AWSリソースをTerraformにImportする（Network関連_microVPC）

前提

全体の概略はこちらから
Netowork部分の概略はこちらから

構成図

Module

main.tf

# microservice vpc
resource "aws_vpc" "vpc_microservice" {
    cidr_block  = var.vpc_cidr_microservice
    tags = {
        Name    = "${var.project}-vpc-${var.env}-microservice"
        Env     = var.env
        Account = var.account
        Project = var.project
    }   
}
# subnet allocated in az 1c
resource "aws_subnet" "subnet_microservice1a" {
    vpc_id     = aws_vpc.vpc_microservice.id
    cidr_block = var.subnet_cidr_microservice1a
    availability_zone   = "ap-northeast-1a"
    tags = {
        Name    = "${var.project}-subnet-${var.env}-micro-${var.region}a"
        // ... 略
    }   
}
# subnet allocated in az 1c
resource "aws_subnet" "subnet_microservice1c" {
    vpc_id     = aws_vpc.vpc_microservice.id
    cidr_block = var.subnet_cidr_microservice1c
    availability_zone   = "ap-northeast-1c"
    tags = {
        Name    = "${var.project}-subnet-${var.env}-micro-${var.region}c"
        // ... 略
    }   
}
# route table
resource "aws_route_table" "rtb_micro" {
    vpc_id = aws_vpc.vpc_microservice.id
    tags = {
        Name    = "${var.project}-rtb-${var.env}-micro"
        // ... 略
    }   
}
resource "aws_route_table_association" "micro1a" {
    subnet_id      = aws_subnet.subnet_microservice1a.id
    route_table_id = aws_route_table.rtb_micro.id
}
resource "aws_route_table_association" "micro1c" {
    subnet_id      = aws_subnet.subnet_microservice1c.id
    route_table_id = aws_route_table.rtb_micro.id
}
# securitygroup associated with lambda
resource "aws_security_group" "sg_micro" {
    name        = "${var.project}-sg-${var.env}-micro"
    vpc_id      = aws_vpc.vpc_microservice.id
    tags = {
        Name    = "${var.project}-sg-${var.env}-micro"
        // ... 略
    }
}
resource "aws_vpc_security_group_egress_rule" "https" {
    security_group_id = aws_security_group.sg_micro.id
    cidr_ipv4   = "0.0.0.0/0"
    from_port   = 443
    ip_protocol = "tcp"
    to_port     = 443
}
resource "aws_vpc_security_group_egress_rule" "dynamodb" {
    description         = "http to dynamodb"
    security_group_id   = aws_security_group.sg_micro.id
    prefix_list_id      = "pl-78a54011"
    from_port   = 80
    ip_protocol = "tcp"
    to_port     = 80
}
resource "aws_vpc_security_group_egress_rule" "s3" {
    description         = "http to s3"
    security_group_id   = aws_security_group.sg_micro.id
    prefix_list_id      = "pl-61a54008"
    from_port   = 80
    ip_protocol = "tcp"
    to_port     = 80
}

resource "aws_vpc_endpoint" "s3" {
    vpc_id            = aws_vpc.vpc_microservice.id
    service_name      = "com.amazonaws.${var.region}.s3"
    vpc_endpoint_type = "Gateway"
    route_table_ids   = [aws_route_table.rtb_micro.id]
    tags = {
        Name    = "${var.project}-${var.env}-endpoint-s3-micro"
        // ... 略
    }
}
resource "aws_vpc_endpoint" "dynamodb" {
    vpc_id            = aws_vpc.vpc_microservice.id
    service_name      = "com.amazonaws.${var.region}.dynamodb"
    vpc_endpoint_type = "Gateway"
    route_table_ids   = [aws_route_table.rtb_micro.id]
    tags = {
        Name    = "${var.project}-${var.env}-endpoint-dynamodb-micro"
        // ... 略
    }
}

variables.tf

# common variable
variable "project" {}
variable "account" {}
variable "env" {}
variable "region" {}

# variables of cidr
variable "vpc_cidr_microservice" {}
variable "subnet_cidr_microservice1a" {}
variable "subnet_cidr_microservice1c" {}

output.tf

output "vpc_microservice_id"{
  value = aws_vpc.vpc_microservice.id
  description = "id of vpc associated with microservice"
}
output "subnet_microservice1a_id"{
  value = aws_subnet.subnet_microservice1a.id
  description = "id of subnet 1a associated with microservice"
}
output "subnet_microservice1c_id"{
  value = aws_subnet.subnet_microservice1c.id
  description = "id of subnet 1a associated with microservice"
}
output "rtb_micro_id"{
  value = aws_route_table.rtb_micro.id
  description = "id of rtb associated with microservice"
}
output "sg_micro_id"{
  value = aws_security_group.sg_micro.id
  description = "id of security group associated with microservice"
}
output "endpoint_s3_id" {
  value = aws_vpc_endpoint.s3.id
  description = "id of vpc endpoint of s3"
}
output "endpoint_dynamodb_id" {
  value = aws_vpc_endpoint.dynamodb.id
  description = "id of vpc endpoint of dynamodb"
}

Import コマンド

基本は👇

$ terraform import module.vpc_micro[\"dev\"].{resourceタイプ}.{resource名} {importするresourceのID}

※vpcの場合

$ terraform import module.vpc_micro[\"dev\"].aws_vpc.vpc_microservice vpc-***

以下のリソースは注意！

• aws_route_table_association
  subentとルートテーブルの明示的な関連付けを定義する設定。
  ImportするリソースIDはサブネットID/ルートテーブルID

$ terraform import module.vpc_micro[\"dev\"].aws_route_table_association.micro1a subnet-***/rtb-***

他Moduleで構築したリソース

• インターネットへのアウトバウンド通信のroute
  • Transit GatewayのIDが必要なため、Transit Gatewayが作成されるまで。作成不可
  • アウトバウンド通信の要件 or 開発が進むまでコストのかかるTransit Gatewayは不要