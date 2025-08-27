Version: 17.x

Import Teleport Resources into Terraform

This guide shows you how to import existing dynamic Teleport resources as Terraform resources.

If you already created Teleport resources using another client tool like tctl or the Kubernetes Operator, and want to manage all Teleport resources using your Terraform configuration, follow these steps to generate a .tf file that contains resource blocks that represent your existing Teleport resources.

By defining all Teleport resources in one place, you can help ensure that your cluster configuration matches your expectations.

As with any compliant Terraform provider, the Teleport provider allows you to generate a Terraform configuration based on existing resources that the Teleport Auth Service has stored on its backend. For all of the Teleport resources that the Terraform provider supports, see the Terraform resource reference.

On your workstation, navigate to your root Teleport Terraform module. Open a file in your text editor to configure Terraform imports. To keep your configuration tidy, open a new file called imports.tf . Add an import block to imports.tf . Use the to field to indicate the name of the resource you want to generate configuration for in Terraform. The following example imports a Teleport role called myrole : import { to = teleport_role.myrole }

Retrieve the ID of the resource. The method to use depends on the resource type. Use the following rules to do so: If the resource is teleport_provision_token , the ID is the metadata.id of the resource. If the resource can only have one instance, use the name of the resource type without the teleport prefix. For example: Resource ID teleport_cluster_maintenance_config cluster_maintenance_config teleport_cluster_networking_config cluster_networking_config For all other resources, the ID is always the metadata.name of the resource. For example, the teleport_role resource uses the role's metadata.name field for its ID. To find all possible role IDs, run the following command: tctl get roles --format json | jq '.[].metadata.name' In the import block, assign the id field to the resource ID you retrieved earlier. For example, to import a Teleport role with a metadata.name of myrole , add the following: import { to = teleport_role.myrole + id = "myrole" }