AWS
Use with AWS
Section titled “Use with AWS”Example:
terraformer import aws --resources=vpc,subnet --connect=true --regions=eu-west-1 --profile=prod terraformer import aws --resources=vpc,subnet --filter=vpc=vpc_id1:vpc_id2:vpc_id3 --regions=eu-west-1Profiles support
Section titled “Profiles support”AWS configuration including environmental variables, shared credentials file (~/.aws/credentials), and shared config file (~/.aws/config) will be loaded by the tool by default. To use a specific profile, you can use the following command:
terraformer import aws --resources=vpc,subnet --regions=eu-west-1 --profile=prodYou can also provide no regions when importing resources:
terraformer import aws --resources=cloudfront --profile=prodIn that case terraformer will not know with which region resources are associated with and will not assume any region. That scenario is useful in case of global resources (e.g. CloudFront distributions or Route 53 records) and when region is passed implicitly through environmental variables or metadata service.
Examples to import other resources-
- Security Group-
terraformer import aws --resources=sg --regions=us-east-1Supported services
Section titled “Supported services”For AWS provider gap audits and unsupported-resource skip-list maintenance, see aws-gap-inventory.md.
accessanalyzeraws_accessanalyzer_analyzeraws_accessanalyzer_archive_rule
acmaws_acm_certificate
alb(supports ALB and NLB)aws_lbaws_lb_listeneraws_lb_listener_ruleaws_lb_listener_certificateaws_lb_target_groupaws_lb_target_group_attachment
api_gatewayaws_api_gateway_accountaws_api_gateway_authorizeraws_api_gateway_api_keyaws_api_gateway_base_path_mappingaws_api_gateway_client_certificateaws_api_gateway_documentation_partaws_api_gateway_documentation_versionaws_api_gateway_gateway_responseaws_api_gateway_integrationaws_api_gateway_integration_responseaws_api_gateway_methodaws_api_gateway_method_responseaws_api_gateway_modelaws_api_gateway_resourceaws_api_gateway_rest_apiaws_api_gateway_request_validatoraws_api_gateway_stageaws_api_gateway_usage_planaws_api_gateway_usage_plan_keyaws_api_gateway_vpc_link
api_gatewayv2aws_apigatewayv2_apiaws_apigatewayv2_api_mappingaws_apigatewayv2_authorizeraws_apigatewayv2_deploymentaws_apigatewayv2_domain_nameaws_apigatewayv2_integrationaws_apigatewayv2_integration_responseaws_apigatewayv2_modelaws_apigatewayv2_routeaws_apigatewayv2_route_responseaws_apigatewayv2_stageaws_apigatewayv2_vpc_link
appconfigaws_appconfig_applicationaws_appconfig_configuration_profileaws_appconfig_deploymentaws_appconfig_deployment_strategyaws_appconfig_environmentaws_appconfig_extensionaws_appconfig_extension_associationaws_appconfig_hosted_configuration_version
appintegrationsaws_appintegrations_data_integrationaws_appintegrations_event_integration
appmeshaws_appmesh_gateway_routeaws_appmesh_meshaws_appmesh_routeaws_appmesh_virtual_gatewayaws_appmesh_virtual_nodeaws_appmesh_virtual_routeraws_appmesh_virtual_service
apprunneraws_apprunner_auto_scaling_configuration_versionaws_apprunner_connectionaws_apprunner_custom_domain_associationaws_apprunner_observability_configurationaws_apprunner_serviceaws_apprunner_vpc_connectoraws_apprunner_vpc_ingress_connection
appstreamaws_appstream_fleetaws_appstream_fleet_stack_associationaws_appstream_image_builderaws_appstream_stackaws_appstream_useraws_appstream_user_stack_association
