View a markdown version of this page

自动将 Amazon 资源导入 CloudFormation 堆栈 - Amazon CloudFormation
问题排查支持的资源类型
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

自动将 Amazon 资源导入 CloudFormation 堆栈

现在,您可以在创建或更新 CloudFormation 堆栈时自动导入命名资源命名资源是具有自定义名称的资源。有关更多信息,请参阅 CloudFormation 模板参考中的名称类型

当您启动自动导入时,CloudFormation 会检查是否存在与您的模板匹配的现有资源,并在部署期间导入它们。对于嵌套堆栈,请从根堆栈创建更改集。

在导入完成后以及执行后续堆栈操作之前,我们建议对导入的资源运行偏差检测。偏差检测确保模板配置与实际配置匹配。有关更多信息,请参阅 在整个 CloudFormation 堆栈上检测偏差

要导入资源,它们需要满足下面的要求:

  • 资源必须具有您的模板中定义的静态自定义名称。目前不支持动态名称(使用 !Ref 或其他函数)。

  • 资源必须具有 RetainRetainExceptOnCreateDeletionPolicy

  • 资源不能已属于另一个 CloudFormation 堆栈。

  • 资源类型必须支持 CloudFormation 导入操作。有关更多信息,请参阅 资源类型支持

  • 资源类型的主 ID 或附加标识符必须位于模板中。不支持具有只读属性的主 ID 或附加标识符。要找出某一类型的主 ID 或附加标识符,请在资源架构中查找 primaryIdentifieradditionalIdentifiers 属性。有关这些内容的更多信息,请参阅资源类型定义架构

例自动导入示例

以下示例使用更改集 CreateChangeSet 根据模板文件 template.yaml 创建名为 my-stack 的堆栈,并自动导入匹配的资源。

aws cloudformation create-change-set \
  --stack-name my-stack \
  --change-set-name CreateChangeSet \
  --change-set-type CREATE \
  --template-body file://template.yaml \
  --import-existing-resources

问题排查

如果自动导入失败,请执行下列操作进行故障排除:

