01

April 2024

Copyright ©2024,

Oracle and/or its affiliates.