Skip to main content

Generating configuration

OpenTofu can generate code for the resources you define in import blocks that do not already exist in your configuration. OpenTofu produces HCL to act as a template that contains OpenTofu's best guess at the appropriate value for each resource argument.

Starting with OpenTofu's generated HCL, we recommend iterating to find your ideal configuration by removing some attributes, adjusting the value of others, and rearranging resource blocks into files and modules as appropriate.

To generate configuration, run tofu plan with the -generate-config-out flag and supply a new file path. Do not supply a path to an existing file, or OpenTofu throws an error.

$ tofu plan -generate-config-out=generated_resources.tf

If any resources targeted by an import block do not exist in your configuration, OpenTofu then generates and writes configuration for those resources in generated_resources.tf.

Workflow

The workflow for generating configuration is similar to the import block workflow, with the extra step of generating configuration during the planning stage. You can then review and modify the generated configuration before applying.

1. Add the import block

Add an import block to your configuration. This import block can be in a separate file (e.g., import.tf) or an existing configuration file.

import {
to = aws_iot_thing.bar
id = "foo"
}

The import block's to argument points to the address a resource will have in your state file. If a resource address in your state matches an import block's to argument, OpenTofu attempts to import into that resource. In future planning, OpenTofu knows it doesn't need to generate configuration for resources that already exist in your state.

The import block's id argument uses that resource's import ID.

If your configuration does not contain other resources for your selected provider, you must add a provider block to inform OpenTofu which provider it should use to generate configuration. Otherwise, OpenTofu displays an error if it can not determine which provider to use. If you add a new provider block to your configuration, you must run tofu init again.

2. Plan and generate configuration

To instruct OpenTofu to generate configuration for the import blocks you defined, run tofu plan with the -generate-config-out= flag and a new file path. OpenTofu displays its plan for importing your resource and the file where OpenTofu generated configuration based on this plan.

$ tofu plan -generate-config-out=generated.tf

aws_iot_thing.bar: Preparing import... [id=foo]
aws_iot_thing.bar: Refreshing state... [id=foo]

OpenTofu will perform the following actions:

# aws_iot_thing.bar will be imported
# (config will be generated)
resource "aws_iot_thing" "bar" {
arn = "arn:aws:iot:eu-west-1:1234567890:thing/foo"
attributes = {}
default_client_id = "foo"
id = "foo"
name = "foo"
version = 1
}

Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.


│ Warning: Config generation is experimental

│ Generating configuration during import is currently experimental, and the generated configuration format may change in future versions.


──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

OpenTofu has generated configuration and written it to generated.tf. Please review the configuration and edit it as necessary before adding it to version control.

3. Review generated configuration

The example above instructs OpenTofu to generate configuration in a file named generated.tf. The below code is an example of a generated.tf file.

resource aws_iot_thing "bar" {
name = "foo"
}

Review the generated configuration and update it as needed. You may wish to move the generated configuration to another file, add or remove resource arguments, or update it to reference input variables or other resources in your configuration.

4. Apply

Run tofu apply to import your infrastructure.

$ tofu apply

aws_iot_thing.bar: Preparing import... [id=foo]
aws_iot_thing.bar: Refreshing state... [id=foo]

OpenTofu will perform the following actions:

# aws_iot_thing.bar will be imported
resource "aws_iot_thing" "bar" {
arn = "arn:aws:iot:eu-west-1:1234567890:thing/foo"
attributes = {}
default_client_id = "foo"
id = "foo"
name = "foo"
version = 1
}

Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.
aws_iot_thing.bar: Importing... [id=foo]
aws_iot_thing.bar: Import complete [id=foo]

Apply complete! Resources: 1 imported, 0 added, 0 changed, 0 destroyed.

Commit your new resource configuration to your version control system.

Limitations

Conflicting resource arguments

OpenTofu generates configuration for importable resources during a plan by requesting values for resource attributes from the provider. For certain resources with complex schemas, OpenTofu may not be able to construct a valid configuration from these values.

OpenTofu will display an error like the one below if it does not receive values for resource attributes while generating configuration.

$ tofu plan -generate-config-out=generated.tf

│ Error: Conflicting configuration arguments

│ with aws_instance.ubuntu,
│ on g.tf line 20, in resource "aws_instance" "ubuntu":
│ 20: ipv6_address_count = 0

│ "ipv6_address_count": conflicts with ipv6_addresses

In the example above, OpenTofu still generates configuration and writes it to generated.tf. This error stems from a conflict between the ipv6_address_count and ipv6_addresses arguments. The resource supports both of these arguments, but you must choose only one when configuring the resource. You could fix the error by removing one of these two arguments, then running tofu plan again to check that there are no further issues.