search

DontShaveTheYak / cf2tf

Convert Cloudformation templates to Terraform.
GNU General Public License v3.0
494 stars 80 forks source link

Only output displaying is "repo found" #18

Closed chunkingz closed 2 years ago

chunkingz commented 2 years ago

@shadycuz I have installed your tool, however when I try to convert the template file from https://docs.aws.amazon.com/solutions/latest/centralized-logging/templates.html it doesn't work, just says repo found.

Python version: 3.9.12 command used: cf2tf aws-centralized-logging.template > main.tf tf version: v1.1.8 on macOS

Please assist.

shadycuz commented 2 years ago

Hey @chunkingz, Thanks for creating the first issue.

You dont get any output at all?

I get this:

// Converting aws-centralized-logging.template to Terraform!
 existing repo found.
warning: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: No match found for Roles, commenting out this argument.
Traceback (most recent call last):
  File "/home/shadycuz/testing/.cf2tf/bin/cf2tf", line 8, in <module>
    sys.exit(cli())
  File "/home/shadycuz/testing/.cf2tf/lib/python3.10/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/home/shadycuz/testing/.cf2tf/lib/python3.10/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/home/shadycuz/testing/.cf2tf/lib/python3.10/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/shadycuz/testing/.cf2tf/lib/python3.10/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/home/shadycuz/testing/.cf2tf/lib/python3.10/site-packages/cf2tf/app.py", line 44, in cli
    config = TemplateConverter(cf_template, search_manger).convert()
  File "/home/shadycuz/testing/.cf2tf/lib/python3.10/site-packages/cf2tf/convert.py", line 59, in convert
    tf_resources = self.convert_to_tf(self.manifest)
  File "/home/shadycuz/testing/.cf2tf/lib/python3.10/site-packages/cf2tf/convert.py", line 111, in convert_to_tf
    tf_resources.extend(converter(resources))
  File "/home/shadycuz/testing/.cf2tf/lib/python3.10/site-packages/cf2tf/convert.py", line 283, in convert_resources
    resolved_values = self.resolve_values(
  File "/home/shadycuz/testing/.cf2tf/lib/python3.10/site-packages/cf2tf/convert.py", line 138, in resolve_values
    data[key] = self.resolve_values(value, allowed_func)
  File "/home/shadycuz/testing/.cf2tf/lib/python3.10/site-packages/cf2tf/convert.py", line 138, in resolve_values
    data[key] = self.resolve_values(value, allowed_func)
  File "/home/shadycuz/testing/.cf2tf/lib/python3.10/site-packages/cf2tf/convert.py", line 138, in resolve_values
    data[key] = self.resolve_values(value, allowed_func)
  File "/home/shadycuz/testing/.cf2tf/lib/python3.10/site-packages/cf2tf/convert.py", line 146, in resolve_values
    return allowed_func[key](self, value)
  File "/home/shadycuz/testing/.cf2tf/lib/python3.10/site-packages/cf2tf/conversion/expressions.py", line 329, in find_in_map
    raise KeyError(f"Unable to find {map_name} in locals block.")
KeyError: 'Unable to find "CLMap" in locals block.'

Which is a bug 😊 and I will look into it really soon. I just changed laptops so I need to get my development environment up and running.

But I'm more concerned about you not seeing any output. Are you on windows?

chunkingz commented 2 years ago

@shadycuz I just tried running it again, and all I see is // Converting aws-centralized-logging.template to Terraform! and it doesn't progress after that.

Thanks for checking it out for me, I'll wait for a fix.

re the OS, no I use a mac.

shadycuz commented 2 years ago

@chunkingz I have fixed some issues and now the conversion finishes. I will push these fixes shortly. I'm still not sure why you dont see the stack trace and other output. I had another user confirm Mac has output.

Can you post your python version? Can you post the command you used?

Here is the converted template https://gist.github.com/shadycuz/b6bb9980304b76f5bd9d353044e18622

Note that this was a fairly complex Cloudformation template to convert and will need lots of manual work to finish to get it to validate and apply with Terraform.

I already see one regression with the locals block not displaying the maps properly.

shadycuz commented 2 years ago

Also a screenshot/copy paste of what you do get as output would be helpful.

dboboev commented 2 years ago

Having same issue, this is my output:existing repo found.

dboboev commented 2 years ago
Screen Shot 2022-06-20 at 4 25 22 PM
dboboev commented 2 years ago

content of templ.yaml:

Type: AWS::EC2::Instance
Properties: 
  AdditionalInfo: String
  Affinity: String
  AvailabilityZone: String
  BlockDeviceMappings: 
    - BlockDeviceMapping
  CpuOptions: 
    CpuOptions
  CreditSpecification: 
    CreditSpecification
  DisableApiTermination: Boolean
  EbsOptimized: Boolean
  ElasticGpuSpecifications: 
    - ElasticGpuSpecification
  ElasticInferenceAccelerators: 
    - ElasticInferenceAccelerator
  EnclaveOptions: 
    EnclaveOptions
  HibernationOptions: 
    HibernationOptions
  HostId: String
  HostResourceGroupArn: String
  IamInstanceProfile: String
  ImageId: String
  InstanceInitiatedShutdownBehavior: String
  InstanceType: String
  Ipv6AddressCount: Integer
  Ipv6Addresses: 
    - InstanceIpv6Address
  KernelId: String
  KeyName: String
  LaunchTemplate: 
    LaunchTemplateSpecification
  LicenseSpecifications: 
    - LicenseSpecification
  Monitoring: Boolean
  NetworkInterfaces: 
    - NetworkInterface
  PlacementGroupName: String
  PrivateDnsNameOptions: 
    PrivateDnsNameOptions
  PrivateIpAddress: String
  PropagateTagsToVolumeOnCreation: Boolean
  RamdiskId: String
  SecurityGroupIds: 
    - String
  SecurityGroups: 
    - String
  SourceDestCheck: Boolean
  SsmAssociations: 
    - SsmAssociation
  SubnetId: String
  Tags: 
    - Tag
  Tenancy: String
  UserData: String
  Volumes: 
    - Volume
shadycuz commented 2 years ago

@chunkingz @dboboev

Could you run it with the -v debug flag? It might give more clues to what is going on.

@dboboev Is that the full template or only a partial piece of it? Because that is not a valid Cloudformation template.

chunkingz commented 2 years ago

@chunkingz I have fixed some issues and now the conversion finishes. I will push these fixes shortly. I'm still not sure why you dont see the stack trace and other output. I had another user confirm Mac has output.

Can you post your python version? Can you post the command you used?

Here is the converted template https://gist.github.com/shadycuz/b6bb9980304b76f5bd9d353044e18622

Note that this was a fairly complex Cloudformation template to convert and will need lots of manual work to finish to get it to validate and apply with Terraform.

I already see one regression with the locals block not displaying the maps properly.

@shadycuz Python version: 3.9.12 command used: cf2tf aws-centralized-logging.template > main.tf

Thanks for the converted template! ❤️

chunkingz commented 2 years ago

@shadycuz I have run it with the -v DEBUG flag and this is my stdout below.

Fortunes-MacBook-Pro:cloudFormation fortuneking$ cf2tf aws-centralized-logging.template > main.tf -v DEBUG
// Converting aws-centralized-logging.template to Terraform!
debug: // Template location is aws-centralized-logging.template
debug: Parsed the following resources for processing:
debug: {"Parameters": [["DomainName", {"Type": "String", "Default": "centralizedlogging"}], ["AdminEmail", {"Type": "String", "AllowedPattern": "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$"}], ["ClusterSize", {"Type": "String", "Default": "Small", "AllowedValues": ["Small", "Medium", "Large"], "Description": "Elasticsearch cluster size; small (4 data nodes), medium (6 data nodes), large (6 data nodes)"}], ["DemoTemplate", {"Type": "String", "Default": "No", "AllowedValues": ["No", "Yes"], "Description": "Deploy demo template for sample data and logs?"}], ["SpokeAccounts", {"Type": "CommaDelimitedList", "Description": "Account IDs which you want to allow for centralized logging (comma separated list eg. 11111111,22222222)"}], ["SpokeRegions", {"Type": "CommaDelimitedList", "Default": "All", "Description": "Regions which you want to allow for centralized logging (comma separated list eg. us-east-1,us-west-2)"}], ["JumpboxDeploy", {"Type": "String", "Default": "No", "AllowedValues": ["No", "Yes"], "Description": "Do you want to deploy jumbox?"}], ["JumpboxKey", {"Type": "String", "Description": "Key pair name for jumpbox (You may leave this empty if you chose 'No' above)"}], ["WindowsAMI", {"Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>", "Default": "/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-Base"}]], "Mappings": [["CLMap", {"Metric": {"SendAnonymousMetric": "Yes", "MetricsEndpoint": "https://metrics.awssolutionsbuilder.com/generic"}}], ["ESMap", {"NodeCount": {"Small": 4, "Medium": 6, "Large": 6}, "MasterSize": {"Small": "c5.large.elasticsearch", "Medium": "c5.large.elasticsearch", "Large": "c5.large.elasticsearch"}, "InstanceSize": {"Small": "r5.large.elasticsearch", "Medium": "r5.2xlarge.elasticsearch", "Large": "r5.4xlarge.elasticsearch"}}]], "Conditions": [["demoDeploymentCheck", {"Fn::Equals": [{"Ref": "DemoTemplate"}, "Yes"]}], ["JumpboxDeploymentCheck", {"Fn::Equals": [{"Ref": "JumpboxDeploy"}, "Yes"]}], ["CDKMetadataAvailable", {"Fn::Or": [{"Fn::Or": [{"Fn::Equals": [{"Ref": "AWS::Region"}, "af-south-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "ap-east-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "ap-northeast-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "ap-northeast-2"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "ap-south-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "ap-southeast-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "ap-southeast-2"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "ca-central-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "cn-north-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "cn-northwest-1"]}]}, {"Fn::Or": [{"Fn::Equals": [{"Ref": "AWS::Region"}, "eu-central-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "eu-north-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "eu-south-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "eu-west-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "eu-west-2"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "eu-west-3"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "me-south-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "sa-east-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "us-east-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "us-east-2"]}]}, {"Fn::Or": [{"Fn::Equals": [{"Ref": "AWS::Region"}, "us-west-1"]}, {"Fn::Equals": [{"Ref": "AWS::Region"}, "us-west-2"]}]}]}]], "Resources": [["HelperRoleD1833F54", {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "lambda.amazonaws.com"}}], "Version": "2012-10-17"}}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/HelperRole/Resource"}}], ["HelperRolePolicy175990BAD", {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": ["logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup"], "Effect": "Allow", "Resource": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":logs:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":log-group:*"]]}, {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":logs:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":log-group:*:log-stream:*"]]}]}, {"Action": ["ec2:DescribeRegions", "logs:PutDestination", "logs:DeleteDestination", "logs:PutDestinationPolicy"], "Effect": "Allow", "Resource": "*"}, {"Action": "iam:CreateServiceLinkedRole", "Condition": {"StringLike": {"iam:AWSServiceName": "es.amazonaws.com"}}, "Effect": "Allow", "Resource": {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":iam::*:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonElasticsearchService*"]]}}], "Version": "2012-10-17"}, "PolicyName": "HelperRolePolicy175990BAD", "Roles": [{"Ref": "HelperRoleD1833F54"}]}, "Metadata": {"cfn_nag": {"rules_to_suppress": [{"id": "W12", "reason": "* needed, actions do no support resource level permissions"}]}}}], ["HelperLambdaAC9474F4", {"Type": "AWS::Lambda::Function", "Properties": {"Code": {"S3Bucket": {"Fn::Sub": "solutions-${AWS::Region}"}, "S3Key": "centralized-logging/v4.0.1/asset9b4c683682a0773735625e441eabc438ac1d2b4ef65d28093ba33154aaaa2a66.zip"}, "Role": {"Fn::GetAtt": ["HelperRoleD1833F54", "Arn"]}, "Description": "centralized-logging -  solution helper functions", "Environment": {"Variables": {"LOG_LEVEL": "info", "METRICS_ENDPOINT": {"Fn::FindInMap": ["CLMap", "Metric", "MetricsEndpoint"]}, "SEND_METRIC": {"Fn::FindInMap": ["CLMap", "Metric", "SendAnonymousMetric"]}, "CUSTOM_SDK_USER_AGENT": "AwsSolution/SO0009/v4.0.1"}}, "Handler": "index.handler", "Runtime": "nodejs14.x", "Timeout": 300}, "DependsOn": ["HelperRoleD1833F54", "HelperRolePolicy175990BAD"], "Metadata": {"cfn_nag": {"rules_to_suppress": [{"id": "W58", "reason": "CloudWatch logs write permissions added with managed role AWSLambdaBasicExecutionRole"}, {"id": "W89", "reason": "Not a valid use case for Lambda functions to be deployed inside a VPC"}, {"id": "W92", "reason": "Not a valid use case for Lambda reserved concurrency"}]}}}], ["HelperProviderframeworkonEventServiceRole1962DD43", {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "lambda.amazonaws.com"}}], "Version": "2012-10-17"}, "ManagedPolicyArns": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/HelperProvider/framework-onEvent/ServiceRole/Resource"}}], ["HelperProviderframeworkonEventServiceRoleDefaultPolicy7C54367B", {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": {"Fn::GetAtt": ["HelperLambdaAC9474F4", "Arn"]}}], "Version": "2012-10-17"}, "PolicyName": "HelperProviderframeworkonEventServiceRoleDefaultPolicy7C54367B", "Roles": [{"Ref": "HelperProviderframeworkonEventServiceRole1962DD43"}]}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/HelperProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource"}}], ["HelperProviderframeworkonEvent1079DE9D", {"Type": "AWS::Lambda::Function", "Properties": {"Code": {"S3Bucket": {"Fn::Sub": "solutions-${AWS::Region}"}, "S3Key": "centralized-logging/v4.0.1/assetc691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c.zip"}, "Role": {"Fn::GetAtt": ["HelperProviderframeworkonEventServiceRole1962DD43", "Arn"]}, "Description": "AWS CDK resource provider framework - onEvent (CL-PrimaryStack/HelperProvider)", "Environment": {"Variables": {"USER_ON_EVENT_FUNCTION_ARN": {"Fn::GetAtt": ["HelperLambdaAC9474F4", "Arn"]}}}, "Handler": "assetc691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/framework.onEvent", "Runtime": "nodejs12.x", "Timeout": 900}, "DependsOn": ["HelperProviderframeworkonEventServiceRoleDefaultPolicy7C54367B", "HelperProviderframeworkonEventServiceRole1962DD43"], "Metadata": {"cfn_nag": {"rules_to_suppress": [{"id": "W58", "reason": "CloudWatch logs write permissions added with managed role AWSLambdaBasicExecutionRole"}, {"id": "W89", "reason": "Not a valid use case for Lambda functions to be deployed inside a VPC"}, {"id": "W92", "reason": "Not a valid use case for Lambda reserved concurrency"}]}}}], ["CreateUUID", {"Type": "Custom::CreateUUID", "Properties": {"ServiceToken": {"Fn::GetAtt": ["HelperProviderframeworkonEvent1079DE9D", "Arn"]}}, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CreateUUID/Default"}}], ["CreateESServiceRole", {"Type": "Custom::CreateESServiceRole", "Properties": {"ServiceToken": {"Fn::GetAtt": ["HelperProviderframeworkonEvent1079DE9D", "Arn"]}}, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CreateESServiceRole/Default"}}], ["LaunchData", {"Type": "Custom::LaunchData", "Properties": {"ServiceToken": {"Fn::GetAtt": ["HelperProviderframeworkonEvent1079DE9D", "Arn"]}, "SolutionId": "SO0009", "SolutionVersion": "v4.0.1", "SolutionUuid": {"Fn::GetAtt": ["CreateUUID", "UUID"]}, "Stack": "PrimaryStack"}, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/LaunchData/Default"}}], ["ESUserPool7DC126A8", {"Type": "AWS::Cognito::UserPool", "Properties": {"AccountRecoverySetting": {"RecoveryMechanisms": [{"Name": "verified_email", "Priority": 1}]}, "AdminCreateUserConfig": {"AllowAdminCreateUserOnly": true}, "AutoVerifiedAttributes": ["email"], "EmailVerificationMessage": "The verification code to your new account is {####}", "EmailVerificationSubject": "Verify your new account", "Policies": {"PasswordPolicy": {"MinimumLength": 8, "RequireLowercase": true, "RequireNumbers": true, "RequireSymbols": true, "RequireUppercase": true, "TemporaryPasswordValidityDays": 3}}, "Schema": [{"Mutable": true, "Name": "email", "Required": true}], "SmsVerificationMessage": "The verification code to your new account is {####}", "UsernameAttributes": ["email"], "UserPoolAddOns": {"AdvancedSecurityMode": "ENFORCED"}, "VerificationMessageTemplate": {"DefaultEmailOption": "CONFIRM_WITH_CODE", "EmailMessage": "The verification code to your new account is {####}", "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}"}}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESUserPool/Resource"}}], ["ESUserPoolESCognitoDomain4E1D658B", {"Type": "AWS::Cognito::UserPoolDomain", "Properties": {"Domain": {"Fn::Join": ["", [{"Ref": "DomainName"}, "-", {"Fn::GetAtt": ["CreateUUID", "UUID"]}]]}, "UserPoolId": {"Ref": "ESUserPool7DC126A8"}}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESUserPool/ESCognitoDomain/Resource"}}], ["AdminUser", {"Type": "AWS::Cognito::UserPoolUser", "Properties": {"UserPoolId": {"Ref": "ESUserPool7DC126A8"}, "UserAttributes": [{"Name": "email", "Value": {"Ref": "AdminEmail"}}], "Username": {"Ref": "AdminEmail"}}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/AdminUser"}}], ["ESIdentityPool", {"Type": "AWS::Cognito::IdentityPool", "Properties": {"AllowUnauthenticatedIdentities": false}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESIdentityPool"}}], ["CognitoAuthRole7B7E27C0", {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRoleWithWebIdentity", "Condition": {"StringEquals": {"cognito-identity.amazonaws.com:aud": {"Ref": "ESIdentityPool"}}, "ForAnyValue:StringLike": {"cognito-identity.amazonaws.com:amr": "authenticated"}}, "Effect": "Allow", "Principal": {"Federated": "cognito-identity.amazonaws.com"}}], "Version": "2012-10-17"}}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CognitoAuthRole/Resource"}}], ["IdentityPoolRoleAttachment", {"Type": "AWS::Cognito::IdentityPoolRoleAttachment", "Properties": {"IdentityPoolId": {"Ref": "ESIdentityPool"}, "Roles": {"authenticated": {"Fn::GetAtt": ["CognitoAuthRole7B7E27C0", "Arn"]}}}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/IdentityPoolRoleAttachment"}}], ["ESCognitoRole0FB5690B", {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "es.amazonaws.com"}}], "Version": "2012-10-17"}, "Policies": [{"PolicyDocument": {"Statement": [{"Action": ["cognito-idp:DescribeUserPool", "cognito-idp:CreateUserPoolClient", "cognito-idp:DeleteUserPoolClient", "cognito-idp:DescribeUserPoolClient", "cognito-idp:AdminInitiateAuth", "cognito-idp:AdminUserGlobalSignOut", "cognito-idp:ListUserPoolClients", "cognito-identity:DescribeIdentityPool", "cognito-identity:UpdateIdentityPool", "cognito-identity:SetIdentityPoolRoles", "cognito-identity:GetIdentityPoolRoles"], "Effect": "Allow", "Resource": "*"}], "Version": "2012-10-17"}, "PolicyName": "ESCognitoAccess"}]}, "Metadata": {"cfn_nag": {"rules_to_suppress": [{"id": "W11", "reason": "Cognito actions do not allow resource level permissions"}]}}}], ["ESCognitoRoleDefaultPolicy007A3108", {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": "iam:PassRole", "Condition": {"StringLike": {"iam:PassedToService": "cognito-identity.amazonaws.com"}}, "Effect": "Allow", "Resource": {"Fn::GetAtt": ["ESCognitoRole0FB5690B", "Arn"]}}], "Version": "2012-10-17"}, "PolicyName": "ESCognitoRoleDefaultPolicy007A3108", "Roles": [{"Ref": "ESCognitoRole0FB5690B"}]}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESCognitoRole/DefaultPolicy/Resource"}}], ["FirehoseRoleAA67C190", {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "firehose.amazonaws.com"}}], "Version": "2012-10-17"}}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/FirehoseRole/Resource"}}], ["VPCFlowLogGroup9559E1E7", {"Type": "AWS::Logs::LogGroup", "Properties": {"RetentionInDays": 731}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"cfn_nag": {"rules_to_suppress": [{"id": "W84", "reason": "Log group is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"}]}}}], ["flowRole5E4EF2F1", {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "vpc-flow-logs.amazonaws.com"}}], "Version": "2012-10-17"}}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/flowRole/Resource"}}], ["flowRoleDefaultPolicyA5122836", {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": ["logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams"], "Effect": "Allow", "Resource": {"Fn::GetAtt": ["VPCFlowLogGroup9559E1E7", "Arn"]}}, {"Action": "iam:PassRole", "Effect": "Allow", "Resource": {"Fn::GetAtt": ["flowRole5E4EF2F1", "Arn"]}}], "Version": "2012-10-17"}, "PolicyName": "flowRoleDefaultPolicyA5122836", "Roles": [{"Ref": "flowRole5E4EF2F1"}]}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/flowRole/DefaultPolicy/Resource"}}], ["ESVPC3CEAD2A7", {"Type": "AWS::EC2::VPC", "Properties": {"CidrBlock": "10.0.0.0/16", "EnableDnsHostnames": true, "EnableDnsSupport": true, "InstanceTenancy": "default", "Tags": [{"Key": "Name", "Value": "CL-PrimaryStack/ESVPC"}]}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/Resource"}}], ["ESVPCESIsolatedSubnetSubnet1SubnetBC48A527", {"Type": "AWS::EC2::Subnet", "Properties": {"CidrBlock": "10.0.0.0/24", "VpcId": {"Ref": "ESVPC3CEAD2A7"}, "AvailabilityZone": {"Fn::Select": [0, {"Fn::GetAZs": ""}]}, "MapPublicIpOnLaunch": false, "Tags": [{"Key": "aws-cdk:subnet-name", "Value": "ESIsolatedSubnet"}, {"Key": "aws-cdk:subnet-type", "Value": "Isolated"}, {"Key": "Name", "Value": "CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet1"}]}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet1/Subnet"}}], ["ESVPCESIsolatedSubnetSubnet1RouteTable122122FC", {"Type": "AWS::EC2::RouteTable", "Properties": {"VpcId": {"Ref": "ESVPC3CEAD2A7"}, "Tags": [{"Key": "Name", "Value": "CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet1"}]}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet1/RouteTable"}}], ["ESVPCESIsolatedSubnetSubnet1RouteTableAssociation9F413854", {"Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": {"RouteTableId": {"Ref": "ESVPCESIsolatedSubnetSubnet1RouteTable122122FC"}, "SubnetId": {"Ref": "ESVPCESIsolatedSubnetSubnet1SubnetBC48A527"}}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet1/RouteTableAssociation"}}], ["ESVPCESIsolatedSubnetSubnet2SubnetF8D4DB34", {"Type": "AWS::EC2::Subnet", "Properties": {"CidrBlock": "10.0.1.0/24", "VpcId": {"Ref": "ESVPC3CEAD2A7"}, "AvailabilityZone": {"Fn::Select": [1, {"Fn::GetAZs": ""}]}, "MapPublicIpOnLaunch": false, "Tags": [{"Key": "aws-cdk:subnet-name", "Value": "ESIsolatedSubnet"}, {"Key": "aws-cdk:subnet-type", "Value": "Isolated"}, {"Key": "Name", "Value": "CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet2"}]}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet2/Subnet"}}], ["ESVPCESIsolatedSubnetSubnet2RouteTable4A8B83E0", {"Type": "AWS::EC2::RouteTable", "Properties": {"VpcId": {"Ref": "ESVPC3CEAD2A7"}, "Tags": [{"Key": "Name", "Value": "CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet2"}]}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet2/RouteTable"}}], ["ESVPCESIsolatedSubnetSubnet2RouteTableAssociationA11EB5C0", {"Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": {"RouteTableId": {"Ref": "ESVPCESIsolatedSubnetSubnet2RouteTable4A8B83E0"}, "SubnetId": {"Ref": "ESVPCESIsolatedSubnetSubnet2SubnetF8D4DB34"}}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/ESIsolatedSubnetSubnet2/RouteTableAssociation"}}], ["ESVPCESPublicSubnetSubnet1Subnet12560704", {"Type": "AWS::EC2::Subnet", "Properties": {"CidrBlock": "10.0.2.0/24", "VpcId": {"Ref": "ESVPC3CEAD2A7"}, "AvailabilityZone": {"Fn::Select": [0, {"Fn::GetAZs": ""}]}, "MapPublicIpOnLaunch": true, "Tags": [{"Key": "aws-cdk:subnet-name", "Value": "ESPublicSubnet"}, {"Key": "aws-cdk:subnet-type", "Value": "Public"}, {"Key": "Name", "Value": "CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet1"}]}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"cfn_nag": {"rules_to_suppress": [{"id": "W33", "reason": "Subnet allows public ip for jumpbox and demo web server"}]}}}], ["ESVPCESPublicSubnetSubnet1RouteTable45432090", {"Type": "AWS::EC2::RouteTable", "Properties": {"VpcId": {"Ref": "ESVPC3CEAD2A7"}, "Tags": [{"Key": "Name", "Value": "CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet1"}]}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet1/RouteTable"}}], ["ESVPCESPublicSubnetSubnet1RouteTableAssociation1E172C60", {"Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": {"RouteTableId": {"Ref": "ESVPCESPublicSubnetSubnet1RouteTable45432090"}, "SubnetId": {"Ref": "ESVPCESPublicSubnetSubnet1Subnet12560704"}}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet1/RouteTableAssociation"}}], ["ESVPCESPublicSubnetSubnet1DefaultRoute2AA9703D", {"Type": "AWS::EC2::Route", "Properties": {"RouteTableId": {"Ref": "ESVPCESPublicSubnetSubnet1RouteTable45432090"}, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": {"Ref": "ESVPCIGW68E8AEA9"}}, "DependsOn": ["ESVPCVPCGW707EC835"], "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet1/DefaultRoute"}}], ["ESVPCESPublicSubnetSubnet2Subnet9C1FC6F7", {"Type": "AWS::EC2::Subnet", "Properties": {"CidrBlock": "10.0.3.0/24", "VpcId": {"Ref": "ESVPC3CEAD2A7"}, "AvailabilityZone": {"Fn::Select": [1, {"Fn::GetAZs": ""}]}, "MapPublicIpOnLaunch": true, "Tags": [{"Key": "aws-cdk:subnet-name", "Value": "ESPublicSubnet"}, {"Key": "aws-cdk:subnet-type", "Value": "Public"}, {"Key": "Name", "Value": "CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet2"}]}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"cfn_nag": {"rules_to_suppress": [{"id": "W33", "reason": "Subnet allows public ip for jumpbox and demo web server"}]}}}], ["ESVPCESPublicSubnetSubnet2RouteTableEC1D6B54", {"Type": "AWS::EC2::RouteTable", "Properties": {"VpcId": {"Ref": "ESVPC3CEAD2A7"}, "Tags": [{"Key": "Name", "Value": "CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet2"}]}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet2/RouteTable"}}], ["ESVPCESPublicSubnetSubnet2RouteTableAssociation63160086", {"Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": {"RouteTableId": {"Ref": "ESVPCESPublicSubnetSubnet2RouteTableEC1D6B54"}, "SubnetId": {"Ref": "ESVPCESPublicSubnetSubnet2Subnet9C1FC6F7"}}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet2/RouteTableAssociation"}}], ["ESVPCESPublicSubnetSubnet2DefaultRoute93518DD8", {"Type": "AWS::EC2::Route", "Properties": {"RouteTableId": {"Ref": "ESVPCESPublicSubnetSubnet2RouteTableEC1D6B54"}, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": {"Ref": "ESVPCIGW68E8AEA9"}}, "DependsOn": ["ESVPCVPCGW707EC835"], "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/ESPublicSubnetSubnet2/DefaultRoute"}}], ["ESVPCIGW68E8AEA9", {"Type": "AWS::EC2::InternetGateway", "Properties": {"Tags": [{"Key": "Name", "Value": "CL-PrimaryStack/ESVPC"}]}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/IGW"}}], ["ESVPCVPCGW707EC835", {"Type": "AWS::EC2::VPCGatewayAttachment", "Properties": {"VpcId": {"Ref": "ESVPC3CEAD2A7"}, "InternetGatewayId": {"Ref": "ESVPCIGW68E8AEA9"}}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/VPCGW"}}], ["ESVPCESVpcFlowFlowLog10A9B76F", {"Type": "AWS::EC2::FlowLog", "Properties": {"ResourceId": {"Ref": "ESVPC3CEAD2A7"}, "ResourceType": "VPC", "TrafficType": "ALL", "DeliverLogsPermissionArn": {"Fn::GetAtt": ["flowRole5E4EF2F1", "Arn"]}, "LogDestinationType": "cloud-watch-logs", "LogGroupName": {"Ref": "VPCFlowLogGroup9559E1E7"}, "Tags": [{"Key": "Name", "Value": "CL-PrimaryStack/ESVPC"}]}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESVPC/ESVpcFlow/FlowLog"}}], ["ESSGE420B5A1", {"Type": "AWS::EC2::SecurityGroup", "Properties": {"GroupDescription": "CL-PrimaryStack/ESSG", "SecurityGroupEgress": [{"CidrIp": {"Fn::GetAtt": ["ESVPC3CEAD2A7", "CidrBlock"]}, "Description": "allow outbound https", "FromPort": 443, "IpProtocol": "tcp", "ToPort": 443}], "SecurityGroupIngress": [{"CidrIp": {"Fn::GetAtt": ["ESVPC3CEAD2A7", "CidrBlock"]}, "Description": "allow inbound https