π TASK REQUIREMENTS
We already have:
- S3 backend β tf-backend-lab-123
- DynamoDB lock table β tf-state-lock
You will now:
- Choose ANY existing EC2 instance in your AWS account
- Create import-tutorial/ folder
- Configure backend
- Write a minimal EC2 resource (empty shell)
- Run terraform import
- Run terraform plan β fix drift
- Generate the correct Terraform code for the imported EC2
π Directory Structure
import-tutorial/
main.tf
backend.tf
outputs.tf
variables.tf (optional)
𧱠Step 1 β backend.tf
terraform {
backend "s3" {
bucket = "tf-backend-lab-123"
key = "import/ec2/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "tf-state-lock"
encrypt = true
}
}
𧱠Step 2 β main.tf (EMPTY resource block)
Before import, Terraform requires only the resource address, not full config.
provider "aws" {
region = "us-east-1"
}
resource "aws_instance" "imported" {
# no arguments yet
}
𧱠Step 3 β terraform init
terraform init -reconfigure
This loads S3 backend + DynamoDB locking.
𧱠Step 4 β Get your EC2 Instance ID
Pick any existing EC2 instance.
Example ID:
i-0f7231d1dbe6f446b
𧱠Step 5 β Import the EC2 instance
Run:
terraform import aws_instance.imported i-0f7231d1dbe6f446b
Expected output:
terraform import aws_instance.imported i-0f7231d1dbe6f446b
aws_instance.imported: Importing from ID "i-0f7231d1dbe6f446b"...
aws_instance.imported: Import prepared!
Prepared aws_instance for import
aws_instance.imported: Refreshing state... [id=i-0f7231d1dbe6f446b]
Import successful!
𧱠Step 6 β Show the imported state
terraform state show aws_instance.imported
This prints the actual properties AWS returned.
𧱠Step 7 β Build the final configuration
Now copy the relevant attributes from state show into main.tf.
β Important:
You only include arguments you want Terraform to manage β not all attributes.
Example minimal config (after import):
provider "aws" {
region = "us-east-1"
}
resource "aws_instance" "imported" {
ami = "ami-0ecb62995f68bb549"
instance_type = "t3.micro"
subnet_id = "subnet-042e22fd675a9bc09"
vpc_security_group_ids = ["sg-04c2b586b63bfc79c"]
key_name = "terraform-key"
tags = {
Name = "import-instance"
}
}
Remove read-only attributes:
- arn
- host_id
- password_data
- primary_network_interface_id
- private_dns
- etc
𧱠Step 8 β Run terraform plan (Very Important)
terraform plan
Terraform will:
- detect missing arguments
- detect drift
- show changes required to adopt the resource
Your job:
β update main.tf until terraform plan shows NO CHANGES
This proves Terraform fully manages the resource.
π― Final Goal
Your output after all corrections:
No changes. Infrastructure is up-to-date.
This means your EC2 instance is successfully imported and managed by Terraform.
π§ Interview Notes: What You Should Explain
You should be able to answer:
What is the process to import a resource?
Explain 3 steps:
- Write a placeholder resource block
- Run terraform import
- Copy attributes into the final Terraform code
Does terraform import write the configuration?
No. Only state.
You must manually write the .tf file.
What happens if config and imported state differ?
β terraform plan will propose changes.
Should you import everything?
Only when:
- Migrating existing infra to IaC
- Auditing a legacy environment
- Adopting manually created resources
π Thanks for reading! If this post added value, a like β€οΈ, follow, or share would encourage me to keep creating more content.
β Latchu | Senior DevOps & Cloud Engineer
βοΈ AWS | GCP | βΈοΈ Kubernetes | π Security | β‘ Automation
π Sharing hands-on guides, best practices & real-world cloud solutions
Top comments (0)