Generating templates for existing resources
With the Amazon CloudFormation IaC generator (infrastructure as code generator), you can generate a template using Amazon resources provisioned in your account that are not already managed by CloudFormation. Use the template to import resources into CloudFormation or replicate resources in a new account or Region.
The IaC generation process consists of several steps:
-
Start a scan of your account.
-
Create a template, either from scratch or by using the template of an existing stack as a starting point.
-
Add scanned resources and related resources to the template using the add resources wizard.
-
Import the resources to be managed by CloudFormation as a stack or migrate them into an Amazon CDK app.
The IaC generator feature is available in all commercial Regions and supports many common Amazon resource types. For a full list, see Resource type support.
Topics
Considerations
You can generate JSON
or YAML
templates for Amazon resources published to the
CloudFormation registry, for resources for which you have Read permissions. The templates for the IaC
generator capability models cloud resources reliably and quickly without having to describe a resource property by
property.
The following table lists the quotas available for the IaC generation feature.
Name | Value |
---|---|
Maximum number of resources that can be processed in an account scan |
100000 |
Number of scans per day (for accounts with less than 10,000 resources) |
3 |
Number of scans per day (for accounts with more than 10,000 resources) |
1 |
Concurrent number of templates generating per account |
5 |
Concurrent number of resources modeled for one template generation. |
5 |
Total number of resources that can be modeled in one template |
500 |
Maximum number of generated templates per account |
1,000 |
Important
IaC generator only supports resources that are supported by Cloud Control API in your Region. For more information, see Determining if a resource type supports Cloud Control API in the Cloud Control API User Guide
Generating a template (console)
This section describes how to create a template, add resources to your template, and import resources from the template into a stack using the IaC generator feature.
To open a new template using the IaC generator
Sign in to the Amazon Web Services Management Console and open the Amazon CloudFormation console at https://console.amazonaws.cn/cloudformation
. -
From the navigation pane, choose IaC generator.
-
From the Scans panel, choose Start a new scan. Scans discover the resources provisioned in your account and the relationship between resources. The more resources you have in your account in the Region, the longer the scan takes.
-
From the Templates panel, choose Create template.
-
Select Start from a new template.
-
In the Template name panel, enter a name for your generated template.
-
(Optional) Configure your Deletion policy and Update replace policy.
-
Choose Next to add scanned resources to the template.
-
To add scanned resources to your template
-
From the list of scanned resources, browse the list of scanned resources. You can filter the resources by resource identifier, resource type, or tags. The filters are mutually inclusive.
-
Select the resource or resources you want to add.
Repeat Steps 1 and 2, until you've added all needed resources to your template.
-
Choose Next to exit the Add scanned resources page and proceed to the Add related resources page.
-
Review a recommended list of related resources. Related resources, such as Amazon EC2 instances and security groups, are interdependent and typically belong to the same workload. Select the related resources that you want to include in the generated template.
Note
We suggest that you add all related resources to this template.
-
Review the template details, scanned resources, and related resources. Choose Edit to make any changes.
-
Choose Create template to exit the Review and create page and create the template.
Results: You've started the creation of your CloudFormation template and added your scanned and related resources.
To import resources to be managed by CloudFormation as a stack
-
Choose Import to stack and then choose Next.
-
Enter the name of your stack on the Specify stack panel of the Specify stack details page. Choose Next.
-
Review and enter the parameters for the stack. Choose Next.
-
Review your options on the Review changes page and choose Next.
-
Review your details on the Review and import page and choose Import resources.
Results: All resources added to your template with IaC generator are imported into a CloudFormation stack.
Generate a template (Amazon CLI)
This section describes how to scan for resources, create a template, add resources to your template and update it, and delete a template using the Amazon CLI.
To scan for resources in your account
-
To scan for resources in your account in the selected Region, use the start-resource-scan operation.
$
aws cloudformation start-resource-scan
The command returns the following:
{ "ResourceScanId": \ "arn:aws-cn:cloudformation:
us-east-1
:123456789012
:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60
" }
To describe the account resource scan
-
To describe the scan for resources in your account, use the describe-resource-scan operation.
$
aws cloudformation describe-resource-scan \ --resource-scan-id \ "arn:aws-cn:cloudformation:
us-east-1
:123456789012
:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60
"The command returns the following:
{ "ResourceScanId" : \ "arn:aws-cn:cloudformation:
us-east-1
:123456789012
:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60
", "Status": "complete", "StartTime": "2023-08-21T03:10:38.485000+00:00", "EndTime": "2023-08-21T03:20:28.485000+00:00", "PercentageCompleted": 100.0, "ResourceTypes": [ "AWS::EKS::Cluster", "AWS::S3::Bucket" ], }
To list all of the resources from your scan
-
To list the resources found in your scan, use the list-resource-scan-resources operation. The response includes a column that indicates if CloudFormation manages the resource already.
