search

gruntwork-io / terragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.
https://terragrunt.gruntwork.io/
MIT License
8.04k stars 975 forks source link

`terragrunt import` does not persist #267

Closed gdhgdhgdh closed 7 years ago

gdhgdhgdh commented 7 years ago

Hullo - I've been using TG for a while with older TF versions, and this is my first outing with TG 0.13 and TF 0.10...

All my Terraform .tf files live in the tf directory, with environments/dev underneath that. I am working with a locked-down AWS account where I do not have access to create network resources - I need to import an existing VPC / subnets, etc. to the local state file.

TG setup is like so:

[developer@devBox tf]$ more environments/terraform.tfvars 
terragrunt {
  remote_state {
    backend = "s3"
    config {
      bucket     = "terraform-state-${get_aws_account_id()}-${path_relative_to_include()}"
      key        = "terraform.tfstate"
      region     = "eu-west-2"
      encrypt    = true
    }
  }
}

[developer@devBox tf]$ more environments/dev/terraform.tfvars 
terragrunt = {
  terraform = {
    source = "${path_relative_from_include()}/../../"
  }

  include {
    path = "${find_in_parent_folders()}"
  }
}

I define the VPC simply in aws.tf:

provider "aws" {
  region = "eu-west-2"
}

resource "aws_vpc" "main_vpc" {  
    cidr_block = "10.179.48.0/20"

    tags {
        Name = "n076datvpc001"
    }
}

and then terragrunt plan, then very sensibly Terraform wants to create the VPC.

Now I try to import the existing VPC:

[developer@devBox dev]$ terragrunt import aws_vpc.main_vpc vpc-a34afbca
[terragrunt] [/home/developer/infrastructure-as-code/tf/environments/dev] 2017/08/18 08:34:12 Running command: terraform --version
[terragrunt] 2017/08/18 08:34:12 Reading Terragrunt config file at /home/developer/infrastructure-as-code/tf/environments/dev/terraform.tfvars
[terragrunt] 2017/08/18 08:34:12 WARNING: no double-slash (//) found in source URL /home/developer/infrastructure-as-code/tf. Relative paths in downloaded Terraform code may not work.
[terragrunt] 2017/08/18 08:34:12 Cleaning up existing *.tf files in /tmp/terragrunt/acP5FOqj91Lz08E549B0dEiQ7u8/e_TPzidHXV2ZjUKk0SDVRwpJrm8
[terragrunt] 2017/08/18 08:34:12 Downloading Terraform configurations from file:///home/developer/infrastructure-as-code/tf into /tmp/terragrunt/acP5FOqj91Lz08E549B0dEiQ7u8/e_TPzidHXV2ZjUKk0SDVRwpJrm8 using terraform init
[terragrunt] [/home/developer/infrastructure-as-code/tf/environments/dev] 2017/08/18 08:34:12 Initializing remote state for the s3 backend
[terragrunt] [/home/developer/infrastructure-as-code/tf/environments/dev] 2017/08/18 08:34:13 WARNING: Versioning is not enabled for the remote state S3 bucket terraform-state-238425939713-dev. We recommend enabling versioning so that you can roll back to previous versions of your Terraform state in case of error.
[terragrunt] [/home/developer/infrastructure-as-code/tf/environments/dev] 2017/08/18 08:34:13 Running command: terraform init -backend-config=encrypt=true -backend-config=bucket=terraform-state-238425939713-dev -backend-config=key=terraform.tfstate -backend-config=region=eu-west-2 -from-module=file:///home/developer/infrastructure-as-code/tf /tmp/terragrunt/acP5FOqj91Lz08E549B0dEiQ7u8/e_TPzidHXV2ZjUKk0SDVRwpJrm8
Copying configuration from "file:///home/developer/infrastructure-as-code/tf"...

Initializing provider plugins...

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.

* provider.aws: version = "~> 0.1"

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see                                                                                                                                  
any changes that are required for your infrastructure. All Terraform commands                                                                                                                                  
should now work.                                                                                                                                                                                               

If you ever set or change modules or backend configuration for Terraform,                                                                                                                                      
rerun this command to reinitialize your working directory. If you forget, other                                                                                                                                
commands will detect it and remind you to do so if necessary.                                                                                                                                                  
[terragrunt] 2017/08/18 08:34:13 Copying files from /home/developer/infrastructure-as-code/tf/environments/dev into /tmp/terragrunt/acP5FOqj91Lz08E549B0dEiQ7u8/e_TPzidHXV2ZjUKk0SDVRwpJrm8
[terragrunt] 2017/08/18 08:34:13 Setting working directory to /tmp/terragrunt/acP5FOqj91Lz08E549B0dEiQ7u8/e_TPzidHXV2ZjUKk0SDVRwpJrm8
[terragrunt] [/home/developer/infrastructure-as-code/tf/environments/dev] 2017/08/18 08:34:13 Initializing remote state for the s3 backend
[terragrunt] [/home/developer/infrastructure-as-code/tf/environments/dev] 2017/08/18 08:34:13 WARNING: Versioning is not enabled for the remote state S3 bucket terraform-state-238425939713-dev. We recommend enabling versioning so that you can roll back to previous versions of your Terraform state in case of error.
[terragrunt] [/home/developer/infrastructure-as-code/tf/environments/dev] 2017/08/18 08:34:13 Running command: terraform init -backend-config=region=eu-west-2 -backend-config=encrypt=true -backend-config=bucket=terraform-state-238425939713-dev -backend-config=key=terraform.tfstate

Initializing provider plugins...

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.

* provider.aws: version = "~> 0.1"

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see                                                                                                                                  
any changes that are required for your infrastructure. All Terraform commands                                                                                                                                  
should now work.                                                                                                                                                                                               

If you ever set or change modules or backend configuration for Terraform,                                                                                                                                      
rerun this command to reinitialize your working directory. If you forget, other                                                                                                                                
commands will detect it and remind you to do so if necessary.                                                                                                                                                  
[terragrunt] 2017/08/18 08:34:14 Running command: terraform import aws_vpc.main_vpc vpc-a34afbca
aws_vpc.main_vpc: Importing from ID "vpc-a34afbca"...
aws_vpc.main_vpc: Import complete!
  Imported aws_vpc (ID: vpc-a34afbca)
aws_vpc.main_vpc: Refreshing state... (ID: vpc-a34afbca)

Import successful!                                                                                                                                                                                             

The resources that were imported are shown above. These resources are now in                                                                                                                                   
your Terraform state and will henceforth be managed by Terraform.                                                                                                                                              

Import does not generate configuration, so the next step is to ensure that                                                                                                                                     
the resource configurations match the current (or desired) state of the                                                                                                                                        
imported resources. You can use the output from "terraform plan" to verify that                                                                                                                                
the configuration is correct and complete.

I can see the VPC definition in /tmp/terragrunt/acP5FOqj91Lz08E549B0dEiQ7u8/e_TPzidHXV2ZjUKk0SDVRwpJrm8/terraform.tfstate

The problem is then if I immediately do another terragrunt plan then it gets overwritten with the 'VPC not present' and once again Terraform wants to create a VPC.

What am I doing wrong?

gdhgdhgdh commented 7 years ago

This was a combination of two things:

1) The AWS account I was using was missing S3:ListObjects permissions

2) I was missing the simple terraform { backend "s3" {} } block from my aws.tf

ehillhd commented 3 years ago

This was really helpful and helped me figure things out, thank you for sharing!