The 'Cannot import non-existent remote object' error occurs when terraform import attempts to import a resource that doesn't exist in the remote provider. This typically happens due to incorrect resource IDs, resources being deleted before import, or misconfigured provider credentials. Resolving this requires verifying the resource exists and using the correct import ID format.
When you run `terraform import`, Terraform contacts your cloud provider and attempts to find the specified resource by ID. If the provider cannot find a resource matching that ID, it returns an error indicating the object does not exist. This means either the resource was never created, has already been deleted, you're looking in the wrong region/project/account, or you've provided an invalid resource ID format for that resource type.
First, confirm that the resource you're trying to import actually exists in your cloud provider. Use the provider's console or CLI:
Google Cloud:
gcloud compute instances list # For compute instances
gcloud storage buckets list # For GCS bucketsAWS:
aws ec2 describe-instances
aws s3 ls # For S3 bucketsAzure:
az resource list
az vm list # For VMsIf the resource is not found, you cannot import it. You'll need to create it first or adjust your import target.
Ensure your provider is configured to access the correct cloud account, region, or project where the resource exists.
Check your Terraform configuration:
provider "google" {
project = "my-project-id"
region = "us-central1"
}
provider "aws" {
region = "us-east-1"
}
provider "azurerm" {
features {}
}Verify your credentials are active:
- Google Cloud: gcloud auth list and gcloud config get-value project
- AWS: aws sts get-caller-identity to verify account and region
- Azure: az account show to check current subscription
If credentials point to the wrong account or region, update your provider configuration or authentication before attempting import.
Each resource type requires a specific ID format for import. Consult the Terraform provider documentation:
Google Cloud examples:
# Compute instance
terraform import google_compute_instance.example projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME
# Cloud Storage bucket
terraform import google_storage_bucket.example bucket-name
# Firewall rule
terraform import google_compute_firewall.example projects/PROJECT_ID/global/firewalls/FIREWALL_NAMEAWS examples:
# EC2 instance
terraform import aws_instance.example i-1234567890abcdef0
# S3 bucket
terraform import aws_s3_bucket.example bucket-name
# VPC
terraform import aws_vpc.example vpc-1234567890abcdef0Azure examples:
# VM
terraform import azurerm_virtual_machine.example /subscriptions/SUBSCRIPTION_ID/resourceGroups/RESOURCE_GROUP/providers/Microsoft.Compute/virtualMachines/VM_NAME
# Storage account
terraform import azurerm_storage_account.example /subscriptions/SUBSCRIPTION_ID/resourceGroups/RESOURCE_GROUP/providers/Microsoft.Storage/storageAccounts/ACCOUNT_NAMEYou can find the exact ID format by looking up the resource in the provider's import documentation or by examining the resource properties in your cloud console.
Once you've verified the resource exists and have the correct ID format, add a resource block to your Terraform configuration:
resource "google_compute_instance" "example" {
# Configuration will be populated by import
}Then run the import command with the full resource ID:
terraform import google_compute_instance.example projects/my-project/zones/us-central1-a/instances/my-instanceIf the resource is found, Terraform will populate the state file and display success. If it still fails, verify the ID format is exactly correct (including hyphens, underscores, and case sensitivity).
Some resource IDs contain special characters that may need escaping in bash or your shell.
Common issues:
- Resource names with spaces or special characters
- Project IDs with hyphens or underscores
- Path-like identifiers requiring proper quoting
Solution:
# Use quotes for IDs with special characters
terraform import 'google_storage_bucket.example' 'bucket-with-dashes-123'
# For complex IDs, use escaped quotes
terraform import google_compute_firewall.example 'projects/my-project-123/global/firewalls/allow-ssh'If your resource name contains spaces or special characters, check the provider documentation for proper escaping rules.
Some older provider versions have bugs or missing import support for certain resources. Update your provider:
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5.0" # Use recent stable version
}
}
}Then reinitialize:
terraform init -upgradeRetry the import with the updated provider.
If the import still fails, consult the official Terraform provider documentation for your resource. Each provider maintains import documentation:
- Google Cloud Provider: https://registry.terraform.io/providers/hashicorp/google/latest/docs
- AWS Provider: https://registry.terraform.io/providers/hashicorp/aws/latest/docs
- Azure Provider: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Search for your specific resource type (e.g., "google_compute_instance") and check the "Import" section for the exact ID format and any known limitations.
Import State Limitations: Not all resource types support import in Terraform. Some resources (like computed or immutable resources) may not be importable. Check the provider documentation's import section to confirm your resource type is importable.
Cross-Account/Cross-Project Import: If you need to import resources from different cloud accounts or GCP projects, you may need multiple provider blocks with different credentials. Use provider aliases to distinguish them:
provider "google" {
alias = "prod"
project = "prod-project-123"
}
resource "google_compute_instance" "prod_example" {
provider = google.prod
# ...
}Import with Data Sources: If direct import fails, you can sometimes use data sources to read the resource instead:
data "google_compute_instance" "example" {
name = "my-instance"
zone = "us-central1-a"
}Then use ${data.google_compute_instance.example.id} to reference the remote resource.
Partial Imports: For some resources, certain nested attributes may not be importable. You may need to manually add configuration for nested blocks (like security group rules, firewall rules, etc.) after import.
Error: Error rendering template: template not found
How to fix "template not found" error in Terraform
Error: Error generating private key
How to fix 'Error generating private key' in Terraform
Error creating Kubernetes Service: field is immutable
How to fix "field is immutable" errors in Terraform
Error: Error creating local file: open: permission denied
How to fix "Error creating local file: permission denied" in Terraform
Error: line endings have changed from CRLF to LF
Line endings have changed from CRLF to LF in Terraform