My last few posts have been looking at the challenges of bringing existing Azure resources under code control, dealing with so-called brownfield site scenarios. In my last blog post I looked at the Terracognita tool for importing existing Azure resources into Terraform. This post will look at another tool Aztfy.
Setup
The tool is straightforward to install:
brew install aztfy
And the command line help is fairly straightforward:
There is a nice presentation/intro which sets out the problem the developers are trying to tackle as well as a comparison of the existing tools available. In addition, there is a simple demo of how to use it.
Testing
Let’s dive right in and put it to the test.
I have a test resource group with a vNet, key vault, test webapp where I’ve been playing around with private connections to and from a webapp.
The simplest command is to get all resources in a resource group.
aztfy rg rg-cjris-uks-test-web-01
As a side note if my directory is not empty then I am given the option to trash the existing files or merge new resources in. I’ll give that a try another time..
After a minute or two I get a list of my Azure resources
At this point I can apply a filter or if I want to using a nice, simple syntax:
As it is, I’m just going to grab everything and accept the defaults (highlighted in purple)
We can see progress being made…
And then, it is done.
Lets have a look at what has been created:
Well, everything appears to have been put into a single main.tf file. I’d like to see some attempt at modularity, or extracting variables, but I can live with it if it gives me a tool to easily re-create my configuration.
So, what does terraform make of this code? I ran terraform plan
Brilliant! No changes to make. That is an excellent outcome.
I understand that there is the possibility that some resources may be skipped or not enumerated correctly, and I’m sure if I had a more complex configuration that would be the case, but I’m pleased with that outcome of my relatively simple test.
Recovery Test
Let’s take that on a step then. I’m going to delete the resource group and see if I can genuinely recover the configuration from the created code.
After that completed, I waited a few minutes, mostly because it was time for some dinner, then ran terraform plan again.
It looked promising so I ran apply
Drumroll….
Fantastic! That is a successful test.
The journey is not, by any means complete. I’ve still got my other resource groups to deal with. I have resources which sit outside resource groups. I would like to re-factor the code to use variables and modules to streamline the code for re-usability and maintainability.
Having said that I have been able to achieve one of my main goals, to come into an existing Azure environment and easily generate code of my resources. Not only that but I have been able to delete the resource group then re-create it, and its resources.
Final thoughts
This then, gives us two different tools to handle importing existing resources into Terraform: Terracognita and Aztfy. Both of them have strengths and weaknesses, neither of them is an end-to-end solution. I shall be keeping an eye on both projects going forward and expect I’ll be using a combination of both going forward. I recommend having a look yourself.
