Import and export assets

Suggest Edits

This page provides you with general instructions for using the import feature, which allows you to add existing resources to your state file without impacting your current Terraform configuration.

Additionally, it contains a reference list of import and export commands for each subprovider's resources that can help you effectively manage your configuration.

Import an existing resource

With `terraform import`

With this method, you can import only one resource at a time. To add an existing configuration to your Terraform state file:

First, create a given resource's configuration with its required arguments in your Terraform configuration.

resource "akamai_edge_hostname" "my-hostname-import" {
    product_id    = "prd_Object_Delivery"
    contract_id   = "C-0N7RAC7"
    group_id      = "12345"
    edge_hostname = "example.com.edgesuite.net"
    ip_behavior   = "IPV4"
}

Then use the terraform import command with a resource address in the resource_type.your-resource-name form and an Akamai-defined resource's import ID.

For example, to import an edge hostname, add your edge hostname, contract, group, and product IDs with the prefixes as the resource's import ID.
```
terraform import akamai_edge_hostname.my-hostname-import ehn_123456,ctr_C-0N7RAC7,grp_12345,prd_Object_Delivery
```
For the import commands for each subprovider's resources, see the Import list section.

Within a module

Modules are groups of .tf files kept in a different directory from the configuration as a whole. Because importing requires a resource address, you need to import each resource within a module individually.

Create a subdirectory for your module.
In the module block of your configuration file, define either:
- A path to a local subdirectory containing the module's configuration files.
- Or a remote module source that Terraform should download and use.
```
module "property-assets" {
    source  = "./modules/my-property-assets"
}
```

Create a configuration file within the location of your module subdirectory, ./modules/my-property-assets/my-config.tf, and define the provider in it and the resource you want to import. You can also define the resource in a separate .tf file within the module subdirectory.

terraform {
    required_providers {
        akamai = {
            source  = "akamai/akamai"
        }
    }
    required_version = ">= 0.13"
}

resource "akamai_property" "my-property-import" {
    name        = "my-property"
    product_id  = "prd_Object_Delivery"
    contract_id = "C-0N7RAC7"
    group_id    = "12345"
    hostnames {
        cname_from             = "example.com"
        cname_to               = "example.com.edgekey.net"
        cert_provisioning_type = "DEFAULT"
    }
}

Run terraform init to install the defined module.
Run the terraform import command with the module.your-module-name prefix added to the resource address.
```
terraform import module.property-assets.akamai_property.my-property-import prp_12345
```
This will import your resource to the Terraform state.

With the `import` block

In Terraform v1.5.0 and later, you can use the import block to import your assets. With this feature, you can preview import operations with terraform plan and execute with terraform apply.

Using import blocks, you can conveniently import a large number of existing resources all at once instead of importing resources individually. To do that:

Define the import blocks. They take two arguments:
- to. The Terraform resource address to be created. Usually in the resource_type.your-resource-name form.
- id. The Akamai-defined resource's import ID.
  
  For the accepted resource's import IDs, see the Import list section; the complete syntax for the resource's import ID is after the terraform import resource_type.{resource name} structure. For example, ehn_123456,ctr_C-0N7RAC7,grp_12345,prd_Object_Delivery is a resource ID for importing an edge hostname.
```
import {
  to = akamai_edge_hostname.my-hostname-import
  id = "ehn_123456,ctr_C-0N7RAC7,grp_12345,prd_Object_Delivery"
}

import {
  to = akamai_property.my-property-import
  id = "prp_12345,ver_2"
}

import {
  to = akamai_imaging_policy_set.my-policy-set-import
  id = "ivm_12345:ctr_C-0N7RAC7"
}
```

At this point, you can either:

Manually create your resource blocks and execute terraform plan to preview the import operation.

resource "akamai_edge_hostname" "my-hostname-import" {
    product_id    = "prd_Object_Delivery"
    contract_id   = "C-0N7RAC7"
    group_id      = "12345"
    edge_hostname = "example.com.edgesuite.net"
    ip_behavior   = "IPV4"
}


resource "akamai_property" "my-property-import" {
    name        = "my-property"
    product_id  = "prd_Object_Delivery"
    contract_id = "C-0N7RAC7"
    group_id    = "12345"
    hostnames {
        cname_from             = "example.com"
        cname_to               = "example.com.edgekey.net"
        cert_provisioning_type = "DEFAULT"
    }
}

resource "akamai_imaging_policy_set" "my-policy-set-import" {
    contract_id = "C-0N7RAC7"
    name        = "my-policy-set"
    region      = "US"
    type        = "IMAGE"
}

Or automatically generate the resource blocks with all the necessary attributes using terraform plan with the -generate-config-out flag. In the flag, specify the file to generate the configuration.
```
terraform plan -generate-config-out=my-generated-resources.tf
```

After reviewing the generated code, run terraform apply to import the configuration to the Terraform state.

