search

Azure / terraform-azurerm-caf-enterprise-scale

Azure landing zones Terraform module
https://aka.ms/alz/tf
MIT License
785 stars 510 forks source link

use existing management group as a parent #1004

Closed praveenambati1233 closed 1 week ago

praveenambati1233 commented 2 weeks ago

My client is already created the Level 1 Management Group. How can I refer the existing Level 1 Management Group and create the Level 2 Management Groups ( Platform and Landing Zones )?

How to replicate ?

  1. Create a child management group with root id "myorg" and root name "My Organization" Tenant Root Group"
  2. Run the https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BExamples%5D-Deploy-Default-Configuration.

Error : 

module.enterprise_scale.azurerm_management_group.level_1["/providers/Microsoft.Management/managementGroups/myorg"]: Creating...
│ Error: A resource with the ID "/providers/Microsoft.Management/managementGroups/myorg" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_management_group" for more information.
│
│   with module.enterprise_scale.azurerm_management_group.level_1["/providers/Microsoft.Management/managementGroups/myorg"],
│   on .terraform/modules/enterprise_scale/resources.management_groups.tf line 9, in resource "azurerm_management_group" "level_1":
│    9: resource "azurerm_management_group" "level_1" {

Troubleshooting

Tried to import the state but it is failed at CAF management group module

terraform import 'module.enterprise_scale.azurerm_management_group.level_1["/providers/Microsoft.Management/managementGroups/myorg"]' /providers/Microsoft.Management/managementGroups/myorg

Error :

╷
│ Error: Invalid for_each argument
│ 
│   on .terraform/modules/enterprise_scale/resources.management_groups.tf line 32, in resource "azurerm_management_group" "level_3":
│   32:   for_each = local.azurerm_management_group_level_3
│     ├────────────────
│     │ local.azurerm_management_group_level_3 will be known only after apply
│ 
│ The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
│ 
│ When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place apply-time results only in the map values.
│ 
│ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge.
matt-FFFFFF commented 2 weeks ago

hi you can use the terraform import block to do this - see this issue: https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues/992

praveenambati1233 commented 2 weeks ago

Yes, I did try with the command - terraform import module.core.module.alz.azurerm_management_group.level_1["/providers/Microsoft.Management/managementGroups/client-mg"] '/providers/Microsoft.Management/managementGroups/client-mg'

Here is the error I am encountering 


│ Error: Invalid for_each argument
│ 
│   on caf/resources.management_groups.tf line 32, in resource "azurerm_management_group" "level_3":
│   32:   for_each = local.azurerm_management_group_level_3
│     ├────────────────
│     │ local.azurerm_management_group_level_3 will be known only after apply
│ 
│ The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
│ 
│ When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place apply-time results only in the map values.
│ 
│ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge.
praveenambati1233 commented 1 week ago

@matt-FFFFFF Updated the issue in the description with replication steps.

matt-FFFFFF commented 1 week ago

I don't think this error is due to the import. It's more likely that you have some module inputs that are not known until after apply.

praveenambati1233 commented 1 week ago

It is fixed with import{}

import {
  to = module.enterprise_scale.azurerm_management_group.level_1["/providers/Microsoft.Management/managementGroups/myorg"]
  id = "/providers/Microsoft.Management/managementGroups/myorg"
}

Thank You for your support.