Import and export assets
This page provides you with general instructions for using the import feature, which allows you to add existing resources to your state file without impacting your current Terraform configuration.
Additionally, it contains a reference list of import and export commands for each subprovider's resources that can help you effectively manage your configuration.
Import an existing resource
To add an existing configuration to your Terraform state file:
-
First, create a given resource's configuration with its required arguments in your Terraform configuration.
resource "akamai_edge_hostname" "my-hostname-import" { product_id = "prd_Object_Delivery" contract_id = "C-0N7RAC7" group_id = "12345" edge_hostname = "example.com.edgesuite.net" ip_behavior = "IPV4" } -
Then use the
terraform importcommand with a variable to the resource along with appropriate arguments.For example, to import an edge hostname, add your edge hostname, contract, and group IDs with the prefixes.
terraform import akamai_edge_hostname.my-hostname-import ehn_123456,ctr_C-0N7RAC7,grp_12345For the import commands for each subprovider's resources, see the Import list section.
Import list
Note: This list isn't exhaustive.
| Resource | Import syntax |
|---|---|
| Application Security | |
| Advanced logging | terraform import module.security.akamai_appsec_advanced_settings_logging.{advanced settings logging resource name} {config id} |
| API constraints protection | terraform import module.security.akamai_appsec_api_constraints_protection.{api constraints protection resource name} {config id}:{policy id} |
| Attack group | terraform import module.security.akamai_appsec_attack_group.{attack group resource name} {config id}:{policy id}:{ATTACK GROUP NAME} |
| Attack payload logging | terraform import module.security.akamai_appsec_advanced_settings_attack_payload_logging.{attack payload logging resource name} {config id} |
| Configuration | terraform import module.security.akamai_appsec_configuration.{configuration resource name} {config id} |
| Evasive path match | terraform import module.security.akamai_appsec_advanced_settings_evasive_path_match.{advanced settings evasive path match resource name} {config id}:{policy id} |
| IP Geo | terraform import module.security.akamai_appsec_ip_geo.{ip geo resource name} {config id}:{policy id} |
| IP/GEO protection | terraform import module.security.akamai_appsec_ip_geo_protection.{ip geo protection resource name} {config id}:{policy id} |
| Malware protection | terraform import module.security.akamai_appsec_malware_protection.{malware protection resource name} {config id}:{policy id} |
| Match target | terraform import module.security.akamai_appsec_match_target.{match target resource name} {config id}:{match target id} |
| Penalty box | terraform import module.security.akamai_appsec_penalty_box.{penalty box resource name} {config id}:{policy id} |
| PII learning | terraform import module.security.akamai_appsec_advanced_settings_pii_learning.{pii learning resource name} {config id} |
| Prefetch | terraform import module.security.akamai_appsec_advanced_settings_prefetch.{advanced settings prefetch resource name} {config id} |
| Rate policy | terraform import module.security.akamai_appsec_rate_policy.{rate policy resource name} {config id}:{rate policy id} |
| Rate policy action | terraform import module.security.akamai_appsec_rate_policy_action.{rate policy action resource name} {config id}:{policy id}:{rate policy id} |
| Rate protection | terraform import module.security.akamai_appsec_rate_protection.{rate protection resource name} {config id}:{policy id} |
| Reputation protection | terraform import module.security.akamai_appsec_reputation_protection.{reputation protection resource name} {config id}:{policy id} |
| Request body settings | terraform import module.security.akamai_appsec_advanced_settings_request_body.{advanced settings request body resource name} {config id} |
| Rule | terraform import module.security.akamai_appsec_rule.{rule resource name} {config id}:{policy id}:{rule id} |
| Security policy | terraform import module.security.akamai_appsec_security_policy.{security policy resource name} {config id}:{policy id} |
| Slow POST | terraform import module.security.akamai_appsec_slow_post.{slow post resource name} {config id}:{policy id} |
| Slow POST protection | terraform import module.security.akamai_appsec_slowpost_protection.{slowpost protection resource name} {config id}:{policy id} |
| WAF mode | terraform import module.security.akamai_appsec_waf_mode.{waf mode resource name} {config id}:{policy id} |
