Export your Google Cloud resources into Terraform format

Stay organized with collections Save and categorize content based on your preferences.

You've deployed resources in Google Cloud, and now need to manage your infrastructure as code (IaC) with Terraform. Google provides a tool that you can use to generate Terraform code for resources in a project, folder, or organization.

Before you begin

  • Install the command-line interface (CLI) for Config Connector.

    gcloud components install config-connector
    

    Config Connector lets you use Google Cloud's Terraform bulk-export tool.

  • Enable the Cloud Asset API.

    gcloud services enable cloudasset.googleapis.com
    
  • Make sure that the Cloud Asset Service Agent gcp-sa-cloudasset.iam.gserviceaccount.com has the roles/servicenetworking.serviceAgent role.

    gcloud projects add-iam-policy-binding PROJECT_ID \
      --member=serviceAccount:service-PROJECT_NUMBER@gcp-sa-cloudasset.iam.gserviceaccount.com \
      --role=roles/servicenetworking.serviceAgent
    

Export the entire project configuration to Terraform HCL code

The gcloud beta resource-config bulk-export --resource-format=terraform command exports resources currently configured in the project, folder, or organization and prints them to the screen in HCL code format.

gcloud beta resource-config bulk-export \
  --project=PROJECT_ID \
  --resource-format=terraform

Write the output to a directory structure

Output the project's entire configuration to a path:

gcloud beta resource-config bulk-export \
  --path=OUTPUT_DIRECTORY_NAME \
  --project=PROJECT_ID \
  --resource-format=terraform

The --path flag specifies the location to output the HCL code. If the path OUTPUT_DIRECTORY_NAME doesn't exist, a prompt asks you if you want to create it.

After running the command, the HCL code for each resource is output to a separate .tf file in the following directory structure:

OUTPUT_DIRECTORY_NAME/projects/PROJECT_ID/RESOURCE_TYPE

Write the output to a single file

If you don't want to print the output to the screen or create separate .tf files, you can write all of the output to a single file, as shown in this example:

gcloud beta resource-config bulk-export --resource-format=terraform >> gcp_resources.tf

Filter the output

Filter the output of the bulk export command by specifying resource types.

List the supported resource types to filter on

For a list of supported resource types, run the gcloud beta resource-config list-resource-types command:

gcloud beta resource-config list-resource-types

Optionally, write the output to a file:

gcloud beta resource-config list-resource-types >> strings.txt

In the output, the resource type for Compute Engine VMs is listed as:

KRM KIND: ComputeInstance

You can ignore the KRM KIND: prefix.

Export a single resource type

Use a string, such as ComputeInstance, to export specific resource types for your project in HCL code format:

gcloud beta resource-config bulk-export \
  --resource-types=RESOURCE_TYPE \
  --project=PROJECT_ID \
  --resource-format=terraform

The --resource-types flag specifies the resource type to output.

Export multiple resource types

Export VM instances and firewall rules in HCL code format:

gcloud beta resource-config bulk-export \
  --resource-types=ComputeFirewall,ComputeInstance \
  --project=PROJECT_ID \
  --resource-format=terraform

Use a file to specify the resource types to export

  1. Create a directory called tf-output.

    cd && mkdir tf-output && cd tf-output
    
  2. Create a file called types.txt, and add a list of resource types. For example:

    ComputeBackendBucket
    ComputeBackendService
    ComputeForwardingRule
    
  3. Run the gcloud beta resource-config bulk-export command with the --resource-types-file flag:

    gcloud beta resource-config bulk-export \
     --resource-types-file=types.txt \
     --path=tf-output \
     --project=PROJECT_ID \
     --resource-format=terraform
    

If the project doesn't contain any of a particular resource type, the command succeeds but nothing is output for that resource type.

Next steps