  • 验证您的模板中的资源名称是否与资源名称完全匹配

  • 验证资源是否尚未由其他堆栈管理

  • 确保资源类型支持自动导入

  • 验证您的模板是否包括资源类型的所有必需属性

支持的资源类型

下表列出了当前支持自动导入的 Amazon 资源类型。

资源

AWS::ACMPCA::CertificateAuthorityActivation

AWS::ACMPCA::Permission

AWS::APS::ResourcePolicy

AWS::ARCZonalShift::ZonalAutoshiftConfiguration

AWS::ApiGateway::BasePathMapping

AWS::ApiGateway::DocumentationVersion

AWS::ApiGateway::DomainName

AWS::ApiGateway::Method

AWS::ApiGateway::Model

AWS::ApiGateway::Stage

AWS::ApiGatewayV2::DomainName

AWS::AppFlow::Connector

AWS::AppFlow::ConnectorProfile

AWS::AppFlow::Flow

AWS::AppIntegrations::EventIntegration

AWS::AppStream::AppBlockBuilder

AWS::AppStream::ApplicationEntitlementAssociation

AWS::AppStream::ApplicationFleetAssociation

AWS::AppStream::DirectoryConfig

AWS::AppStream::Entitlement

AWS::AppStream::ImageBuilder

AWS::AppStream::Stack

AWS::AppSync::DomainName

AWS::AppSync::SourceApiAssociation

AWS::ApplicationAutoScaling::ScalableTarget

AWS::Athena::CapacityReservation

AWS::Athena::DataCatalog

AWS::Athena::PreparedStatement

AWS::Athena::WorkGroup

AWS::AutoScaling::AutoScalingGroup

AWS::AutoScaling::LaunchConfiguration

AWS::AutoScaling::LifecycleHook

AWS::AutoScaling::WarmPool

AWS::Backup::BackupVault

AWS::Backup::LogicallyAirGappedBackupVault

AWS::Backup::RestoreTestingPlan

AWS::Backup::RestoreTestingSelection

AWS::Backup::TieringConfiguration

AWS::Batch::ComputeEnvironment

AWS::Batch::JobDefinition

AWS::Batch::QuotaShare

AWS::Batch::ServiceEnvironment

AWS::Bedrock::ResourcePolicy

AWS::BedrockAgentCore::WorkloadIdentity

AWS::CUR::ReportDefinition

AWS::Cases::Field

AWS::Cassandra::Keyspace

AWS::Cassandra::Table

AWS::Cassandra::Type

AWS::CloudFormation::ModuleDefaultVersion

AWS::CloudFormation::Stack

AWS::CloudFormation::StackSet

AWS::CloudFront::ConnectionFunction

AWS::CloudFront::KeyValueStore

AWS::CloudFront::MonitoringSubscription

AWS::CloudFront::TrustStore

AWS::CloudTrail::ResourcePolicy

AWS::CloudTrail::Trail

AWS::CloudWatch::Alarm

AWS::CloudWatch::CompositeAlarm

AWS::CloudWatch::Dashboard

AWS::CloudWatch::MetricStream

AWS::CodeDeploy::Application

AWS::CodeDeploy::DeploymentConfig

AWS::CodeDeploy::DeploymentGroup

AWS::CodeGuruProfiler::ProfilingGroup

AWS::CodePipeline::CustomActionType

AWS::CodePipeline::Pipeline

AWS::CodeStarConnections::SyncConfiguration

AWS::Cognito::IdentityPoolPrincipalTag

AWS::Cognito::IdentityPoolRoleAttachment

AWS::Cognito::UserPoolDomain

AWS::Cognito::UserPoolGroup

AWS::Cognito::UserPoolIdentityProvider

AWS::Cognito::UserPoolResourceServer

AWS::Cognito::UserPoolRiskConfigurationAttachment

AWS::Cognito::UserPoolUICustomizationAttachment

AWS::Cognito::UserPoolUser

AWS::Cognito::UserPoolUserToGroupAttachment

AWS::Config::AggregationAuthorization

AWS::Config::ConfigRule

AWS::Config::ConfigurationAggregator

AWS::Config::ConformancePack

AWS::Config::OrganizationConformancePack

AWS::Config::StoredQuery

AWS::Connect::ApprovedOrigin

AWS::Connect::DataTableAttribute

AWS::Connect::IntegrationAssociation

AWS::Connect::PredefinedAttribute

AWS::ControlTower::EnabledControl

AWS::CustomerProfiles::CalculatedAttributeDefinition

AWS::CustomerProfiles::Domain

AWS::CustomerProfiles::EventStream

AWS::CustomerProfiles::EventTrigger

