Using terraformer to generate terraform files from your existing cloud environment
Google Cloud Platform have created a great tool, terraformer, for generating terraform files and state from your existing infrastructure. Its written in go and works with the existing terraform providers so is a natural extension for terraform. Works with GCP and AWS but not Azure at present.
Prerequisites
Go Compiler Install
https://golang.org/doc/install
I followed Windows — MSI INstaller but you can download the macOS package installer.
* Go to https://golang.org/dl/ and download msi file for windows
* Open the MSI file
* follow the prompts to install the Go tools.
* By default, the installer puts the Go distribution in c:\Go.
Terraformer Install
git clone https://github.com/GoogleCloudPlatform/terraformer.git
Installation From source:
Run git clone <terraformer repo>
Run GO111MODULE=on go mod vendor
Run go build -v
Run terraform init against an init.tf file to install the plugins required for your platform. For the aws provider, init.tf should contain:
provider “aws” {}
Run terraformer for required resources:
terraformer import aws — resources=s3 — connect=true — regions=us-east-1 — profile=mycompany
terraformer import aws — resources=sg — connect=true — regions=us-east-1 — profile=mycompany
terraformer import aws — resources=ec2_instance — connect=true — regions=us-east-1 — profile=mycompany
its creates a directory structure for ec2_instance like:
generated/aws/ec2_instance/us-east-1/
instance.tf
outputs.tf
provider.tf
variables.tf
terraform.tfstate
if you then update the provider to point to your remote state, either in S3 or the terraform free tier, then when terraform is run it will migrate the tfstate to the remote state.
Summary
terraformer does a pretty good job of generated clean terraform files however:
* ebs instances are not created separately and attached to the instance but just appear in the ec2_instance so that would probably have to be changed.
* security groups are generated with inline egress and ingress rules so these need to be separated into aws_security_group_rules so they can be maintained more easily.
