|
| 1 | +--- |
| 2 | +title: Importing Stack Resources |
| 3 | +sidebar_label: Import Stack Resources |
| 4 | +--- |
| 5 | + |
| 6 | +# Importing Stack Resources in Guardrails |
| 7 | + |
| 8 | +In this guide, you will: |
| 9 | + |
| 10 | +- Learn how to **import existing AWS resources** into a Guardrails stack. |
| 11 | +- Modify the **stack modifier policy** to include import statements. |
| 12 | +- Apply the import configuration at the **folder level** for structured deployment. |
| 13 | + |
| 14 | +Guardrails allows you to bring existing AWS resources under stack management using **import statements**. This enables Guardrails to track and enforce configuration policies on the imported resources. |
| 15 | + |
| 16 | +## Prerequisites |
| 17 | + |
| 18 | +- **Turbot/Owner** or **Turbot/Admin** permissions at the required resource level. |
| 19 | +- Familiarity with **Terraform/OpenTofu** and Guardrails stack controls. |
| 20 | +- Access to the Guardrails console. |
| 21 | +- A **configured Terraform provider** for AWS. |
| 22 | + |
| 23 | +--- |
| 24 | + |
| 25 | +## Step 1: Locate the Existing Resource |
| 26 | + |
| 27 | +Before importing, identify the **AWS S3 bucket** that you want to manage using Guardrails. |
| 28 | + |
| 29 | +1. **Log in to AWS Console**. |
| 30 | +2. Navigate to **Amazon S3** and list the existing buckets. |
| 31 | +3. Note down the **S3 bucket name** and **AWS Account ID**. |
| 32 | + |
| 33 | +Example AWS CLI command: |
| 34 | +```bash |
| 35 | +aws s3 ls |
| 36 | +``` |
| 37 | +Expected output: |
| 38 | +```plaintext |
| 39 | +2025-01-01 12:30:00 example-s3-bucket |
| 40 | +``` |
| 41 | + |
| 42 | +--- |
| 43 | + |
| 44 | +## Step 2: Retrieve Import Script from Guardrails |
| 45 | + |
| 46 | +Guardrails provides an **import script** for existing resources. To generate it: |
| 47 | + |
| 48 | +1. **Log in to the Guardrails console**. |
| 49 | +2. Navigate to **Resources** and locate the S3 bucket. |
| 50 | +3. Open the **Developer tab** and find the generated **import script**. |
| 51 | +4. Copy the import block. |
| 52 | + |
| 53 | +Example import block for an S3 bucket: |
| 54 | +```hcl |
| 55 | +import { |
| 56 | + id = "aws_s3_bucket.example-s3-bucket" |
| 57 | +} |
| 58 | +``` |
| 59 | + |
| 60 | +--- |
| 61 | + |
| 62 | +## Step 3: Modify the Stack Import Policy |
| 63 | + |
| 64 | +To import the S3 bucket, update the **AWS > S3 > Bucket > Stack [Native] > Modifier** policy. |
| 65 | + |
| 66 | +1. Go to **Policies** in the Guardrails console. |
| 67 | +2. Search for **AWS > S3 > Bucket > Stack [Native] > Modifier**. |
| 68 | +3. Click **New Policy Setting**. |
| 69 | +4. Apply the following **Terraform import block** in the policy at the **folder level**. |
| 70 | + |
| 71 | +Example Terraform configuration: |
| 72 | +```hcl |
| 73 | +resource "aws_s3_bucket" "example" { |
| 74 | + bucket = "example-s3-bucket" |
| 75 | +} |
| 76 | +
|
| 77 | +import { |
| 78 | + id = "aws_s3_bucket.example" |
| 79 | +} |
| 80 | +``` |
| 81 | +5. Click **Save** to apply the policy. |
| 82 | + |
| 83 | +--- |
| 84 | + |
| 85 | +## Step 4: Deploy the Stack in Guardrails |
| 86 | + |
| 87 | +Once the modifier policy is updated, execute the **stack deployment**. |
| 88 | + |
| 89 | +1. Navigate to **Stacks** in Guardrails. |
| 90 | +2. Locate the **AWS S3 Bucket Stack**. |
| 91 | +3. Click **Deploy Stack**. |
| 92 | +4. Confirm the import in the **Terraform plan output**. |
| 93 | + |
| 94 | +Example Terraform CLI command: |
| 95 | +```bash |
| 96 | +terraform apply |
| 97 | +``` |
| 98 | +Expected output: |
| 99 | +```plaintext |
| 100 | +aws_s3_bucket.example: Importing... |
| 101 | +aws_s3_bucket.example: Import successful |
| 102 | +``` |
| 103 | + |
| 104 | +--- |
| 105 | + |
| 106 | +## Step 5: Review |
| 107 | + |
| 108 | +- [ ] Verify the imported S3 bucket appears in **Guardrails Console > Resources**. |
| 109 | +- [ ] Navigate to **Stacks** and ensure the imported bucket is **tracked**. |
| 110 | +- [ ] Check the **Policies tab** to confirm the **import statement is applied**. |
| 111 | +- [ ] Run a **stack plan** to confirm successful import. |
| 112 | + |
| 113 | +--- |
| 114 | + |
| 115 | +## Troubleshooting |
| 116 | + |
| 117 | +| Issue | Description | Guide | |
| 118 | +|--------|------------|------| |
| 119 | +| **Resource Not Found** | Import failed due to an incorrect bucket name. | Verify the bucket name in AWS Console. | |
| 120 | +| **Permission Denied** | Guardrails lacks the required permissions. | Ensure IAM roles are correctly assigned. | |
| 121 | +| **Import Fails in Terraform** | The resource is already managed. | Remove the resource from Terraform state before re-importing. | |
| 122 | + |
| 123 | +--- |
| 124 | + |
| 125 | +## Next Steps |
| 126 | + |
| 127 | +- [Deploy a Stack](https://turbot.com/guardrails/docs/guides/using-guardrails/stacks/deploy) |
| 128 | +- [Destroy a Stack](https://turbot.com/guardrails/docs/guides/using-guardrails/stacks/destroy) |
0 commit comments