Version: 17.x

Import Teleport Resources into Terraform

This guide shows you how to import existing dynamic Teleport resources as Terraform resources.

If you already created Teleport resources using another client tool like tctl or the Kubernetes Operator, and want to manage all Teleport resources using your Terraform configuration, follow these steps to generate a .tf file that contains resource blocks that represent your existing Teleport resources.

By defining all Teleport resources in one place, you can help ensure that your cluster configuration matches your expectations.

Step 1/3. Add an `import` block

On your workstation, navigate to your root Teleport Terraform module.
Open a file in your text editor to configure Terraform imports. To keep your configuration tidy, open a new file called imports.tf.
Add an import block to imports.tf. Use the to field to indicate the name of the resource you want to generate configuration for in Terraform. The following example imports a Teleport role called myrole:
```
import {
  to = teleport_role.myrole
}
```

Step 2/3. Retrieve the ID of your resource

Retrieve the ID of the resource. The method to use depends on the resource type. Use the following rules to do so:

If the resource is teleport_provision_token, the ID is the metadata.id of the resource.

If the resource can only have one instance, use the name of the resource type without the teleport prefix. For example:

Resource ID
teleport_cluster_maintenance_config cluster_maintenance_config
teleport_cluster_networking_config cluster_networking_config

For all other resources, the ID is always the metadata.name of the resource.

For example, the teleport_role resource uses the role's metadata.name field for its ID. To find all possible role IDs, run the following command:
```
tctl get roles --format json | jq '.[].metadata.name'
```
In the import block, assign the id field to the resource ID you retrieved earlier. For example, to import a Teleport role with a metadata.name of myrole, add the following:
```
  import {
    to = teleport_role.myrole
+   id = "myrole"
  }
```

Resource	ID
`teleport_cluster_maintenance_config`	`cluster_maintenance_config`
`teleport_cluster_networking_config`	`cluster_networking_config`

Step 3/3. Generate a configuration file

Generate a resource configuration

terraform plan -generate-config-out=imported-resources.tf

Inspect the resulting file, imported-resources.tf. If the new resource block looks correct, you can check the file into source control.

Next steps

Follow the user and role IaC guide to use the Terraform Provider to create Teleport users and grant them roles.
Explore the full list of supported Terraform provider resources.
See the list of supported Teleport Terraform setups:

Teleport Infrastructure Identity Platform

Featured Resource

Protected Resources

Featured Resource

Engineering Velocity

Infrastructure Resiliency

AI & Infrastructure Identity

Industries

Featured Resource

Compliance

Featured Resource

Strategic Partners

Featured AWS Webinar

Read

Experience

Discover

Featured Blog Post

Company

Explore

Featured Event

Teleport Partners

From Our Partners

Import Teleport Resources into Terraform

Step 1/3. Add an `import` block

Step 2/3. Retrieve the ID of your resource

Step 3/3. Generate a configuration file

Next steps

Teleport Infrastructure Identity Platform

Featured Resource

Protected Resources

Featured Resource

Engineering Velocity

Infrastructure Resiliency

AI & Infrastructure Identity

Industries

Featured Resource

Compliance

Featured Resource

Strategic Partners

Featured AWS Webinar

Featured Blog Post

Featured Event

From Our Partners

Step 1/3. Add an import block​

Step 2/3. Retrieve the ID of your resource​

Step 3/3. Generate a configuration file​

Next steps​

Step 1/3. Add an `import` block

Step 2/3. Retrieve the ID of your resource

Step 3/3. Generate a configuration file

Next steps