This question is not how to import and it's not what's the purpose of tfstate. It's what's the purpose of importing a pre-existing resource, esp. compared to just referencing the ID of the existing resource?
Terraform has the feature of terraform import
. HashiCorp describes the purpose of this as:
Terraform is able to import existing infrastructure. This allows you take resources you've created by some other means and bring it under Terraform management.
This is a great way to slowly transition infrastructure to Terraform, or to be able to be confident that you can use Terraform in the future if it potentially doesn't support every feature you need today.
I read the article about the purpose of Terraform state. It does make sense to me to track Terraform state with .tfstate
files when those files are mappings back to the configurations in .tf
files.
But it's still unclear to me what the purpose of a standalone .tfstate
file is when it only maps to an empty resource block. If there is a resource not in terraform yet, I would typically do one of two things:
- put the resource in terraform, tear down the resource manually and re-deploy the resource with terraform, or...
- keep the resource un-templated, reference its resource ID as a parameter and get its metadata via a data element for terraform-managed resources that rely on it.
- Is
terraform import
an alternative to those two approaches? And if so, why would you use that approach?
The only way to make changes to an imported resource (that only has an empty resource block in the .tf
file and detailed state in .tfstate) is to make manual changes and then re-import into
.tfstate`, right? And if so, then what's the point of tracking the state of that resource in terraform?
I'm sure there's a good reasons. Just want to understand this deeper! Thanks!
You wouldn't use a standalone .tfstate file. You would be using the same .tfstate file that all your other resources are in.
Consider the case where you have a production database with terrabytes of data already load in it, and users actively performing actions that query that database 24 hours a day. Your option
1
would require some down time, possibly a lot of down time, because you would have to deal with backing up and restoring terrabytes of data. Your option2
would never let you manage changes to your database server via Terraform. That's what the Terraform import feature solves. It lets Terraform take "full control" of resources that already exist, without having to recreate them.I agree that if a system outage is not an issue, and if recreating a resource isn't going to take much time, using option
1
is the way to go. Option2
is only for resources that you never want to fully manage in Terraform, which is really a separate issue from the one Terraform import solves.