Love your videos Ned, they have helped me immensely over the years. I don't know if you can fix the audio/video mismatch though, appears that the video lags behind the audio by about a second?
Thank you, Ned. Great presentation on "Testing Vault ACL policies with Python" in HashiConf 2023. Could you please github repo link for the code used in this example? Thank you.
have you tested this feature to fix issues related to state file being out of sync? Like, for instance, deploying a new DB via terraform and later on pushing manual changes via the console (causing the sync problem). Will import blocks fetch all these new changes so you can grab these and update your original main terraform file?
If the resource already exists in your configuration, then import blocks won't really help. You either need to overwrite the changes with the current resource configuration or update the configuration to match the actual DB.
Getting the following error: The parsed Resource ID was missing a value for the segment at position 2 (which should be the literal value "resourceGroups") on a kubernetes_cluster import block. Is there a fix for this? I get it after running a TF plan. Using the new "import block" method.
Most likely the generated configuration copied over too many values or an incompatible value from the actual resource. Try removing literal values that aren't needed for the resource configuration block.
@@NedintheCloud thanks. I had to downgrade the tf provider version to 3.x to get it to work. The later versions would error out on the resource subscription tag.
Hi , the import block feature was introduced in Terraform v1.3.0, but there's a specific syntax and setup you need to follow to use it correctly. Since you're using Terraform v1.7.2, which supports import blocks, make sure you're placing the import block correctly within your configuration. resource "aws_instance" "test" { import { id = "i-8737839489" } }
Can the import block be used on an existing infrastructure that doesn’t have main and state files generated? I know using the TF export command it generates everything and expects the working directory to be empty.
The import block can be used with an existing configuration or a new empty one. Either is fine. It doesn't create a new instance of state, it uses the existing state backend.
Thanks for replying and providing the info. I have some resources that will require import blocks. Used azexport which worked better than Terraformer but clean-up is required. @@NedintheCloud
The `to` argument doesn't, but starting in Terraform 1.6, the `id` field supports any expression that evaluates to a string. You can also use `for_each` with import blocks starting in Terraform 1.7.
It could be properties that are being added by the AWS API. The '+' sign will tell you which properties are being set/updated. I'm guessing it's something weird about those attributes, the aws provider, and the actually API.
Your TF videos are great man ! getting a ton of insight from them ...
It's not fair this guide has too few likes. It's definitely deserves much more likes!
Nice, clear, direct and with a demo :D
Thanks man !
Great video very informative and straight to the point. Always enjoy all your videos!
Such a gem! Great content, thank you. 🙏
Good explanation! thank you!!
great job as always, love your channel
This was a great help to me. Thanks!
That was super useful thankx !
Thanks
Love your videos Ned, they have helped me immensely over the years. I don't know if you can fix the audio/video mismatch though, appears that the video lags behind the audio by about a second?
It's super weird. It looks fine when I'm editing, but the upload to UA-cam seems to be breaking something. I'll work on fixing any future videos.
Nice, can you do a video of a timeline of updates on each terraform version? Because most of us are still stuck on v1.2 😂
Interesting idea, I'll add it to the list. Do you just want a feature comparison from Terraform 1.0 till 1.5?
Do you prefer aztfexport or Import Blocks ? :D
Why choose?! As I understand it, the aztfexport team is going to integrate import blocks into their tool soon.
@@NedintheCloud Sooo, does it means Aztexport is the way to go? :D
Thank you, Ned. Great presentation on "Testing Vault ACL policies with Python" in HashiConf 2023. Could you please github repo link for the code used in this example? Thank you.
Thanks! Here's the repo: github.com/ned1313/vault-policy-testing/
have you tested this feature to fix issues related to state file being out of sync? Like, for instance, deploying a new DB via terraform and later on pushing manual changes via the console (causing the sync problem). Will import blocks fetch all these new changes so you can grab these and update your original main terraform file?
If the resource already exists in your configuration, then import blocks won't really help. You either need to overwrite the changes with the current resource configuration or update the configuration to match the actual DB.
Getting the following error: The parsed Resource ID was missing a value for the segment at position 2 (which should be the literal value "resourceGroups") on a kubernetes_cluster import block.
Is there a fix for this? I get it after running a TF plan. Using the new "import block" method.
Most likely the generated configuration copied over too many values or an incompatible value from the actual resource. Try removing literal values that aren't needed for the resource configuration block.
@@NedintheCloud thanks. I had to downgrade the tf provider version to 3.x to get it to work. The later versions would error out on the resource subscription tag.
Hi I'm trying to use the new terraform import block but i get an error saying that import blocks are not expected. I'm running v1.7.2 on WSL
Hi , the import block feature was introduced in Terraform v1.3.0, but there's a specific syntax and setup you need to follow to use it correctly. Since you're using Terraform v1.7.2, which supports import blocks, make sure you're placing the import block correctly within your configuration.
resource "aws_instance" "test" {
import {
id = "i-8737839489"
}
}
Can the import block be used on an existing infrastructure that doesn’t have main and state files generated? I know using the TF export command it generates everything and expects the working directory to be empty.
The import block can be used with an existing configuration or a new empty one. Either is fine. It doesn't create a new instance of state, it uses the existing state backend.
Thanks for replying and providing the info. I have some resources that will require import blocks. Used azexport which worked better than Terraformer but clean-up is required. @@NedintheCloud
where was this years ago ;) lol
terraformer killer
Could be?! There's some more cool improvements coming down the pike that I can't talk about yet.
id does not support variables :(
The `to` argument doesn't, but starting in Terraform 1.6, the `id` field supports any expression that evaluates to a string. You can also use `for_each` with import blocks starting in Terraform 1.7.
