Abstract
In declarative infrastructure-as-code (IaC) systems, a challenge can arise when the creation of a parent resource also provisions a child resource having a runtime-generated identifier. This scenario may cause IaC tools to register a conflict error when attempting to manage the pre-existing child resource. A protocol is described to programmatically adopt these auto-provisioned singleton resources. The protocol can involve querying a cloud provider’s application programming interface to discover the child resource’s runtime identifier and then using that identifier in a just-in-time import process. This operation can map the existing resource to its declarative configuration block and inject it into the managed state, potentially bypassing a standard create lifecycle phase. This technique can bring previously unmanaged resources under IaC governance, which can help mitigate state drift and enable the application of dependent configurations, such as security policies.
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Bhardwaj, Utkarsh and Awasthi, Shivank, "The Protocol for Just-in-Time Adoption of Auto-Provisioned Singleton Resources", Technical Disclosure Commons, ()
https://www.tdcommons.org/dpubs_series/10688