Bringing existing resources into CloudFormation management
If you created an AWS resource outside of AWS CloudFormation management, you can bring
this existing resource into AWS CloudFormation management using resource import
. You can
manage your resources using AWS CloudFormation regardless of where they were created without having to
delete and re-create them as part of a stack.
For a list of AWS resources that support import operations, see Resources that support import operations.
Resource import overview
During an import operation, you create a change set that imports your existing resources into a stack or creates a new stack from your existing resources. You provide the following during import.
-
A template that describes the entire stack, including both the original stack resources and the resources you're importing. Each resource to import must have a DeletionPolicy attribute.
-
Identifiers for the resources to import. You provide two values to identify each target resource.
-
An identifier property. This is a resource property that can be used to identify each resource type. For example, an
AWS::S3::Bucket
resource can be identified using itsBucketName
. -
An identifier value. This is the target resource's actual property value. For example, the actual value for the
BucketName
property might beMyS3Bucket
.
-
Note
AWS CloudFormation only supports one level of nesting using resource import
. This means that you can't import a
stack into a child stack or import a stack that has children.
Resource import validation
During an import operation, CloudFormation performs the following validations.
-
The resource to import exists.
-
The properties and configuration values for each resource to import adhere to the resource type schema, which defines its accepted properties, required properties, and supported property values.
-
The required properties are specified in the template. Required properties for each resource type are listed in the Resource and property reference.
-
The resource to import doesn't belong to another stack in the same Region.
CloudFormation doesn't check that the template configuration matches the actual configuration of resource properties.
Important
Verify that resources and their properties defined in the template match the intended configuration of the resource import to avoid unexpected changes.
Resource import status codes
This table describes the various status types used with resource
import
.
Import operation status | Description |
---|---|
|
The import operation is in progress. |
|
The import operation completed for all resources in the stack. |
|
The rollback import operation is rolling back the previous template configuration. |
|
The import rollback operation failed. |
|
The import rolled back to the previous template configuration. |
Considerations during an import operation
-
After the import is complete and before performing subsequent stack operations, we recommend running drift detection on imported resources. Drift detection ensures that the template configuration matches the actual configuration.
-
Import operations don't allow new resource creations, resource deletions, or changes to property configurations.
-
Each resource to import must have a
DeletionPolicy
attribute for the import operation to succeed. TheDeletionPolicy
can be set to any possible value. Only target resources need aDeletionPolicy
. Resources that are already part of the stack don't need aDeletionPolicy
. -
You can't import the same resource into multiple stacks.
-
You can use the
cloudformation:ImportResourceTypes
IAM policy condition to control which resource types users can work with during an import operation. -
The AWS CloudFormation stack limits apply when importing resources. For more information on limits, see AWS CloudFormation limits.