AWS::CustomerProfiles::Integration

AWS::CustomerProfiles::ObjectType

AWS::CustomerProfiles::Recommender

AWS::CustomerProfiles::SegmentDefinition

AWS::DMS::DataMigration

AWS::DMS::DataProvider

AWS::DMS::InstanceProfile

AWS::DMS::MigrationProject

AWS::DMS::ReplicationConfig

AWS::DataBrew::Dataset

AWS::DataBrew::Job

AWS::DataBrew::Project

AWS::DataBrew::Recipe

AWS::DataBrew::Ruleset

AWS::DataBrew::Schedule

AWS::DataZone::Domain

AWS::DataZone::Environment

AWS::DataZone::EnvironmentActions

AWS::DataZone::EnvironmentBlueprintConfiguration

AWS::DataZone::EnvironmentProfile

AWS::DataZone::FormType

AWS::DataZone::Project

AWS::Deadline::QueueFleetAssociation

AWS::Deadline::QueueLimitAssociation

AWS::Detective::MemberInvitation

AWS::Detective::OrganizationAdmin

AWS::DocDB::GlobalCluster

AWS::DynamoDB::GlobalTable

AWS::DynamoDB::Table

AWS::EC2::EnclaveCertificateIamRoleAssociation

AWS::EC2::GatewayRouteTableAssociation

AWS::EC2::KeyPair

AWS::EC2::LocalGatewayRoute

AWS::EC2::NetworkInterfaceAttachment

AWS::EC2::NetworkPerformanceMetricSubscription

AWS::EC2::RouteServerAssociation

AWS::EC2::RouteServerPropagation

AWS::EC2::SecurityGroupVpcAssociation

AWS::EC2::SqlHaStandbyDetectedInstance

AWS::EC2::TransitGatewayMeteringPolicyEntry

AWS::EC2::TransitGatewayMulticastDomainAssociation

AWS::EC2::TransitGatewayMulticastGroupMember

AWS::EC2::TransitGatewayMulticastGroupSource

AWS::EC2::TransitGatewayRoute

AWS::EC2::TransitGatewayRouteTableAssociation

AWS::EC2::TransitGatewayRouteTablePropagation

AWS::EC2::VPCDHCPOptionsAssociation

AWS::EC2::VPCEndpointServicePermissions

AWS::EC2::VPNConnectionRoute

AWS::EC2::VolumeAttachment

AWS::ECR::PublicRepository

AWS::ECR::PullThroughCacheRule

AWS::ECR::PullTimeUpdateExclusion

AWS::ECR::Repository

AWS::ECR::RepositoryCreationTemplate

AWS::ECS::CapacityProvider

AWS::ECS::Cluster

AWS::ECS::ClusterCapacityProviderAssociations

AWS::ECS::PrimaryTaskSet

AWS::EKS::AccessEntry

AWS::EKS::Addon

AWS::EKS::Cluster

AWS::EKS::FargateProfile

AWS::EKS::IdentityProviderConfig

AWS::EMR::SecurityConfiguration

AWS::EMR::StudioSessionMapping

AWS::EMR::WALWorkspace

AWS::ElastiCache::ReplicationGroup

AWS::ElastiCache::ServerlessCache

AWS::ElastiCache::SubnetGroup

AWS::ElastiCache::User

AWS::ElastiCache::UserGroup

AWS::ElasticBeanstalk::Application

AWS::ElasticBeanstalk::Environment

AWS::EntityResolution::IdMappingWorkflow

AWS::EntityResolution::IdNamespace

AWS::EntityResolution::MatchingWorkflow

AWS::EntityResolution::PolicyStatement

AWS::EntityResolution::SchemaMapping

AWS::Events::ApiDestination

AWS::Events::Archive

AWS::Events::Connection

AWS::Events::Endpoint

AWS::Events::EventBus

AWS::Events::EventBusPolicy

AWS::FIS::TargetAccountConfiguration

AWS::FMS::NotificationChannel

AWS::FSx::S3AccessPointAttachment

AWS::GameLift::ContainerGroupDefinition

AWS::GameLift::GameSessionQueue

AWS::GameLift::Location

AWS::GameLift::MatchmakingConfiguration

AWS::GameLift::MatchmakingRuleSet

AWS::Glue::Crawler

AWS::Glue::Database

AWS::Glue::Job

AWS::Glue::SchemaVersionMetadata

AWS::Glue::Trigger

AWS::Glue::UsageProfile

AWS::GuardDuty::Filter

AWS::GuardDuty::Master

AWS::GuardDuty::Member

AWS::IAM::Group

AWS::IAM::GroupPolicy

AWS::IAM::InstanceProfile

