Bringing existing resources into CloudFormation management - AWS CloudFormation

Bringing existing resources into CloudFormation management

AWS CloudFormation offers capabilities that let you import existing AWS resources into a new or existing stack by describing them in your template. This feature is useful if you want to start using CloudFormation to manage resources that were created outside of CloudFormation, without having to delete and recreate them.

CloudFormation supports importing a wide range of resources. For more information, see Resource type support.

Note

To instead scan for existing resources and automatically generate a template that you can use to import existing resources into CloudFormation or replicate resources in a new account, see Generating templates from existing resources with IaC generator.

Overview

During an import operation, you create a change set that imports your existing resources into a stack or creates a new stack from your existing resources. You provide the following during import.

  • A template that describes the entire stack, including both the original stack resources and the resources you're importing. Each resource to import must have a DeletionPolicy attribute.

  • Identifiers for the resources you're importing that CloudFormation can use to map the logical IDs in the template with the existing resources.

Note

CloudFormation only supports one level of nesting using resource import. This means that you can't import a stack into a child stack or import a stack that has children.

Resource identifiers

You provide two values to identify each resource you're importing.

  • An identifier property. This is a resource property that can be used to identify each resource type. For example, an AWS::S3::Bucket resource can be identified using its BucketName.

    The resource property that you use to identify the resource you're importing varies with the resource type. You can find the resource property in the CloudFormation console. After you create a template that includes the resource to import, you can initiate the import process, where you'll find the identifier properties for the resources you're importing. For some resource types, there might be multiple ways to identify them, and you can select which property to use in the drop-down lists.

    Alternatively, you can get the identifier properties for the resources you're importing by calling the get-template-summary CLI command and specifying the S3 URL of the stack template as the value for the --template-url option.

  • An identifier value. This is the resource's actual property value. For example, the actual value for the BucketName property might be MyS3Bucket.

    You can get the value of the identifier property from the service console for the resource.

Resource import validation

During an import operation, CloudFormation performs the following validations.

  • The resource to import exists.

  • The properties and configuration values for each resource to import adhere to the resource type schema, which defines its accepted properties, required properties, and supported property values.

  • The required properties are specified in the template. Required properties for each resource type are listed in the AWS resource and property types reference.

  • The resource to import doesn't belong to another stack in the same Region.

CloudFormation doesn't check that the template configuration matches the actual configuration of resource properties.

Important

Verify that resources and their properties defined in the template match the intended configuration of the resource import to avoid unexpected changes.

Resource import status codes

This table describes the various status types used with resource import.

Import operation status Description

IMPORT_IN_PROGRESS

The import operation is in progress.

IMPORT_COMPLETE

The import operation completed for all resources in the stack.

IMPORT_ROLLBACK_IN_PROGRESS

The rollback import operation is rolling back the previous template configuration.

IMPORT_ROLLBACK_FAILED

The import rollback operation failed.

IMPORT_ROLLBACK_COMPLETE

The import rolled back to the previous template configuration.

Considerations during an import operation

  • After the import is complete and before performing subsequent stack operations, we recommend running drift detection on imported resources. Drift detection ensures that the template configuration matches the actual configuration. For more information, see Detect drift on an entire CloudFormation stack.

  • Import operations don't allow new resource creations, resource deletions, or changes to property configurations.

  • Each resource to import must have a DeletionPolicy attribute for the import operation to succeed. The DeletionPolicy can be set to any possible value. Only the resources you're importing need a DeletionPolicy. Resources that are already part of the stack don't need a DeletionPolicy.

  • You can't import the same resource into multiple stacks.

  • You can use the cloudformation:ImportResourceTypes IAM policy condition to control which resource types users can work with during an import operation. For more information, see AWS CloudFormation conditions.

  • The CloudFormation stack limits apply when importing resources. For more information on limits, see Understand CloudFormation quotas.

Additional resources

For additional instructions that focus on addressing specific importing scenarios, see the following topics: