Title here
Summary here
AWS IaC Generator: Transforming Manual Configurations into Efficient CloudFormation Templates
The AWS IaC generator is a new AWS feature launched in Feb 2024. This gives an easy and efficient way to create IaC for resources that were created manually from the AWS console. In this article, we will explore the capabilities of this service using a very simple example. Subsequently, we will derive some conclusions in terms of pro and cons.
Here are the list of topics we will be covering in this article,
IaC basics
Infrastructure of code is a principle that guides the practice of managing infrastructure using code. It’s implemented using tools and framework to define, deploy and manage infrastructure.
It’s benefits include:
- Management of infrastructure along with application code enabling version control, visibility and collaboration
- Deploy infrastructure repeatedly, consistently and reliably
- Inherently automation friendly resulting in reduced manual errors
With the wide-spread adoption of cloud computing, IaC has not only grown in popularity but also become the defacto standard to provision infrastructure in the cloud.
Introduction to AWS IaC generator
Cloudformation is the AWS native service to provision and manage the lifecycle of infrastructure in AWS. This involves, developing Cloudformation templates written in json or yaml. It uses domain-specific language (DSL) and are declarative in nature.
By now you would have figured out that authoring and maintaining these templates are the hardest part of adopting Cloudformation. Thus, beginners in AWS often resort to using the AWS console to provision their infrastructure. And even mature users may use the console to experiment with services or solutions before taking on the mammoth task of developing cloudformation templates.
The IaC generator promises some relief to this by providing a way to scan the existing resources in AWS, assuming they were created manually and automatically generate the cloudformation templates for them.
Below are the 3 step process to use the IaC generator
Now let us see IaC generator in action using a very simple example
AWS IaC generator in action
Let’s try the IaC generator using a simple example,
Create the lambda function
I have created the following lambda function using the AWS console
- Lets start with the role that can be attached to the lambda function
- Create the lambda function using any existing blue-print
- Save the function
Scan with IaC generator
- Now, lets switch over to Cloudformation service and select the IaC generator
- Let’s start by selecting the scan button from Step 1. (In the screenshot it says rescan since I already ran a scan)
- Review that our lambda and the role are now available in the scan summary
Create template with IaC generator
- Now lets move on to Create Template step
- We can see all the resources in the corresponding region. Let’s filter the lambda function for this template.
- Now, the IaC generator is smart to list all the dependent or related resources to the lambda function. It is essential to add all related resources for consistent provisioning of resources.
- Now lets click the Create Template button to complete the template generation step
- Let’s review the generated template. There are options to download the template in
jsonandyamlformat. We can also see some warnings in the template. We shall review that as well.
I’m not including the whole template in the article. Feel free to check that out here - Link to the full template. However, I will share some snippets from the template and share my observations.
Observation: Write-only properties
As per AWS, there are certain parameters which the IaC generator cannot read and these pose challenge when the templates are generated. There are several scenarios listed here along with how its handled by Cloudformation. I suggest that everyone who is seriously considering AWS IaC generator as an option to read this, these are the fine prints 😊 -
In our case, the following parameters are write-only and some are mutually exclusive. IaC generator converts all these into parameters and we have to manually edit the template and pick the right value. Refer the below code where all the write-only parameters are listed in our extracted template.
58 Code:
59 SourceKMSKeyArn:
60 Ref: "LambdaFunction00MyIACGenFunction00TqvZ3CodeSourceKMSKeyArnQL3yK"
61 S3ObjectVersion:
62 Ref: "LambdaFunction00MyIACGenFunction00TqvZ3CodeS3ObjectVersionzaW72"
63 S3Bucket:
64 Ref: "LambdaFunction00MyIACGenFunction00TqvZ3CodeS3BucketUkUOL"
65 ZipFile:
66 Ref: "LambdaFunction00MyIACGenFunction00TqvZ3CodeZipFileoQJNX"
67 ImageUri:
68 Ref: "LambdaFunction00MyIACGenFunction00TqvZ3CodeImageUriGlqrD"
69 S3Key:
70 Ref: "LambdaFunction00MyIACGenFunction00TqvZ3CodeS3KeyKVUxG"- I have now edited the template and picked
ZipFileas the parameter since this is just a demo. I recommend storing the lambda code in an encrypted S3 bucket for production use-cases.Refer my edited file here - Link to the edited template
Import resources into Cloudformation
- Now, we can upload the edited template and go through the below steps to import the template into cloudformation
- Finally, the resources are successfully added to the stack
Conclusion
The AWS IaC generator is a powerful tool that simplifies the process of creating Infrastructure as Code for resources that were initially created manually. By automating the generation of CloudFormation templates, it reduces the effort and potential errors associated with manual template creation. However, it is important to note the limitations, such as handling write-only properties. These properties can significantly impact the accuracy of the generated templates, especially for large organizations with complex infrastructure. Proper estimation and handling of these parameters are crucial for ensuring a smooth transition to automated infrastructure provisioning.
Additionally, it is essential to understand that this tool is not a fully automated solution. Users must have a good understanding of CloudFormation to effectively utilize the generated templates and make necessary adjustments. Despite these considerations, the AWS IaC generator remains a valuable addition to the AWS ecosystem, enhancing efficiency and reliability in infrastructure management.