AWS::IAM::Role

AWS::IAM::RolePolicy

AWS::IAM::ServerCertificate

AWS::IAM::User

AWS::IAM::UserPolicy

AWS::InternetMonitor::Monitor

AWS::IoT::AccountAuditConfiguration

AWS::IoT::Authorizer

AWS::IoT::BillingGroup

AWS::IoT::CertificateProvider

AWS::IoT::Command

AWS::IoT::CustomMetric

AWS::IoT::Dimension

AWS::IoT::DomainConfiguration

AWS::IoT::FleetMetric

AWS::IoT::JobTemplate

AWS::IoT::Logging

AWS::IoT::MitigationAction

AWS::IoT::ProvisioningTemplate

AWS::IoT::RoleAlias

AWS::IoT::ScheduledAudit

AWS::IoT::SecurityProfile

AWS::IoT::SoftwarePackage

AWS::IoT::SoftwarePackageVersion

AWS::IoT::Thing

AWS::IoT::ThingGroup

AWS::IoT::ThingType

AWS::IoT::TopicRule

AWS::IoTEvents::AlarmModel

AWS::IoTEvents::DetectorModel

AWS::IoTEvents::Input

AWS::IoTFleetWise::Campaign

AWS::IoTFleetWise::DecoderManifest

AWS::IoTFleetWise::Fleet

AWS::IoTFleetWise::ModelManifest

AWS::IoTFleetWise::SignalCatalog

AWS::IoTFleetWise::StateTemplate

AWS::IoTFleetWise::Vehicle

AWS::IoTTwinMaker::ComponentType

AWS::IoTTwinMaker::Entity

AWS::IoTTwinMaker::Scene

AWS::IoTTwinMaker::SyncJob

AWS::IoTTwinMaker::Workspace

AWS::IoTWireless::Destination

AWS::IoTWireless::NetworkAnalyzerConfiguration

AWS::IoTWireless::PartnerAccount

AWS::KMS::Alias

AWS::KafkaConnect::Connector

AWS::KafkaConnect::CustomPlugin

AWS::KafkaConnect::WorkerConfiguration

AWS::Kinesis::ResourcePolicy

AWS::Kinesis::Stream

AWS::KinesisAnalyticsV2::Application

AWS::KinesisFirehose::DeliveryStream

AWS::KinesisVideo::SignalingChannel

AWS::KinesisVideo::Stream

AWS::LakeFormation::DataCellsFilter

AWS::LakeFormation::Tag

AWS::Lambda::CapacityProvider

AWS::Lambda::Function

AWS::Lex::ResourcePolicy

AWS::Lightsail::Alarm

AWS::Lightsail::Bucket

AWS::Lightsail::Certificate

AWS::Lightsail::Container

AWS::Lightsail::Database

AWS::Lightsail::DatabaseSnapshot

AWS::Lightsail::Disk

AWS::Lightsail::DiskSnapshot

AWS::Lightsail::Distribution

AWS::Lightsail::Domain

AWS::Lightsail::Instance

AWS::Lightsail::InstanceSnapshot

AWS::Lightsail::LoadBalancer

AWS::Lightsail::LoadBalancerTlsCertificate

AWS::Lightsail::StaticIp

AWS::Location::APIKey

AWS::Location::GeofenceCollection

AWS::Location::Map

AWS::Location::PlaceIndex

AWS::Location::RouteCalculator

AWS::Location::Tracker

AWS::Location::TrackerConsumer

AWS::Logs::DeliveryDestination

AWS::Logs::DeliverySource

AWS::Logs::Destination

AWS::Logs::Integration

AWS::Logs::LogGroup

AWS::Logs::LogStream

AWS::Logs::MetricFilter

AWS::Logs::ResourcePolicy

AWS::Logs::ScheduledQuery

AWS::Logs::SubscriptionFilter

AWS::Logs::Transformer

AWS::LookoutEquipment::InferenceScheduler

AWS::LookoutVision::Project

AWS::M2::Deployment

AWS::MSK::BatchScramSecret

AWS::MSK::ClusterPolicy

AWS::MSK::Replicator

AWS::MSK::Topic

AWS::MWAA::Environment

AWS::MWAAServerless::Workflow

AWS::Macie::FindingsFilter

AWS::MediaConnect::BridgeOutput

AWS::MediaConnect::BridgeSource

AWS::MediaConnect::FlowVpcInterface

AWS::MediaLive::Multiplexprogram

AWS::MediaPackage::Asset

AWS::MediaPackage::Channel

AWS::MediaPackage::OriginEndpoint

AWS::MediaPackage::PackagingConfiguration

AWS::MediaPackage::PackagingGroup

AWS::MediaPackageV2::Channel

AWS::MediaPackageV2::ChannelGroup

AWS::MediaPackageV2::ChannelPolicy