traffic", "FromPort": 443, "IpProtocol": "tcp", "ToPort": 443}], "VpcId": {"Ref": "ESVPC3CEAD2A7"}}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/ESSG/Resource"}}], ["ESDomainB45006DA", {"Type": "AWS::Elasticsearch::Domain", "Properties": {"AccessPolicies": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["es:ESHttpGet", "es:ESHttpDelete", "es:ESHttpPut", "es:ESHttpPost", "es:ESHttpHead", "es:ESHttpPatch"], "Principal": {"AWS": {"Fn::GetAtt": ["CognitoAuthRole7B7E27C0", "Arn"]}}, "Resource": {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":es:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":domain/", {"Ref": "DomainName"}, "/*"]]}}, {"Effect": "Allow", "Action": ["es:DescribeElasticsearchDomain", "es:DescribeElasticsearchDomains", "es:DescribeElasticsearchDomainConfig", "es:ESHttpPost", "es:ESHttpPut", "es:HttpGet"], "Principal": {"AWS": {"Fn::GetAtt": ["FirehoseRoleAA67C190", "Arn"]}}, "Resource": {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":es:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":domain/", {"Ref": "DomainName"}, "/*"]]}}]}, "CognitoOptions": {"Enabled": true, "IdentityPoolId": {"Ref": "ESIdentityPool"}, "RoleArn": {"Fn::GetAtt": ["ESCognitoRole0FB5690B", "Arn"]}, "UserPoolId": {"Ref": "ESUserPool7DC126A8"}}, "DomainEndpointOptions": {"EnforceHTTPS": true, "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07"}, "DomainName": {"Ref": "DomainName"}, "EBSOptions": {"EBSEnabled": true, "VolumeSize": 10, "VolumeType": "gp2"}, "ElasticsearchClusterConfig": {"DedicatedMasterCount": 3, "DedicatedMasterEnabled": true, "DedicatedMasterType": {"Fn::FindInMap": ["ESMap", "MasterSize", {"Ref": "ClusterSize"}]}, "InstanceCount": {"Fn::FindInMap": ["ESMap", "NodeCount", {"Ref": "ClusterSize"}]}, "InstanceType": {"Fn::FindInMap": ["ESMap", "InstanceSize", {"Ref": "ClusterSize"}]}, "ZoneAwarenessConfig": {"AvailabilityZoneCount": 2}, "ZoneAwarenessEnabled": true}, "ElasticsearchVersion": "7.7", "EncryptionAtRestOptions": {"Enabled": true}, "LogPublishingOptions": {}, "NodeToNodeEncryptionOptions": {"Enabled": true}, "VPCOptions": {"SecurityGroupIds": [{"Fn::GetAtt": ["ESSGE420B5A1", "GroupId"]}], "SubnetIds": [{"Ref": "ESVPCESIsolatedSubnetSubnet1SubnetBC48A527"}, {"Ref": "ESVPCESIsolatedSubnetSubnet2SubnetF8D4DB34"}]}}, "DependsOn": ["ESUserPoolESCognitoDomain4E1D658B"], "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"cfn_nag": {"rules_to_suppress": [{"id": "W28", "reason": "OpenSearch service uses customer provided domain name"}]}}}], ["authRolePolicyAB4A1E56", {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": ["es:ESHttpGet", "es:ESHttpDelete", "es:ESHttpPut", "es:ESHttpPost", "es:ESHttpHead", "es:ESHttpPatch"], "Effect": "Allow", "Resource": {"Fn::GetAtt": ["ESDomainB45006DA", "Arn"]}}], "Version": "2012-10-17"}, "PolicyName": "authRolePolicyAB4A1E56", "Roles": [{"Ref": "CognitoAuthRole7B7E27C0"}]}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/authRolePolicy/Resource"}}], ["dlq09C78ACC", {"Type": "AWS::SQS::Queue", "Properties": {"KmsMasterKeyId": "alias/aws/sqs"}, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/dlq/Resource"}}], ["CLTransformerServiceRole016CAD3C", {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "lambda.amazonaws.com"}}], "Version": "2012-10-17"}, "ManagedPolicyArns": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CLTransformer/ServiceRole/Resource"}}], ["CLTransformerServiceRoleDefaultPolicyC34581D1", {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": "sqs:SendMessage", "Effect": "Allow", "Resource": {"Fn::GetAtt": ["dlq09C78ACC", "Arn"]}}, {"Action": ["kinesis:DescribeStreamSummary", "kinesis:GetRecords", "kinesis:GetShardIterator", "kinesis:ListShards", "kinesis:SubscribeToShard"], "Effect": "Allow", "Resource": {"Fn::GetAtt": ["CLDataStream4DFB5423", "Arn"]}}, {"Action": "kinesis:DescribeStream", "Effect": "Allow", "Resource": {"Fn::GetAtt": ["CLDataStream4DFB5423", "Arn"]}}, {"Action": "firehose:PutRecordBatch", "Effect": "Allow", "Resource": {"Fn::GetAtt": ["CLFirehose", "Arn"]}}], "Version": "2012-10-17"}, "PolicyName": "CLTransformerServiceRoleDefaultPolicyC34581D1", "Roles": [{"Ref": "CLTransformerServiceRole016CAD3C"}]}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CLTransformer/ServiceRole/DefaultPolicy/Resource"}}], ["CLTransformer433F8853", {"Type": "AWS::Lambda::Function", "Properties": {"Code": {"S3Bucket": {"Fn::Sub": "solutions-${AWS::Region}"}, "S3Key": "centralized-logging/v4.0.1/assetb9316d9a0f47aa8516cdc62510095e3fcad7da2127a60add35eef432d3e28c30.zip"}, "Role": {"Fn::GetAtt": ["CLTransformerServiceRole016CAD3C", "Arn"]}, "DeadLetterConfig": {"TargetArn": {"Fn::GetAtt": ["dlq09C78ACC", "Arn"]}}, "Description": "centralized-logging - Lambda function to transform log events and send to kinesis firehose", "Environment": {"Variables": {"LOG_LEVEL": "info", "SOLUTION_ID": "SO0009", "SOLUTION_VERSION": "v4.0.1", "UUID": {"Fn::GetAtt": ["CreateUUID", "UUID"]}, "CLUSTER_SIZE": {"Ref": "ClusterSize"}, "DELIVERY_STREAM": "CL-Firehose", "METRICS_ENDPOINT": {"Fn::FindInMap": ["CLMap", "Metric", "MetricsEndpoint"]}, "SEND_METRIC": {"Fn::FindInMap": ["CLMap", "Metric", "SendAnonymousMetric"]}, "CUSTOM_SDK_USER_AGENT": "AwsSolution/SO0009/v4.0.1"}}, "Handler": "index.handler", "Runtime": "nodejs14.x", "Timeout": 300}, "DependsOn": ["CLTransformerServiceRoleDefaultPolicyC34581D1", "CLTransformerServiceRole016CAD3C"], "Metadata": {"cfn_nag": {"rules_to_suppress": [{"id": "W58", "reason": "CloudWatch logs write permissions added with managed role AWSLambdaBasicExecutionRole"}, {"id": "W89", "reason": "Not a valid use case for Lambda functions to be deployed inside a VPC"}, {"id": "W92", "reason": "Not a valid use case for Lambda reserved concurrency"}]}}}], ["CLTransformerKinesisEventSourceCLPrimaryStackCLDataStreamFC34105C3B10D828", {"Type": "AWS::Lambda::EventSourceMapping", "Properties": {"FunctionName": {"Ref": "CLTransformer433F8853"}, "BatchSize": 100, "EventSourceArn": {"Fn::GetAtt": ["CLDataStream4DFB5423", "Arn"]}, "StartingPosition": "TRIM_HORIZON"}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CLTransformer/KinesisEventSource:CLPrimaryStackCLDataStreamFC34105C/Resource"}}], ["TopicBFC7AF6E", {"Type": "AWS::SNS::Topic", "Properties": {"DisplayName": "CL-Lambda-Error", "KmsMasterKeyId": {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":kms:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":alias/aws/sns"]]}}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/Topic/Resource"}}], ["TopicTokenSubscription178F3F75E", {"Type": "AWS::SNS::Subscription", "Properties": {"Protocol": "email", "TopicArn": {"Ref": "TopicBFC7AF6E"}, "Endpoint": {"Ref": "AdminEmail"}}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/Topic/TokenSubscription:1/Resource"}}], ["CLLambdaErrorAlarm289F6B50", {"Type": "AWS::CloudWatch::Alarm", "Properties": {"ComparisonOperator": "GreaterThanOrEqualToThreshold", "EvaluationPeriods": 1, "AlarmActions": [{"Ref": "TopicBFC7AF6E"}], "Dimensions": [{"Name": "FunctionName", "Value": {"Ref": "CLTransformer433F8853"}}], "MetricName": "Errors", "Namespace": "AWS/Lambda", "Period": 300, "Statistic": "Sum", "Threshold": 0.05}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CL-LambdaError-Alarm/Resource"}}], ["CLDataStream4DFB5423", {"Type": "AWS::Kinesis::Stream", "Properties": {"ShardCount": 1, "RetentionPeriodHours": 24, "StreamEncryption": {"EncryptionType": "KMS", "KeyId": "alias/aws/kinesis"}}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CLDataStream/Resource"}}], ["AccessLogsBucket83982689", {"Type": "AWS::S3::Bucket", "Properties": {"AccessControl": "LogDeliveryWrite", "BucketEncryption": {"ServerSideEncryptionConfiguration": [{"ServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}, "PublicAccessBlockConfiguration": {"BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true}}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"cfn_nag": {"rules_to_suppress": [{"id": "W35", "reason": "Access logging disabled on the bucket as its a logging bucket or a demo resource"}, {"id": "W51", "reason": "Bucket allows permissions for log delivery"}]}}}], ["CLBucket116F9F6B", {"Type": "AWS::S3::Bucket", "Properties": {"BucketEncryption": {"ServerSideEncryptionConfiguration": [{"ServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}, "LoggingConfiguration": {"DestinationBucketName": {"Ref": "AccessLogsBucket83982689"}, "LogFilePrefix": "cl-access-logs"}, "PublicAccessBlockConfiguration": {"BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true}}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CLBucket/Resource"}}], ["CLBucketPolicyF1DF7D4F", {"Type": "AWS::S3::BucketPolicy", "Properties": {"Bucket": {"Ref": "CLBucket116F9F6B"}, "PolicyDocument": {"Statement": [{"Action": ["s3:Put*", "s3:Get*"], "Effect": "Allow", "Principal": {"AWS": {"Fn::GetAtt": ["FirehoseRoleAA67C190", "Arn"]}}, "Resource": [{"Fn::GetAtt": ["CLBucket116F9F6B", "Arn"]}, {"Fn::Join": ["", [{"Fn::GetAtt": ["CLBucket116F9F6B", "Arn"]}, "/*"]]}]}], "Version": "2012-10-17"}}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CLBucket/Policy/Resource"}}], ["FirehoseLogGroup1B45149B", {"Type": "AWS::Logs::LogGroup", "Properties": {"LogGroupName": "/aws/kinesisfirehose/CL-Firehose", "RetentionInDays": 731}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"cfn_nag": {"rules_to_suppress": [{"id": "W84", "reason": "Log group