@@NedintheCloud Thanks for this update. Currently on v1.5.7, will check out v1.7.
Hi Ned,
I am using the public registry EC2 module -> terraform-aws-modules/ec2-instance/aws to test out the import functionality of Terraform 1.5.x. I created an EC2 instance using the module for the testing.
When I tried importing the EC2 instance using the same EC2 module (I deleted the terraform.tfstate to simulate), Terraform plan was showing 2 update in-place changes. I can't figure out where the change is coming from.
I am expecting no changes as I have used the same EC2 module and main.tf config - no changes in parameters. I only deleted the terraform.tfstate to simulate the import.
Did you encounter this previously? thanks.
----------------------
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# module.ec2_private["0"].aws_instance.this[0] will be updated in-place
# (imported from "i-0d9fc1c2d85639717")
~ resource "aws_instance" "this" {
ami = "ami-0ee3dd41c47751fe6"
arn = "arn:aws:ec2:us-east-1:163240833505:instance/i-0d9fc1c2d85639717"
associate_public_ip_address = false
availability_zone = "us-east-1a"
cpu_core_count = 1
cpu_threads_per_core = 1
disable_api_stop = false
disable_api_termination = false
ebs_optimized = false
get_password_data = false
hibernation = false
id = "i-0d9fc1c2d85639717"
instance_initiated_shutdown_behavior = "stop"
instance_state = "running"
instance_type = "t2.micro"
ipv6_address_count = 0
ipv6_addresses = []
key_name = "terraform-key-rc_is-lab_account"
monitoring = false
placement_partition_number = 0
primary_network_interface_id = "eni-0a025e9b1e5b4b948"
private_dns = "ip-10-0-1-102.ec2.internal"
private_ip = "10.0.1.102"
secondary_private_ips = []
security_groups = []
source_dest_check = true
subnet_id = "subnet-0ee9f8fc6fc759978"
tags = {
"Department" = "it"
"Name" = "sandbox-vm-0"
"Team" = "it-devops"
"Terraform" = "true"
"environment" = "sandbox"
"owners" = "it"
}
tags_all = {
"Department" = "it"
"Name" = "sandbox-vm-0"
"Team" = "it-devops"
"Terraform" = "true"
"environment" = "sandbox"
"owners" = "it"
}
tenancy = "default"
+ user_data_replace_on_change = false
+ volume_tags = {
+ "Name" = "sandbox-vm-0"
}
vpc_security_group_ids = [
"sg-0b0776d70bd8c80c9",
]
capacity_reservation_specification {
capacity_reservation_preference = "open"
}
cpu_options {
core_count = 1
threads_per_core = 1
}
credit_specification {
cpu_credits = "standard"
}
enclave_options {
enabled = false
}
maintenance_options {
auto_recovery = "default"
}
metadata_options {
http_endpoint = "enabled"
http_put_response_hop_limit = 1
http_tokens = "optional"
instance_metadata_tags = "disabled"
}
private_dns_name_options {
enable_resource_name_dns_a_record = false
enable_resource_name_dns_aaaa_record = false
hostname_type = "ip-name"
}
root_block_device {
delete_on_termination = true
device_name = "/dev/xvda"
encrypted = false
iops = 100
tags = {
"Name" = "sandbox-vm-0"
}
throughput = 0
volume_id = "vol-0771f67580c18a268"
volume_size = 8
volume_type = "gp2"
}
+ timeouts {}
}
# module.private_sg.aws_security_group.this_name_prefix[0] will be updated in-place
# (imported from "sg-0b0776d70bd8c80c9")
~ resource "aws_security_group" "this_name_prefix" {
arn = "arn:aws:ec2:us-east-1:163240833505:security-group/sg-0b0776d70bd8c80c9"
description = "Security group with HTTP & SSH port open for everybody (IPv4 CIDR), egress ports are all world open"
egress = [
{
cidr_blocks = [
"0.0.0.0/0",
]
description = "All protocols"
from_port = 0
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "-1"
security_groups = []
self = false
to_port = 0
},
]
id = "sg-0b0776d70bd8c80c9"
ingress = [
{
cidr_blocks = [
"10.0.0.0/16",
]
description = "HTTP"
from_port = 80
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = []
self = false
to_port = 80
},
{
cidr_blocks = [
"10.0.0.0/16",
]
description = "SSH"
from_port = 22
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = []
self = false
to_port = 22
},
]
name = "private-sg-20230716055903460900000001"
name_prefix = "private-sg-"
owner_id = "163240833505"
+ revoke_rules_on_delete = false
tags = {
"Department" = "it"
"Name" = "private-sg"
"Team" = "it-devops"
"Terraform" = "true"
"environment" = "sandbox"
"owners" = "it"
}
tags_all = {
"Department" = "it"
"Name" = "private-sg"
"Team" = "it-devops"
"Terraform" = "true"
"environment" = "sandbox"
"owners" = "it"
}
vpc_id = "vpc-0c2e6db281af6595b"
+ timeouts {
+ create = "10m"
+ delete = "15m"
}
}
Plan: 5 to import, 0 to add, 2 to change, 0 to destroy.
Changes to Outputs:
+ ec2_private_instance_ids = [
+ "i-xxxxxxxxxxxxxxxxxxxxxxxxxxxx",
]
+ ec2_private_ip = [
+ "x.x.x.x",
]
+ private_sg_group_id = "sg-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ private_sg_group_name = "private-sg-xxxxxxxxxxxxxxx"
+ private_sg_group_vpc_id = "vpc-xxxxxxxxxxxxxx"
It could be properties that are being added by the AWS API. The '+' sign will tell you which properties are being set/updated. I'm guessing it's something weird about those attributes, the aws provider, and the actually API.