appsyncaws_appsync_api_cacheaws_appsync_api_keyaws_appsync_datasourceaws_appsync_domain_nameaws_appsync_domain_name_api_associationaws_appsync_functionaws_appsync_graphql_apiaws_appsync_resolveraws_appsync_source_api_associationaws_appsync_type
athenaaws_athena_capacity_reservationaws_athena_data_catalogaws_athena_named_queryaws_athena_prepared_statementaws_athena_workgroup
auto_scalingaws_autoscaling_groupaws_launch_configurationaws_launch_template
backupaws_backup_frameworkaws_backup_global_settingsaws_backup_logically_air_gapped_vaultaws_backup_planaws_backup_region_settingsaws_backup_report_planaws_backup_restore_testing_planaws_backup_restore_testing_selectionaws_backup_selectionaws_backup_vaultaws_backup_vault_lock_configurationaws_backup_vault_notificationsaws_backup_vault_policy
batchaws_batch_compute_environmentaws_batch_job_definitionaws_batch_job_queueaws_batch_scheduling_policy
bedrockaws_bedrock_guardrailaws_bedrock_guardrail_versionaws_bedrock_inference_profileaws_bedrock_model_invocation_logging_configurationaws_bedrock_provisioned_model_throughput
bedrockagentaws_bedrockagent_agentaws_bedrockagent_agent_action_groupaws_bedrockagent_agent_aliasaws_bedrockagent_agent_collaboratoraws_bedrockagent_agent_knowledge_base_associationaws_bedrockagent_data_sourceaws_bedrockagent_flowaws_bedrockagent_knowledge_baseaws_bedrockagent_prompt
budgetsaws_budgets_budget
chatbotaws_chatbot_slack_channel_configuration
chimeaws_chime_voice_connectoraws_chime_voice_connector_groupaws_chime_voice_connector_loggingaws_chime_voice_connector_originationaws_chime_voice_connector_streamingaws_chime_voice_connector_termination
chimesdkvoiceaws_chimesdkvoice_global_settingsaws_chimesdkvoice_sip_media_applicationaws_chimesdkvoice_sip_ruleaws_chimesdkvoice_voice_profile_domain
cloud9aws_cloud9_environment_ec2aws_cloud9_environment_membership
cloudformationaws_cloudformation_stackaws_cloudformation_stack_setaws_cloudformation_stack_set_instance
cloudfrontaws_cloudfront_cache_policyaws_cloudfront_continuous_deployment_policyaws_cloudfront_distributionaws_cloudfront_field_level_encryption_configaws_cloudfront_field_level_encryption_profileaws_cloudfront_functionaws_cloudfront_key_groupaws_cloudfront_key_value_storeaws_cloudfront_monitoring_subscriptionaws_cloudfront_origin_access_controlaws_cloudfront_origin_access_identityaws_cloudfront_origin_request_policyaws_cloudfront_public_keyaws_cloudfront_realtime_log_configaws_cloudfront_response_headers_policyaws_cloudfront_vpc_origin
cloudhsmaws_cloudhsm_v2_clusteraws_cloudhsm_v2_hsm
cloudtrailaws_cloudtrail
cloudwatchaws_cloudwatch_dashboardaws_cloudwatch_event_api_destinationaws_cloudwatch_event_archiveaws_cloudwatch_event_busaws_cloudwatch_event_bus_policyaws_cloudwatch_event_ruleaws_cloudwatch_event_targetaws_cloudwatch_metric_alarm
codebuildaws_codebuild_project
codecommitaws_codecommit_approval_rule_templateaws_codecommit_repository
codedeployaws_codedeploy_app
codepipelineaws_codepipelineaws_codepipeline_webhook
cognitoaws_cognito_identity_poolaws_cognito_identity_pool_roles_attachmentaws_cognito_identity_provideraws_cognito_resource_serveraws_cognito_user_groupaws_cognito_user_poolaws_cognito_user_pool_clientaws_cognito_user_pool_domain- Note:
aws_cognito_user_pool_clientID filters may use<user_pool_id>/<client_id>, such asType=cognito_user_pool_client;Name=id;Value=us-east-1_abc/client123. Generated state storesclient123as the resource ID and keepsuser_pool_idseparately, matching the provider read path in providers/aws/cognito.go.
