DEV.co
Open-Source DevOps · Azure

aztfexport

aztfexport is an open-source tool that discovers and imports existing Azure resources into Terraform, generating corresponding HCL configuration and state files. It automates the process of bringing cloud infrastructure under Terraform management without requiring manual resource definition.

Source: GitHub — github.com/Azure/aztfexport
1.9k
GitHub stars
216
Forks
Go
Primary language
MPL-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryAzure/aztfexport
OwnerAzure
Primary languageGo
LicenseMPL-2.0 — OSI-approved
Stars1.9k
Forks216
Open issues46
Latest releasev0.19.0 (2026-01-27)
Last updated2026-07-07
Sourcehttps://github.com/Azure/aztfexport

What aztfexport is

Written in Go, aztfexport leverages aztft for resource type mapping and tfadd for HCL generation, executing terraform import commands to populate state while generating consistent Terraform configurations. It supports both AzureRM and AzAPI providers and requires Terraform ≥ v0.12.

Quickstart

Get the aztfexport source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Azure/aztfexport.gitcd aztfexport# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Legacy Azure Infrastructure Migration

Migrate existing manually-created or manually-managed Azure resources into Terraform state and configuration, enabling IaC governance and drift detection across brownfield environments.

Multi-Resource Bulk Import

Rapidly import dozens of heterogeneous Azure resources (VMs, storage, networking, etc.) in batch operations rather than hand-crafting individual terraform resource blocks.

DevOps Workflow Standardization

Establish Terraform as the single source of truth for Azure infrastructure across teams, allowing consistent state management and plan-based change auditing.

Implementation considerations

  • Verify all Azure resource types you plan to import are supported by the AzureRM or AzAPI provider; check provider docs and aztft mappings before bulk operations.
  • Ensure Terraform ≥ v0.12 is installed and in PATH; test aztfexport against a non-production subscription first to validate output quality and catch unsupported resources early.
  • Plan for manual review and refinement of generated HCL; treat output as a starting point, not production-ready code, and validate against compliance/security policies.
  • Configure telemetry settings (enabled by default) in `$HOME/.aztfexport/config.json` per organizational policy before widespread deployment.
  • Establish version control for generated state and HCL; use Git or similar to track imports and facilitate team review of resource definitions.

When to avoid it — and what to weigh

  • Comprehensive Infrastructure Reproduction Not Required — README explicitly states generated configurations are not comprehensive and cannot fully reproduce infrastructure from configuration alone—unsuitable if you need complete, runnable templates.
  • Limited Resource Type Coverage — Tool only exports resources supported by AzureRM or AzAPI providers; unsupported Azure services will be skipped, requiring manual configuration for gaps.
  • Terraform < v0.12 Environments — Requires Terraform version 0.12 or later; older environments will not work, and upgrade may not be feasible in legacy setups.
  • High Configuration Post-Processing Sensitivity — Generated HCL may require significant manual refinement for production use; if your team cannot validate and modify generated code, adoption friction will be high.

License & commercial use

Licensed under Mozilla Public License 2.0 (MPL-2.0), an OSI-approved copyleft license requiring derivative works to be licensed under MPL-2.0 and providing patent protections.

MPL-2.0 permits commercial use, modification, and distribution with conditions: derivative modifications must be available under MPL-2.0, and original source must be disclosed. Consult legal counsel for specific commercial integration scenarios to ensure compliance with copyleft obligations.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityModerate
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

Tool accesses Azure credentials (CLI or Powershell auth) and generates state files containing sensitive data (passwords, keys, connection strings); restrict filesystem permissions on generated state and credentials. Telemetry is enabled by default—verify compliance with data residency/privacy policies. Source code review recommended for security-critical environments. No published security audit or vulnerability disclosure process information provided.

Alternatives to consider

Terraform Cloud/Enterprise Remote State + Manual HCL

Manual resource definition avoids import tooling but requires more effort; suitable if generated code quality is consistently insufficient or custom logic is required.

Pulumi (Python/TypeScript)

Offers similar import capabilities with multi-language support and broader cloud coverage, but introduces a different IaC language and ecosystem vs. Terraform.

HashiCorp Terraform Cloud Managed Import UI

Integrated Terraform Cloud UI for smaller-scale imports; lacks batch automation but may suit teams already on Terraform Cloud who prefer UI-driven workflows.

Software development agency

Build on aztfexport with DEV.co software developers

Evaluate aztfexport in a non-production environment first. Test resource coverage, review generated HCL quality, and plan for manual refinement before scaling to production.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

aztfexport FAQ

Will generated Terraform configurations be production-ready?
No. README explicitly states configurations are not comprehensive and may require manual refinement. Always review, validate, and test generated code before production use.
What happens if an Azure resource type is not supported?
Unsupported resources will be skipped during export. Check AzureRM and AzAPI provider docs for coverage; unsupported resources must be manually defined or left unmanaged.
Can I use aztfexport with Terraform Cloud?
Not directly stated in README. Tool generates local state and HCL; integration with Terraform Cloud would require manual upload of state and configuration after generation. Requires review.
Is my data safe with telemetry enabled?
Telemetry is sent to Microsoft and includes an installation ID for tracking; no resource details are mentioned in README. Review Microsoft's privacy policy and disable if organizational policy requires it.

Custom software development services

DEV.co helps companies turn open-source tools like aztfexport into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source devops stack.

Ready to Bring Azure Resources Under Terraform?

Evaluate aztfexport in a non-production environment first. Test resource coverage, review generated HCL quality, and plan for manual refinement before scaling to production.