AWS CloudFormation IaC Generator

Dhaval Nagar / CEO

AWS CloudFormation launches a new feature that makes it easy to generate AWS CloudFormation templates and AWS CDK apps for existing AWS resources that are managed outside CloudFormation.

This new feature is particularly useful if your account has resources that are created manually and you want to create a CloudFormation template from that. Before this feature, you have to manually look at each of the resources with all the properties and manually create the templates, or use any 3rd party services. Doing this manually is time consuming and error-prone if you are not carefully evaluating all the properties and configurations.

CloudFormation IaC Generator

Scan Resources

We put this on test for one of our Mumbai region accounts. This account has only one Cloudformation stack and it's primarily Serverless resources like Lambda functions, API Gateway, DynamoDB tables, S3, CloudFront, Route53, etc.

IaC Scanned Resources

Scan will return all the resources including those that are already managed by another CloudFormation stack and those that are not part of any stack.

We tried on another account having 100 existing Cloudformation stacks, with almost 9000 resources. It takes a while to scan and report.

IaC Scanned Resources

Select Resources

Based on scan, you can create another stack or add these resources into existing stack. The resources that are currently managed by another stack are not allowed to be selected.

Open Resources vs Managed Resources

This account has only application running and out of 400+ scanned resources, only about 100 are valid resources, remaining all are either default AWS resources or CloudWatch Log Streams (which in the case of a Lambda-based application will be a lot). In current UI, there is no easy way to exclude these resources, probably will change over time.

For some reason, selecting Route53 resource selects the default VPC as an associated resource, but Route53 was actually associated with CloudFront distribution.

Route53 Selected Resources
Default VPC

Import to Cloudformation Stack

Once you finalize the resources, it creates a template based on your choice of the language - YAML or JSON. Now you can import this template to a stack and migrate these resources to the managed template.

Imported Stack based on selected resources

Recommendations

  • Select the resources properly, I don't think it selects resources based on the required dependencies. For example, the default VPC came as associated resource for Route53 resolver, but none of the other VPC resources were selected.
  • Make sure to validate the generated template. Assuming that it will miss something like DependsOn and other such intricacies.
  • In general, any resource in a CloudFormation template that refers to another resource will automatically have an implied DependsOn. So, you particularly need to add a DependsOn when there is no direct relationship between resources, but order is important.
  • There are some resource specific intricacies that you need to lookup and resolve. More detail here - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/generate-IaC.html

More articles

Running Ollama, Llava-Phi3 on a small AWS EC2 Instance for Image Analysis

Ollma is a great way to run models locally, better privacy, performance, and cost utilization. In this post we will are using a small EC2 instance to do Image analysis with the custom Llava-Phi3 model.

Read more

From GPT to 3D Print in Minutes

Few days back a colleague shared a video where the guy built a Voice to (3D) Print automation using ChatGPT, Python, Rhino 3D, and Grasshopper. We thought it would be cool to give it a try.

Read more

Tell us about your project

Our office

  • 408-409, SNS Platina
    Opp Shrenik Residecy
    Vesu, Surat, India
    Google Map