comprehendaws_comprehend_document_classifieraws_comprehend_entity_recognizer
connectaws_connect_bot_associationaws_connect_hours_of_operationaws_connect_instanceaws_connect_instance_storage_configaws_connect_lambda_function_associationaws_connect_phone_numberaws_connect_queueaws_connect_quick_connectaws_connect_routing_profileaws_connect_security_profileaws_connect_useraws_connect_user_hierarchy_groupaws_connect_user_hierarchy_structure
configaws_config_aggregate_authorizationaws_config_config_ruleaws_config_configuration_aggregatoraws_config_configuration_recorderaws_config_configuration_recorder_statusaws_config_delivery_channelaws_config_organization_custom_policy_ruleaws_config_organization_custom_ruleaws_config_organization_managed_ruleaws_config_remediation_configurationaws_config_retention_configuration
customer_gatewayaws_customer_gateway
customerprofilesaws_customerprofiles_domain
datapipelineaws_datapipeline_pipelineaws_datapipeline_pipeline_definition
devicefarmaws_devicefarm_device_poolaws_devicefarm_instance_profileaws_devicefarm_network_profileaws_devicefarm_projectaws_devicefarm_test_grid_projectaws_devicefarm_upload
detectiveaws_detective_graphaws_detective_memberaws_detective_organization_admin_account
dmsaws_dms_certificateaws_dms_endpointaws_dms_event_subscriptionaws_dms_replication_configaws_dms_replication_instanceaws_dms_replication_subnet_groupaws_dms_replication_taskaws_dms_s3_endpoint
docdbaws_docdb_clusteraws_docdb_cluster_instanceaws_docdb_cluster_parameter_groupaws_docdb_event_subscriptionaws_docdb_subnet_group
dxaws_dx_connectionaws_dx_gatewayaws_dx_gateway_associationaws_dx_lagaws_dx_private_virtual_interfaceaws_dx_public_virtual_interfaceaws_dx_transit_virtual_interface
dynamodbaws_dynamodb_contributor_insightsaws_dynamodb_global_tableaws_dynamodb_kinesis_streaming_destinationaws_dynamodb_resource_policyaws_dynamodb_tableaws_dynamodb_table_export
ebsaws_ebs_default_kms_keyaws_ebs_encryption_by_defaultaws_ebs_fast_snapshot_restoreaws_ebs_snapshotaws_ebs_volumeaws_volume_attachment
ec2aws_ec2_capacity_reservationaws_ec2_hostaws_ec2_instance_connect_endpointaws_ec2_network_insights_pathaws_ec2_traffic_mirror_filteraws_ec2_traffic_mirror_filter_ruleaws_ec2_traffic_mirror_sessionaws_ec2_traffic_mirror_targetaws_placement_group
ec2_instanceaws_instance
ecraws_ecr_account_settingaws_ecr_lifecycle_policyaws_ecr_pull_through_cache_ruleaws_ecr_registry_policyaws_ecr_registry_scanning_configurationaws_ecr_replication_configurationaws_ecr_repositoryaws_ecr_repository_creation_templateaws_ecr_repository_policy
ecrpublicaws_ecrpublic_repositoryaws_ecrpublic_repository_policy
ecsaws_ecs_capacity_provideraws_ecs_clusteraws_ecs_cluster_capacity_providersaws_ecs_serviceaws_ecs_task_definitionaws_ecs_task_set
efsaws_efs_access_pointaws_efs_backup_policyaws_efs_file_systemaws_efs_file_system_policyaws_efs_mount_targetaws_efs_replication_configuration
eipaws_eip
eksaws_eks_access_entryaws_eks_access_policy_associationaws_eks_addonaws_eks_clusteraws_eks_fargate_profileaws_eks_identity_provider_configaws_eks_node_groupaws_eks_pod_identity_association
elasticacheaws_elasticache_clusteraws_elasticache_global_replication_groupaws_elasticache_parameter_groupaws_elasticache_replication_groupaws_elasticache_serverless_cacheaws_elasticache_subnet_groupaws_elasticache_useraws_elasticache_user_group
