aztfexport icon indicating copy to clipboard operation
aztfexport copied to clipboard
verified publisher icon Azure

Enhancement: Add support for EntraID (AzureAD provider) resources

Open rmcolbert opened this issue 5 months ago • 2 comments

The work on being able to export AzureRM resources is impressive. It would be equally amazing to be able to export EntraID resources. As an MVP, it would be nice to see support for groups, principals & applications.

rmcolbert avatar Aug 15 '25 11:08 rmcolbert

We have considered it, while there are several challenges:

  1. Current tool is relying on the Azure Resource Graph for listing resources, which is ARM only. For AAD resources, it's likely only available for resource mode (the query mode and group mode doesn't fit)
  2. Current tool is relying on aztft for mapping the ARM resource type to terraform resource type. We need a way to extend aztft to also support AAD resources

Today you can already use the terraform official import block to import and generate config for AAD resources, all you need is to manually list all the resources you want to export. We think the value of the aztfexport is to discover and map the resources automatically for the users, whilst due to the limitations above, it makes the support for AAD not more useful than the terraform import block, that's why we are hesitated to dig more..

magodo avatar Aug 16 '25 01:08 magodo

This may not be the best space to provide such functionality. Instead, I think it would make sense to support graph resource JSON paste to msgraph as a feature within the Microsoft Terraform extension.

stemaMSFT avatar Aug 19 '25 18:08 stemaMSFT