Importing a CloudTrail trail created in another region

[Josh Smift]

I'm looking to import a CloudTrail trail that was created in us-west-1; in my AWS provider spec, I set region = us-east-1, because the other resources I'm managing are all in us-east-1. I've got this config:

{

  "provider": {

    "aws": {

      "region": "us-east-1",

      "version": "~> 1.15.0"

    }

  },

  "resource": {

    "aws_cloudtrail": {

      "cloudtrail_dev": {

        "include_global_service_events": true,

        "is_multi_region_trail": true,

        "name": "Default",

        "s3_bucket_name": "mybucket"

      }

    }

  }

}

When I try `terraform import aws_cloudtrail.cloudtrail_dev Default`, I get this error:

* import aws_cloudtrail.cloudtrail_dev result: Default: import aws_cloudtrail.cloudtrail_dev (id: Default): Terraform detected a resource with this ID doesn't

exist. Please verify the ID is correct. You cannot import non-existent

resources using Terraform import.

If I set `AWS_DEFAULT_REGION=us-west-1`, that doesn't help. If I change the provider config, the import works, but of course now the provider is wrong for everything else. If I change the provider back after importing, `terraform plan` says it wants to create a new trail. The aws_cloudtrail object in Terraform doesn't seem to take a `region` parameter.

I could potentially just create a new trail, and delete the old one, but that'll probably involve a non-trivial amount of audit/compliance paperwork. :^p I don't see an obvious way to change the "home region" of a trail at AWS; I don't entirely understand what this is even for, given that the trail is multi-region anyway.

Any other suggestions?

[⁞ Fernando Miguel]

Use a provider alias and create that resource with it, instead of your aws provider 

--
Fernando Miguel

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/63633b6e-f4cf-4471-94a3-da51056b07d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Josh Smift]

Hm, possible; but then I've got a second provider just for this, which seems weird.

Also, the actual situation is (of course :^ ) more complicated: This is in a TF environment where I'm managing resources in multiple AWS accounts, using Terrascript to generate the config for them, and each AWS account already has its own provider... So now I'd need two for each account, one for just the CloudTrail trail. Which, again, is doable, it just seems weird.

Thinking about this some more, part of what I think I was trying to figure out is if this is a Terraform bug; but I think it isn't, because I get similar (if weird) results with the AWS CLI, where `aws cloudtrail describe-trails` shows my trail, but `aws cloudtrail describe-trails --trail-name-list Default` doesn't, unless I add `--region us-west-1`. None of that makes any sense to me, but given that it's what AWS is doing, I'm not sure what else Terraform can do about it. :^p

Thanks for the suggestion! That may be the only way out other than re-creating the trail.