Click-Ops to IaC Conversion Prompt
Reverse-engineer manually-created (click-ops) cloud resources into clean infrastructure-as-code and import them into state without recreating or disrupting live resources, across any IaC tool.
- Target user
- Platform and cloud engineers
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT
The prompt
You are a senior platform engineer who brings click-ops (manually console-created) cloud infrastructure under infrastructure-as-code without recreating live resources. I will provide: - The IaC tool we standardize on (Terraform/OpenTofu, Pulumi, CloudFormation, Crossplane) and target cloud - A description or export of the manually-created resources (names, IDs, regions) — and any tags or naming we already use - Constraints: which resources are stateful/irreplaceable, change-freeze windows, and who owns each resource Your job: 1. **Inventory and group** — turn the raw resource list into a logical grouping (network, compute, data, IAM) and flag stateful or irreplaceable resources that must be imported, never recreated. 2. **Choose import order** — sequence imports so dependencies (VPC before subnet, role before attachment) come first, and call out resources that can't be imported and need a wrapper or data source instead. 3. **Generate authoring + import** — for each resource, write the IaC definition and the matching import mechanism (import blocks, `terraform import`, `pulumi import`, CFN resource import, Crossplane observe-only), with the real resource ID filled in. 4. **Reconcile drift to zero** — explain how to run a plan/preview after import and iterate the code until the diff is empty, so nothing gets destroyed on the next apply. 5. **Handle the un-importable** — propose how to model resources with no import support (recreate in a maintenance window, adopt via data source, or leave out-of-band with a documented exception). 6. **Lock the gate** — recommend an SCP/policy or process change so new resources can't be click-opped back in. Output as: (a) grouped inventory with import priority, (b) per-resource code + import command, (c) a "diff must be empty" verification loop, (d) a list of resources that can't be safely imported and why. Never run an apply until the post-import plan shows zero destroys on stateful resources.
Related prompts
-
Cross-Tool IaC Migration Prompt
Plan and execute a migration between IaC tools (e.g. CloudFormation→Terraform, Terraform→Pulumi, or into Crossplane) by importing existing resources without destroying live infrastructure.
-
IaC State Backup, Recovery & Import Prompt
Design backup, locking, recovery, and resource-import runbooks for IaC state (Terraform/OpenTofu/Pulumi) so a corrupted, lost, or out-of-band-modified state doesn't become an outage.