elastic_beanstalkaws_elastic_beanstalk_applicationaws_elastic_beanstalk_environment
elbaws_elb
emraws_emr_clusteraws_emr_security_configuration
eniaws_network_interface
esaws_elasticsearch_domain
firehoseaws_kinesis_firehose_delivery_stream
globalacceleratoraws_globalaccelerator_acceleratoraws_globalaccelerator_cross_account_attachmentaws_globalaccelerator_custom_routing_acceleratoraws_globalaccelerator_custom_routing_endpoint_groupaws_globalaccelerator_custom_routing_listeneraws_globalaccelerator_endpoint_groupaws_globalaccelerator_listener
glueaws_glue_catalog_databaseaws_glue_catalog_tableaws_glue_catalog_table_optimizeraws_glue_classifieraws_glue_connectionaws_glue_crawleraws_glue_data_catalog_encryption_settingsaws_glue_data_quality_rulesetaws_glue_dev_endpointaws_glue_jobaws_glue_ml_transformaws_glue_partition_indexaws_glue_registryaws_glue_resource_policyaws_glue_schemaaws_glue_security_configurationaws_glue_triggeraws_glue_user_defined_functionaws_glue_workflow
guarddutyaws_guardduty_detectoraws_guardduty_filteraws_guardduty_ipsetaws_guardduty_malware_protection_planaws_guardduty_memberaws_guardduty_organization_admin_accountaws_guardduty_organization_configurationaws_guardduty_publishing_destinationaws_guardduty_threatintelset
iamaws_iam_access_keyaws_iam_account_aliasaws_iam_account_password_policyaws_iam_groupaws_iam_group_policyaws_iam_group_policy_attachmentaws_iam_instance_profileaws_iam_openid_connect_provideraws_iam_policyaws_iam_roleaws_iam_role_policyaws_iam_role_policy_attachmentaws_iam_saml_provideraws_iam_useraws_iam_user_group_membershipaws_iam_user_policyaws_iam_user_policy_attachment
identitystoreaws_identitystore_groupaws_identitystore_group_membershipaws_identitystore_user
igwaws_internet_gateway
ipamaws_vpc_ipamaws_vpc_ipam_poolaws_vpc_ipam_pool_cidraws_vpc_ipam_resource_discoveryaws_vpc_ipam_resource_discovery_associationaws_vpc_ipam_scope
iotaws_iot_thingaws_iot_thing_typeaws_iot_topic_ruleaws_iot_role_alias
ivsaws_ivs_channelaws_ivs_recording_configuration
ivschataws_ivschat_logging_configurationaws_ivschat_room
kendraaws_kendra_data_sourceaws_kendra_experienceaws_kendra_faqaws_kendra_indexaws_kendra_query_suggestions_block_listaws_kendra_thesaurus
kinesisaws_kinesis_resource_policyaws_kinesis_streamaws_kinesis_stream_consumer
kmsaws_kms_keyaws_kms_aliasaws_kms_grant
lakeformationaws_lakeformation_data_cells_filteraws_lakeformation_data_lake_settingsaws_lakeformation_identity_center_configurationaws_lakeformation_lf_tagaws_lakeformation_lf_tag_expression
lambdaaws_lambda_aliasaws_lambda_code_signing_configaws_lambda_event_source_mappingaws_lambda_functionaws_lambda_function_event_invoke_configaws_lambda_function_recursion_configaws_lambda_function_urlaws_lambda_layer_versionaws_lambda_permissionaws_lambda_provisioned_concurrency_configaws_lambda_runtime_management_config
lexaws_lex_botaws_lex_bot_aliasaws_lex_intentaws_lex_slot_type
lexv2modelsaws_lexv2models_botaws_lexv2models_bot_localeaws_lexv2models_intentaws_lexv2models_slotaws_lexv2models_slot_type
logsaws_cloudwatch_log_account_policyaws_cloudwatch_log_anomaly_detectoraws_cloudwatch_log_data_protection_policyaws_cloudwatch_log_deliveryaws_cloudwatch_log_delivery_destinationaws_cloudwatch_log_delivery_destination_policyaws_cloudwatch_log_delivery_sourceaws_cloudwatch_log_destinationaws_cloudwatch_log_destination_policyaws_cloudwatch_log_groupaws_cloudwatch_log_index_policyaws_cloudwatch_log_metric_filteraws_cloudwatch_log_resource_policyaws_cloudwatch_log_subscription_filteraws_cloudwatch_log_transformeraws_cloudwatch_query_definition