AWS::MediaPackageV2::OriginEndpoint

AWS::MediaPackageV2::OriginEndpointPolicy

AWS::MediaTailor::Channel

AWS::MediaTailor::ChannelPolicy

AWS::MediaTailor::LiveSource

AWS::MediaTailor::PlaybackConfiguration

AWS::MediaTailor::SourceLocation

AWS::MediaTailor::VodSource

AWS::MemoryDB::ACL

AWS::MemoryDB::Cluster

AWS::MemoryDB::ParameterGroup

AWS::MemoryDB::SubnetGroup

AWS::MemoryDB::User

AWS::Neptune::DBCluster

AWS::Neptune::DBClusterParameterGroup

AWS::Neptune::DBInstance

AWS::Neptune::DBParameterGroup

AWS::Neptune::DBSubnetGroup

AWS::Neptune::EventSubscription

AWS::NeptuneGraph::Graph

AWS::NeptuneGraph::PrivateGraphEndpoint

AWS::NetworkFirewall::LoggingConfiguration

AWS::NetworkManager::ConnectPeer

AWS::NetworkManager::CoreNetwork

AWS::NetworkManager::CoreNetworkPrefixListAssociation

AWS::NetworkManager::CustomerGatewayAssociation

AWS::NetworkManager::DirectConnectGatewayAttachment

AWS::NetworkManager::LinkAssociation

AWS::NetworkManager::SiteToSiteVpnAttachment

AWS::NetworkManager::TransitGatewayRegistration

AWS::NetworkManager::VpcAttachment

AWS::Notifications::ChannelAssociation

AWS::Notifications::ManagedNotificationAccountContactAssociation

AWS::Notifications::ManagedNotificationAdditionalChannelAssociation

AWS::Notifications::NotificationHub

AWS::Notifications::OrganizationalUnitAssociation

AWS::NovaAct::WorkflowDefinition

AWS::ObservabilityAdmin::OrganizationCentralizationRule

AWS::ObservabilityAdmin::TelemetryEnrichment

AWS::ObservabilityAdmin::TelemetryPipelines

AWS::Omics::AnnotationStore

AWS::Omics::Configuration

AWS::Omics::VariantStore

AWS::OpenSearchServerless::AccessPolicy

AWS::OpenSearchServerless::Collection

AWS::OpenSearchServerless::CollectionGroup

AWS::OpenSearchServerless::Index

AWS::OpenSearchServerless::LifecyclePolicy

AWS::OpenSearchServerless::SecurityConfig

AWS::OpenSearchServerless::SecurityPolicy

AWS::OpenSearchServerless::VpcEndpoint

AWS::OpenSearchService::Application

AWS::OpenSearchService::Domain

AWS::PCAConnectorAD::ServicePrincipalName

AWS::PCAConnectorAD::TemplateGroupAccessControlEntry

AWS::Panorama::PackageVersion

AWS::PaymentCryptography::Alias

AWS::Pinpoint::InAppTemplate

AWS::Pipes::Pipe

AWS::Proton::EnvironmentTemplate

AWS::Proton::ServiceTemplate

AWS::QBusiness::Permission

AWS::QuickSight::ActionConnector

AWS::QuickSight::Analysis

AWS::QuickSight::CustomPermissions

AWS::QuickSight::Dashboard

AWS::QuickSight::DataSet

AWS::QuickSight::DataSource

AWS::QuickSight::Folder

AWS::QuickSight::RefreshSchedule

AWS::QuickSight::Template

AWS::QuickSight::Theme

AWS::QuickSight::Topic

AWS::QuickSight::VPCConnection

AWS::RDS::CustomDBEngineVersion

AWS::RDS::DBCluster

AWS::RDS::DBClusterParameterGroup

AWS::RDS::DBInstance

AWS::RDS::DBParameterGroup

AWS::RDS::DBProxy

AWS::RDS::DBProxyEndpoint

AWS::RDS::DBShardGroup

AWS::RDS::DBSubnetGroup

AWS::RDS::EventSubscription

AWS::RDS::GlobalCluster

AWS::RDS::OptionGroup

AWS::RUM::AppMonitor

AWS::Redshift::Cluster

AWS::Redshift::ClusterParameterGroup

AWS::Redshift::EndpointAccess

AWS::Redshift::EndpointAuthorization

AWS::Redshift::EventSubscription

AWS::Redshift::ScheduledAction

AWS::RedshiftServerless::Namespace

AWS::RedshiftServerless::Snapshot

