You've deployed resources in Google Cloud, and now need to manage your infrastructure as code (IaC) with Terraform. Google provides a tool that you can use to generate Terraform code for resources in a project, folder, or organization.
Before you begin
Install the command-line interface (CLI) for Config Connector.
gcloud components install config-connector
Config Connector lets you use Google Cloud's Terraform bulk-export tool.
Enable the Cloud Asset API.
gcloud services enable cloudasset.googleapis.com
Make sure that the Cloud Asset Service Agent
gcp-sa-cloudasset.iam.gserviceaccount.comhas theroles/servicenetworking.serviceAgentrole.gcloud projects add-iam-policy-binding PROJECT_ID \ --member=serviceAccount:service-PROJECT_NUMBER@gcp-sa-cloudasset.iam.gserviceaccount.com \ --role=roles/servicenetworking.serviceAgent
Export the entire project configuration to Terraform HCL code
The gcloud beta resource-config bulk-export --resource-format=terraform command exports
resources currently configured in the project, folder, or
organization and prints them to the screen in HCL code format.
gcloud beta resource-config bulk-export \ --project=PROJECT_ID \ --resource-format=terraform
Write the output to a directory structure
Output the project's entire configuration to a path:
gcloud beta resource-config bulk-export \ --path=OUTPUT_DIRECTORY_NAME \ --project=PROJECT_ID \ --resource-format=terraform
The --path flag specifies the location to output the HCL code. If the path
OUTPUT_DIRECTORY_NAME doesn't exist, a prompt asks you
if you want to create it.
After running the command, the HCL code for each resource is output to a
separate .tf file in the following directory structure:
OUTPUT_DIRECTORY_NAME/projects/PROJECT_ID/RESOURCE_TYPE
Write the output to a single file
If you don't want to print the output to the screen or create separate .tf
files, you can write all of the output to a single file, as shown in this
example:
gcloud beta resource-config bulk-export --resource-format=terraform >> gcp_resources.tf
Filter the output
Filter the output of the bulk export command by specifying resource types.
List the supported resource types to filter on
For a list of supported resource types, run the gcloud beta
resource-config list-resource-types command:
gcloud beta resource-config list-resource-types
Optionally, write the output to a file:
gcloud beta resource-config list-resource-types >> strings.txt
In the output, the resource type for Compute Engine VMs is listed as:
KRM KIND: ComputeInstance
You can ignore the KRM KIND: prefix.
Export a single resource type
Use a string, such as ComputeInstance, to export specific resource types for
your project in HCL code format:
gcloud beta resource-config bulk-export \ --resource-types=RESOURCE_TYPE \ --project=PROJECT_ID \ --resource-format=terraform
The --resource-types flag specifies the resource type to output.
Export multiple resource types
Export VM instances and firewall rules in HCL code format:
gcloud beta resource-config bulk-export \ --resource-types=ComputeFirewall,ComputeInstance \ --project=PROJECT_ID \ --resource-format=terraform
Use a file to specify the resource types to export
Create a directory called
tf-output.cd && mkdir tf-output && cd tf-output
Create a file called
types.txt, and add a list of resource types. For example:ComputeBackendBucket ComputeBackendService ComputeForwardingRule
Run the
gcloud beta resource-config bulk-exportcommand with the--resource-types-fileflag:gcloud beta resource-config bulk-export \ --resource-types-file=types.txt \ --path=tf-output \ --project=PROJECT_ID \ --resource-format=terraform
If the project doesn't contain any of a particular resource type, the command succeeds but nothing is output for that resource type.