What are some of the best practices for importing existing resources into a CloudFormation stack?

2 minute read

I want to follow best practices when I import existing resources into an AWS CloudFormation stack.


Note the following when you import existing resources into a CloudFormation stack.

Check whether the resource types support imports

Import is supported only for public and private resources that have the following provisioning type:


Check this list of import operations to make sure that the resources that you're importing are supported. For private resource types, run the describe-type AWS Command Line Interface (AWS CLI) command to verify the provisioning type of your resources.
Note: If you receive errors when you run the AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Validate that the resource that you're importing exists

Resource imports require that the imported resource exists in the same account as the target CloudFormation stack. Also, for non-global resources, the existing resource must be in the same Region as the target stack. CloudFormation doesn't support cross-Region or cross-account resource imports.

Verify that you have the correct template for importing the resources

  • All imported resources must have a DeletionPolicy attribute. It's a best practice to use Retain.
  • No additional resources can be created, deleted, or modified in any way during the import process.
  • Make sure that the imported resources defined in your template match the properties of the existing resource.
  • Check the generated change set for your update to verify that only the expected imports are being made.
  • Check if your template contains the Fn::Transform intrinsic function, because imports with transforms aren't supported in the CloudFormation console. Use the AWS CLI for these import scenarios.

Run drift detection, and then validate your resource configurations

After you import your resources, it's a best practice to run drift detection on your stack. Drift detection verifies whether there are differences between the imported resources in your template and the actual state of the existing resources. If your stack detects drift on your imported resources, then update the resources in CloudFormation to match the existing resources. Or, modify the resources directly to match the template configuration.

Related information

Bringing existing resources into CloudFormation management

AWS OFFICIALUpdated 2 months ago