Training
Learning path
Fundamentals of Terraform on Azure - Training
Learn the fundamentals of how Terraform enables you to manage infrastructure deployments on Azure.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Azure Export for Terraform provides various options to customize which resources you export.
In this article, you learn pros and cons for each option.
When you run Azure Export for Terraform in interactive mode, the specified resources (via the parameters you specify when running) display. By default, all of the resources are exported.
The Delete acts as a toggle in skipping or including resources. To remove resources from being exported, use the arrow keys to select the desired resource and press Delete. The resource is updated to display "Skip".
To undo the skip action, verify the skipped resource is selected, and press Delete again.
Pros:
Cons:
Applying a filter using Azure Resource Graph query syntax is a powerful technique when you know exactly what filters you need.
aztfexport query [option] <ARG_where_predicate>
As an example, let's say you have a resource group named myResourceGroup
that has many resources including a network resource. If you want to export only the network resource, you could use the following syntax:
aztfexport query -n "resourceGroup =~ 'myResourceGroup' and type contains 'Microsoft.Network'"
Pros:
Cons:
The following syntax shows the basics to export a set of resources that is defined in a resource mapping file:
aztfexport mapping-file [option] <resource_mapping_file>
You can use a mapping file in either interactive or non-interactive modes:
resource
, resource-group
, query
, mapping file
) by adding the --generate-mapping-file
flag.If your use cases require pre-export modifications, you can manually construct or edit the mapping file. Here are some examples of when you would want to manually edit your own mapping file:
Use-case | Steps |
---|---|
You have many resources in a resource group but only need to export a select few. | Delete the JSON objects from your editor of choice and save the file before exporting. |
You want to rename all your resources in a consistent manner. | Change the resource-name property to whatever name matches your company compliance standards. |
You need to refactor a set of resources by their resource type - such as networking or compute. | Use your editor to find all Microsoft.Network or Microsoft.Compute resources. |
For example, let's say you run the following command for a resource group that contains a virtual machine:
aztfexport rg --generate-mapping-file --non-interactive myResourceGroup
The results are similar to the following JSON file:
{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/vm-MyResourceGroup/extensions/OmsAgentForLinux": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/vm-MyResourceGroup/extensions/OmsAgentForLinux",
"resource_type": "azurerm_virtual_machine_extension",
"resource_name": "res-0"
},
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup",
"resource_type": "azurerm_resource_group",
"resource_name": "res-1"
},
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/sshPublicKeys/vm-MyResourceGroup_key": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/sshPublicKeys/vm-MyResourceGroup_key",
"resource_type": "azurerm_ssh_public_key",
"resource_name": "res-2"
},
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/vm-MyResourceGroup": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/vm-MyResourceGroup",
"resource_type": "azurerm_linux_virtual_machine",
"resource_name": "res-3"
},
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkInterfaces/vm-myResourceGroup-vm-d146": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkInterfaces/vm-myResourceGroup-vm-d146",
"resource_type": "azurerm_network_interface",
"resource_name": "res-4"
},
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkInterfaces/vm-myResourceGroup-vm-d146/networkSecurityGroups/L3N1YnNjcmlwdGlvbnMvZGJmM2I2Y2ItYzFkMC00ZDA0LTk0YjktNTE1MDliOGQzM2ZkL3Jlc291cmNlR3JvdXBzL2hhc2hpY29uZi12bS1kZW1vL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvdm0taGFzaGljb25mLXZtLWRlbW8tbnNn": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkInterfaces/vm-myResourceGroup-vm-d146|/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkSecurityGroups/vm-MyResourceGroup-nsg",
"resource_type": "azurerm_network_interface_security_group_association",
"resource_name": "res-5"
},
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkSecurityGroups/vm-MyResourceGroup-nsg": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkSecurityGroups/vm-MyResourceGroup-nsg",
"resource_type": "azurerm_network_security_group",
"resource_name": "res-6"
},
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/publicIPAddresses/vm-MyResourceGroup-ip": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/publicIPAddresses/vm-MyResourceGroup-ip",
"resource_type": "azurerm_public_ip",
"resource_name": "res-7"
},
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyResourceGroup-vnet": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyResourceGroup-vnet",
"resource_type": "azurerm_virtual_network",
"resource_name": "res-8"
},
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyResourceGroup-vnet/subnets/default": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyResourceGroup-vnet/subnets/default",
"resource_type": "azurerm_subnet",
"resource_name": "res-9"
}
}
Only the object value in the mapping file has significance. The key (defaults to the Azure resource_id
) is just an identifier in this mode.
Now, let's say we want to keep the resource group and any compute-related resources, and modify the resource_name
value.
We could update the mapping file as follows:
{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup",
"resource_type": "azurerm_resource_group",
"resource_name": "myResourceGroup"
},
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM",
"resource_type": "azurerm_linux_virtual_machine",
"resource_name": "myVM"
},
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/sshPublicKeys/myKey": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/sshPublicKeys/myKey",
"resource_type": "azurerm_ssh_public_key",
"resource_name": "myKey"
},
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/vm-myResourceGroup/extensions/OmsAgentForLinux": {
"resource_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/vm-myResourceGroup/extensions/OmsAgentForLinux",
"resource_type": "azurerm_virtual_machine_extension",
"resource_name": "myVMExtension"
}
}
Once you edit the mapping file, you export the mapping file using the following command:
aztfexport map -n "aztfexportResourceMapping.json"
Pros:
Cons:
When running aztfexport
v0.13
or greater alongside Terraform v1.5
or greater, the --generate-import-block
command generates a mapping file alongside a import.tf
file. The import.tf
file includes import blocks for each of the resources aztfexport
was able to map. From this point on the behavior of the configuration is identical to the preexisting import block workflow. To finish, run terraform plan
.
To then delete or filter resources from the resulting export, you can delete the block containing the resource's ID and other information.
A common question is the difference between using Azure Export for Terraform and import blocks. The benefits between the two tools we've noticed include:
Pros:
Cons:
In this article, you learned about the various options to filter resources when exporting with Azure Export for Terraform.
Training
Learning path
Fundamentals of Terraform on Azure - Training
Learn the fundamentals of how Terraform enables you to manage infrastructure deployments on Azure.