media_convertaws_media_convert_queue
media_packageaws_media_package_channel
media_packagev2aws_media_packagev2_channel_group
media_storeaws_media_store_containeraws_media_store_container_policy
memorydbaws_memorydb_aclaws_memorydb_clusteraws_memorydb_parameter_groupaws_memorydb_subnet_group
medialiveaws_medialive_channelaws_medialive_inputaws_medialive_input_security_groupaws_medialive_multiplexaws_medialive_multiplex_program
mqaws_mq_configuration
mskaws_msk_clusteraws_msk_cluster_policyaws_msk_configurationaws_msk_replicatoraws_msk_scram_secret_associationaws_msk_serverless_clusteraws_msk_single_scram_secret_associationaws_msk_vpc_connection
mwaaaws_mwaa_environment
naclaws_default_network_aclaws_network_acl
nataws_nat_gateway
neptuneaws_neptune_clusteraws_neptune_cluster_endpointaws_neptune_cluster_instanceaws_neptune_cluster_parameter_groupaws_neptune_event_subscriptionaws_neptune_parameter_groupaws_neptune_subnet_group
networkmanager(imported once per run through a single effective regional control-plane endpoint; resources are not duplicated per requested region)aws_networkmanager_connectionaws_networkmanager_deviceaws_networkmanager_global_networkaws_networkmanager_linkaws_networkmanager_site
notificationsaws_notifications_channel_associationaws_notifications_event_ruleaws_notifications_notification_configurationaws_notifications_notification_hub
notificationscontactsaws_notificationscontacts_email_contact
opsworksaws_opsworks_applicationaws_opsworks_custom_layeraws_opsworks_instanceaws_opsworks_java_app_layeraws_opsworks_php_app_layeraws_opsworks_stackaws_opsworks_static_web_layeraws_opsworks_user_profile
organizationaws_organizations_accountaws_organizations_organizationaws_organizations_organizational_unitaws_organizations_policyaws_organizations_policy_attachment
opensearchaws_opensearch_domainaws_opensearch_domain_policyaws_opensearch_domain_saml_optionsaws_opensearch_inbound_connection_accepteraws_opensearch_outbound_connectionaws_opensearch_package_associationaws_opensearch_vpc_endpoint
opensearchserverlessaws_opensearchserverless_access_policyaws_opensearchserverless_collectionaws_opensearchserverless_lifecycle_policyaws_opensearchserverless_security_configaws_opensearchserverless_security_policyaws_opensearchserverless_vpc_endpoint
pinpointaws_pinpoint_appaws_pinpoint_email_channelaws_pinpoint_event_streamaws_pinpoint_sms_channel
pinpointsmsvoicev2aws_pinpointsmsvoicev2_configuration_setaws_pinpointsmsvoicev2_opt_out_listaws_pinpointsmsvoicev2_phone_number
pipesaws_pipes_pipe
qldbaws_qldb_ledger
quicksightaws_quicksight_folderaws_quicksight_folder_membershipaws_quicksight_groupaws_quicksight_group_membershipaws_quicksight_namespaceaws_quicksight_vpc_connection
rdsaws_db_instanceaws_db_instance_role_associationaws_db_proxyaws_db_proxy_default_target_groupaws_db_proxy_endpointaws_db_proxy_targetaws_db_cluster_snapshotaws_db_parameter_groupaws_db_snapshotaws_db_subnet_groupaws_db_option_groupaws_db_event_subscriptionaws_rds_clusteraws_rds_cluster_endpointaws_rds_cluster_instanceaws_rds_cluster_parameter_groupaws_rds_cluster_role_associationaws_rds_global_cluster
