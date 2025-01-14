Import Teleport Resources into Terraform
This guide shows you how to import existing dynamic Teleport resources as Terraform resources.
If you already created Teleport resources using another client tool like
tctl
or the Kubernetes Operator, and want to manage all Teleport resources using your
Terraform configuration, follow these steps to generate a
.tf file that
contains
resource blocks that represent your existing Teleport resources.
By defining all Teleport resources in one place, you can help ensure that your cluster configuration matches your expectations.
Step 1/3. Add an
import block
-
On your workstation, navigate to your root Teleport Terraform module.
-
Open a file in your text editor to configure Terraform imports. To keep your configuration tidy, open a new file called
imports.tf.
-
Add an
importblock to
imports.tf. Use the
tofield to indicate the name of the resource you want to generate configuration for in Terraform. The following example imports a Teleport role called
myrole:
import { to = teleport_role.myrole }
Step 2/3. Retrieve the ID of your resource
-
Retrieve the ID of the resource. The method to use depends on the resource type. Use the following rules to do so:
If the resource is
teleport_provision_token, the ID is the
metadata.idof the resource.
If the resource can only have one instance, use the name of the resource type without the
teleportprefix. For example:
Resource ID
teleport_cluster_maintenance_config
cluster_maintenance_config
teleport_cluster_networking_config
cluster_networking_config
For all other resources, the ID is always the
metadata.nameof the resource.
For example, the
teleport_roleresource uses the role's
metadata.namefield for its ID. To find all possible role IDs, run the following command:tctl get roles --format json | jq '.[].metadata.name'
-
In the
importblock, assign the
idfield to the resource ID you retrieved earlier. For example, to import a Teleport role with a
metadata.nameof
myrole, add the following:
import { to = teleport_role.myrole + id = "myrole" }
Step 3/3. Generate a configuration file
-
Generate a resource configurationterraform plan -generate-config-out=imported-resources.tf
-
Inspect the resulting file,
imported-resources.tf. If the new
resourceblock looks correct, you can check the file into source control.
Next steps
- Follow the user and role IaC guide to use the Terraform Provider to create Teleport users and grant them roles.
- Explore the full list of supported Terraform provider resources.
- See the list of supported Teleport Terraform setups: