Terraformer — Reverse-Engineer Existing Cloud Infrastructure to Terraform

Introduction

Terraformer bridges the gap between manually provisioned cloud infrastructure and infrastructure-as-code. It reads existing resources from any supported provider and generates clean Terraform HCL files plus a matching state file, so teams can adopt Terraform without rebuilding from scratch.

What Terraformer Does

• Imports live cloud resources into Terraform HCL and state files automatically
• Supports 30+ providers including AWS, GCP, Azure, Kubernetes, Datadog, and GitHub
• Filters imports by resource type, tags, or specific resource IDs
• Generates modular output with separate files per resource type
• Preserves resource relationships and inter-resource references in the generated code

Architecture Overview

Terraformer uses the Terraform provider plugin system to discover and read resources. It invokes the provider's Read and List APIs, constructs an in-memory resource graph, and serializes the result to HCL files and a JSON state file. Each provider has a dedicated adapter that maps API responses to Terraform resource schemas.

Self-Hosting & Configuration

• Install via Homebrew, Go install, or download prebuilt binaries from GitHub Releases
• Requires the matching Terraform provider plugin installed in your PATH or plugin directory
• Cloud credentials are read from standard environment variables (AWS_PROFILE, GOOGLE_CREDENTIALS, etc.)
• Use --resources and --filter flags to scope imports to specific resource types or IDs
• Output directory structure can be customized with --path-pattern and --path-output

Key Features

• Broadest provider support among import tools with 30+ cloud and SaaS integrations
• Generates human-readable HCL rather than raw JSON state, making the output editable
• Tag-based filtering lets you import only resources matching specific labels
• Parallel resource discovery speeds up imports on large accounts
• Works with Terraform 0.12+ and OpenTofu for state compatibility

Comparison with Similar Tools

• Terraform import — Built-in but only imports one resource at a time and generates no HCL; Terraformer bulk-imports with full code generation
• Former2 — AWS-only CloudFormation generator; Terraformer covers 30+ providers and outputs HCL
• Pulumi import — Pulumi's import works only within the Pulumi ecosystem; Terraformer stays in vanilla Terraform
• Spacelift — SaaS platform with import features; Terraformer is free, open-source, and runs locally
• driftctl — Detects drift but does not generate code; Terraformer produces ready-to-use .tf files

FAQ

Q: Does Terraformer modify my existing cloud resources? A: No. Terraformer only reads resources via provider APIs. It never creates, updates, or deletes anything.

Q: Can I import a specific subset of resources? A: Yes. Use --filter to target specific resource IDs or --resources to pick resource types.

Q: Does it work with OpenTofu? A: Yes. The generated HCL and state files are compatible with both Terraform and OpenTofu.

Q: How do I handle large AWS accounts with thousands of resources? A: Use region and resource type filters to break imports into manageable batches, and leverage the parallel discovery feature.

Sources

• https://github.com/GoogleCloudPlatform/terraformer
• https://github.com/GoogleCloudPlatform/terraformer/blob/master/README.md