is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)"}]}}}], ["FirehoseESLogStreamC35DD04E", {"Type": "AWS::Logs::LogStream", "Properties": {"LogGroupName": {"Ref": "FirehoseLogGroup1B45149B"}, "LogStreamName": "ElasticsearchDelivery"}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/FirehoseESLogStream/Resource"}}], ["FirehoseS3LogStreamB4DCF7B1", {"Type": "AWS::Logs::LogStream", "Properties": {"LogGroupName": {"Ref": "FirehoseLogGroup1B45149B"}, "LogStreamName": "S3Delivery"}, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/FirehoseS3LogStream/Resource"}}], ["FirehosePolicy3A3B2DF8", {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": ["s3:AbortMultipartUpload", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutObject"], "Effect": "Allow", "Resource": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":s3:::", {"Ref": "CLBucket116F9F6B"}]]}, {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":s3:::", {"Ref": "CLBucket116F9F6B"}, "/*"]]}]}, {"Action": ["kms:GenerateDataKey", "kms:Decrypt"], "Condition": {"StringEquals": {"kms:ViaService": {"Fn::Join": ["", ["s3.", {"Ref": "AWS::Region"}, ".amazonaws.com"]]}}, "StringLike": {"kms:EncryptionContext:aws:s3:arn": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":s3:::", {"Ref": "CLBucket116F9F6B"}, "/*"]]}]}}, "Effect": "Allow", "Resource": {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":kms:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":key/*"]]}}, {"Action": ["ec2:DescribeVpcs", "ec2:DescribeVpcAttribute", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeNetworkInterfaces", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface"], "Effect": "Allow", "Resource": "*"}, {"Action": ["es:DescribeElasticsearchDomain", "es:DescribeElasticsearchDomains", "es:DescribeElasticsearchDomainConfig", "es:ESHttpPost", "es:ESHttpPut"], "Effect": "Allow", "Resource": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":es:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":domain/", {"Ref": "ESDomainB45006DA"}]]}, {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":es:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":domain/", {"Ref": "ESDomainB45006DA"}, "/*"]]}]}, {"Action": "es:ESHttpGet", "Effect": "Allow", "Resource": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":es:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":domain/", {"Ref": "ESDomainB45006DA"}, "/_all/_settings"]]}, {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":es:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":domain/", {"Ref": "ESDomainB45006DA"}, "/_cluster/stats"]]}, {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":es:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":domain/", {"Ref": "ESDomainB45006DA"}, "/cwl-kinesis/_mapping/kinesis"]]}, {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":es:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":domain/", {"Ref": "ESDomainB45006DA"}, "/_nodes"]]}, {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":es:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":domain/", {"Ref": "ESDomainB45006DA"}, "/_nodes/*/stats"]]}, {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":es:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":domain/", {"Ref": "ESDomainB45006DA"}, "/_stats"]]}, {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":es:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":domain/", {"Ref": "ESDomainB45006DA"}, "/cwl-kinesis/_stats"]]}]}, {"Action": ["logs:PutLogEvents", "logs:CreateLogStream"], "Effect": "Allow", "Resource": {"Fn::GetAtt": ["FirehoseLogGroup1B45149B", "Arn"]}}, {"Action": "kms:Decrypt", "Condition": {"StringEquals": {"kms:ViaService": {"Fn::Join": ["", ["kinesis.", {"Ref": "AWS::Region"}, ".amazonaws.com"]]}}, "StringLike": {"kms:EncryptionContext:aws:kinesis:arn": {"Fn::GetAtt": ["CLDataStream4DFB5423", "Arn"]}}}, "Effect": "Allow", "Resource": {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":kms:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":key/*"]]}}], "Version": "2012-10-17"}, "PolicyName": "CL-Firehose-Policy", "Roles": [{"Ref": "FirehoseRoleAA67C190"}]}, "Metadata": {"cfn_nag": {"rules_to_suppress": [{"id": "W12", "reason": "* needed, actions do no support resource level permissions"}, {"id": "W76", "reason": "IAM policy verified"}]}}}], ["CLFirehose", {"Type": "AWS::KinesisFirehose::DeliveryStream", "Properties": {"DeliveryStreamEncryptionConfigurationInput": {"KeyType": "AWS_OWNED_CMK"}, "DeliveryStreamName": "CL-Firehose", "DeliveryStreamType": "DirectPut", "ElasticsearchDestinationConfiguration": {"CloudWatchLoggingOptions": {"Enabled": true, "LogGroupName": "/aws/kinesisfirehose/CL-Firehose", "LogStreamName": {"Ref": "FirehoseESLogStreamC35DD04E"}}, "DomainARN": {"Fn::GetAtt": ["ESDomainB45006DA", "Arn"]}, "IndexName": "cwl", "IndexRotationPeriod": "OneDay", "RoleARN": {"Fn::GetAtt": ["FirehoseRoleAA67C190", "Arn"]}, "S3BackupMode": "AllDocuments", "S3Configuration": {"BucketARN": {"Fn::GetAtt": ["CLBucket116F9F6B", "Arn"]}, "CloudWatchLoggingOptions": {"Enabled": true, "LogGroupName": "/aws/kinesisfirehose/CL-Firehose", "LogStreamName": {"Ref": "FirehoseS3LogStreamB4DCF7B1"}}, "RoleARN": {"Fn::GetAtt": ["FirehoseRoleAA67C190", "Arn"]}}, "VpcConfiguration": {"RoleARN": {"Fn::GetAtt": ["FirehoseRoleAA67C190", "Arn"]}, "SecurityGroupIds": [{"Fn::GetAtt": ["ESSGE420B5A1", "GroupId"]}], "SubnetIds": [{"Ref": "ESVPCESIsolatedSubnetSubnet1SubnetBC48A527"}, {"Ref": "ESVPCESIsolatedSubnetSubnet2SubnetF8D4DB34"}]}}}, "DependsOn": ["FirehosePolicy3A3B2DF8"], "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CLFirehose"}}], ["CWDestinationRole20A8055F", {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Effect": "Allow", "Principal": {"Service": "logs.amazonaws.com"}, "Action": "sts:AssumeRole"}], "Version": "2012-10-17"}}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CWDestinationRole/Resource"}}], ["CWDestPolicy3DD10F82", {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": "kinesis:PutRecord", "Effect": "Allow", "Resource": {"Fn::GetAtt": ["CLDataStream4DFB5423", "Arn"]}}], "Version": "2012-10-17"}, "PolicyName": "CWDestPolicy3DD10F82", "Roles": [{"Ref": "CWDestinationRole20A8055F"}]}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CWDestPolicy/Resource"}}], ["HelperRolePolicy285D208F4", {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": "iam:PassRole", "Effect": "Allow", "Resource": {"Fn::GetAtt": ["CWDestinationRole20A8055F", "Arn"]}}], "Version": "2012-10-17"}, "PolicyName": "HelperRolePolicy285D208F4", "Roles": [{"Ref": "HelperRoleD1833F54"}]}, "DependsOn": ["CWDestPolicy3DD10F82"], "Metadata": {"aws:cdk:path": "CL-PrimaryStack/HelperRolePolicy2/Resource"}}], ["CWDestination", {"Type": "Custom::CWDestination", "Properties": {"ServiceToken": {"Fn::GetAtt": ["HelperProviderframeworkonEvent1079DE9D", "Arn"]}, "Regions": {"Ref": "SpokeRegions"}, "DestinationName": {"Fn::Join": ["", ["CL-Destination-", {"Fn::GetAtt": ["CreateUUID", "UUID"]}]]}, "Role": {"Fn::GetAtt": ["CWDestinationRole20A8055F", "Arn"]}, "DataStream": {"Fn::GetAtt": ["CLDataStream4DFB5423", "Arn"]}, "SpokeAccounts": {"Ref": "SpokeAccounts"}}, "DependsOn": ["HelperRolePolicy285D208F4"], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CWDestination/Default"}}], ["CLJumpboxJumpboxSGD93E94FC", {"Type": "AWS::EC2::SecurityGroup", "Properties": {"GroupDescription": "CL-PrimaryStack/CL-Jumpbox/JumpboxSG", "SecurityGroupEgress": [{"CidrIp": "0.0.0.0/0", "Description": "allow outbound https", "FromPort": 80, "IpProtocol": "tcp", "ToPort": 80}, {"CidrIp": "0.0.0.0/0", "Description": "allow outbound https", "FromPort": 443, "IpProtocol": "tcp", "ToPort": 443}], "VpcId": {"Ref": "ESVPC3CEAD2A7"}}, "Metadata": {"cfn_nag": {"rules_to_suppress": [{"id": "W5", "reason": "Security group allows outbound traffic for http[s]"}]}}, "Condition": "JumpboxDeploymentCheck"}], ["CLJumpboxJumpboxEC2InstanceRole92DDA704", {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": {"Fn::Join": ["", ["ec2.", {"Ref": "AWS::URLSuffix"}]]}}}], "Version": "2012-10-17"}, "Tags": [{"Key": "Name", "Value": "CL-PrimaryStack/CL-Jumpbox/JumpboxEC2"}]}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CL-Jumpbox/JumpboxEC2/InstanceRole/Resource"}}], ["CLJumpboxJumpboxEC2InstanceProfile10A8921D", {"Type": "AWS::IAM::InstanceProfile", "Properties": {"Roles": [{"Ref": "CLJumpboxJumpboxEC2InstanceRole92DDA704"}]}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CL-Jumpbox/JumpboxEC2/InstanceProfile"}}], ["CLJumpboxJumpboxEC210DE4297", {"Type": "AWS::EC2::Instance", "Properties": {"AvailabilityZone": {"Fn::Select": [0, {"Fn::GetAZs": ""}]}, "IamInstanceProfile": {"Ref": "CLJumpboxJumpboxEC2InstanceProfile10A8921D"}, "ImageId": {"Ref": "WindowsAMI"}, "InstanceType": "t3.micro", "KeyName": {"Ref": "JumpboxKey"}, "SecurityGroupIds": [{"Fn::GetAtt": ["CLJumpboxJumpboxSGD93E94FC", "GroupId"]}], "SubnetId": {"Ref": "ESVPCESPublicSubnetSubnet1Subnet12560704"}, "Tags": [{"Key": "Name", "Value": "CL-PrimaryStack/CL-Jumpbox/JumpboxEC2"}], "UserData": {"Fn::Base64": "<powershell></powershell>"}}, "DependsOn": ["CLJumpboxJumpboxEC2InstanceRole92DDA704"], "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CL-Jumpbox/JumpboxEC2/Resource"}, "Condition": "JumpboxDeploymentCheck"}], ["CLDemoStackNestedStackCLDemoStackNestedStackResource3DB21482", {"Type": "AWS::CloudFormation::Stack", "Properties": {"TemplateURL": "https://solutions-reference.s3.amazonaws.com/centralized-logging/v4.0.1/aws-centralized-logging-demo.template", "Parameters": {"CWDestinationParm": {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":logs:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":destination:CL-Destination-", {"Fn::GetAtt": ["CreateUUID", "UUID"]}]]}}}, "DependsOn": ["ESDomainB45006DA"], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CL-DemoStack.NestedStack/CL-DemoStack.NestedStackResource"}, "Condition": "demoDeploymentCheck"}], ["CDKMetadata", {"Type": "AWS::CDK::Metadata", "Properties": {"Analytics": "v2:deflate64:H4sIAAAAAAAA/2VTXW/bMAz8LX1X1CUdsNel2VoM2DAv6fquyEzCxhY9fTgIDP/3UZLteOuTjifS5J3opVw+rOSHu8/q4ha6PN93mizIbueVPovNwRTKqho82Bj8UE2D5hjhhkyJHsmItXPgOf+Ybsg4b4P2YhOcp3oLjoLVEEsmPCenRj+Db4LvRRykQ1XLbktVrotnQRXqa5poQt+4lzIaCksHrKAXlar3pZLdUzA6zcZJE/7agvG71Him4z3bC/ewUFGUk0kbx7J7DPoM/lE5EBnG4gHl4zbXPO6FpqNBT7L77cAWRFVMmfAIvlCt0Myv3jPxTLpLnhn9dfzYPI5mrT2beqqZZEvo6GT3nY7PlkITsyfMYOctqHpgc9AL0CvZvTY60q/FRhQWW+VhF/Ymy76hLQUPL2qfHyrzN47dI40quV+EPdvxX2V+RF4uJp+5xUVdh6ZDdFMiniq68JDpSQe4Ax0s656k/UuM6zFfFVZXKedRO1BWn2R3czkjfv0/bNivACEVJsCkYfKFGkyuZMBinLbYjJs2j/nZKwrlRfnYZF0pm1xOoBdnNODQxd9s9H80f7g6oIUTOZBxMKiwBXsdU3T6sxZ2+Iuc5P1vsQTbC0MlyDd33y4/yuUnubp7c4gLG3g9apDbfP4F2FLoQfQDAAA="}, "Metadata": {"aws:cdk:path": "CL-PrimaryStack/CDKMetadata/Default"}, "Condition": "CDKMetadataAvailable"}]], "Outputs": [["DestinationSubscriptionCommand", {"Description": "Command to run in spoke accounts/regions", "Value": {"Fn::Join": ["", ["aws logs put-subscription-filter       --destination-arn arn:", {"Ref": "AWS::Partition"}, ":logs:<region>:", {"Ref": "AWS::AccountId"}, ":destination:CL-Destination-", {"Fn::GetAtt": ["CreateUUID", "UUID"]}, "       --log-group-name <MyLogGroup>       --filter-name <MyFilterName>       --filter-pattern <MyFilterPattern>       --profile <MyAWSProfile> "]]}}], ["UniqueID", {"Description": "UUID for Centralized Logging Stack", "Value": {"Fn::GetAtt": ["CreateUUID", "UUID"]}}], ["AdminEmail", {"Description": "Admin Email address", "Value": {"Ref": "AdminEmail"}}], ["DomainName", {"Description": "ES Domain Name", "Value": {"Ref": "DomainName"}}], ["KibanaURL", {"Description": "Kibana URL", "Value": {"Fn::Join": ["", ["https://", {"Fn::GetAtt": ["ESDomainB45006DA", "DomainEndpoint"]}, "/_plugin/kibana/"]]}}], ["ClusterSize", {"Description": "ES Cluster Size", "Value": {"Ref": "ClusterSize"}}], ["DemoDeployment", {"Description": "Demo data deployed?", "Value": {"Ref": "DemoTemplate"}}]]}
debug: Converting 9 Parameters
debug: Converting Cloudformation Parameter - DomainName to Terraform.
debug: Converted name to domain_name
