Reputation: 79
Is there a way to import iam-roles in terraform?
I want to import existing aws resource iam-role 'DEVOPS' to my terraform management.
Though the resorce exists i get the following error -
Error: Cannot import non-existent remote object
While attempting to import an existing object to aws_iam_role.okta_devops_role, the provider detected that no object exists with the given id. Only pre-existing objects can be imported; check that the id is correct and that it is associated with the provider's configured region or endpoint, or use "terraform apply" to create a new remote object for this resource.
I created empty resource -> aws_iam_role.devops_role in my main.tf
Upvotes: 7
Views: 12732
Answers (4)
Reputation: 1195
Starting Terraform v1.5.0 you can use an import block to import IAM Roles using the name:
import {
to = aws_iam_role.devops
id = "DEVOPS"
}
Link to documentation here (scroll to the Import block at the bottom).
Upvotes: 0
Reputation: 7613
just as a complementary solution. In case you have defined your aws_iam_role inside a module, you may need to add two prefixes to the terraform import command. One way to find the correct resource name from the module is by using the terraform plan command.
For example, this aws_iam_role resource that is inside a module
resource "aws_iam_role" "reports_role" {
name = "${var.environment}_reports_role"
inline_policy {
name = "${var.environment}_s3_access_policy"
policy = templatefile("${path.module}/templates/s3_access_policy.json", {
bucket_name = var.bucket_name
})
}
}
I get the following error when trying to deploy it for the dev overlay (environment):
╷ │ Error: error creating IAM Role (prod_reports_role): EntityAlreadyExists: Role with name prod_reports_role already exists. │ status code: 409, request id: ******************* │ │ with module.aws_role.aws_iam_role.reports_role, │ on ../../modules/authorization/roles/role.tf line 1, in resource "aws_iam_role" "reports_role": │ 1: resource "aws_iam_role" "reports_role" { │ ╵
After using the terraform plan command I can see its name and import it. As you can see I have to add module.aws_role before the aws_iam_role.reports_role.
terraform import module.aws_role.aws_iam_role.reports_role dev_reports_role
Upvotes: 0
Reputation: 1088
You should be able to import an existing IAM role resource by doing the following:
- Create the stub for the resource in your
main.tflike this:
resource "aws_iam_role" "DEVOPS" {
# stub
}
- Run the import command:
terraform import aws_iam_role.DEVOPS DEVOPS
- When that is complete, show the resource and update the resource stub you created in step 1:
terraform show
Here is a link to the documentation.
Upvotes: 7
Reputation: 483
There is no way for importing the existing resources which are not provisioned via terraform.
As terraform do refer to the resource via terraform state file and detects the configuration drift
Still, you can give a try to:-
https://github.com/GoogleCloudPlatform/terraformer#use-with-aws
Upvotes: -6
Related Questions
- How to declare an AWS IAM Assume Role Policy in Terraform from a JSON file?
- How to attach multiple IAM roles to instance profile on AWS?
- How do I create an IAM role in Terraform for Amazon ECR?
- How can i provision IAM Role in aws with terraform?
- Terraform: Attaching an unmanaged IAM role
- Create and attach IAM role to EC2 using terraform
- Terraform: associate an aws_iam_role with an aws_iam_policy
- How to create and assume an IAM role with terraform in the same plan
- Terraform using IAM role assume
- Terraform: associate an aws_iam_role_policy to an aws_iam_role