Convert GCP Projects to Terraform
When onboarding legacy GCP projects, manually codifying every resource is tedious. Terraformer inspects APIs and generates provider blocks, resources, and state files that you can refactor into Terraform modules.
Quick Start
export GOOGLE_PROJECT=my-project
export GOOGLE_APPLICATION_CREDENTIALS=$HOME/.config/gcloud/application_default_credentials.json
terraformer import google \
--projects=$GOOGLE_PROJECT \
--resources=gcs,iam,compute,bigquery \
--path-pattern=generated/{provider}/{service}/
Tips
- Run Terraformer from a clean directory; it outputs
generated/
(HCL) + state files. - Limit
--resources
to specific services to avoid API quota issues. - Review generated IAM bindings carefully—Terraformer captures every principal, including Google-managed service accounts.
Refactoring Strategy
- Group related resources into modules (
modules/gcs_bucket
,modules/service_account
). - Replace hard-coded IDs with variables and data sources; remove credentials from state.
- Import existing infrastructure into a remote state backend (
terraform import
) and runterraform plan
to verify no drift remains.
Caveats
- Generated code mirrors current state but may not follow best practices (naming, modules, secrets handling).
- APIs with limited Terraform coverage may require manual edits.
- Terraformer cannot infer business logic; collaborate with system owners before pruning resources.
Alternative
Pulumi’s pulumi import
offers a similar workflow if you prefer general-purpose languages for IaC.