debug: Converted properties to {'type': '"string"', 'default': '"centralizedlogging"'}
debug: Converting Cloudformation Parameter - AdminEmail to Terraform.
debug: Converted name to admin_email
debug: Converted properties to {'type': '"string"'}
debug: Converting Cloudformation Parameter - ClusterSize to Terraform.
debug: Converted name to cluster_size
debug: Converted properties to {'description': '"Elasticsearch cluster size; small (4 data nodes), medium (6 data nodes), large (6 data nodes)"', 'type': '"string"', 'default': '"Small"'}
debug: Converting Cloudformation Parameter - DemoTemplate to Terraform.
debug: Converted name to demo_template
debug: Converted properties to {'description': '"Deploy demo template for sample data and logs?"', 'type': '"string"', 'default': '"No"'}
debug: Converting Cloudformation Parameter - SpokeAccounts to Terraform.
debug: Converted name to spoke_accounts
debug: Converted properties to {'description': '"Account IDs which you want to allow for centralized logging (comma separated list eg. 11111111,22222222)"', 'type': '"string"'}
debug: Converting Cloudformation Parameter - SpokeRegions to Terraform.
debug: Converted name to spoke_regions
debug: Converted properties to {'description': '"Regions which you want to allow for centralized logging (comma separated list eg. us-east-1,us-west-2)"', 'type': '"string"', 'default': '"All"'}
debug: Converting Cloudformation Parameter - JumpboxDeploy to Terraform.
debug: Converted name to jumpbox_deploy
debug: Converted properties to {'description': '"Do you want to deploy jumbox?"', 'type': '"string"', 'default': '"No"'}
debug: Converting Cloudformation Parameter - JumpboxKey to Terraform.
debug: Converted name to jumpbox_key
debug: Converted properties to {'description': '"Key pair name for jumpbox (You may leave this empty if you chose \'No\' above)"', 'type': '"string"'}
debug: Converting Cloudformation Parameter - WindowsAMI to Terraform.
debug: Converted name to windows_ami
debug: Converted properties to {'type': '"string"', 'default': '"/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-Base"'}
debug: Converting 2 Mappings
debug: Converting Mappings to Terraform Locals block.
debug: Converting 3 Conditions
debug: Converting Conditions to Terraform Locals block.
debug: {'demoDeploymentCheck': 'var.demo_template == "Yes"', 'JumpboxDeploymentCheck': 'var.jumpbox_deploy == "Yes"', 'CDKMetadataAvailable': 'anytrue([\'anytrue([\\\'data.aws_region.current.name == "af-south-1"\\\', \\\'data.aws_region.current.name == "ap-east-1"\\\', \\\'data.aws_region.current.name == "ap-northeast-1"\\\', \\\'data.aws_region.current.name == "ap-northeast-2"\\\', \\\'data.aws_region.current.name == "ap-south-1"\\\', \\\'data.aws_region.current.name == "ap-southeast-1"\\\', \\\'data.aws_region.current.name == "ap-southeast-2"\\\', \\\'data.aws_region.current.name == "ca-central-1"\\\', \\\'data.aws_region.current.name == "cn-north-1"\\\', \\\'data.aws_region.current.name == "cn-northwest-1"\\\'])\', \'anytrue([\\\'data.aws_region.current.name == "eu-central-1"\\\', \\\'data.aws_region.current.name == "eu-north-1"\\\', \\\'data.aws_region.current.name == "eu-south-1"\\\', \\\'data.aws_region.current.name == "eu-west-1"\\\', \\\'data.aws_region.current.name == "eu-west-2"\\\', \\\'data.aws_region.current.name == "eu-west-3"\\\', \\\'data.aws_region.current.name == "me-south-1"\\\', \\\'data.aws_region.current.name == "sa-east-1"\\\', \\\'data.aws_region.current.name == "us-east-1"\\\', \\\'data.aws_region.current.name == "us-east-2"\\\'])\', \'anytrue([\\\'data.aws_region.current.name == "us-west-1"\\\', \\\'data.aws_region.current.name == "us-west-2"\\\'])\'])'}
debug: Converting 69 Resources
debug: Converting Cloudformation resource HelperRoleD1833F54 to Terraform.
debug: Converted name to helper_role_d1833_f54
debug: Searcing for iam role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 100.
debug: Found documentation file /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['assume_role_policy', 'description', 'force_detach_policies', 'inline_policy', 'managed_policy_arns', 'max_session_duration', 'name', 'name_prefix', 'path', 'permissions_boundary', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['arn', 'create_date', 'id', 'name', 'tags_all', 'unique_id']
debug: Converted type from AWS::IAM::Role to aws_iam_role
debug: Converting the intrinsic functions to Terraform expressions...
debug: Converting property names to argument names...
debug: Searching for Assume Role Policy Document instead of AssumeRolePolicyDocument
debug: Converted AssumeRolePolicyDocument to assume_role_policy with 90% match.
debug: Checking if assume_role_policy has a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown.
debug: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
warning: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Converted dict_keys(['AssumeRolePolicyDocument']) to dict_keys(['assume_role_policy'])
debug: Converted properties to {'assume_role_policy': '{\n    Statement = [{\'Action\': \'"sts:AssumeRole"\', \'Effect\': \'"Allow"\', \'Principal\': {\'Service\': \'"lambda.amazonaws.com"\'}}]\n    Version = "2012-10-17"\n  }'}
debug: Converting Cloudformation resource HelperRolePolicy175990BAD to Terraform.
debug: Converted name to helper_role_policy175990_bad
debug: Searcing for iam policy in terraform docs...
debug: Best match was iam policy at /tmp/terraform_src/website/docs/r/iam_policy.html.markdown with score of 100.
debug: Found documentation file /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['description', 'name', 'name_prefix', 'path', 'policy', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['id', 'arn', 'description', 'name', 'path', 'policy', 'policy_id', 'tags_all']
debug: Converted type from AWS::IAM::Policy to aws_iam_policy
debug: Converting the intrinsic functions to Terraform expressions...
debug: Searcing for iam role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 100.
debug: Converting property names to argument names...
debug: Searching for Policy Document instead of PolicyDocument
debug: Converted PolicyDocument to policy with 90% match.
debug: Checking if policy has a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown.
debug: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Searching for Policy Name instead of PolicyName
debug: Converted PolicyName to name with 90% match.
debug: Checking if name has a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown.
debug: name does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Searching for Roles instead of Roles
warning: No match found for Roles, commenting out this argument.
debug: Converted dict_keys(['PolicyDocument', 'PolicyName', 'Roles']) to dict_keys(['policy', 'name', '// CF Property(Roles)'])
debug: Converted properties to {'policy': '{\n    Statement = [{\'Action\': [\'"logs:CreateLogStream"\', \'"logs:PutLogEvents"\', \'"logs:CreateLogGroup"\'], \'Effect\': \'"Allow"\', \'Resource\': [\'join("", ["arn:", data.aws_region.current.name, ":logs:", data.aws_region.current.name, ":", data.aws_region.current.name, ":log-group:*"])\', \'join("", ["arn:", data.aws_region.current.name, ":logs:", data.aws_region.current.name, ":", data.aws_region.current.name, ":log-group:*:log-stream:*"])\']}, {\'Action\': [\'"ec2:DescribeRegions"\', \'"logs:PutDestination"\', \'"logs:DeleteDestination"\', \'"logs:PutDestinationPolicy"\'], \'Effect\': \'"Allow"\', \'Resource\': \'"*"\'}, {\'Action\': \'"iam:CreateServiceLinkedRole"\', \'Condition\': {\'StringLike\': {\'iam:AWSServiceName\': \'"es.amazonaws.com"\'}}, \'Effect\': \'"Allow"\', \'Resource\': \'join("", ["arn:", data.aws_region.current.name, ":iam::*:role/aws-service-role/es.amazonaws.com/AWSServiceRoleForAmazonElasticsearchService*"])\'}]\n    Version = "2012-10-17"\n  }', 'name': '"HelperRolePolicy175990BAD"', '// CF Property(Roles)': "['aws_iam_role.helper_role_d1833_f54.arn']"}
debug: Converting Cloudformation resource HelperLambdaAC9474F4 to Terraform.
debug: Converted name to helper_lambda_ac9474_f4
debug: Searcing for lambda function in terraform docs...
debug: Best match was lambda function at /tmp/terraform_src/website/docs/r/lambda_function.html.markdown with score of 100.
debug: Found documentation file /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['function_name', 'role', 'architectures', 'code_signing_config_arn', 'dead_letter_config', 'description', 'environment', 'ephemeral_storage', 'file_system_config', 'filename', 'handler', 'image_config', 'image_uri', 'kms_key_arn', 'layers', 'memory_size', 'package_type', 'publish', 'reserved_concurrent_executions', 'runtime', 's3_bucket', 's3_key', 's3_object_version', 'source_code_hash', 'tags', 'timeout', 'tracing_config', 'vpc_config']
debug: Parsed the following attributes from the documentation: 
debug: ['arn', 'invoke_arn', 'last_modified', 'qualified_arn', 'signing_job_arn', 'signing_profile_version_arn', 'source_code_size', 'tags_all', 'version', 'vpc_config.vpc_id']
debug: Converted type from AWS::Lambda::Function to aws_lambda_function
debug: Converting the intrinsic functions to Terraform expressions...
debug: Fn::GetAtt - Looking up resource HelperRoleD1833F54
debug: Searcing for iam role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 100.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/iam_role.html.markdown
Traceback (most recent call last):
  File "/usr/local/bin/cf2tf", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/app.py", line 44, in cli
    config = TemplateConverter(cf_template, search_manger).convert()
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 59, in convert
    tf_resources = self.convert_to_tf(self.manifest)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 111, in convert_to_tf
    tf_resources.extend(converter(resources))
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 283, in convert_resources
    resolved_values = self.resolve_values(
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 138, in resolve_values
    data[key] = self.resolve_values(value, allowed_func)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 138, in resolve_values
    data[key] = self.resolve_values(value, allowed_func)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 138, in resolve_values
    data[key] = self.resolve_values(value, allowed_func)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 146, in resolve_values
    return allowed_func[key](self, value)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/conversion/expressions.py", line 329, in find_in_map
    raise KeyError(f"Unable to find {map_name} in locals block.")
KeyError: 'Unable to find "CLMap" in locals block.'
Fortunes-MacBook-Pro:cloudFormation fortuneking$

