Considerations Generating a template (console)Generate a template (Amazon CLI)Generate and manage templates with the Amazon CDK

Generating templates for existing resources

With the Amazon CloudFormation IaC generator (infrastructure as code generator), you can generate a template using Amazon resources provisioned in your account that are not already managed by CloudFormation. Use the template to import resources into CloudFormation or replicate resources in a new account or Region.

The IaC generation process consists of several steps:

Start a scan of your account.
Create a template, either from scratch or by using the template of an existing stack as a starting point.
Add scanned resources and related resources to the template using the add resources wizard.
Import the resources to be managed by CloudFormation as a stack or migrate them into an Amazon CDK app.

The IaC generator feature is available in all commercial Regions and supports many common Amazon resource types. For a full list, see Resource type support.

Topics

Considerations

You can generate JSON or YAML templates for Amazon resources published to the CloudFormation registry, for resources for which you have Read permissions. The templates for the IaC generator capability models cloud resources reliably and quickly without having to describe a resource property by property.

The following table lists the quotas available for the IaC generation feature.

Name	Value
Maximum number of resources that can be processed in an account scan	100000
Number of scans per day (for accounts with less than 10,000 resources)	3
Number of scans per day (for accounts with more than 10,000 resources)	1
Concurrent number of templates generating per account	5
Concurrent number of resources modeled for one template generation.	5
Total number of resources that can be modeled in one template	500
Maximum number of generated templates per account	1,000

Important

IaC generator only supports resources that are supported by Cloud Control API in your Region. For more information, see Determining if a resource type supports Cloud Control API in the Cloud Control API User Guide

Generating a template (console)

This section describes how to create a template, add resources to your template, and import resources from the template into a stack using the IaC generator feature.

To open a new template using the IaC generator

Sign in to the Amazon Web Services Management Console and open the Amazon CloudFormation console at https://console.amazonaws.cn/cloudformation.
From the navigation pane, choose IaC generator.
From the Scans panel, choose Start a new scan. Scans discover the resources provisioned in your account and the relationship between resources. The more resources you have in your account in the Region, the longer the scan takes.
From the Templates panel, choose Create template.
1. Select Start from a new template.
2. In the Template name panel, enter a name for your generated template.
3. (Optional) Configure your Deletion policy and Update replace policy.
4. Choose Next to add scanned resources to the template.

To add scanned resources to your template

From the list of scanned resources, browse the list of scanned resources. You can filter the resources by resource identifier, resource type, or tags. The filters are mutually inclusive.
Select the resource or resources you want to add.

Repeat Steps 1 and 2, until you've added all needed resources to your template.
Choose Next to exit the Add scanned resources page and proceed to the Add related resources page.
Review a recommended list of related resources. Related resources, such as Amazon EC2 instances and security groups, are interdependent and typically belong to the same workload. Select the related resources that you want to include in the generated template.

Note
We suggest that you add all related resources to this template.
Review the template details, scanned resources, and related resources. Choose Edit to make any changes.
Choose Create template to exit the Review and create page and create the template.

Results: You've started the creation of your CloudFormation template and added your scanned and related resources.

To import resources to be managed by CloudFormation as a stack

Choose Import to stack and then choose Next.
Enter the name of your stack on the Specify stack panel of the Specify stack details page. Choose Next.
Review and enter the parameters for the stack. Choose Next.
Review your options on the Review changes page and choose Next.
Review your details on the Review and import page and choose Import resources.

Results: All resources added to your template with IaC generator are imported into a CloudFormation stack.

Generate a template (Amazon CLI)

This section describes how to scan for resources, create a template, add resources to your template and update it, and delete a template using the Amazon CLI.

To scan for resources in your account

To scan for resources in your account in the selected Region, use the start-resource-scan operation.


$ aws cloudformation start-resource-scan

The command returns the following:


{
    "ResourceScanId": \
      "arn:aws-cn:cloudformation:us-east-1:123456789012:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60"
}

To describe the account resource scan

To describe the scan for resources in your account, use the describe-resource-scan operation.


$ aws cloudformation describe-resource-scan \
  --resource-scan-id \
    "arn:aws-cn:cloudformation:us-east-1:123456789012:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60"

The command returns the following:


{
    "ResourceScanId" : \
      "arn:aws-cn:cloudformation:us-east-1:123456789012:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60",
    "Status": "complete",
    "StartTime": "2023-08-21T03:10:38.485000+00:00",
    "EndTime": "2023-08-21T03:20:28.485000+00:00",
    "PercentageCompleted": 100.0,
    "ResourceTypes": [
        "AWS::EKS::Cluster",
        "AWS::S3::Bucket"
    ],
}

To list all of the resources from your scan

To list the resources found in your scan, use the list-resource-scan-resources operation. The response includes a column that indicates if CloudFormation manages the resource already.


