You try and try to keep your infrastructure code clean, but there was an emergency and another team went and created a whole application environment without going through standard process. Now your IaC is out of sorts with what's actually built... There's an app for that.
Microsoft has developed a tool called Aztfy (currently in preview) that will dig through pre-existing resource groups, create the necessary Terraform HCL, and import to Terraform state.
How does it work?
I downloaded the binary from GitHub, copied it into my Terraform root directory, and ran it:
./aztfy -o <output directory> <azure resource group name>
After a minute of scanning and initializing, Aztfy comes back with a list of resources it found and gives you the option to import or ignore them. It also lets you rename resources before importing. Press w to kick off the import and wait while the magic happens.
How well does it work?
At the end of the process I found a mostly complete Terraform file structure in the output directory. The sandbox resource group I used for this test was full of random resources — a rogues' gallery of Azure features — which also makes it kind of perfect for a test like this.
The good
- Handled complex inter-related resources with
depends_onstatements, like NSGs that require subnets to exist first - Converted about 90% of 20+ resources to HCL — a definite time saver
The bad
- Does not use modules, which causes problems when scaling later
- Some simple resources didn't import — a basic VM didn't make the cut
- Running
terraform initandplanafter importing produced errors
My takeaway: this tool is useful but limited. It cannot blindly reproduce complete infrastructures as code. There's still manual work required and experienced eyes are needed to make sure resources are imported in a way that can actually reproduce the resource group.
That said, it's an exciting idea and can save meaningful time on pre-existing resource imports. Worth having in your toolkit.