$
aws cloudformation list-resource-scan-resources \ --resource-scan-id \ "arn:aws-cn:cloudformation:
us-east-1
:123456789012
:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60
" \ --resource-identifier exampleResourceThe command returns the following:
{ "Resources": [ { "ResourceType": "AWS::EKS::Cluster", "ResourceIdentifier": { "ClusterName": "exampleResourceCluster" } }, "ManagedByStack": false { "ResourceType": "AWS::S3::Bucket", "ResourceIdentifier": { "BucketName": "exampleResourceBucket" }, "ManagedByStack": false } ] }
In this example, assume the output from
list-resource-scan-resources
is saved into a JSON file namedresources.json
.
To list all of the resources related to your scanned resources
-
To list the resources related to your scanned resources, create batches of up to 100 scanned resources and use the list-resource-scan-related-resources operation for each batch. Be aware that the output may contain duplicated resources in the list.
The response includes a column that states if CloudFormation manages the resource already. It's recommended that you add all related resources to the template.
$
aws cloudformation list-resource-scan-related-resources \ --resource-scan-id \ "arn:aws-cn:cloudformation:
us-east-1
:123456789012
:resourceScan/0a699f15-489c-43ca-a3ef-3e6ecfa5da60
" \ --resources file://resources
.jsonThe command returns the following:
{ "RelatedResources": [ { "ResourceType": "AWS::EKS::Nodegroup", "ResourceIdentifier": { "NodegroupName": "exampleNodegroup" }, "ManagedByStack": false }, { "ResourceType": "AWS::IAM::Role", "ResourceIdentifier": { "RoleId": "arn:aws-cn::iam::
123456789012
:role/S3Access" }, "ManagedByStack": false } ] }Note
The input list of resources can't exceed a length of 100. To list related resources for more than 100 resources, run the operation in batches of 100 and consolidate the results.
Assume that the output from
list-resource-scan-related-resources
is also added to the JSON file namedresources.json
.
To generate a template
-
To generate a new template with no resources, use the create-generated-template operation and specify the template name.
$
aws cloudformation create-generated-template \ --generated-template-name
TemplateName
The
create-generated-template
command returns the following.{ "Arn": \ "arn:aws-cn:cloudformation:
us-east-1
:123456789012
:generatedtemplate/7fc8512c-d8cb-4e02-b266-d39c48344e48
", "Name": "TemplateName
" }
To update the generated template with resources
-
To update your newly created template, you can specify a list of resources you want to add. In this example, we use the file
resources.json
. The following is the JSON text file forresources.json
:[ { "ResourceType": "AWS::EKS::Cluster", "LogicalResourceId":"Cluster", "ResourceIdentifier": { "ClusterName": "exampleResourceCluster" } }, { "ResourceType": "AWS::S3::Bucket", "LogicalResourceId":"Bucket", "ResourceIdentifier": { "BucketName": "exampleResourceBucket" } }, { "ResourceType": "AWS::EKS::Nodegroup", "LogicalResourceId":"Nodegroup", "ResourceIdentifier": { "NodegroupName": "exampleNodegroup" } }, { "ResourceType": "AWS::IAM::Role", "LogicalResourceId":"Role", "ResourceIdentifier": { "RoleId": "arn:aws-cn::iam::
123456789012
:role/S3Access" } } ]To update your template, use the update-generated-template operation, specify your stack name, and specify your text file to add resources to your template. The
--cloud-formation-template-configuration
option isn't included, so theUpdateReplacePolicy
andDeletionPolicy
policies are set toRetain
by default.$
aws cloudformation update-generated-template \ --generated-template-name
TemplateName
\ --add-resources file://resources.json
The
update-generated-template
command returns the following.{ "Arn": "arn:aws-cn:cloudformation:us-east-1:123456789012:template/equipment-sorter", "Name": "
TemplateName
" }
To delete the specified template by stack name
-
To delete your generated template, use the delete-generated-template operation and specify the template generation name or template generation ARN.
$
aws cloudformation delete-generated-template \ --generated-template-name
TemplateName
Generate and manage templates with the Amazon CDK
The Amazon Cloud Development Kit (Amazon CDK) is an open-source software development framework that you can use to develop, manage, and deploy Amazon CloudFormation resources using popular programming languages.
The Amazon CDK CLI provides an integration with IaC generator. Use the Amazon CDK CLI cdk migrate
command to
generate an Amazon CloudFormation template and create a new CDK app that contains your resources. Then, you can use the Amazon CDK to
manage your resources and deploy to Amazon CloudFormation.
For more information, see Migrate to Amazon CDK in the Amazon Cloud Development Kit (Amazon CDK) Developer Guide.