There it is again. That situation that every cloud engineer knows. The moment when a new idea or project needs to be brought to life in the AWS world. It's always exciting to design a new interplay of services that you haven't used before.
Hand on heart: how often do we really start by immediately putting this complex process into code? The truth is that the simplicity of the AWS Management Console often tempts us to take the easy way out - the infamous "Klickie Buntie" (a very German term
) of navigating through menus and options to get our ideas up and running quickly.
But once everything is working, you're faced with the task of turning the entire architecture into code. Using tools like AWS CloudFormation or the Cloud Development Kit (CDK) often feels like a tedious, sobering task.
But take note: since February, there has been a solution that makes a decisive difference.
AWS IaC Generator
At first glance, the AWS IaC Generator is nothing new. It has been possible to import existing resources into CloudFormation since 2019. However, this functionality related to individual resources and was also unable to automatically recognize connected resources - such as subnets of VPCs.
Comprehensive Imports
The new IaC generator works in a fundamentally different way. It first scans the specified account to create a comprehensive picture and include interdependent resources.
Advantages
In summary, the new IaC Generator offers the following functions:
- Automation: The automated recognition of relationships between resources saves valuable time.
- Efficiency: It is no longer necessary to manually go through the documentation and copy values for each resource individually, but they are taken into account directly.
- Quick Start: Use the AWS Web Console as you are used to, then convert it to IaC code to get started quickly.
- Integration: Seamless integration into the CloudFormation stack provides a unified view and management of all resources.
Once you have switched to CloudFormation as an IaC tool, you will generally benefit from these advantages:
- Control: Changes and versioning of IaC configurations can be easily managed through version control systems.
- Security: With change sets and automatic rollbacks, AWS CloudFormation provides additional layers of security for the deployment process.
You can find more information on this in the AWS blog:
https://aws.amazon.com/de/blogs/devops/import-entire-applications-into-aws-cloudformation/
CDK Migrate as a further simplification
In addition to the new IaC generator, there is now also a function for converting CloudFormation templates into CDK code.
The highlight: you can combine both things, or the CDK converter can independently use the IaC generator to convert its current environment directly into AWS CDK with a single command and continue working with it.
There is also detailed documentation on this from AWS, which you can find here:
https://docs.aws.amazon.com/cdk/v2/guide/migrate.html
And what about Terraform?
The truth is, of course, that many customers use Terraform as an alternative to the AWS native services.
Until Terraform 1.5, it was possible to import resources, but only to include them in the state file. The corresponding IaC code was not written for this.
Since Terraform 1.5 there is also the possibility to write the code in "import blocks". However, a look at the Terraform documentation reveals that the process is still very complex:
Identify the existing infrastructure you will import.
Define an import block for the resources.
Run terraform plan to review the import plan and optionally generate configuration for the resources.
Prune generated configuration to only the required arguments.
Apply the configuration to bring the resource into your Terraform state file.
Source: Terraform Doku
Step 1 and step 4 in particular are tedious. It can be automated, but it requires a lot of work.
The new AWS tools do exactly this work directly.
Chapeau AWS!
Do not forget: AWS App Composer
Related topic: The AWS App Composer (also for VS code) can also help you to get more structure and overview in your own CloudFormation code. This allows you to quickly visualize and check your code. Best to try it out right away:
https://aws.amazon.com/application-composer/
Conclusion
We understand that the initial effort of using IaC on AWS can seem like a lot of work, especially if you already have workloads in the cloud. In this post, we have shown you how the new tools from AWS can relieve you of precisely this effort. Our experts will be happy to advise you on an IaC assessment on AWS with no obligation.
Author: Kevin Feuer
Follow Kevin on LinkedIn