redshiftaws_redshift_clusteraws_redshift_event_subscriptionaws_redshift_parameter_groupaws_redshift_snapshot_scheduleaws_redshift_snapshot_schedule_associationaws_redshift_subnet_group
redshiftserverlessaws_redshiftserverless_custom_domain_associationaws_redshiftserverless_endpoint_accessaws_redshiftserverless_namespaceaws_redshiftserverless_resource_policyaws_redshiftserverless_snapshotaws_redshiftserverless_usage_limitaws_redshiftserverless_workgroup
rekognitionaws_rekognition_collectionaws_rekognition_projectaws_rekognition_stream_processor
resourcegroupsaws_resourcegroups_group
route53aws_route53_zoneaws_route53_recordaws_route53_health_checkaws_route53_query_logaws_route53_delegation_setaws_route53_key_signing_keyaws_route53_hosted_zone_dnssec
route53_resolveraws_route53_resolver_configaws_route53_resolver_dnssec_configaws_route53_resolver_endpointaws_route53_resolver_firewall_configaws_route53_resolver_firewall_domain_listaws_route53_resolver_firewall_ruleaws_route53_resolver_firewall_rule_groupaws_route53_resolver_firewall_rule_group_associationaws_route53_resolver_query_log_configaws_route53_resolver_query_log_config_associationaws_route53_resolver_ruleaws_route53_resolver_rule_association
route_tableaws_route_tableaws_main_route_table_associationaws_route_table_association
s3aws_s3_bucketaws_s3_bucket_accelerate_configurationaws_s3_bucket_aclaws_s3_bucket_analytics_configurationaws_s3_bucket_cors_configurationaws_s3_bucket_intelligent_tiering_configurationaws_s3_bucket_inventoryaws_s3_bucket_lifecycle_configurationaws_s3_bucket_loggingaws_s3_bucket_metricaws_s3_bucket_notificationaws_s3_bucket_object_lock_configurationaws_s3_bucket_ownership_controlsaws_s3_bucket_policyaws_s3_bucket_public_access_blockaws_s3_bucket_replication_configurationaws_s3_bucket_request_payment_configurationaws_s3_bucket_server_side_encryption_configurationaws_s3_bucket_versioningaws_s3_bucket_website_configuration
s3controlaws_s3_account_public_access_blockaws_s3_access_pointaws_s3control_access_grantaws_s3control_access_grants_instanceaws_s3control_access_grants_instance_resource_policyaws_s3control_access_grants_locationaws_s3control_access_point_policyaws_s3control_multi_region_access_pointaws_s3control_object_lambda_access_pointaws_s3control_object_lambda_access_point_policyaws_s3control_storage_lens_configuration
s3tablesaws_s3tables_table_bucketaws_s3tables_namespaceaws_s3tables_tableaws_s3tables_table_bucket_policyaws_s3tables_table_policy
sagemakeraws_sagemaker_algorithmaws_sagemaker_appaws_sagemaker_app_image_configaws_sagemaker_code_repositoryaws_sagemaker_data_quality_job_definitionaws_sagemaker_device_fleetaws_sagemaker_domainaws_sagemaker_endpointaws_sagemaker_endpoint_configurationaws_sagemaker_feature_groupaws_sagemaker_flow_definitionaws_sagemaker_imageaws_sagemaker_image_versionaws_sagemaker_mlflow_appaws_sagemaker_mlflow_tracking_serveraws_sagemaker_model_cardaws_sagemaker_modelaws_sagemaker_model_package_groupaws_sagemaker_model_package_group_policyaws_sagemaker_monitoring_scheduleaws_sagemaker_notebook_instanceaws_sagemaker_notebook_instance_lifecycle_configurationaws_sagemaker_pipelineaws_sagemaker_projectaws_sagemaker_servicecatalog_portfolio_statusaws_sagemaker_spaceaws_sagemaker_studio_lifecycle_configaws_sagemaker_user_profileaws_sagemaker_workforceaws_sagemaker_workteam
