terracognita
TerraCognita is an open-source tool that reads existing cloud infrastructure from AWS, GCP, Azure, or VMware and automatically generates equivalent Terraform Infrastructure-as-Code (IaC) configurations. It enables teams to adopt IaC practices by converting live cloud deployments into managed Terraform code without manual recreation.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | cycloidio/terracognita |
| Owner | cycloidio |
| Primary language | Go |
| License | MIT — OSI-approved |
| Stars | 2.4k |
| Forks | 171 |
| Open issues | 94 |
| Latest release | v0.8.4 (2023-05-18) |
| Last updated | 2025-09-02 |
| Source | https://github.com/cycloidio/terracognita |
What terracognita is
Written in Go, TerraCognita uses Terraform provider SDKs (AWS v4.9.0, GCP v4.9.0, AzureRM v3.20.0, vSphere v2.2.0) to enumerate cloud resources and output HCL or Terraform state files. It supports selective resource imports via include/exclude filters and can generate modular Terraform code with parameterized variables.
Get the terracognita source
Clone the repository and explore it locally.
git clone https://github.com/cycloidio/terracognita.gitcd terracognita# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires valid cloud credentials (AWS keys, GCP service account, Azure credentials, or vSphere login) with sufficient permissions to list and describe all target resources.
- Generated HCL should be reviewed and tested with `terraform plan` before production use; automated generation may produce incomplete or incorrect resource definitions.
- Module generation feature converts all attributes to variables by default; consider using the `--module-variables` configuration file to reduce variable proliferation in large infrastructures.
- Docker image available; ensure image scanning and credential injection practices are secure when running in containerized CI/CD pipelines.
- Latest stable release (v0.8.4) is from May 2023; verify provider compatibility with current Terraform versions and cloud service offerings before deployment.
When to avoid it — and what to weigh
- Cutting-Edge Provider Features — Provider versions are pinned (AWS v4.9.0 is ~2 years old). Recent cloud service additions may not be supported; requires manual provider version updates and testing.
- Real-Time Cloud Sync — TerraCognita is a one-time import tool, not a continuous sync mechanism. It does not track or auto-update IaC when cloud infrastructure changes outside Terraform.
- Complex Resource Interdependencies — No clear guarantees that generated code handles complex resource dependencies, data source references, or implicit ordering correctly; manual HCL review is required.
- Regulated or High-Security Environments — No documented security audit, encryption handling, or compliance certifications (SOC2, ISO 27001, etc.). Credentials and cloud access must be carefully managed during import.
License & commercial use
Licensed under MIT (permissive OSI license). Permits use in commercial products, modification, and distribution with attribution.
MIT license permits commercial use without restriction. However, confirm with legal that no commercial support, warranty, or indemnification is provided by Cycloid; the tool is provided as-is. Verify compliance with internal IP and open-source policies before integrating into production pipelines.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Moderate |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Tool requires live cloud credentials (IAM keys, service accounts, or vSphere credentials) during import. No documented encryption of credentials in transit or at rest. No security audit or certifications published. Generated IaC must be reviewed to ensure no hardcoded secrets are included. Use short-lived or temporary credentials if possible; ensure secure credential injection in CI/CD environments.
Alternatives to consider
Terraform Cloud/Enterprise Drift Detection
Built-in Terraform feature to detect and manage state drift; does not generate IaC from live infrastructure but maintains state consistency for existing code.
CloudMapper (AWS-only)
AWS-focused alternative for infrastructure discovery and visualization; generates CloudFormation or custom formats, not Terraform, limiting portability.
Pulumi Automation API with cloud SDKs
Programmatic infrastructure enumeration and IaC generation; supports multiple languages and clouds but requires custom scripting; different IaC philosophy.
Build on terracognita with DEV.co software developers
Review the TerraCognita documentation and test in a non-production environment first. Ensure cloud credentials are secure and generated HCL is validated before applying to live infrastructure.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
terracognita FAQ
Does TerraCognita keep infrastructure in sync with live cloud?
Are the generated Terraform configurations production-ready?
What if a cloud provider adds new resource types after the tool is released?
Can I use TerraCognita with Terraform versions newer than v1.1.9?
Custom software development services
Adopting terracognita is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source devops software in production.
Ready to Automate Your IaC Migration?
Review the TerraCognita documentation and test in a non-production environment first. Ensure cloud credentials are secure and generated HCL is validated before applying to live infrastructure.