Convert GCP Projects to Terraform

When onboarding legacy GCP projects, manually codifying every resource is tedious. Terraformer inspects APIs and generates provider blocks, resources, and state files that you can refactor into Terraform modules.

Quick Start

export GOOGLE_PROJECT=my-project
export GOOGLE_APPLICATION_CREDENTIALS=$HOME/.config/gcloud/application_default_credentials.json

terraformer import google \
  --projects=$GOOGLE_PROJECT \
  --resources=gcs,iam,compute,bigquery \
  --path-pattern=generated/{provider}/{service}/

Tips

  • Run Terraformer from a clean directory; it outputs generated/ (HCL) + state files.
  • Limit --resources to specific services to avoid API quota issues.
  • Review generated IAM bindings carefully—Terraformer captures every principal, including Google-managed service accounts.

Refactoring Strategy

  1. Group related resources into modules (modules/gcs_bucket, modules/service_account).
  2. Replace hard-coded IDs with variables and data sources; remove credentials from state.
  3. Import existing infrastructure into a remote state backend (terraform import) and run terraform plan to verify no drift remains.

Caveats

  • Generated code mirrors current state but may not follow best practices (naming, modules, secrets handling).
  • APIs with limited Terraform coverage may require manual edits.
  • Terraformer cannot infer business logic; collaborate with system owners before pruning resources.

Alternative

Pulumi’s pulumi import offers a similar workflow if you prefer general-purpose languages for IaC.