$ aws cloudformation list-resource-scan-resources \
  --resource-scan-id \
    "arn:aws-cn:cloudformation:us-east-1:123456789012:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60" \
  --resource-identifier exampleResource

The command returns the following:


{
    "Resources": [
        {
            "ResourceType": "AWS::EKS::Cluster",
            "ResourceIdentifier": {
                "ClusterName": "exampleResourceCluster"
            }
        },
            "ManagedByStack": false
        {
            "ResourceType": "AWS::S3::Bucket",
            "ResourceIdentifier": {
                "BucketName": "exampleResourceBucket"
            },
            "ManagedByStack": false
        }
    ]
}

In this example, assume the output from list-resource-scan-resources is saved into a JSON file named resources.json.

To list all of the resources related to your scanned resources

To list the resources related to your scanned resources, create batches of up to 100 scanned resources and use the list-resource-scan-related-resources operation for each batch. Be aware that the output may contain duplicated resources in the list.

The response includes a column that states if CloudFormation manages the resource already. It's recommended that you add all related resources to the template.


$ aws cloudformation list-resource-scan-related-resources \
  --resource-scan-id \
    "arn:aws-cn:cloudformation:us-east-1:123456789012:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60" \
  --resources file://resources.json

The command returns the following:


{
    "RelatedResources": [
        {
            "ResourceType": "AWS::EKS::Nodegroup",
            "ResourceIdentifier": {
                "NodegroupName": "exampleNodegroup"
            },
            "ManagedByStack": false
        },
        {
            "ResourceType": "AWS::IAM::Role",
            "ResourceIdentifier": {
                "RoleId": "arn:aws-cn::iam::123456789012:role/S3Access"
            },
            "ManagedByStack": false
        }
    ]
}

Note

The input list of resources can't exceed a length of 100. To list related resources for more than 100 resources, run the operation in batches of 100 and consolidate the results.

Assume that the output from list-resource-scan-related-resources is also added to the JSON file named resources.json.

To generate a template

To generate a new template with no resources, use the create-generated-template operation and specify the template name.


$ aws cloudformation create-generated-template \
  --generated-template-name TemplateName

The create-generated-template command returns the following.


{
  "Arn": \
    "arn:aws-cn:cloudformation:us-east-1:123456789012:generatedtemplate/7fc8512c-d8cb-4e02-b266-d39c48344e48",
  "Name": "TemplateName"
}

To update the generated template with resources

To update your newly created template, you can specify a list of resources you want to add. In this example, we use the file resources.json. The following is the JSON text file for resources.json:


[
    {
        "ResourceType": "AWS::EKS::Cluster",
        "LogicalResourceId":"Cluster",
        "ResourceIdentifier": {
            "ClusterName": "exampleResourceCluster"
        }
    },
    {
        "ResourceType": "AWS::S3::Bucket",
        "LogicalResourceId":"Bucket",
        "ResourceIdentifier": {
            "BucketName": "exampleResourceBucket"
        }
    },
    {
        "ResourceType": "AWS::EKS::Nodegroup",
        "LogicalResourceId":"Nodegroup",
        "ResourceIdentifier": {
            "NodegroupName": "exampleNodegroup"
        }
    },
    {
        "ResourceType": "AWS::IAM::Role",
        "LogicalResourceId":"Role",
        "ResourceIdentifier": {
            "RoleId": "arn:aws-cn::iam::123456789012:role/S3Access"
        }
    }
]

To update your template, use the update-generated-template operation, specify your stack name, and specify your text file to add resources to your template. The --cloud-formation-template-configuration option isn't included, so the UpdateReplacePolicy and DeletionPolicy policies are set to Retain by default.


$ aws cloudformation update-generated-template \
  --generated-template-name TemplateName \
  --add-resources file://resources.json

The update-generated-template command returns the following.


{ 
  "Arn": "arn:aws-cn:cloudformation:us-east-1:123456789012:template/equipment-sorter",
  "Name": "TemplateName"
}

To delete the specified template by stack name

To delete your generated template, use the delete-generated-template operation and specify the template generation name or template generation ARN.
```
$ aws cloudformation delete-generated-template \
  --generated-template-name TemplateName
```

Generate and manage templates with the Amazon CDK

The Amazon Cloud Development Kit (Amazon CDK) is an open-source software development framework that you can use to develop, manage, and deploy Amazon CloudFormation resources using popular programming languages.

The Amazon CDK CLI provides an integration with IaC generator. Use the Amazon CDK CLI cdk migrate command to generate an Amazon CloudFormation template and create a new CDK app that contains your resources. Then, you can use the Amazon CDK to manage your resources and deploy to Amazon CloudFormation.

For more information, see Migrate to Amazon CDK in the Amazon Cloud Development Kit (Amazon CDK) Developer Guide.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Amazon SQS

Write-only properties