In main.tf that was created, these are the only two lines inside.

// Cloning Terraform src code to /tmp/terraform_src...
 code has been checked out.

Side note: you may want to make the DEBUG flag case insensitive as using debug didn't work.

shadycuz commented 2 years ago

@chunkingz I don't understand the no output thing. You should have at least seen the stack trace.

I have fixed the bugs that prevent the template from converting. You can upgrade to the most recent version with pip install -U cf2tf. This will allow you to convert the template but you will likely still have output issues.

shadycuz commented 2 years ago

@chunkingz it might have been the redirect to main.tf. It might work if you run it like this cf2tf aws-centralized-logging.template without the redirect.

The redirect makes the stacktrace just disappear.

Will investigate.

chunkingz commented 2 years ago

@chunkingz I don't understand the no output thing. You should have at least seen the stack trace.

I have fixed the bugs that prevent the template from converting. You can upgrade to the most recent version with pip install -U cf2tf. This will allow you to convert the template but you will likely still have output issues.

@shadycuz I have run the update and tried running the cf2tf aws-centralized-logging.template > main.tf -v DEBUG command again, see the stdout below.

debug: Parsed the following arguments from the documentation: 
debug: ['description', 'name', 'name_prefix', 'path', 'policy', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['id', 'arn', 'description', 'name', 'path', 'policy', 'policy_id', 'tags_all']
debug: Converted type from AWS::IAM::Policy to aws_iam_policy
debug: Converting the intrinsic functions to Terraform expressions...
debug: Fn::GetAtt - Looking up resource dlq09C78ACC
debug: Searcing for sq queue in terraform docs...
debug: Best match was sqs queue at /tmp/terraform_src/website/docs/r/sqs_queue.html.markdown with score of 94.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/sqs_queue.html.markdown
debug: Fn::GetAtt - Looking up resource CLDataStream4DFB5423
debug: Searcing for kinesis stream in terraform docs...
debug: Best match was kinesis stream at /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown with score of 100.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown
debug: Fn::GetAtt - Looking up resource CLDataStream4DFB5423
debug: Searcing for kinesis stream in terraform docs...
debug: Best match was kinesis stream at /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown with score of 100.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown
debug: Fn::GetAtt - Looking up resource CLFirehose
debug: Searcing for kinesis firehose delivery stream in terraform docs...
debug: Best match was kinesis firehose delivery stream at /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown with score of 100.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Converting property names to argument names...
debug: Searching for Policy Document instead of PolicyDocument
debug: Converted PolicyDocument to policy with 90% match.
debug: Checking if policy has a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown.
debug: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Searching for Policy Name instead of PolicyName
debug: Converted PolicyName to name with 90% match.
debug: Checking if name has a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown.
debug: name does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Searching for Roles instead of Roles
warning: No match found for Roles, commenting out this argument.
debug: Converted dict_keys(['PolicyDocument', 'PolicyName', 'Roles']) to dict_keys(['policy', 'name', '// CF Property(Roles)'])
debug: Converted properties to {'policy': '{\n    Statement = [{\'Action\': \'"sqs:SendMessage"\', \'Effect\': \'"Allow"\', \'Resource\': \'aws_sqs_queue.dlq09_c78_acc.arn\'}, {\'Action\': [\'"kinesis:DescribeStreamSummary"\', \'"kinesis:GetRecords"\', \'"kinesis:GetShardIterator"\', \'"kinesis:ListShards"\', \'"kinesis:SubscribeToShard"\'], \'Effect\': \'"Allow"\', \'Resource\': \'aws_kinesis_stream.cl_data_stream4_dfb5423.arn\'}, {\'Action\': \'"kinesis:DescribeStream"\', \'Effect\': \'"Allow"\', \'Resource\': \'aws_kinesis_stream.cl_data_stream4_dfb5423.arn\'}, {\'Action\': \'"firehose:PutRecordBatch"\', \'Effect\': \'"Allow"\', \'Resource\': \'aws_kinesis_firehose_delivery_stream.cl_firehose.arn\'}]\n    Version = "2012-10-17"\n  }', 'name': '"CLTransformerServiceRoleDefaultPolicyC34581D1"', '// CF Property(Roles)': "['aws_iam_role.cl_transformer_service_role016_cad3_c.arn']"}
debug: Converting Cloudformation resource CLTransformer433F8853 to Terraform.
debug: Converted name to cl_transformer433_f8853
debug: Searcing for lambda function in terraform docs...
debug: Best match was lambda function at /tmp/terraform_src/website/docs/r/lambda_function.html.markdown with score of 100.
debug: Found documentation file /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['function_name', 'role', 'architectures', 'code_signing_config_arn', 'dead_letter_config', 'description', 'environment', 'ephemeral_storage', 'file_system_config', 'filename', 'handler', 'image_config', 'image_uri', 'kms_key_arn', 'layers', 'memory_size', 'package_type', 'publish', 'reserved_concurrent_executions', 'runtime', 's3_bucket', 's3_key', 's3_object_version', 'source_code_hash', 'tags', 'timeout', 'tracing_config', 'vpc_config']
debug: Parsed the following attributes from the documentation: 
debug: ['arn', 'invoke_arn', 'last_modified', 'qualified_arn', 'signing_job_arn', 'signing_profile_version_arn', 'source_code_size', 'tags_all', 'version', 'vpc_config.vpc_id']
debug: Converted type from AWS::Lambda::Function to aws_lambda_function
debug: Converting the intrinsic functions to Terraform expressions...
debug: Fn::GetAtt - Looking up resource CLTransformerServiceRole016CAD3C
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Fn::GetAtt - Looking up resource dlq09C78ACC
debug: Searcing for sq queue in terraform docs...
debug: Best match was sqs queue at /tmp/terraform_src/website/docs/r/sqs_queue.html.markdown with score of 94.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/sqs_queue.html.markdown
debug: Fn::GetAtt - Looking up resource CreateUUID
debug: Searcing for custom create uuid in terraform docs...
debug: Best match was shield protection at /tmp/terraform_src/website/docs/r/shield_protection.html.markdown with score of 51.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/shield_protection.html.markdown
debug: Converting property names to argument names...
debug: Searching for Code instead of Code
debug: Converted Code to code_signing_config_arn with 90% match.
debug: Checking if code_signing_config_arn has a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown.
debug: code_signing_config_arn does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
warning: code_signing_config_arn does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
debug: Searching for Role instead of Role
debug: Converted Role to role with 100% match.
debug: Checking if role has a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown.
debug: role does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
debug: Searching for Dead Letter Config instead of DeadLetterConfig
debug: Converted DeadLetterConfig to dead_letter_config with 100% match.
debug: Checking if dead_letter_config has a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown.
debug: dead_letter_config does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
warning: dead_letter_config does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
debug: Searching for Description instead of Description
debug: Converted Description to description with 100% match.
debug: Checking if description has a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown.
debug: description does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
debug: Searching for Environment instead of Environment
debug: Converted Environment to environment with 100% match.
debug: Checking if environment has a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown.
debug: Found section ### environment with 100% match.
debug: Valid environment arguments are ['variables']
debug: Searching for Variables instead of Variables
debug: Converted Variables to variables with 100% match.
debug: Checking if variables has a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown.
debug: variables does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
warning: variables does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
debug: Converted dict_keys(['Variables']) to dict_keys(['variables'])
debug: Searching for Handler instead of Handler
debug: Converted Handler to handler with 100% match.
debug: Checking if handler has a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown.
debug: handler does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
debug: Searching for Runtime instead of Runtime
debug: Converted Runtime to runtime with 100% match.
debug: Checking if runtime has a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown.
debug: runtime does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
debug: Searching for Timeout instead of Timeout
debug: Converted Timeout to timeout with 100% match.
debug: Checking if timeout has a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown.
debug: timeout does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
debug: Converted dict_keys(['Code', 'Role', 'DeadLetterConfig', 'Description', 'Environment', 'Handler', 'Runtime', 'Timeout']) to dict_keys(['code_signing_config_arn', 'role', 'dead_letter_config', 'description', 'environment', 'handler', 'runtime', 'timeout'])
debug: Converted properties to {'code_signing_config_arn': '{\n    S3Bucket = "solutions-${data.aws_region.current.name}"\n    S3Key = "centralized-logging/v4.0.1/assetb9316d9a0f47aa8516cdc62510095e3fcad7da2127a60add35eef432d3e28c30.zip"\n  }', 'role': 'aws_iam_role.cl_transformer_service_role016_cad3_c.arn', 'dead_letter_config': '{\n    TargetArn = aws_sqs_queue.dlq09_c78_acc.arn\n  }', 'description': '"centralized-logging - Lambda function to transform log events and send to kinesis firehose"', 'environment': {'variables': '{\n    LOG_LEVEL = "info"\n    SOLUTION_ID = "SO0009"\n    SOLUTION_VERSION = "v4.0.1"\n    UUID = aws_shield_protection.create_uuid.id\n    CLUSTER_SIZE = var.cluster_size\n    DELIVERY_STREAM = "CL-Firehose"\n    METRICS_ENDPOINT = local.CLMap["Metric"]["MetricsEndpoint"]\n    SEND_METRIC = local.CLMap["Metric"]["SendAnonymousMetric"]\n    CUSTOM_SDK_USER_AGENT = "AwsSolution/SO0009/v4.0.1"\n  }'}, 'handler': '"index.handler"', 'runtime': '"nodejs14.x"', 'timeout': '"300"'}
debug: Converting Cloudformation resource CLTransformerKinesisEventSourceCLPrimaryStackCLDataStreamFC34105C3B10D828 to Terraform.
debug: Converted name to cl_transformer_kinesis_event_source_cl_primary_stack_cl_data_stream_fc34105_c3_b10_d828
debug: Searcing for lambda event source mapping in terraform docs...
debug: Best match was lambda event source mapping at /tmp/terraform_src/website/docs/r/lambda_event_source_mapping.html.markdown with score of 100.
debug: Found documentation file /tmp/terraform_src/website/docs/r/lambda_event_source_mapping.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['batch_size', 'bisect_batch_on_function_error', 'destination_config', 'enabled', 'event_source_arn', 'filter_criteria', 'function_name', 'function_response_types', 'maximum_batching_window_in_seconds', 'maximum_record_age_in_seconds', 'maximum_retry_attempts', 'parallelization_factor', 'queues', 'self_managed_event_source', 'source_access_configuration', 'starting_position', 'starting_position_timestamp', 'topics', 'tumbling_window_in_seconds']
debug: Parsed the following attributes from the documentation: 
debug: ['function_arn', 'last_modified', 'last_processing_result', 'state', 'state_transition_reason', 'uuid']
debug: Converted type from AWS::Lambda::EventSourceMapping to aws_lambda_event_source_mapping
debug: Converting the intrinsic functions to Terraform expressions...
debug: Searcing for lambda function in terraform docs...
debug: Best match was lambda function at /tmp/terraform_src/website/docs/r/lambda_function.html.markdown with score of 100.
debug: Fn::GetAtt - Looking up resource CLDataStream4DFB5423
debug: Searcing for kinesis stream in terraform docs...
debug: Best match was kinesis stream at /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown with score of 100.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown
debug: Converting property names to argument names...
debug: Searching for Function Name instead of FunctionName
debug: Converted FunctionName to function_name with 100% match.
debug: Checking if function_name has a section in /tmp/terraform_src/website/docs/r/lambda_event_source_mapping.html.markdown.
debug: function_name does not have a section in /tmp/terraform_src/website/docs/r/lambda_event_source_mapping.html.markdown
debug: Searching for Batch Size instead of BatchSize
debug: Converted BatchSize to batch_size with 100% match.
debug: Checking if batch_size has a section in /tmp/terraform_src/website/docs/r/lambda_event_source_mapping.html.markdown.
debug: batch_size does not have a section in /tmp/terraform_src/website/docs/r/lambda_event_source_mapping.html.markdown
debug: Searching for Event Source Arn instead of EventSourceArn
debug: Converted EventSourceArn to event_source_arn with 100% match.
debug: Checking if event_source_arn has a section in /tmp/terraform_src/website/docs/r/lambda_event_source_mapping.html.markdown.
debug: event_source_arn does not have a section in /tmp/terraform_src/website/docs/r/lambda_event_source_mapping.html.markdown
debug: Searching for Starting Position instead of StartingPosition
debug: Converted StartingPosition to starting_position with 100% match.
debug: Checking if starting_position has a section in /tmp/terraform_src/website/docs/r/lambda_event_source_mapping.html.markdown.
debug: starting_position does not have a section in /tmp/terraform_src/website/docs/r/lambda_event_source_mapping.html.markdown
debug: Converted dict_keys(['FunctionName', 'BatchSize', 'EventSourceArn', 'StartingPosition']) to dict_keys(['function_name', 'batch_size', 'event_source_arn', 'starting_position'])
debug: Converted properties to {'function_name': 'aws_lambda_function.cl_transformer433_f8853.arn', 'batch_size': '"100"', 'event_source_arn': 'aws_kinesis_stream.cl_data_stream4_dfb5423.arn', 'starting_position': '"TRIM_HORIZON"'}
debug: Converting Cloudformation resource TopicBFC7AF6E to Terraform.
debug: Converted name to topic_bfc7_af6_e
debug: Searcing for sn topic in terraform docs...
debug: Best match was sns topic at /tmp/terraform_src/website/docs/r/sns_topic.html.markdown with score of 94.
