When learning Terraform, most tutorials start by creating new infrastructure.
But in the real world, companies already have infrastructure running in the cloud — and your job is to bring it under Terraform management without recreating or breaking anything.
That process is called:
Terraform Import
In this mini project we will:
- Create Azure infrastructure manually (outside Terraform)
- Make Terraform “discover” it
- Connect Terraform state to real resources
- Understand what Terraform actually manages
This tutorial focuses on understanding — not best practices, modules, or clean architecture.
Table of Contents
- Step 0 — Create Infrastructure in Azure (Without Terraform)
- Create Resource Group
- Create Virtual Network and Subnet
- Create App Service Plan (Free Tier)
- Create Web App
- Final Verification
- Step 1 — Terraform Tries to Recreate Existing Resources
- Step 2 — Connect Terraform to the Real Azure Resource
- Verify Terraform Learned the Resource
- The Most Important Test
- What Just Happened?
- Repeat for Other Resources
- Key Concept You Must Understand
- Final Result
- What You Learned
Step 0 — Create Infrastructure in Azure (Without Terraform)
We first create resources using Azure CLI so Terraform has no knowledge of them.
Resource Names
| Resource | Name |
|---|---|
| Resource Group | rgcliminipro21212 |
| Virtual Network | vnetcliminipro21212 |
| App Service Plan | plancliminipro21212 |
| Web App | webappcliminipro21212 |
| Region | centralus |
Create Resource Group
az group create --name rgcliminipro21212 --location centralus
Verify:
az group show --name rgcliminipro21212 --query "{Name:name,Location:location}"
Create Virtual Network and Subnet
az network vnet create --resource-group rgcliminipro21212 --name vnetcliminipro21212 --address-prefix 10.0.0.0/16 --subnet-name default --subnet-prefix 10.0.1.0/24
Verify VNet:
az network vnet show --resource-group rgcliminipro21212 --name vnetcliminipro21212 --query addressSpace.addressPrefixes
Verify Subnet:
az network vnet subnet show --resource-group rgcliminipro21212 --vnet-name vnetcliminipro21212 --name default --query addressPrefix
Create App Service Plan (Free Tier)
az appservice plan create --name plancliminipro21212 --resource-group rgcliminipro21212 --sku F1 --is-linux
Verify:
az appservice plan show --name plancliminipro21212 --resource-group rgcliminipro21212 --query "{Tier:sku.tier,Name:sku.name}"
Create Web App
az webapp create --resource-group rgcliminipro21212 --plan plancliminipro21212 --name webappcliminipro21212 --runtime "NODE:18-lts"
Verify:
az webapp show --resource-group rgcliminipro21212 --name webappcliminipro21212 --query "{State:state,Host:defaultHostName}"
Final Verification
az resource list --resource-group rgcliminipro21212 --output table
At this point:
Infrastructure exists in Azure
Terraform knows nothing about it
Step 1 — Terraform Tries to Recreate Existing Resources
Create a file rg.tf
resource "azurerm_resource_group" "rg" {
name = "rgcliminipro21212"
location = "centralus"
}
Run:
terraform plan
You will see:
Plan: 1 to add
Why?
Because Terraform has no memory yet — it only trusts the state file, not Azure.
Step 2 — Connect Terraform to the Real Azure Resource
We now map the Terraform resource to the real resource.
Get Resource ID
az group show --name rgcliminipro21212 --query id --output tsv
Output looks like:
/subscriptions/<sub-id>/resourceGroups/rgcliminipro21212
Import into Terraform
terraform import azurerm_resource_group.rg <RESOURCE_ID>
Verify Terraform Learned the Resource
Check state
terraform state list
Inspect resource details
terraform state show azurerm_resource_group.rg
Terraform downloaded the real configuration from Azure.
The Most Important Test
Run:
terraform plan
Now you should see:
No changes. Infrastructure matches configuration.
What Just Happened?
Before import:
| Terraform | Azure |
|---|---|
| Wants to create RG | RG already exists |
After import:
| Terraform | Azure |
|---|---|
| Knows RG exists | RG exists |
Terraform did not create anything.
It only learned reality.
Repeat for Other Resources
You repeat the same process for:
- Virtual Network
- Subnet
- App Service Plan
- Web App
The pattern never changes:
- Write resource block
terraform plan→ shows createterraform importterraform plan→ shows no changes
You are teaching Terraform what already exists.
Key Concept You Must Understand
Terraform does NOT manage infrastructure.
Terraform manages a state file.
If it is not in state → Terraform thinks it does not exist
If it is in state → Terraform controls it
Final Result
After importing all resources:
You can now run:
terraform destroy
And Terraform will delete resources that were originally created manually.
That proves:
Terraform now owns the infrastructure
What You Learned
- Terraform does not read Azure automatically
- Import does not create resources
- State file is the brain of Terraform
- Infrastructure can be adopted safely
This is one of the most important real-world Terraform skills.
If you understood this concept, you now understand more Terraform than most beginners who only follow terraform apply tutorials.
Leave a Reply