| WAF protection | terraform import module.security.akamai_appsec_waf_protection.{waf protection resource name} {config id}:{policy id} |
| Bot Manager | |
| Bot category action | terraform import module.security.akamai_botman_akamai_bot_category_action.{bot category action resource name} {config id}:{policy id}:{category id} |
| Bot detection action | terraform import module.security.akamai_botman_bot_detection_action.{bot detection action resource name} {config id}:{policy id}:{detection id} |
| Bot management settings | terraform import module.security.akamai_botman_bot_management_settings.{bot management settings resource name} {config id}:{policy id} |
| Challenge injection rules | terraform import module.security.akamai_botman_challenge_injection_rules.{challenge injection rules resource name} {config id} |
| Client-side security | terraform import module.security.akamai_botman_client_side_security.{client side security resource name} {config id} |
| JavaScript injection | terraform import module.security.akamai_botman_javascript_injection.{botman javascript injection resource name} {config id}:{policy id} |
| Transactional endpoint protection | terraform import module.security.akamai_botman_transactional_endpoint_protection.{transactional endpoint protection resource name} {config id} |
| Certificates | |
| DV enrollment | terraform import akamai_cps_dv_enrollment.{dv enrollment resource name} {enrollment id},{contract id} |
| Third-party enrollment | terraform import akamai_cps_third_party_enrollment.{third party enrollment resource name} {enrollment id},{contract id} |
| Client Lists | |
| Activation | terraform import akamai_clientlist_activation.{client list activation resource name} {client list id}:{NETWORK} |
| Client list | terraform import akamai_clientlist_list.{client list resource name} {client list id} |
| Cloud Access Manager | |
| Access key |
terraform import akamai_cloudaccess_key.{resource name} {access key uid} terraform import akamai_cloudaccess_key.{resource name} {access key uid},{group id without the grp_ prefix},{contract id without the ctr_ prefix}
|
| Cloudlets | |
| Application load balancer | terraform import akamai_cloudlets_application_load_balancer.{application load balancer resource name} {origin id} |
| Policy | terraform import akamai_cloudlets_policy.{cloudlets resource name} {policy name} |
| Cloud Wrapper | |
| Activation | terraform import akamai_cloudwrapper_activation.{cloudwrapper activation resource name} {configuration id} |
| Cconfiguration | terraform import akamai_cloudwrapper_configuration.{cloudwrapper configuration resource name} {configuration id} |
| DataStream | |
| Data stream | terraform import akamai_datastream.{datastream resource name} {stream version id} |
| Edge DNS | |
| DNS record | terraform import akamai_dns_record.{record resource name} {edge dns zone name}#{edge dns recordset name}#{record type} |
| DNS zone | terraform import akamai_dns_zone.{zone resource name} {dns zone name} |
| EdgeWorkers | |
| EdgeKV | terraform import akamai_edgekv.{edgekv resource name} {namespace name}:{network} |
| EdgeKV group items | terraform import akamai_edgekv_group_items.{edgekv group items resource name} {namespace name}:{network}:{group name} |
| Edgeworkers | terraform import akamai_edgeworker.{edgeworker resource name} {edgeworker id} |
| Global Traffic Management | |
| AS map | terraform import akamai_gtm_asmap.{asmap resource name} {gtm domain name}:{gtm asmap name} |
| CIDR map | terraform import akamai_gtm_cidrmap.{cidrmap resource name} {gtm domain name}:{gtm cidrmap name} |
| Datacenter | terraform import akamai_gtm_datacenter.{datacenter resource name} {gtm domain name}:{gtm datacenter id} |
| Domain | terraform import akamai_gtm_domain.{domain resource name} {gtm domain name} |
| GEO map | terraform import akamai_gtm_geomap.{geomap resource name} {gtm domain name}:{gtm geographicmap name} |
| Property | terraform import akamai_gtm_property.{property resource name} {gtm domain name}:{gtm property name} |
| Resource | terraform import akamai_gtm_resource.{resource resource name} {gtm domain name}:{gtm resource name} |
| Identity and Access Management | |
| CIDR block | terraform import akamai_iam_cidr_block.{cidr block resource name} {cidr block id} |
| Group | terraform import akamai_iam_group.{group resource name} {group id} |
| IP allowlist | terraform import akamai_iam_ip_allowlist.{allowlist resource name} "" |
| Role | terraform import akamai_iam_role.{role resource name} {role id} |
| User | terraform import akamai_iam_user.{user resource name} {ui identity id} |
| Image and Video Manager | |
| Policy image | terraform import akamai_imaging_policy_image.{policy image resource name} {policy id}:{policy set id}:{contract id} |
| Policy set | terraform import akamai_imaging_policy_set.{policy set resource name} {policy set id}:{contract id} |
| Policy video | terraform import akamai_imaging_policy_video.{policy video resource name} {policy id}:{policy set id}:{contract id} |
| Network Lists | |
| Network_list | terraform import akamai_networklist_network_list.{network list resource name} {network list id} |
| Property | |
| CP code | terraform import akamai_cp_code.{cp code resource name} {cp code id},{contract id},{group id} |
| Edge hostname | terraform import akamai_edge_hostname.{hostname resource name} {edge hostname id},{contract id},{group id} |
| Include | terraform import akamai_property_include.{include resource name} {contract id}:{group id}:{include id} |
| Include activation | terraform import akamai_property_include_activation.{include activation resource name} {contract id}:{group id}:{include id}:{NETWORK} |
| Property | Import the latest property version: terraform import akamai_property.{property resource name} {property id} or (if a property belongs to multiple groups or contracts) terraform import akamai_property.{property resource name} {property id},{contract id},{group id} Import the latest active property version on the staging network: terraform import akamai_property.{property resource name} {property id},S or terraform import akamai_property.{property resource name} {property id},{contract id},{group id},STAGE Import the latest active property version on the production network: terraform import akamai_property.{property resource name} {property id},P or terraform import akamai_property.{property resource name} {property id},{contract id},{group id},PROD Import a specific property version: terraform import akamai_property.{property resource name} {property id},{property version number} or terraform import akamai_property.{property resource name} {property id},{contract id},{group id},ver_{property version number}
|
| Property activation | terraform import akamai_property_activation.{property activation resource name} {property id}:{NETWORK} |
Export your resources
To use the export commands, you need to have our Terraform CLI installed on your device. With the export commands, you can import your configurations by running the included import script. Thanks to that, there is no need to create a configuration before importing, the export commands generate the configuration for you.
To export your assets, provide the path to your .edgerc, your credentials section header, and the export command for the asset you need. If you manage multiple accounts, pass your account switch key using the global --accountkey flag. Use other additional flags or arguments to further define the output.
Notes:
- If you pass the command without the global
--edgercand--sectionflags, the command, by default, will point to the local home directory of your.edgercfile and thedefaultcredentials section header of that file.- By default, when your run the command, generated files are saved in your active directory. Use the
--tfworkpathflag in any export command to change the storage path.
akamai terraform [global flags] command [command flags] [arguments...]
For example:
akamai terraform --edgerc "~/.edgerc" --section "default" --accountkey "A-CCT1234:A-CCT5432" export-property --version 3 "my-property"
This will generate a Terraform property configuration file with its JSON rules for a specific property version as well as the import script file for you to run to populate your Terraform state.
Export command help
To get help information for a given Terraform CLI command, pass the export command and the --help flag.
akamai terraform export-iam --help
Name:
akamai-terraform export-iam
Usage:
akamai-terraform [global flags] export-iam [command flags] <subcommand>
Description:
Generates Terraform configuration for Identity and Access Management resources.
Subcommands:
all
allowlist
group
role
user
Command Flags:
--tfworkpath value Directory used to store files created when running commands. (default: current directory)
--help show help (default: false)
Global Flags:
--edgerc value, -e value Location of the credentials file (default: "/home/user/.edgerc") [$AKAMAI_EDGERC]
--section value, -s value Section of the credentials file (default: "default") [$AKAMAI_EDGERC_SECTION]
--accountkey value, --account-key value Account switch key [$AKAMAI_EDGERC_ACCOUNT_KEY]
See the Export list for the available export commands and their syntax.
