Run Your First Discovery Scan

Scan your cloud account, see everything running, and turn existing infrastructure into Terraform code — without recreating anything.

Scenario

You have AWS resources running in your account that were created manually or by other tools. You want to:

Get a full inventory of what exists
Bring specific resources under IaC control
Generate Terraform code that represents the current state

Prerequisites

✓AWS (or GCP/Azure) integration connected — Connect your cloud

✓Integration has read permissions on your cloud account

Step 1: Open Discovery and Start a New Scan

Navigate to Discovery in the left sidebar. The overview page shows your previous scans and discovered resources.

Click New Scan to open the discovery wizard, then select your cloud provider.

Discovery wizard — select cloud provider

Step 2: Configure the Scan

For AWS

Field	What to enter
Integration	Select the AWS integration you connected
Regions	Pick specific regions or select all (scanning all regions takes longer)
Resource Types	Leave as default ("Select Common") to scan EC2, VPC, RDS, S3, Lambda, and other common types — or choose specific types to narrow the scan

For GCP

Field	What to enter
Integration	Select your GCP integration
Project ID	The GCP project to scan
Asset Types	Optional — filter to specific resource types

For Azure

Field	What to enter
Integration	Select your Azure integration
Subscription ID	The subscription to scan
Resource Groups	Optional — limit to specific resource groups

Click Start Scan when ready.

Step 3: Watch the Scan Progress

The scan runs asynchronously and streams results in real time.

Discovery scan in progress — showing resource count and current region

The progress view shows:

Current phase — connecting, scanning regions, processing results
Resources found — live count of discovered resources
Current region — which AWS region is currently being scanned
Recent resources — a live feed of the most recently found items

AWS scans typically complete in 1–5 minutes. You can leave this page and come back — the scan continues in the background.

Step 4: Review and Select Resources

When the scan completes, you see a full resource browser. Resources are grouped by type — EC2, VPC, RDS, S3, Lambda, and so on.

Discovery resource browser — select resources to import

Use the filters to narrow down what you see:

Filter by type

Focus on EC2, RDS, S3, VPC, or any specific resource category

Show idle resources

Surface stopped instances, empty buckets, unused security groups

Unmanaged only

See only resources not yet tracked by any IaC project

Resource details

Click any resource to see its full metadata, tags, region, and configuration

Check the boxes next to the resources you want to import. You can select individual resources, all resources of a type, or everything from a region. Click Import Selected when ready.

Step 5: Link to an IaC Project

Choose where the imported resources will live.

Discovery — link resources to an IaC project

1Create new project or select an existing IaC project

2Choose code format: Monolithic (one file), File-based (one per resource type), or Modular (Terraform modules)

3Click Continue

Step 6: Configure the State Backend

Tell ops0 where to store the Terraform state file for this project.

Discovery — configure Terraform state backend

Backend	Required fields
AWS S3	Bucket name, key (path), region, optional DynamoDB table for locking
GCP GCS	Bucket name, prefix
Azure Blob	Storage account, container, blob key
Local	No configuration needed (not recommended for teams)

Click Generate Code when done.

Step 7: Review the Generated Terraform Code

ops0 generates .tf files representing your selected resources in their current state.

Discovery — generated Terraform code in the editor

The editor shows the generated files:

main.tf — resource definitions matching your live infrastructure
variables.tf — extracted variables
backend.tf — state backend configuration
provider.tf — provider and credentials configuration

Review the code. You can edit it directly in the editor before completing the import. Once satisfied, click Complete Import.

Step 8: Import Complete

Discovery import complete — IaC project created

Your resources are now tracked in the IaC project. ops0 has:

Generated Terraform code for all selected resources
Written the state file to your configured backend
Linked the project to your cloud integration

Verification

Confirm everything is working:

Open the IaC project that was created
Click Deploy → Run Plan
The plan should show 0 changes — the generated code matches the live infrastructure exactly

A clean plan confirms ops0 accurately represents your current state. Any differences shown in the plan are real drift between the generated code and the actual resource configuration.

(Optional) Push to GitHub

If you have a GitHub integration connected, push the generated code to version control:

1In the IaC project, click GitHub Sync → Push

2Select repository, branch, and folder path

3Toggle Create Pull Request to open a PR for review before merging

4Click Push — ops0 commits all .tf files to branch pulse-discovery-{timestamp}

Next Steps

Deploy changes →

Make infrastructure changes and deploy through ops0

Enable drift detection →

Get alerted when someone changes infrastructure outside of ops0

Troubleshooting

Scan returns 0 resources

Verify the integration has read permissions. For AWS, the IAM role needs ReadOnlyAccess or equivalent. Ensure you selected the regions where your resources actually exist.

Scan stuck at "scanning"

Large accounts with many resources can take 5–10 minutes. If completely stalled, check that the integration credentials are still valid — IAM role sessions can expire.

Plan shows changes after import

Some resource attributes set to provider defaults are omitted from generated code. Edit the generated code to explicitly set those values, then re-run the plan until it shows 0 changes.