| name | import-pulumi |
| description | Guide for importing existing Google Cloud resources into Pulumi state. Use when the user says "import resource to Pulumi", "add existing GCP resource", or needs to bring existing infrastructure under Pulumi management. |
import-pulumi
Import existing GCP resources into Pulumi state.
Trigger Examples
- "Import resource to Pulumi"
- "Add existing GCP resource to state"
- "Bring this resource under Pulumi management"
Prerequisites
- Pulumi project exists under
infra/ - Target resources already exist in Google Cloud
- Pulumi backend (GCS) is configured
- Authentication to Google Cloud is available
Execution Flow
1. Confirm Stack and Resource Type
Validate stack is one of: shared, dev, prod
2. Gather Resource Information
Prompt for GCP metadata:
- Project ID (e.g.,
koborin-ai) - Region/location (
asia-northeast1) - Resource name/ID
- Any secondary identifiers
3. Resolve Pulumi Resource Name
Inspect infra/src/stacks/*.ts to find the Pulumi resource name.
4. Build Import Command
Use CLI-based import (NOT code-based import options):
cd infra
pulumi stack select <stack>
pulumi import <resource-type> <resource-name> "<import-id>" --yes
5. Provide Command to User
Run the following commands:
cd infra
export PULUMI_BACKEND_URL=gs://${BUCKET_NAME}/pulumi
export PULUMI_CONFIG_PASSPHRASE=""
pulumi stack select <stack>
pulumi import <resource-type> <resource-name> "<import-id>" --yes
Let me know "success" or share the error output.
6. Wait for Result
- Success: Move to next resource or verify with
pulumi preview - Failure: Analyze error and adjust
7. Verify After Imports
pulumi stack ls
pulumi preview
# Expected: minimal changes
Import ID Formats
| Resource Type | Import ID Format |
|---|---|
gcp:cloudrunv2/service:Service |
projects/{project}/locations/{region}/services/{name} |
gcp:cloudrunv2/serviceIamMember:ServiceIamMember |
projects/{project}/locations/{region}/services/{name} {role} {member} |
gcp:projects/service:Service |
{project}/{api} |
gcp:compute/globalAddress:GlobalAddress |
projects/{project}/global/addresses/{name} |
gcp:compute/backendService:BackendService |
projects/{project}/global/backendServices/{name} |
gcp:compute/regionNetworkEndpointGroup:RegionNetworkEndpointGroup |
projects/{project}/regions/{region}/networkEndpointGroups/{name} |
gcp:iam/workloadIdentityPool:WorkloadIdentityPool |
projects/{project}/locations/global/workloadIdentityPools/{pool} |
gcp:serviceaccount/account:Account |
projects/{project}/serviceAccounts/{email} |
gcp:projects/iAMMember:IAMMember |
{project} {role} {member} |
gcp:artifactregistry/repository:Repository |
projects/{project}/locations/{region}/repositories/{name} |
Example: Import Cloud Run Service
Command:
/import-pulumi dev cloudrunv2/service:Service
Conversation:
Please share the existing resource information:
- Project ID:
- Location (region):
- Service name:
User:
Project ID: koborin-ai
Location: asia-northeast1
Service name: koborin-ai-web-dev
Agent:
Run the following commands:
cd infra
pulumi stack select dev
pulumi import gcp:cloudrunv2/service:Service web-dev \
"projects/koborin-ai/locations/asia-northeast1/services/koborin-ai-web-dev" --yes
Let me know the result.
Important Notes
CLI Import Only: Always use
pulumi importcommand. Never use code-basedimportoptions in resource definitions.One at a Time: Import resources one at a time, waiting for confirmation.
Verify After: Always run
pulumi previewafter importing to spot drift.CI/CD Only for Apply: Import can be done locally, but
pulumi upshould only run via GitHub Actions.
Error Handling
- "Resource already exists in state": Check with
pulumi stackand skip - "Resource not found": Verify identifiers and project/region
- "Permission denied": Authenticate with sufficient IAM roles