I'm facing a classic challenge with a single subscription that contains both production and development/test resources. My goal is to implement Infrastructure as Code (IaC) as part of adopting the Cloud Adoption Framework and Well-Architected Framework. Currently, I'm using aztfexport to export each resource group into its own Terraform configuration. It's been a painstaking process of identifying skipped resources and making necessary adjustments until the 'tf plan' shows no discrepancies and I can create a state file. After that, I have to manually go through each resource group's Terraform files to upgrade them to best practices and convert them to Azure Virtual Machines wherever possible. Alongside this, I'm also mapping the existing state and trying to condense individual resources into a single template using 'foreach' or 'count'. It's all quite tedious. Are there any recommendations? I'm even considering whether using AI tools could assist in this process, but I'm unsure if it'll be helpful or messy.
5 Answers
Are you trying to migrate everything without changing anything? That sounds like a recipe for disaster. I suggest picking a few core resources, like a VM or network, and starting your deployment templates from there. The exported templates should just be seen as baseline material. Once you have a couple of modules working, you can tackle the easier or lower risk systems first, before moving on to the big, critical stuff.
The azftexport option can be pretty unreliable. I usually focus on importing the critical components first, like networking and DNS, while noting any necessary future changes. Any legacy resources I import will have a tag indicating they're managed by Terraform, and I strip away unnecessary contributor permissions. It's slow, but worth it in the long run. I advise against the export feature unless you're dealing with a small resource group—otherwise, you might have to redo everything later.
It's a struggle we all face when migrating from a portal-driven organization to IaC. Hopefully, your organization isn't too large, but it's going to be a challenging transition. Good luck with it!
I’ve heard about a tool called Terrafy, but I’m not sure how effective it is. Anyone have experience with it?
Terrafy was indeed rebranded to AZtfexport. I think they could've chosen a catchier name!
Yeah, IaC is definitely a tough nut to crack. Especially with resources that rely on each other, it can take ages to get everything deployed correctly. If you're just starting out with IaC, it might take some time to reverse engineer the existing setup. Hang in there!
I just wrapped up an entire greenfield IaC project and it was a rough ride even with a lab to test things first.
I think Terrafy is similar to aztfexport or it might even be the same thing—ran into that confusion on GitHub before. But the name change is kind of weird!