Import Existing Infrastructure
TL;DR — Use
@azure-iac-exporterto reverse-engineer live Azure resources into ARM templates. Bring existing infrastructure under Git-Ape management.
Workflow​
Invoke It​
@azure-iac-exporter export rg-legacy-app-prod
What Happens​
- Resource discovery — queries Azure Resource Graph for all resources in the resource group
- Template generation — creates an ARM template with parameters for each resource
- State capture — generates
state.jsonwith current deployment state - Security assessment — runs the security analyzer on the exported template
- Gap identification — flags resources missing best practices (e.g., no managed identity)
Output Structure​
.azure/deployments/legacy-app-prod/
├── template.json # Generated ARM template
├── parameters.json # Extracted parameter values
├── metadata.json # Deployment metadata
├── state.json # Current state snapshot
└── architecture.md # Auto-generated diagram
Common Scenarios​
| Scenario | Command |
|---|---|
| Import a resource group | @azure-iac-exporter export rg-myapp-prod |
| Import specific resources | @azure-iac-exporter export rg-myapp-prod --filter "Microsoft.Web/*" |
| Generate only Bicep | @azure-iac-generator (after export) |
After Import​
Once imported, the resources are managed like any other Git-Ape deployment:
- Drift detection catches future manual changes
- Security analysis identifies gaps to remediate
- CI/CD workflows handle future updates via PR → Plan → Deploy