Terraform move from AzureRM to AzAPI

Terraform move from AzureRM to AzAPI

Using the moved() block to avoid recreation

Posted
Preview Image
By
2 min read
Terraform move from AzureRM to AzAPI

Did you know the moved() block supports moving resources from the AzureRM provider to AzAPI?

This was quietly released in AzAPI 2.1 back in November, I’ve just had chance to try it out.

What’s in a move? The moved() block lets you tell Terraform that a resource has moved to a new location in the code, it allows for refactoring to occur without resource destruction & creation, which can be undesirable.

A practical example

In a previous post, I illustrated how you could replicate the AzureRM role assignments implementation, allowing a name to be specified instead of a GUID.

If I run that in a greenfield environment, it works great, but if I target existing resources then Terraform wants to re-create the roles:

alt text Terraform taketh away

Followed shortly by:

alt text Terraform giveth it back

For a role assignment, this isn’t a big deal, but if you’re dealing with resources that do matter, then with this new feature, you can do this:

1
2
3
4
5

# with the awesome new feature in v2.1
moved {
  from = azurerm_role_assignment. subnet
  to   = azapi_resource.role_assignment
}

Placed inside the module, this allows me to switch between AzureRM and AzAPI whilst not recreating resources.

When you run terraform plan there can sometimes be a bit of “noise” as a few variables get changed, but “updated in-place” is what we want to see:

alt text

Which means, no resources get removed:

alt text The adds relate to some supporting components, and a little fun with diagnostic settings.

Want to see this in action - watch out for the next post!

This post is licensed under CC BY 4.0 by the author.