When working with Infrastructure as Code (IaC) it’s difficult to know sometimes where to start. You have a couple of options, go to the Terraform on Azure documentation, then figure out how to write some Terraform templates. Or you can start with a tool like NubesGen that allows you to build your Terraform files (and Bicep) from an easy set of options, spitting out a Terraform template that includes all of the best practices.
Those options are great when you’re wanting to create new infrastructure, but previously, you couldn’t import your existing infrastructure into Terraform. Ah, but now you can! Introducing Azure Terrafy!
Azure Terrafy allows you to easily and quickly import your existing Azure infrastructure into Terraform HCL AND import it into your Terraform state (Learn about state files here. This has been one of the BIGGEST and coolest feature releases that all of you in the community (and myself) have been asking for! It’s great to adopt new working tools and practices for when we start a new project, but every single customer I work with wants to know how to manage their legacy infrastructure. The biggest challenge we face in ITOps is managing that legacy infrastructure.
Let’s walk through how to get started using Azure Terrafy:
Create a new directory in which to generate the Terraform code into. For this demo, I created a new folder called ‘aztfy-demo’ (seen below).
To start using the aztfy tool, we need to install it locally. There are two options: the latest binaries or running the Go toolchain. You can obtain the latest binaries from the releases area of the GitHub repository or more easily you can run the Go toolchain using a single command:
Once installed, run the aztfy command and specify the Azure resource group that you want to import (Note: Currently aztfy only supports importing at the resource group level)
Aztfy will now begin the import process:
It will show you the importing resources as it run, along with a progress bar:
When the import has completed (mine took a few minutes, not enough time to even make a proper coffee), it will display the resources to be imported.
Aztfy found 250 resources in my resource group along with their dependencies, scrolling through I can proceed to the end of the screen and review my options. From this view we can filter our results, show any errors/recommendations, or import our resources:
5. Type ‘w’ to import all of the viewed resources. Aztfy will begin to generate your Terraform scripts and it does all of the heavy lifting for you. Not only does it create your Terraform scripts, it will include the dependencies and update the state.
Once Azure Terrafy has completed, you can open your folder and see the newly generated template files:
You can open the Azure portal and visually check that the resource naming, dependencies and settings have been imported successfully.
6. The best way to validate the importing of your resources is by running ‘Terraform Plan’
This will confirm that your configuration matches your infrastructure. The output will confirm that no changes need to be made.
Congratulations! You’ve successfully imported your existing infrastructure in Azure into Terraform templates!
While this makes importing existing resources a breeze, there are some things to be conscious of at this point.
Naming conventions and reusability. While the templates are able to be used, naming conventions for your resources need to be reconfigured and all elements are defined in a very static way. You will need to manually edit and declare your variables to make the templates more scalable and reusable.
State storage. When you import your Terraform files, the state is saved to the local file store, work needs to be done to store it remotely in a more secure way.
Code refactoring. Aztfy currently spits out the templates into one main.tf file, splitting out your templates into modules should be considered. You will need to spend some time in VSCode and make the new files more reusable and scalable.
Dependencies. Aztfy uses many of the dependencies in your resource group to map those out in the templates (see the 'depends_on' line declared in the main.tf above), much of that can be cleaned up once naming conventions and modules are implemented.
Import of Resource Groups. Currently, you can only import resource groups. Expect the product team to look into this, potentially making it available to import vNets or maybe even subscriptions!
There is no such thing as a perfect tool, but the announcement of Azure Terrafy is a huge step in the right direction!
Read more about the aztfy announcement and the new AzAPI Terraform Provider (TL;DR: Day 0 support for ALL Azure resources when creating Terraform templates), the Microsoft team has done an amazing job at removing the need for ARM templates to be embedded in your Terraform templates along with launching this new tool. You can also check out the azty GitHub repo here for more details on how the tool works and new features.