scheduleraws_scheduler_scheduleaws_scheduler_schedule_group
secretsmanageraws_secretsmanager_secretaws_secretsmanager_secret_policyaws_secretsmanager_secret_rotation
securityhubaws_securityhub_action_targetaws_securityhub_accountaws_securityhub_automation_ruleaws_securityhub_configuration_policyaws_securityhub_configuration_policy_associationaws_securityhub_finding_aggregatoraws_securityhub_insightaws_securityhub_memberaws_securityhub_organization_admin_accountaws_securityhub_organization_configurationaws_securityhub_product_subscriptionaws_securityhub_standards_subscription
servicecatalogaws_servicecatalog_portfolio
sesaws_ses_configuration_setaws_ses_domain_identityaws_ses_email_identityaws_ses_receipt_ruleaws_ses_receipt_rule_setaws_ses_template
sesv2aws_sesv2_account_suppression_attributesaws_sesv2_account_vdm_attributesaws_sesv2_configuration_setaws_sesv2_configuration_set_event_destinationaws_sesv2_contact_listaws_sesv2_dedicated_ip_assignmentaws_sesv2_dedicated_ip_poolaws_sesv2_email_identityaws_sesv2_email_identity_feedback_attributesaws_sesv2_email_identity_mail_from_attributesaws_sesv2_email_identity_policy
sfnaws_sfn_activityaws_sfn_state_machine
sgaws_security_groupaws_security_group_rule(if a rule cannot be inlined)
snsaws_sns_topicaws_sns_topic_data_protection_policyaws_sns_topic_policyaws_sns_topic_subscription
ssoadminaws_ssoadmin_account_assignmentaws_ssoadmin_customer_managed_policy_attachmentaws_ssoadmin_instance_access_control_attributesaws_ssoadmin_managed_policy_attachmentaws_ssoadmin_permission_setaws_ssoadmin_permission_set_inline_policyaws_ssoadmin_permissions_boundary_attachment
sqsaws_sqs_queueaws_sqs_queue_policyaws_sqs_queue_redrive_allow_policyaws_sqs_queue_redrive_policy
ssmaws_ssm_activationaws_ssm_associationaws_ssm_default_patch_baselineaws_ssm_documentaws_ssm_maintenance_windowaws_ssm_maintenance_window_targetaws_ssm_maintenance_window_taskaws_ssm_parameteraws_ssm_patch_baselineaws_ssm_patch_groupaws_ssm_resource_data_syncaws_ssm_service_setting
subnetaws_subnet
swfaws_swf_domain
transcribeaws_transcribe_language_model
transit_gatewayaws_ec2_transit_gatewayaws_ec2_transit_gateway_connectaws_ec2_transit_gateway_connect_peeraws_ec2_transit_gateway_metering_policyaws_ec2_transit_gateway_metering_policy_entryaws_ec2_transit_gateway_multicast_domainaws_ec2_transit_gateway_peering_attachmentaws_ec2_transit_gateway_peering_attachment_accepteraws_ec2_transit_gateway_policy_tableaws_ec2_transit_gateway_policy_table_associationaws_ec2_transit_gateway_prefix_list_referenceaws_ec2_transit_gateway_routeaws_ec2_transit_gateway_route_tableaws_ec2_transit_gateway_route_table_associationaws_ec2_transit_gateway_route_table_propagationaws_ec2_transit_gateway_vpc_attachment
verifiedaccessaws_verifiedaccess_endpointaws_verifiedaccess_groupaws_verifiedaccess_instanceaws_verifiedaccess_trust_provider
vpcaws_vpc
vpc_endpointaws_vpc_endpoint
vpclatticeaws_vpclattice_access_log_subscriptionaws_vpclattice_auth_policyaws_vpclattice_listeneraws_vpclattice_listener_ruleaws_vpclattice_resource_policyaws_vpclattice_serviceaws_vpclattice_service_networkaws_vpclattice_service_network_service_associationaws_vpclattice_service_network_vpc_associationaws_vpclattice_target_group
vpc_peeringaws_vpc_peering_connection