Once an import operation has been completed, the import blocks become obsolete. Retaining them for future reference or removing them completely won't affect your Terraform state or configuration.

Import list

Note: This list isn't exhaustive.

Resource	Import syntax
Application Security
Advanced logging	`terraform import akamai_appsec_advanced_settings_logging.{advanced settings logging resource name} {config id}`
API constraints protection	`terraform import akamai_appsec_api_constraints_protection.{api constraints protection resource name} {config id}:{policy id}`
Attack group	`terraform import akamai_appsec_attack_group.{attack group resource name} {config id}:{policy id}:{ATTACK GROUP NAME}`
Attack payload logging	`terraform import akamai_appsec_advanced_settings_attack_payload_logging.{attack payload logging resource name} {config id}`
Configuration	`terraform import akamai_appsec_configuration.{configuration resource name} {config id}`
Evasive path match	`terraform import akamai_appsec_advanced_settings_evasive_path_match.{advanced settings evasive path match resource name} {config id}:{policy id}`
IP Geo	`terraform import akamai_appsec_ip_geo.{ip geo resource name} {config id}:{policy id}`
IP/GEO protection	`terraform import akamai_appsec_ip_geo_protection.{ip geo protection resource name} {config id}:{policy id}`
Malware protection	`terraform import akamai_appsec_malware_protection.{malware protection resource name} {config id}:{policy id}`
Match target	`terraform import akamai_appsec_match_target.{match target resource name} {config id}:{match target id}`
Penalty box	`terraform import akamai_appsec_penalty_box.{penalty box resource name} {config id}:{policy id}`
PII learning	`terraform import akamai_appsec_advanced_settings_pii_learning.{pii learning resource name} {config id}`
Prefetch	`terraform import akamai_appsec_advanced_settings_prefetch.{advanced settings prefetch resource name} {config id}`
Rate policy	`terraform import akamai_appsec_rate_policy.{rate policy resource name} {config id}:{rate policy id}`
Rate policy action	`terraform import akamai_appsec_rate_policy_action.{rate policy action resource name} {config id}:{policy id}:{rate policy id}`
Rate protection	`terraform import akamai_appsec_rate_protection.{rate protection resource name} {config id}:{policy id}`
Reputation protection	`terraform import akamai_appsec_reputation_protection.{reputation protection resource name} {config id}:{policy id}`
Request body settings	`terraform import akamai_appsec_advanced_settings_request_body.{advanced settings request body resource name} {config id}`
Rule	`terraform import akamai_appsec_rule.{rule resource name} {config id}:{policy id}:{rule id}`
Security policy	`terraform import akamai_appsec_security_policy.{security policy resource name} {config id}:{policy id}`
Slow POST	`terraform import akamai_appsec_slow_post.{slow post resource name} {config id}:{policy id}`
Slow POST protection	`terraform import akamai_appsec_slowpost_protection.{slowpost protection resource name} {config id}:{policy id}`
WAF mode	`terraform import akamai_appsec_waf_mode.{waf mode resource name} {config id}:{policy id}`
WAF protection	`terraform import akamai_appsec_waf_protection.{waf protection resource name} {config id}:{policy id}`
Bot Manager
Bot category action	`terraform import akamai_botman_akamai_bot_category_action.{bot category action resource name} {config id}:{policy id}:{category id}`
Bot detection action	`terraform import akamai_botman_bot_detection_action.{bot detection action resource name} {config id}:{policy id}:{detection id}`
Bot management settings	`terraform import akamai_botman_bot_management_settings.{bot management settings resource name} {config id}:{policy id}`
Challenge injection rules	`terraform import akamai_botman_challenge_injection_rules.{challenge injection rules resource name} {config id}`
Client-side security	`terraform import akamai_botman_client_side_security.{client side security resource name} {config id}`
JavaScript injection	`terraform import akamai_botman_javascript_injection.{botman javascript injection resource name} {config id}:{policy id}`
Transactional endpoint protection	`terraform import akamai_botman_transactional_endpoint_protection.{transactional endpoint protection resource name} {config id}`
Certificates
DV enrollment	`terraform import akamai_cps_dv_enrollment.{dv enrollment resource name} {enrollment id},{contract id}`
Third-party enrollment	`terraform import akamai_cps_third_party_enrollment.{third party enrollment resource name} {enrollment id},{contract id}`
Client Lists
Activation	`terraform import akamai_clientlist_activation.{client list activation resource name} {client list id}:{NETWORK}`
Client list	`terraform import akamai_clientlist_list.{client list resource name} {client list id}`
Cloud Access Manager
