Failed to import AWS resources

[kayman-mk]

Great tool, it saved my day! However I found problems importing some resources.

Resources which can't be imported and shouldn't appear in the output:

• aws_acm_certificate_validation
• aws_ami_copy

random_password shouldn't be imported as it would reveal the password. Seems that the current logic doesn't cause any harm, but I think it is better to remove it too:

import {
      to = random_password.rds_master_password
      id = "none"
    }

Resources which uses the wrong id. Terraform fails on import:

• aws_ecs_cluster: use the name
• aws_ecs_task_definition: use the arn
• aws_wafv2_web_acl: use id/name/scope from state file. Scope seems to be part of the arn: 6th field (until the first /)
• aws_ecs_service: use cluster_name/service_name from the id (last 2 fields separated by /)
• aws_autoscaling_schedule: use autoscaling_group_name/scheduled_action_name
• aws_appautoscaling_target: use service_namespace/id/scalable_dimension
• aws_appautoscaling_policy: use service_namespace/resource_id/scalable_dimension/name

[kishaningithub]

Thanks a lot for submitting an issue with great detail ! Much appreciated! ☺️

Will definitely look into this! 👍

[kishaningithub]

@kayman-mk Have addressed all of the above in PR https://github.com/kishaningithub/tf-import-gen/pull/35 other than random password.

I have some difference of opinions regarding your random_password concern

• Usage of this tool assumes that you have access to read terraform state file via terraform show command. The random password is stored as plain text in the state file itself, meaning a bad actor can potentially see the password even if i redact it from the output of this tool.
• If the concern is an accidental checkin of terraform import file with random_password then i feel this concern needs to be addressed through security linters like tfsec etc because the main functionality if this tool is to generate valid imports. In the case of random_password the user can potentially prevent a recreate and make it use the same password so if i remove that this process becomes cumbersome. We can definitely add features to help such tools detect the sensitivity of the import identifiers.

Do let me know your thoughts.

[kishaningithub]

@kayman-mk Have released a new version (v0.13.1) of go releaser. Do upgrade to the latest and let me know if it addressed all your observations/concerns.