A First Look at AWS CloudFormation IaC Generator

3 minute read

Content level: Intermediate

An overview of the IaC Generator feature for CloudFormation, released in February 2024.

Situation

One of the top benefits of VMware Cloud on AWS is the ability to augment workloads with native AWS services. One of my jobs on the VMware Specialist SA team here at AWS is to build lab content demonstrating integrations between native AWS services and VMware Cloud on AWS. We use these demonstrations in our Immersion Day Workshop to give customers hands-on access to these integrations.

CloudFormation is Amazon's Infrastructure-as-Code tool. Any resource that needs to be made available to a customer in a workshop needs to be created using CloudFormation. I create this code in many different ways. Sometimes I find code that another team has built for a similar purpose and can re-use it. Other times I have a pretty good handle on what I need to do and start coding immediately in VS Code, letting CodeWhisperer help me generate code as I go. Sometimes it's a brand new service, or a brand new area of a service for me, and I will ask Amazon Q to help me start from scratch.

Regardless of how I eventually generate the code, I almost always create resources by hand before I start trying to automate, particularly if the service I'm working with is new to me. You need to fully understand what you're building before you try to automate it. When I saw the release announcement for AWS IaC Generator, I knew I had to try it out right away. IaC Generator can see resources you create in your account, and will generate the necessary CloudFormation code to recreate those resources. I expect testing to demonstrate that the new feature will speed up my development cycle by automating what I build by hand.

Task

Test IaC Generator by pointing it to resources I already have in one of my accounts.

Actions

You can find the link to IaC inside the CloudFormation section of the console
Scan the resources in my account. This can take some time.

Scan in progress...

Scan complete!
Now that all of the resources in my account have been scanned, I create a new CloudFormation template.
I name my template.
I want to generate code for an EC2 instance and related resources. All scanned resources found in my account are listed here. I search for my EC2 instance ID and find my instance in the list of resources.
IaC generator automatically finds related resources. It found my instance's volume, VPC, network interface, subnet, and security group!
Template generation is complete
I now have a CloudFormation template that I can run to re-create the resources that I built manually in my account. Here is a snippet of the Security Group code that IaC generated.

Results

IaC Generator will significantly speed up my development cycle as I introduce new integrations in our our Immersion Day workshops. I have to create the resources I need by hand, which is a step I am doing anyway as part of testing. IaC Generator then builds the code I need automatically!

Topics

Management & Governance Compute

Tags

AWS CloudFormation VMware Cloud on AWS

Language

English

EXPERT

Patrick Kremer

published 3 months ago2590 views

4 Comments

Powerful feature. I just did a quick hands-on to realize the power. Sharing the recorded demo in case anyone wants to see this feature in action. https://youtu.be/ilXROl36J5Q

Abhijit Ghosh

replied 3 months ago

Did you actually managed to re-create your setup using the generated template? I did a similar test where I had an EC2 instance and EBS volume. The code that come out had resources for both instance & volume and then also the attachment like below. While this work fine for importing the existing resources into a new stack, you won't be able to run this to re-create the instance as hard-coded InstanceId and VolumeId wouldn't match with the resources created from the template :-/

  EC2VolumeAttachment00vol06b7d183e4bb867a700jaYoF:
    UpdateReplacePolicy: "Retain"
    Type: "AWS::EC2::VolumeAttachment"
    DeletionPolicy: "Retain"
    Properties:
      InstanceId: "i-060079affca8f6dba"
      VolumeId: "vol-06b7d183e4bb867a7"
      Device: "/dev/xvda"

But I agree this gives you a template as a starting point, it just wouldn't work out-of-the-box.

EXPERT

Kallu

replied 2 months ago

I did not attempt an immediate re-import, I needed the generated code as a starting point to augment a different CF template.

EXPERT

Patrick Kremer

replied 2 months ago

You can use aspects to put the correct properties on the resource and then it should work. Just try it, do a cdk diff and you will see that there are no differences between your stack and the resources in your account.

Robert357000

replied 2 months ago

Relevant content

Automating the account linking process in VMware Cloud on AWS
EXPERT
Patrick Kremer
published 7 months ago
Unlocking the Power of Amazon Q for VMware Cloud on AWS Workloads
EXPERT
Greg Vinton
published a month ago
The Advantages of Using VMware Cloud on AWS for Your Business
EXPERT
Sedat Salman
published 10 months ago
VMware Cloud on AWS : Extending Networking to other accounts
Accepted Answer
MODERATOR
AWS-User-8945576
asked 4 years ago
Is it possible to use CloudFormation IaC generator to generate AWS::Route53::RecordSet configuration?
awscust1345
asked 2 months ago
VMware HCX between two VMware Cloud on AWS SDDCs
Accepted Answer
himanshu
asked 4 years ago
How is the pricing benefit of a Reserved Instance applied across an organization's consolidated bill?
AWS OFFICIALUpdated 2 years ago
How do I resolve the "Resource specification is invalid" error when I run the cfn generate command using the CloudFormation CLI in CloudFormation?
AWS OFFICIALUpdated 2 years ago
How is the pricing benefit of a Savings Plan applied across an organization's consolidated bill?
AWS OFFICIALUpdated 2 years ago
How do I reduce the amount of logs generated by my AWS Glue job?
AWS OFFICIALUpdated 2 years ago