Access key	`terraform import akamai_cloudaccess_key.{resource name} {access key uid}` `terraform import akamai_cloudaccess_key.{resource name} {access key uid},{group id without the grp_ prefix},{contract id without the ctr_ prefix}`
Cloudlets
Application load balancer	`terraform import akamai_cloudlets_application_load_balancer.{application load balancer resource name} {origin id}`
Policy	`terraform import akamai_cloudlets_policy.{cloudlets resource name} {policy name}`
Cloud Wrapper
Activation	`terraform import akamai_cloudwrapper_activation.{cloudwrapper activation resource name} {configuration id}`
Cconfiguration	`terraform import akamai_cloudwrapper_configuration.{cloudwrapper configuration resource name} {configuration id}`
DataStream
Data stream	`terraform import akamai_datastream.{datastream resource name} {stream version id}`
Edge DNS
DNS record	`terraform import akamai_dns_record.{record resource name} {edge dns zone name}#{edge dns recordset name}#{record type}`
DNS zone	`terraform import akamai_dns_zone.{zone resource name} {dns zone name}`
EdgeWorkers
EdgeKV	`terraform import akamai_edgekv.{edgekv resource name} {namespace name}:{network}`
EdgeKV group items	`terraform import akamai_edgekv_group_items.{edgekv group items resource name} {namespace name}:{network}:{group name}`
Edgeworkers	`terraform import akamai_edgeworker.{edgeworker resource name} {edgeworker id}`
Global Traffic Management
AS map	`terraform import akamai_gtm_asmap.{asmap resource name} {gtm domain name}:{gtm asmap name}`
CIDR map	`terraform import akamai_gtm_cidrmap.{cidrmap resource name} {gtm domain name}:{gtm cidrmap name}`
Datacenter	`terraform import akamai_gtm_datacenter.{datacenter resource name} {gtm domain name}:{gtm datacenter id}`
Domain	`terraform import akamai_gtm_domain.{domain resource name} {gtm domain name}`
GEO map	`terraform import akamai_gtm_geomap.{geomap resource name} {gtm domain name}:{gtm geographicmap name}`
Property	`terraform import akamai_gtm_property.{property resource name} {gtm domain name}:{gtm property name}`
Resource	`terraform import akamai_gtm_resource.{resource resource name} {gtm domain name}:{gtm resource name}`
Identity and Access Management
CIDR block	`terraform import akamai_iam_cidr_block.{cidr block resource name} {cidr block id}`
Group	`terraform import akamai_iam_group.{group resource name} {group id}`
IP allowlist	`terraform import akamai_iam_ip_allowlist.{allowlist resource name} ""`
Role	`terraform import akamai_iam_role.{role resource name} {role id}`
User	`terraform import akamai_iam_user.{user resource name} {ui identity id}`
Image and Video Manager
Policy image	`terraform import akamai_imaging_policy_image.{policy image resource name} {policy id}:{policy set id}:{contract id}`
Policy set	`terraform import akamai_imaging_policy_set.{policy set resource name} {policy set id}:{contract id}`
Policy video	`terraform import akamai_imaging_policy_video.{policy video resource name} {policy id}:{policy set id}:{contract id}`
Network Lists
Network_list	`terraform import akamai_networklist_network_list.{network list resource name} {network list id}`
Property
CP code	`terraform import akamai_cp_code.{cp code resource name} {cp code id},{contract id},{group id}`
Edge hostname	`terraform import akamai_edge_hostname.{hostname resource name} {edge hostname id},{contract id},{group id},{product id (optional)}`
Hostname bucket	`terraform import akamai_property_hostname_bucket.{hostname bucket resource name} {property id}:{NETWORK}:{contract id (optional)}:{group id (optional)}`
Include	`terraform import akamai_property_include.{include resource name} {contract id}:{group id}:{include id}`
Include activation	`terraform import akamai_property_include_activation.{include activation resource name} {contract id}:{group id}:{include id}:{NETWORK}`
Property	Import the latest property version: `terraform import akamai_property.{property resource name} {property id}` or (if a property belongs to multiple groups or contracts) `terraform import akamai_property.{property resource name} {property id},{contract id},{group id}` Import the latest active property version on the staging network: `terraform import akamai_property.{property resource name} {property id},S` or `terraform import akamai_property.{property resource name} {property id},{contract id},{group id},STAGE` Import the latest active property version on the production network: `terraform import akamai_property.{property resource name} {property id},P` or `terraform import akamai_property.{property resource name} {property id},{contract id},{group id},PROD` Import a specific property version: `terraform import akamai_property.{property resource name} {property id},{property version number}` or `terraform import akamai_property.{property resource name} {property id},{contract id},{group id},ver_{property version number}`
Property activation	`terraform import akamai_property_activation.{property activation resource name} {property id}:{NETWORK}`