vpn_connectionaws_vpn_connection
vpn_gatewayaws_vpn_gateway
wafaws_waf_byte_match_setaws_waf_geo_match_setaws_waf_ipsetaws_waf_rate_based_ruleaws_waf_regex_match_setaws_waf_regex_pattern_setaws_waf_ruleaws_waf_rule_groupaws_waf_size_constraint_setaws_waf_sql_injection_match_setaws_waf_web_aclaws_waf_xss_match_set
waf_regionalaws_wafregional_byte_match_setaws_wafregional_geo_match_setaws_wafregional_ipsetaws_wafregional_rate_based_ruleaws_wafregional_regex_match_setaws_wafregional_regex_pattern_setaws_wafregional_ruleaws_wafregional_rule_groupaws_wafregional_size_constraint_setaws_wafregional_sql_injection_match_setaws_wafregional_web_aclaws_wafregional_xss_match_set
wafv2_cloudfrontaws_wafv2_ip_setaws_wafv2_regex_pattern_setaws_wafv2_rule_groupaws_wafv2_web_aclaws_wafv2_web_acl_logging_configuration
wafv2_regionalaws_wafv2_ip_setaws_wafv2_regex_pattern_setaws_wafv2_rule_groupaws_wafv2_web_aclaws_wafv2_web_acl_associationaws_wafv2_web_acl_logging_configuration
workspacesaws_workspaces_directoryaws_workspaces_ip_groupaws_workspaces_workspace
xrayaws_xray_sampling_rule
Global services
Section titled “Global services”AWS services that are global will be imported without specified region even if several regions will be passed. It is to ensure only one representation of an AWS resource is imported.
List of global AWS services:
budgetscloudfrontecrpublicglobalacceleratoriamorganizationroute53waf
Attribute filters
Section titled “Attribute filters”Attribute filters allow filtering across different resource types by its attributes.
terraformer import aws --resources=ec2_instance,ebs --filter="Name=tags.costCenter;Value=20000:'20001:1'" --regions=eu-west-1Will only import AWS EC2 instances along with EBS volumes annotated with tag costCenter with values 20000 or 20001:1. Attribute filters are by default applicable to all resource types although it’s possible to specify to what resource type a given filter should be applicable to by providing Type=<type> parameter. For example:
terraformer import aws --resources=ec2_instance,ebs --filter=Type=ec2_instance;Name=tags.costCenter;Value=20000:'20001:1' --regions=eu-west-1Will work as same as example above with a change the filter will be applicable only to ec2_instance resources.
Few more examples - How to import ec2 instance based on instance name and id
terraformer import aws --resources=ec2_instance --filter="Name=tags.Name;Value=Terraformer" --regions=us-east-1This command imports ec2 instance having name as Terraformer.
terraformer import aws --resources=ec2_instance --filter="Name=id;Value=i-0xxxxxxxxx" --regions=us-east-1This command imports ec2 instance having instance-id as i-0xxxxxxxxx.
Due to fact API Gateway generates a lot of resources, it’s possible to issue a filtering query to retrieve resources related to a given REST API by tags. To fetch resources related to a REST API resource with a tag STAGE and value dev, add parameter --filter="Type=api_gateway_rest_api;Name=tags.STAGE;Value=dev".
SQS queues retrieval
Section titled “SQS queues retrieval”Terraformer uses AWS ListQueues API call to fetch available queues. The API is able to return only up to 1000 queues and an additional name prefix should be passed to filter the list results. It’s possible to pass QueueNamePrefix parameter by environmental variable SQS_PREFIX.