importing aws_iam_policy multiple times

Question

I have created resource stub for importing iam customer managed policy as below.

resource "aws_iam_policy" "customer_managed_policy" {
  name = var.customer_managed_policy_name
  policy = "{}"
}

The import command used is:

$ terraform import -var 'customer_managed_policy_name=ec2-readonly' aws_iam_policy.customer_managed_policy arn:aws:iam::<account ID>:policy/ec2-readonly

This works fine for first time. But If I want to make it dynamic in order to import any number of policies, I don't know how to do.

Because "aws_iam_policy" resource will use policy name and policy data/json as attributes, for them by using for_each or list, multiple resources can be created but in import command I need to pass policy arn which is different.

Answer 1

I think there is a misunderstanding on how terraform works.

Terraform maps 1 resource to 1 item in state and the state file is used to manage all created resources.

To import "X" resources, "X" resources must exist in your terraform configuration so "X" can be mapped to state.

2 simple ways to achieve this would be by using "count" or "for_each" to map "X" resources to state. Therefore being able to import "X" resources.

Now, it is important to noticed that after you import a resource, if your terraform configuration it's not equal to the imported resource, once you run terraform apply, terraform will be update all imported resources to match your terraform configuration file.