Export your resources

To use the export commands, you need to have our Terraform CLI installed on your device. With the export commands, you can import your configurations by running the included import script. Thanks to that, there is no need to create a configuration before importing, the export commands generate the configuration for you.

To export your assets, provide the path to your .edgerc, your credentials section header, and the export command for the asset you need.

If you manage multiple accounts, pass your account switch key using the global --accountkey flag. Use other additional flags or arguments to further define the output.

Notes:

If you pass the command without the --edgerc and --section global flags, the command, by default, will point to the local home directory of your .edgerc file and the default credentials section header of that file.

By default, when you run the command, the generated files are saved in your active directory. Use the --tfworkpath command flag in any export command to change the storage path.

Syntax:

akamai [global flags] terraform <command> [command flags] [arguments...]

Example:

akamai --edgerc "~/.edgerc" --section "default" --accountkey "A-CCT1234:A-CCT5432" terraform export-property --version 3 "my-property"

This will generate a Terraform property configuration file with its JSON rules for a specific property version as well as the import script file for you to run to populate your Terraform state.

If you're using the binary, you invoke the package command from your active directory as ./akamai-terraform along with the credential details, the export command name, and other additional arguments.

./akamai-terraform --edgerc "~/.edgerc" --section "default" --accountkey "A-CCT1234:A-CCT5432" export-property --version 3 "my-property"

Export command help

To get help information for a given Terraform CLI command, pass the export command and the --help flag.

akamai terraform export-iam --help

Name:
  akamai terraform export-iam

Usage:
  akamai [global flags] terraform export-iam [command flags] <subcommand>

Description:
  Generates Terraform configuration for Identity and Access Management resources.

Subcommands:
  all
  allowlist
  group
  role
  user

Command Flags:
  --tfworkpath value  Directory used to store files created when running commands. (default: current directory)
  --help              show help (default: false)

Global Flags:
  --edgerc value, -e value                 Location of the credentials file (default: "/home/user/.edgerc") [$AKAMAI_EDGERC]
  --section value, -s value                Section of the credentials file (default: "default") [$AKAMAI_EDGERC_SECTION]
  --accountkey value, --account-key value  Account switch key [$AKAMAI_EDGERC_ACCOUNT_KEY]

See the Export list for the available export commands and their syntax.

