AWS CloudFormation IaC Generator
Dhaval Nagar / CEO
AWS CloudFormation launches a new feature that makes it easy to generate AWS CloudFormation templates and AWS CDK apps for existing AWS resources that are managed outside CloudFormation.
This new feature is particularly useful if your account has resources that are created manually and you want to create a CloudFormation template from that. Before this feature, you have to manually look at each of the resources with all the properties and manually create the templates, or use any 3rd party services. Doing this manually is time consuming and error-prone if you are not carefully evaluating all the properties and configurations.
Scan Resources
We put this on test for one of our Mumbai region accounts. This account has only one Cloudformation stack and it's primarily Serverless resources like Lambda functions, API Gateway, DynamoDB tables, S3, CloudFront, Route53, etc.
Scan will return all the resources including those that are already managed by another CloudFormation stack and those that are not part of any stack.
We tried on another account having 100 existing Cloudformation stacks, with almost 9000 resources. It takes a while to scan and report.
Select Resources
Based on scan, you can create another stack or add these resources into existing stack. The resources that are currently managed by another stack are not allowed to be selected.
This account has only application running and out of 400+ scanned resources, only about 100 are valid resources, remaining all are either default AWS resources or CloudWatch Log Streams (which in the case of a Lambda-based application will be a lot). In current UI, there is no easy way to exclude these resources, probably will change over time.
For some reason, selecting Route53 resource selects the default VPC as an associated resource, but Route53 was actually associated with CloudFront distribution.
Import to Cloudformation Stack
Once you finalize the resources, it creates a template based on your choice of the language - YAML or JSON. Now you can import this template to a stack and migrate these resources to the managed template.
Recommendations
- Select the resources properly, I don't think it selects resources based on the required dependencies. For example, the default VPC came as associated resource for Route53 resolver, but none of the other VPC resources were selected.
- Make sure to validate the generated template. Assuming that it will miss something like DependsOn and other such intricacies.
- In general, any resource in a CloudFormation template that refers to another resource will automatically have an implied DependsOn. So, you particularly need to add a DependsOn when there is no direct relationship between resources, but order is important.
- There are some resource specific intricacies that you need to lookup and resolve. More detail here - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/generate-IaC.html