Export list
| Command | Description | Export syntax |
|---|---|---|
export‑appsec |
Exports a declarative security configuration and its targets and policies in JSON. |
akamai terraform export‑appsec {your-security-config-name}
|
export‑clientlist |
Exports a client list. |
akamai terraform export-clientlist {your-list-ID}
|
export-cloudaccess |
Exports a could access key. | akamai terraform export-cloudaccess {your-cloud-access-uid} |
With both the --group_id and --contract_id flags, this exports a cloud access key for a specific group and contract. |
akamai terraform export-cloudaccess --group_id {your-group-id} --contract_id {your-contract-id} {your-access-key-uid} |
|
export‑cloudlets-policy |
Exports your cloudlet policy configuration. | akamai terraform export-cloudlets-policy {your-policy-name} |
export‑cloudwrapper |
Exports your cloud wrapper configuration. | akamai terraform export-cloudwrapper {your-configuration-ID} |
export‑cps |
Exports your certificate configuration. | akamai terraform export-cps {your-enrollment-id} {your-contract-id} |
export‑domain |
Exports your domain configuration. |
akamai terraform export-domain {your-domain-name}
|
export‑edgekv |
Exports your namespace and network's EdgeKV configuration. | akamai terraform export-edgekv {your-namespace-name} {network} |
export‑edgeworker |
Exports your edgeworker's code bundle in .tgz format. |
akamai terraform export-edgeworker {your-edgeworker-id} |
With the --bundlepath flag, this sets the export location to the given path. The default is your active directory. |
akamai terraform export-edgeworker --bundlepath {path-to-your-directory} {your-edgeworker-id} |
|
export‑iam |
With the all subcommand, this exports all available Terraform users, groups, roles, IP allowlist, and CIDR block resources. |
akamai terraform export-iam all |
With the allowlist subcommand, this exports the Terraform IP allowlist and CIDR block resources. |
akamai terraform export-iam allowlist |
|
With the group subcommand, this exports a group by ID with relevant users and their roles. |
akamai terraform export-iam group {your-group-id} |
|
With the role subcommand, this exports a role by ID with relevant users and their groups. |
akamai terraform export-iam role {your-role-id} |
|
With the user subcommand, this exports a user by their email with a relevant user's groups and roles. |
akamai terraform export-iam user {your-user-email} |
|
With the advanced --only option for the group, role, and user subcommands, this exports only specific information. |
akamai terraform export-iam group --only {your-group-id}akamai terraform export-iam role --only {your-role-id} akamai terraform export-iam user --only {your-user-email}
|
|
export‑imaging |
Exports your imaging policy in JSON. | akamai terraform export-imaging {your-contract-id} {your-policy-set-id} |
With the --policy-as-hcl flag, this exports your imaging policy with rules in HCL format. |
akamai terraform export-imaging --policy-as-hcl {your-contract-id} {your-policy-set-id} |
|
With the --policy-json-dir flag, this sets the export location to the given path. The default is your active directory. |
akamai terraform export-imaging --policy-json-dir {path-to-your-directory} {your-contract-id} {your-policy-set-id} |
|
export‑property |
With the --version flag, this exports your property's rules without includes for a specific version. Note: If you don't provide the |
akamai terraform export-property --version {your-property-version-number} {your-property-name} akamai terraform export-property {your-property-name}
|
With the --rules-as-hcl flag, this exports your property's rules as the akamai_property_rules_builder data source in HCL format. |
akamai terraform export-property --rules-as-hcl {your-property-name} |
|
With the --split-depth flag, this exports rules into a dedicated module. Each rule will be placed in a separate file up to a specified nesting level. |
akamai terraform export-property --split-depth={nesting-level-number-value} {your-property-name} |
|
export‑property-include |
Exports your property's include. | akamai terraform export-property-include {your-property-include-name} |
With the --rules-as-hcl flag, this exports your property's include as the akamai_property_rules_builder data source in HCL format. |
akamai terraform export-property-include --rules-as-hcl {your-property-include-name} |
|
With the --split-depth flag, this exports rules into a dedicated module. Each rule will be placed in a separate file up to a specified nesting level. |
akamai terraform export-property-include --split-depth={nesting-level-number-value} {your-property-name} |
|
export‑zone |
With the --resources flag, this generates a JSON-formatted resource file. ‑‑createconfig uses this file as input. |
akamai terraform export-zone --resources {your-dns-zone-name} |
With the --createconfig flag, this generates configurations based on the values in the output files from ‑‑resources. |
akamai terraform export-zone --createconfig {your-dns-zone-name} |
|
With the --importscript flag, this generates an import script for the generated zone configuration. |
akamai terraform export-zone --importscript {your-dns-zone-name} |
|
With the advanced --recordname option for the --resources flag, this filters the generated resource list by a given record name. |
akamai terraform export-zone --resources --recordname {your-record-name} {your-dns-zone-name} |
|
With the advanced --namesonlyoption for the --resources and --createconfig flags, this generates a resource file with recordset names only for all associated record types. |
akamai terraform export-zone --resources --namesonly {your-dns-zone-name} akamai terraform export-zone --createconfig --namesonly {your-dns-zone-name}
|
|
With the advanced --segmentconfig option for the --createconfig flag, this generates a modularized configuration. |
akamai terraform export-zone --createconfig --segmentconfig {your-dns-zone-name} |
|
With the advanced --configonly option for the --createconfig flag, this generates a zone configuration without JSON itemization. The configuration generated varies based on which set of flags you use. |
akamai terraform export-zone --createconfig --configonly {your-dns-zone-name} |
Updated 1 day ago