Aviatrix Terraform: Export

This document will walk you through how the Aviatrix Terraform Export feature works. It is assumed that the user has experience using Terraform, and has the Aviatrix Terraform Provider set up.

To learn more about Terraform, click here.

To learn how to set up the Terraform environment for Aviatrix, click here.

Aviatrix Terraform resource and data source documentation may be found here.

Further questions? Please visit our Support Center for Terraform here.

Use Case:

The Aviatrix Terraform Export feature allows users to export their current Controller configurations (resources) into Terraform files (.tf) and import them into their Terraform environment, facilitating an easy transition to using Terraform to manage their infrastructure.

DISCLAIMER : Export functionality is only available on Controller v4.3+, is currently in beta and does not support every resource and its complete functionality.


In this example, we will use VPN profiles that were created through the Controller and export them into .tf files for an easy import into our Terraform environment.

Step 1

Assume we have the following VPN profiles already created (pictured below), prior to the transition to using Terraform for infrastructure management.



Step 2

In order to bring in existing resources into the environment for Terraform management, we must use terraform import.

The current implementation of Terraform import can only import resources into the state, but does not generate a configuration file (see HashiCorp’s documentation here regarding this issue.)

This is where Aviatrix’s Terraform Export feature is used. We can use this feature to generate not only the necessary configuration files, but also a shell script with the necessary commands to automatically import those existing resources for you.

Simply navigate with the sidebar: Useful Tools > Export to Terraform. Under the Exporter column, click the Download TF button for the corresponding resource(s) you want to export.


If you have multiple resources or want to manage your entire infrastructure through Terraform, you may export your entire current configuration by clicking the Download All button located in the top right corner of the page.

In our case, we will select vpn_profile and download the zip file.


Step 3

Navigate to the directory where the zip was downloaded to and unzip the file. There should be a folder with 2 files:

vpn_profile.tf and vpn_profile_import.sh

If we open vpn_profile.tf, we can see that the exact configurations as seen on the Controller are properly exported into the .tf file.



Step 4

For simplicity’s sake, we will use this folder/ directory as the Terraform environment to manage our VPN profiles. If you prefer to set up your overall infrastructure differently, feel free to move those 2 files into your preferred directory before proceeding.

If you have not already, create a provider.tf as seen below, providing your Aviatrix Controller credentials.

(This can also be specified in the vpn_profile.tf instead, but as best practice, it is better to decouple components, especially credentials, from your variable or configuration files):


Step 5

In your preferred directory, in order to initialise the directory as a Terraform environment, run: terraform init.

Then run the shell script with the command: sh vpn_profile_import.sh


Step 6

Congratulations! Your vpn_profile(s) have been successfully imported into Terraform and can now be easily managed through code.

You may verify that configured files are the same as our Controller configuration by running terraform plan to catch deltas between our local Terraform state and the Controller state. You may use terraform show to see your state.




Now managing your vpn_profile(s) is as simple as modifying your exported vpn_profile.tf file and doing terraform plan to see your changes, and terraform apply to implement those changes. Changes can range from modifying existing profiles, removing them or adding new ones.

As seen below, continuing from our above example, we are changing vpn_profile_1 and removing one of the policies, and adding a new profile in vpn_profile.tf.



Going back to Terminal, by simply doing a terraform plan (1st picture), we see that Terraform detects the changes we want to make. If we are satisfied with these changes, we can go ahead and do terraform apply (2nd picture).



We can again verify these new changes by doing a terraform plan to catch deltas between our new state and the Controller state, as well as a terraform show to view the state.



We can also go to the Controller and confirm that a new profile, profile Name3, has indeed been created, and the edit to profile Name1 has been implemented.



The steps described in the Addendum can be applied and used for the management of any supported resource in their respective .tf file(s).