Is it possible to import an existing AWS Account?
Is it possible to import an existing AWS account, specifically an organization management account? Our org management account is outside of our IAC and we're looking into bringing it in. [r:terragrunt](https://github.com/gruntwork-io/terragrunt)
It is possible, but successfully importing existing accounts highly depends on multiple factors: - How are your resources named and will you be able to retrofit the existing name to the modules? Certain AWS resources force re-creation if you attempt to change - Are you currently using features not yet supported by Gruntwork modules? I've done a few account "codifications" with varying success. With some accounts we've had almost 100% success, but with some we've settled for partial codification. Overall, the process is just - Map out your resources and dependencies - Create IaC configurations for the above - Import the resources with `terragrunt import` (or `terraform import`). The Terraform documentation has good documentation on how to import existing resources. You can also import resources within modules and even resources within deeper module hierarchy, e.g. `terraform import module.mymodule.module.nested_module.aws_msk_cluster.msk arn:aws:kafka:us-east-1:123456789012:cluster/msk-cluster/xxxxx-xxxx-xxxxx` - Usually you have to rerun `terragrunt apply` (or `terraform apply`) to fully reconcile the resource Note that the import part does not change the resource configuration, so it's safe to run. It just tries to reconcile the remote state with the AWS resource. You can also remove the imported resource from the state with `terraform state rm xxxxx.xxxx.xxx`. With a management account, the process might be slightly easier than with a service account - purely because you probably have less resources in the management account.