Export list

Command	Description	Export syntax
`export‑appsec`	Exports a declarative security configuration and its targets and policies in JSON.	`akamai terraform export‑appsec {your-security-config-name}`
`export‑clientlist`	Exports a client list.	`akamai terraform export-clientlist {your-list-ID}`
`export-cloudaccess`	Exports a could access key.	`akamai terraform export-cloudaccess {your-cloud-access-uid}`
`export-cloudaccess`	With both the `--group_id` and `--contract_id` flags, this exports a cloud access key for a specific group and contract.	`akamai terraform export-cloudaccess --group_id {your-group-id} --contract_id {your-contract-id} {your-access-key-uid}`
`export‑cloudlets-policy`	Exports your cloudlet policy configuration.	`akamai terraform export-cloudlets-policy {your-policy-name}`
`export‑cloudwrapper`	Exports your cloud wrapper configuration.	`akamai terraform export-cloudwrapper {your-configuration-ID}`
`export‑cps`	Exports your certificate configuration.	`akamai terraform export-cps {your-enrollment-id} {your-contract-id}`
`export‑domain`	Exports your domain configuration.	`akamai terraform export-domain {your-domain-name}`
`export‑edgekv`	Exports your namespace and network's EdgeKV configuration.	`akamai terraform export-edgekv {your-namespace-name} {network}`
`export‑edgeworker`	Exports your edgeworker's code bundle in `.tgz` format.	`akamai terraform export-edgeworker {your-edgeworker-id}`
`export‑edgeworker`	With the `--bundlepath` flag, this sets the path to a directory in which you want to store the EdgeWorkers `.tgz` code bundle. The default is your active directory.	`akamai terraform export-edgeworker --bundlepath {path-to-your-directory} {your-edgeworker-id}`
`export‑iam`	With the `all` subcommand, this exports all available Terraform users, groups, roles, IP allowlist, and CIDR block resources.	`akamai terraform export-iam all`
	With the `allowlist` subcommand, this exports the Terraform IP allowlist and CIDR block resources.	`akamai terraform export-iam allowlist`
	With the `group` subcommand, this exports a group by ID with relevant users and their roles.	`akamai terraform export-iam group {your-group-id}`
	With the `role` subcommand, this exports a role by ID with relevant users and their groups.	`akamai terraform export-iam role {your-role-id}`
	With the `user` subcommand, this exports a user by their email with a relevant user's groups and roles.	`akamai terraform export-iam user {your-user-email}`
	With the advanced `--only` option for the `group`, `role`, and `user` subcommands, this exports only specific information.	`akamai terraform export-iam group --only {your-group-id}` `akamai terraform export-iam role --only {your-role-id}` `akamai terraform export-iam user --only {your-user-email}`
`export‑imaging`	Exports your imaging policy in JSON.	`akamai terraform export-imaging {your-contract-id} {your-policy-set-id}`
	With the `--policy-as-hcl` flag, this exports your imaging policy with rules in HCL format.	`akamai terraform export-imaging --policy-as-hcl {your-contract-id} {your-policy-set-id}`
	With the `--policy-json-dir` flag, this sets the path to a directory in which you want to store your policy in JSON format. The default is your active directory.	`akamai terraform export-imaging --policy-json-dir {path-to-your-directory} {your-contract-id} {your-policy-set-id}`
`export‑property`	With the `--version` flag, this exports your property's rules without includes for a specific version. Note: If you don't provide the `--version` flag, by default, it exports the `latest` property version whether it is active or not.	`akamai terraform export-property --version {your-property-version-number} {your-property-name}` `akamai terraform export-property {your-property-name}`
	With the `--rules-as-hcl` flag, this exports your property's rules as the `akamai_property_rules_builder` data source in HCL format.	`akamai terraform export-property --rules-as-hcl {your-property-name}`
	With the `--split-depth` flag, this exports rules into a dedicated module. Each rule will be placed in a separate file up to a specified nesting level. Note: You can use this flag only along with the `--rules-as-hcl` flag.	`akamai terraform export-property --split-depth={nesting-level-number-value} --rules-as-hcl {your-property-name}`
`export‑property-include`	Exports your property's include.	`akamai terraform export-property-include {your-property-include-name}`
	With the `--rules-as-hcl` flag, this exports your property's include as the `akamai_property_rules_builder` data source in HCL format.	`akamai terraform export-property-include --rules-as-hcl {your-property-include-name}`
	With the `--split-depth` flag, this exports rules into a dedicated module. Each rule will be placed in a separate file up to a specified nesting level. Note: You can use this flag only along with the `--rules-as-hcl` flag.	`akamai terraform export-property-include --split-depth={nesting-level-number-value} --rules-as-hcl {your-property-name}`
`export‑zone`	With the `--resources` flag, this generates a JSON-formatted resource file. `‑‑createconfig` uses this file as input.	`akamai terraform export-zone --resources {your-dns-zone-name}`
	With the `--createconfig` flag, this generates configurations based on the values in the output files from `‑‑resources`.	`akamai terraform export-zone --createconfig {your-dns-zone-name}`
	With the `--importscript` flag, this generates an import script for the generated zone configuration.	`akamai terraform export-zone --importscript {your-dns-zone-name}`
	With the advanced `--recordname` option for the `--resources` and `--createconfig` flags, this filters the generated resource list by a given record name.	`akamai terraform export-zone --resources --recordname {your-record-name} {your-dns-zone-name}`
	With the advanced `--namesonly`option for the `--resources` and `--createconfig` flags, this generates a resource file with recordset names only for all associated record types.	`akamai terraform export-zone --resources --namesonly {your-dns-zone-name}` `akamai terraform export-zone --createconfig --namesonly {your-dns-zone-name}`
	With the advanced `--segmentconfig` option for the `--createconfig` flag, this generates a modularized configuration.	`akamai terraform export-zone --createconfig --segmentconfig {your-dns-zone-name}`
	With the advanced `--configonly` option for the `--createconfig` flag, this generates a zone configuration without JSON itemization. The configuration generated varies based on which set of flags you use.	`akamai terraform export-zone --createconfig --configonly {your-dns-zone-name}`

Updated 8 days ago