Trying to import existing resources to current code which includes KeyVault, keyvault-policies, diagnostic settings, cosmos db, storage accounts with containers blobs que and function apps. All code written using modules and all resources are integrated or configured with each other.
Tried multiple ways but none of the resources are getting imported and imports failing. For example, When I import storage account, it shows some errors with tenant/subscription mismatch with KeyVault or diagnostic settings. Same happens with cosmos db and all.
All resources in same tenant/subscription/resource-group. Also the code contains data resource blocks which shows multiple errors.
The existing resources are created with some other TF code which is unavailable but the state files are there.
After trying enough I feel whether it’s even possible to import them.
Requesting suggestions on bestways to import these. Any suggestion or solution will be highly appreciated
I tried importing commands with modules names but it's failing with error:
terraform import module.entitlement_storage_account.azurerm_resource_group.rg /subscriptions/<<MY-Subscription-ID>>/resourceGroups/<<MY-ReSourceGroup>>
│ Error: resources.GroupsClient#Get: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="InvalidAuthenticationTokenTenant" Message="The access token is from the wrong issuer 'https://sts.windows.net/<<MY-TENANT-ID>>/'. It must match the tenant 'https://sts.windows.net/Directory ID
/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/<<MY-Directory-ID>>' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later."
│
│ with module.deployment_storage_account.data.azurerm_resource_group.rgrp[0],
│ on ..\..\modules\storage-account\main.tf line 14, in data "azurerm_resource_group" "rgrp":
│ 14: data "azurerm_resource_group" "rgrp" {
╷
│ Error: resources.GroupsClient#Get: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="InvalidAuthenticationTokenTenant" Message="The access token is from the wrong issuer 'https://sts.windows.net/<<MY-TENANT-ID>>/'. It must match the tenant 'https://sts.windows.net/<<MY-Directory-ID>>/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/<<MY-Directory-ID>>' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later."
│
│ with module.ingestion_storage.data.azurerm_resource_group.rgrp[0],
│ on ..\..\modules\storage-account\main.tf line 14, in data "azurerm_resource_group" "rgrp":
│ 14: data "azurerm_resource_group" "rgrp" {
terraform importis used to import the existing resources into current terraform state file as you already mentioned.Need to verify below:
In your case, it is related to the authentication token. You need to check the if the token is from the correct issuer and matches the tenant associated with the subscription.
While running terraform code configuration in Azure CLI make sure that you have logged in to the correct tenant directory. Use below command before running the terraform code.
Once you have logged in, Set the subscription with the below CLI command.
And the above error clearly states that the access token is from the wrong issuer. So, it is not related to the
terraform importcommand.Check this
https://login.windows.net/<Directory-ID>authority URL for token retrieval. Pass<<MY-Directory-ID>>with the Tenant directory ID associated with your subscription.After checking the above, I tried importing a resource which is already existed in my environment and was able to import it successfully.
terraform import azurerm_resource_group.example <ResourceID>