Abstract

In declarative infrastructure-as-code (IaC) systems, a challenge can arise when the creation of a parent resource also provisions a child resource having a runtime-generated identifier. This scenario may cause IaC tools to register a conflict error when attempting to manage the pre-existing child resource. A protocol is described to programmatically adopt these auto-provisioned singleton resources. The protocol can involve querying a cloud provider’s application programming interface to discover the child resource’s runtime identifier and then using that identifier in a just-in-time import process. This operation can map the existing resource to its declarative configuration block and inject it into the managed state, potentially bypassing a standard create lifecycle phase. This technique can bring previously unmanaged resources under IaC governance, which can help mitigate state drift and enable the application of dependent configurations, such as security policies.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Share

COinS