Terraform-provider-aws: Importing routes & ACL rules
_This issue was originally opened by @AMMullan as hashicorp/terraform#13779. It was migrated here as part of the provider split. The original body of the issue is below._
I'm trying to import existing infrastructure but am not sure how to import ACL Rules and Routes for AWS.
Terraform Version
v0.8.8
Affected Resource(s)
- aws_route
- aws_network_acl_rule
Would just like to know if you can import these or you just have to apply and force it to overwrite the existing items?
hashibot
All 12 comments
I am wondering if importing a AWS route (table entry) is even necessary in case it already exists.
It's clearly defined by "destination -> target" as a combined "primary key". If that matches the route exists and only the additional fields could be different (which then is a update in-place). If everything matches simply skip this route.
frittentheke
on 8 Jan 2018
If the aws_route already exists and it was not created by terraform it needs to be impoerted, otherwise apply fails.
I tried it with both
Terraform v0.11.5
+ provider.aws v1.11.0
and
Terraform v0.11.7
+ provider.aws v1.11.0
Plan and failure:
+ module.core.aws_route.lala
id: <computed>
destination_cidr_block: "10.242.2.0/24"
destination_prefix_list_id: <computed>
egress_only_gateway_id: <computed>
gateway_id: <computed>
instance_id: <computed>
instance_owner_id: <computed>
nat_gateway_id: <computed>
network_interface_id: <computed>
origin: <computed>
route_table_id: "rtb-123456"
state: <computed>
vpc_peering_connection_id: "pcx-123456"
module.core.aws_route.lala: Creating...
destination_cidr_block: "" => "10.242.2.0/24"
destination_prefix_list_id: "" => "<computed>"
egress_only_gateway_id: "" => "<computed>"
gateway_id: "" => "<computed>"
instance_id: "" => "<computed>"
instance_owner_id: "" => "<computed>"
nat_gateway_id: "" => "<computed>"
network_interface_id: "" => "<computed>"
origin: "" => "<computed>"
route_table_id: "" => "rtb-123456"
state: "" => "<computed>"
vpc_peering_connection_id: "" => "pcx-123456"
Error: Error applying plan:
* module.core.aws_route.lala: 1 error(s) occurred:
* aws_route.lala: Error creating route: RouteAlreadyExists: The route identified by 10.242.2.0/24 already exists.
status code: 400, request id: abcdefg-123456
The solution is:
- either import the aws_route. But as far as I understand is not possible right now
- or delete the route on the aws side
So a workaround exists, but an import would be ideal.
vkatsikaros
on 12 Apr 2018
@vkatsikaros and @AMMullan and @frittentheke This enhancement for aws_route is pending in PR #5687 .
YakDriver
on 25 Aug 2018
Support for importing aws_route resources has been merged into master and will release with version 1.34.0 of the AWS provider, likely later today.
bflad
on 30 Aug 2018
Could someone provide an example of what the import would look like? I don't understand what the ID should be or where to find it.
flickerfly
on 20 Sep 2018
@flickerfly It's the <route-table-id>_<destination_cidr>. Examples are in the import section of the aws_route doc...
lorengordon
on 20 Sep 2018
@lorengordon, Thanks!
flickerfly
on 20 Sep 2018
@YakDriver Should this work if the route table is from a remote state?
$ terraform import aws_route.stable_to_mail_temp_route[2] rtb-09e9b7df22051b1d1_192.168.0.0/24
aws_route.stable_to_mail_temp_route: Importing from ID "rtb-09e9b7df22051b1d1_192.168.0.0/24"...
aws_route.stable_to_mail_temp_route: Import complete!
Imported aws_route (ID: r-rtb-09e9b7df22051b1d14165679356)
aws_route.stable_to_mail_temp_route: Refreshing state... (ID: r-rtb-09e9b7df22051b1d14165679356)
Error: aws_route.stable_to_mail_temp_route[2] (import id: rtb-09e9b7df22051b1d1_192.168.0.0/24): 1 error(s) occurred:
* import aws_route.stable_to_mail_temp_route[2] result: r-rtb-09e9b7df22051b1d14165679356: import aws_route.stable_to_mail_temp_route (id: r-rtb-09e9b7df22051b1d14165679356): Terraform detected a resource with this ID doesn't
exist. Please verify the ID is correct. You cannot import non-existent
resources using Terraform import.
I don't think it should matter where the route table exists, as long as the import is executed with a provider that has credentials to the account. If your tf config uses multiple providers, pass -provider X to the import command, X is the provider alias.
-provider=provider Specific provider to use for import. This is used for
specifying aliases, such as "aws.eu". Defaults to the
normal provider prefix of the resource being imported.
But, I haven't yet used the remote state data source, so maybe I'm wrong. 🤷♂️
lorengordon
on 20 Sep 2018
Any update/progress on importing aws_network_acl_rule resources?
pmacdougall
on 25 Oct 2018
Hi folks 👋 Let's track aws_network_acl_rule resource import support in #10983 -- aws_route resource import support has been possible for awhile now. 👍
bflad
on 31 Mar 2020
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 30 Apr 2020
Related issues
hashibot
·
3Comments
ghost
·
3Comments
hashibot
·
3Comments
hashibot
·
3Comments
hashibot
·
3Comments
Most helpful comment
Any update/progress on importing aws_network_acl_rule resources?