AWS::RedshiftServerless::Workgroup

AWS::Rekognition::Collection

AWS::Rekognition::Project

AWS::Rekognition::StreamProcessor

AWS::ResourceGroups::Group

AWS::Route53::DNSSEC

AWS::Route53::KeySigningKey

AWS::Route53RecoveryReadiness::Cell

AWS::Route53RecoveryReadiness::ReadinessCheck

AWS::Route53RecoveryReadiness::RecoveryGroup

AWS::Route53RecoveryReadiness::ResourceSet

AWS::Route53Resolver::ResolverConfig

AWS::S3::AccessPoint

AWS::S3::Bucket

AWS::S3::BucketPolicy

AWS::S3::MultiRegionAccessPoint

AWS::S3::MultiRegionAccessPointPolicy

AWS::S3::StorageLens

AWS::S3::StorageLensGroup

AWS::S3Express::AccessPoint

AWS::S3Express::BucketPolicy

AWS::S3Express::DirectoryBucket

AWS::S3Files::FileSystemPolicy

AWS::S3ObjectLambda::AccessPoint

AWS::S3ObjectLambda::AccessPointPolicy

AWS::S3Outposts::BucketPolicy

AWS::S3Tables::Namespace

AWS::S3Tables::TableBucketPolicy

AWS::S3Tables::TablePolicy

AWS::S3Vectors::Index

AWS::S3Vectors::VectorBucket

AWS::S3Vectors::VectorBucketPolicy

AWS::SES::ConfigurationSet

AWS::SES::ContactList

AWS::SES::CustomVerificationEmailTemplate

AWS::SES::DedicatedIpPool

AWS::SES::EmailIdentity

AWS::SES::MultiRegionEndpoint

AWS::SES::Tenant

AWS::SMSVOICE::ConfigurationSet

AWS::SMSVOICE::OptOutList

AWS::SMSVOICE::ResourcePolicy

AWS::SMSVOICE::SenderId

AWS::SNS::TopicInlinePolicy

AWS::SQS::QueueInlinePolicy

AWS::SSM::Document

AWS::SSM::Parameter

AWS::SSM::ResourceDataSync

AWS::SSO::ApplicationAssignment

AWS::SSO::Assignment

AWS::SSO::InstanceAccessControlAttributeConfiguration

AWS::SageMaker::App

AWS::SageMaker::AppImageConfig

AWS::SageMaker::Cluster

AWS::SageMaker::Device

AWS::SageMaker::DeviceFleet

AWS::SageMaker::FeatureGroup

AWS::SageMaker::Image

AWS::SageMaker::InferenceExperiment

AWS::SageMaker::MlflowTrackingServer

AWS::SageMaker::ModelCard

AWS::SageMaker::Pipeline

AWS::SageMaker::ProcessingJob

AWS::SageMaker::Space

AWS::SageMaker::StudioLifecycleConfig

AWS::SageMaker::UserProfile

AWS::Scheduler::Schedule

AWS::Scheduler::ScheduleGroup

AWS::SecurityHub::SecurityControl

AWS::SecurityHub::Standard

AWS::SecurityLake::AwsLogSource

AWS::SecurityLake::SubscriberNotification

AWS::ServiceCatalog::PortfolioPrincipalAssociation

AWS::ServiceCatalog::PortfolioProductAssociation

AWS::ServiceCatalog::PortfolioShare

AWS::ServiceCatalog::ServiceActionAssociation

AWS::ServiceCatalog::TagOptionAssociation

AWS::ServiceCatalogAppRegistry::Application

AWS::ServiceCatalogAppRegistry::AttributeGroup

AWS::Signer::ProfilePermission

AWS::StepFunctions::StateMachine

AWS::SupportApp::SlackChannelConfiguration

AWS::SupportApp::SlackWorkspaceConfiguration

AWS::Synthetics::Canary

AWS::Synthetics::Group

AWS::Timestream::Database

AWS::Timestream::Table

AWS::Transfer::User

AWS::VpcLattice::AccessLogSubscription

AWS::VpcLattice::AuthPolicy

AWS::VpcLattice::DomainVerification

AWS::VpcLattice::Listener

AWS::VpcLattice::ResourcePolicy

AWS::VpcLattice::Rule

AWS::VpcLattice::Service

AWS::VpcLattice::ServiceNetwork

AWS::VpcLattice::ServiceNetworkServiceAssociation

AWS::VpcLattice::ServiceNetworkVpcAssociation

AWS::VpcLattice::TargetGroup

AWS::WAFv2::LoggingConfiguration

AWS::WAFv2::WebACLAssociation

AWS::WorkspacesInstances::VolumeAssociation

AWS::XRay::ResourcePolicy