PCG logo

AWS: IaC just got easier!

There it is again. That situation that every cloud engineer knows. The moment when a new idea or project needs to be brought to life in the AWS world. It's always exciting to design a new interplay of services that you haven't used before.

Hand on heart: how often do we really start by immediately putting this complex process into code? The truth is that the simplicity of the AWS Management Console often tempts us to take the easy way out - the infamous "Klickie Buntie" (a very German termExternal Link) of navigating through menus and options to get our ideas up and running quickly.

But once everything is working, you're faced with the task of turning the entire architecture into code. Using tools like AWS CloudFormation or the Cloud Development Kit (CDK) often feels like a tedious, sobering task.

But take note: since February, there has been a solution that makes a decisive difference.

AWS IaC Generator

At first glance, the AWS IaC Generator is nothing new. It has been possible to import existing resources into CloudFormation since 2019. However, this functionality related to individual resources and was also unable to automatically recognize connected resources - such as subnets of VPCs.

Comprehensive Imports

The new IaC generator works in a fundamentally different way. It first scans the specified account to create a comprehensive picture and include interdependent resources.


In summary, the new IaC Generator offers the following functions:

  • Automation: The automated recognition of relationships between resources saves valuable time.
  • Efficiency: It is no longer necessary to manually go through the documentation and copy values for each resource individually, but they are taken into account directly.
  • Quick Start: Use the AWS Web Console as you are used to, then convert it to IaC code to get started quickly.
  • Integration: Seamless integration into the CloudFormation stack provides a unified view and management of all resources.

Once you have switched to CloudFormation as an IaC tool, you will generally benefit from these advantages:

  • Control: Changes and versioning of IaC configurations can be easily managed through version control systems.
  • Security: With change sets and automatic rollbacks, AWS CloudFormation provides additional layers of security for the deployment process.

You can find more information on this in the AWS blog:

https://aws.amazon.com/de/blogs/devops/import-entire-applications-into-aws-cloudformation/External Link

CDK Migrate as a further simplification

In addition to the new IaC generator, there is now also a function for converting CloudFormation templates into CDK code.

The highlight: you can combine both things, or the CDK converter can independently use the IaC generator to convert its current environment directly into AWS CDK with a single command and continue working with it.

There is also detailed documentation on this from AWS, which you can find here:

https://docs.aws.amazon.com/cdk/v2/guide/migrate.htmlExternal Link

And what about Terraform?

The truth is, of course, that many customers use Terraform as an alternative to the AWS native services.

Until Terraform 1.5, it was possible to import resources, but only to include them in the state file. The corresponding IaC code was not written for this.

Since Terraform 1.5 there is also the possibility to write the code in "import blocks". However, a look at the Terraform documentation External Linkreveals that the process is still very complex:

  1. Identify the existing infrastructure you will import.
  2. Define an import block for the resources.
  3. Run terraform plan to review the import plan and optionally generate configuration for the resources.
  4. Prune generated configuration to only the required arguments.
  5. Apply the configuration to bring the resource into your Terraform state file.
Source: Terraform DokuExternal Link

Step 1 and step 4 in particular are tedious. It can be automated, but it requires a lot of work.

The new AWS tools do exactly this work directly.

Chapeau AWS!

Do not forget: AWS App Composer

Related topic: The AWS App Composer (also for VS code) can also help you to get more structure and overview in your own CloudFormation code. This allows you to quickly visualize and check your code. Best to try it out right away:

https://aws.amazon.com/application-composer/External Link


We understand that the initial effort of using IaC on AWS can seem like a lot of work, especially if you already have workloads in the cloud. In this post, we have shown you how the new tools from AWS can relieve you of precisely this effort. Our experts will be happy to advise you on an IaC assessment on AWS with no obligation.

Author: Kevin Feuer
Follow Kevin on LinkedInExternal Link

Services Used

Continue Reading

How to get started with AWS DevOps tools

A detailed guide to getting started with AWS DevOps tools, comparing out-of-the-box and DIY solutions, and offering insights into optimizing pipelines for efficiency and control.

Learn more
Press Release
Return on investment in cloud expertise: PCG receives AWS SAP Competency.

The Public Cloud Group (PCG), a leading player in the European cloud landscape, has been awarded with the AWS SAP Competency.

Learn more
Effective AWS Outbound Traffic Filtering on a Budget

In this blog article, I will show you a solution for filtering outbound traffic in AWS at low cost. There are a variety of methods to filter outbound traffic for AWS workloads.

Learn more
Case Study
From legacy to cloud transformation: on-premise becomes SaaS

Digital transformation for ISVs - In collaboration with PCG, Innoface succeeds in developing cloud-native middleware based on modern microservices and AWS infrastructure.

Learn more
See all

Let's work together

United Kingdom
Arrow Down