debug: Found documentation file /tmp/terraform_src/website/docs/r/sns_topic.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['name', 'name_prefix', 'display_name', 'policy', 'delivery_policy', 'application_success_feedback_role_arn', 'application_success_feedback_sample_rate', 'application_failure_feedback_role_arn', 'http_success_feedback_role_arn', 'http_success_feedback_sample_rate', 'http_failure_feedback_role_arn', 'kms_master_key_id', 'fifo_topic', 'content_based_deduplication', 'lambda_success_feedback_role_arn', 'lambda_success_feedback_sample_rate', 'lambda_failure_feedback_role_arn', 'sqs_success_feedback_role_arn', 'sqs_success_feedback_sample_rate', 'sqs_failure_feedback_role_arn', 'firehose_success_feedback_role_arn', 'firehose_success_feedback_sample_rate', 'firehose_failure_feedback_role_arn', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['id', 'arn', 'owner', 'tags_all']
debug: Converted type from AWS::SNS::Topic to aws_sns_topic
debug: Converting the intrinsic functions to Terraform expressions...
debug: Converting property names to argument names...
debug: Searching for Display Name instead of DisplayName
debug: Converted DisplayName to display_name with 100% match.
debug: Checking if display_name has a section in /tmp/terraform_src/website/docs/r/sns_topic.html.markdown.
debug: display_name does not have a section in /tmp/terraform_src/website/docs/r/sns_topic.html.markdown
debug: Searching for Kms Master Key Id instead of KmsMasterKeyId
debug: Converted KmsMasterKeyId to kms_master_key_id with 100% match.
debug: Checking if kms_master_key_id has a section in /tmp/terraform_src/website/docs/r/sns_topic.html.markdown.
debug: kms_master_key_id does not have a section in /tmp/terraform_src/website/docs/r/sns_topic.html.markdown
debug: Converted dict_keys(['DisplayName', 'KmsMasterKeyId']) to dict_keys(['display_name', 'kms_master_key_id'])
debug: Converted properties to {'display_name': '"CL-Lambda-Error"', 'kms_master_key_id': 'join("", ["arn:", data.aws_region.current.name, ":kms:", data.aws_region.current.name, ":", data.aws_region.current.name, ":alias/aws/sns"])'}
debug: Converting Cloudformation resource TopicTokenSubscription178F3F75E to Terraform.
debug: Converted name to topic_token_subscription178_f3_f75_e
debug: Searcing for sn subscription in terraform docs...
debug: Best match was dms event subscription at /tmp/terraform_src/website/docs/r/dms_event_subscription.html.markdown with score of 81.
debug: Found documentation file /tmp/terraform_src/website/docs/r/dms_event_subscription.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['name', 'enabled', 'event_categories', 'source_type', 'source_ids', 'sns_topic_arn', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['arn', 'tags_all']
debug: Converted type from AWS::SNS::Subscription to aws_dms_event_subscription
debug: Converting the intrinsic functions to Terraform expressions...
debug: Searcing for sn topic in terraform docs...
debug: Best match was sns topic at /tmp/terraform_src/website/docs/r/sns_topic.html.markdown with score of 94.
debug: Converting property names to argument names...
debug: Searching for Protocol instead of Protocol
warning: No match found for Protocol, commenting out this argument.
debug: Searching for Topic Arn instead of TopicArn
debug: Converted TopicArn to sns_topic_arn with 95% match.
debug: Checking if sns_topic_arn has a section in /tmp/terraform_src/website/docs/r/dms_event_subscription.html.markdown.
debug: sns_topic_arn does not have a section in /tmp/terraform_src/website/docs/r/dms_event_subscription.html.markdown
debug: Searching for Endpoint instead of Endpoint
warning: No match found for Endpoint, commenting out this argument.
debug: Converted dict_keys(['Protocol', 'TopicArn', 'Endpoint']) to dict_keys(['// CF Property(Protocol)', 'sns_topic_arn', '// CF Property(Endpoint)'])
debug: Converted properties to {'// CF Property(Protocol)': '"email"', 'sns_topic_arn': 'aws_sns_topic.topic_bfc7_af6_e.id', '// CF Property(Endpoint)': 'var.admin_email'}
debug: Converting Cloudformation resource CLLambdaErrorAlarm289F6B50 to Terraform.
debug: Converted name to cl_lambda_error_alarm289_f6_b50
debug: Searcing for cloud watch alarm in terraform docs...
debug: Best match was cloudwatch metric alarm at /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown with score of 80.
debug: Found documentation file /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['alarm_name', 'comparison_operator', 'evaluation_periods', 'metric_name', 'namespace', 'period', 'statistic', 'threshold', 'threshold_metric_id', 'actions_enabled', 'alarm_actions', 'alarm_description', 'datapoints_to_alarm', 'dimensions', 'insufficient_data_actions', 'ok_actions', 'unit', 'extended_statistic', 'treat_missing_data', 'evaluate_low_sample_count_percentiles', 'metric_query', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['arn', 'id', 'tags_all']
debug: Converted type from AWS::CloudWatch::Alarm to aws_cloudwatch_metric_alarm
debug: Converting the intrinsic functions to Terraform expressions...
debug: Searcing for sn topic in terraform docs...
debug: Best match was sns topic at /tmp/terraform_src/website/docs/r/sns_topic.html.markdown with score of 94.
debug: Searcing for lambda function in terraform docs...
debug: Best match was lambda function at /tmp/terraform_src/website/docs/r/lambda_function.html.markdown with score of 100.
debug: Converting property names to argument names...
debug: Searching for Comparison Operator instead of ComparisonOperator
debug: Converted ComparisonOperator to comparison_operator with 100% match.
debug: Checking if comparison_operator has a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown.
debug: comparison_operator does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown
debug: Searching for Evaluation Periods instead of EvaluationPeriods
debug: Converted EvaluationPeriods to evaluation_periods with 100% match.
debug: Checking if evaluation_periods has a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown.
debug: evaluation_periods does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown
debug: Searching for Alarm Actions instead of AlarmActions
debug: Converted AlarmActions to alarm_actions with 100% match.
debug: Checking if alarm_actions has a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown.
debug: alarm_actions does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown
debug: Searching for Dimensions instead of Dimensions
debug: Converted Dimensions to dimensions with 100% match.
debug: Checking if dimensions has a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown.
debug: dimensions does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown
debug: Searching for Metric Name instead of MetricName
debug: Converted MetricName to metric_name with 100% match.
debug: Checking if metric_name has a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown.
debug: metric_name does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown
debug: Searching for Namespace instead of Namespace
debug: Converted Namespace to namespace with 100% match.
debug: Checking if namespace has a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown.
debug: namespace does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown
debug: Searching for Period instead of Period
debug: Converted Period to period with 100% match.
debug: Checking if period has a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown.
debug: period does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown
debug: Searching for Statistic instead of Statistic
debug: Converted Statistic to statistic with 100% match.
debug: Checking if statistic has a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown.
debug: statistic does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown
debug: Searching for Threshold instead of Threshold
debug: Converted Threshold to threshold with 100% match.
debug: Checking if threshold has a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown.
debug: threshold does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_metric_alarm.html.markdown
debug: Converted dict_keys(['ComparisonOperator', 'EvaluationPeriods', 'AlarmActions', 'Dimensions', 'MetricName', 'Namespace', 'Period', 'Statistic', 'Threshold']) to dict_keys(['comparison_operator', 'evaluation_periods', 'alarm_actions', 'dimensions', 'metric_name', 'namespace', 'period', 'statistic', 'threshold'])
debug: Converted properties to {'comparison_operator': '"GreaterThanOrEqualToThreshold"', 'evaluation_periods': '"1"', 'alarm_actions': ['aws_sns_topic.topic_bfc7_af6_e.id'], 'dimensions': [{'Name': '"FunctionName"', 'Value': 'aws_lambda_function.cl_transformer433_f8853.arn'}], 'metric_name': '"Errors"', 'namespace': '"AWS/Lambda"', 'period': '"300"', 'statistic': '"Sum"', 'threshold': '"0.05"'}
debug: Converting Cloudformation resource CLDataStream4DFB5423 to Terraform.
debug: Converted name to cl_data_stream4_dfb5423
debug: Searcing for kinesis stream in terraform docs...
debug: Best match was kinesis stream at /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown with score of 100.
debug: Found documentation file /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['name', 'shard_count', 'retention_period', 'shard_level_metrics', 'enforce_consumer_deletion', 'encryption_type', 'kms_key_id', 'stream_mode_details', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['id', 'name', 'shard_count', 'arn', 'tags_all']
debug: Converted type from AWS::Kinesis::Stream to aws_kinesis_stream
debug: Converting the intrinsic functions to Terraform expressions...
debug: Converting property names to argument names...
debug: Searching for Shard Count instead of ShardCount
debug: Converted ShardCount to shard_count with 100% match.
debug: Checking if shard_count has a section in /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown.
debug: shard_count does not have a section in /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown
debug: Searching for Retention Period Hours instead of RetentionPeriodHours
debug: Converted RetentionPeriodHours to retention_period with 95% match.
debug: Checking if retention_period has a section in /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown.
debug: retention_period does not have a section in /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown
debug: Searching for Stream Encryption instead of StreamEncryption
debug: Converted StreamEncryption to encryption_type with 77% match.
debug: Checking if encryption_type has a section in /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown.
debug: encryption_type does not have a section in /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown
warning: encryption_type does not have a section in /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown
debug: Converted dict_keys(['ShardCount', 'RetentionPeriodHours', 'StreamEncryption']) to dict_keys(['shard_count', 'retention_period', 'encryption_type'])
debug: Converted properties to {'shard_count': '"1"', 'retention_period': '"24"', 'encryption_type': '{\n    EncryptionType = "KMS"\n    KeyId = "alias/aws/kinesis"\n  }'}
debug: Converting Cloudformation resource AccessLogsBucket83982689 to Terraform.
debug: Converted name to access_logs_bucket83982689
debug: Searcing for bucket in terraform docs...
debug: Best match was s3 bucket at /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown with score of 80.
debug: Found documentation file /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['bucket', 'bucket_prefix', 'acceleration_status', 'acl', 'grant', 'cors_rule', 'force_destroy', 'lifecycle_rule', 'logging', 'object_lock_enabled', 'object_lock_configuration', 'policy', 'replication_configuration', 'request_payer', 'server_side_encryption_configuration', 'versioning', 'website', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['id', 'arn', 'bucket_domain_name', 'bucket_regional_domain_name', 'hosted_zone_id', 'region', 'tags_all', 'website_endpoint', 'website_domain']
debug: Converted type from AWS::S3::Bucket to aws_s3_bucket
debug: Converting the intrinsic functions to Terraform expressions...
debug: Converting property names to argument names...
debug: Searching for Access Control instead of AccessControl
debug: Converted AccessControl to acl with 60% match.
debug: Checking if acl has a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown.
debug: acl does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
debug: Searching for Bucket Encryption instead of BucketEncryption
debug: Converted BucketEncryption to bucket with 90% match.
debug: Checking if bucket has a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown.
debug: bucket does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
warning: bucket does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
debug: Searching for Public Access Block Configuration instead of PublicAccessBlockConfiguration
debug: Converted PublicAccessBlockConfiguration to grant with 72% match.
debug: Checking if grant has a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown.
debug: Found section ### Grant with 100% match.
debug: Valid grant arguments are ['id', 'type', 'permissions', 'uri']
debug: Searching for Block Public Acls instead of BlockPublicAcls
warning: No match found for BlockPublicAcls, commenting out this argument.
debug: Searching for Block Public Policy instead of BlockPublicPolicy
warning: No match found for BlockPublicPolicy, commenting out this argument.
debug: Searching for Ignore Public Acls instead of IgnorePublicAcls
warning: No match found for IgnorePublicAcls, commenting out this argument.
debug: Searching for Restrict Public Buckets instead of RestrictPublicBuckets
debug: Converted RestrictPublicBuckets to uri with 60% match.
debug: Checking if uri has a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown.
debug: uri does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
debug: Converted dict_keys(['BlockPublicAcls', 'BlockPublicPolicy', 'IgnorePublicAcls', 'RestrictPublicBuckets']) to dict_keys(['// CF Property(BlockPublicAcls)', '// CF Property(BlockPublicPolicy)', '// CF Property(IgnorePublicAcls)', 'uri'])
debug: Converted dict_keys(['AccessControl', 'BucketEncryption', 'PublicAccessBlockConfiguration']) to dict_keys(['acl', 'bucket', 'grant'])
debug: Converted properties to {'acl': '"LogDeliveryWrite"', 'bucket': '{\n    ServerSideEncryptionConfiguration = [{\'ServerSideEncryptionByDefault\': {\'SSEAlgorithm\': \'"AES256"\'}}]\n  }', 'grant': {'// CF Property(BlockPublicAcls)': '"True"', '// CF Property(BlockPublicPolicy)': '"True"', '// CF Property(IgnorePublicAcls)': '"True"', 'uri': '"True"'}}
debug: Converting Cloudformation resource CLBucket116F9F6B to Terraform.
debug: Converted name to cl_bucket116_f9_f6_b
debug: Searcing for bucket in terraform docs...
debug: Best match was s3 bucket at /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown with score of 80.
debug: Found documentation file /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['bucket', 'bucket_prefix', 'acceleration_status', 'acl', 'grant', 'cors_rule', 'force_destroy', 'lifecycle_rule', 'logging', 'object_lock_enabled', 'object_lock_configuration', 'policy', 'replication_configuration', 'request_payer', 'server_side_encryption_configuration', 'versioning', 'website', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['id', 'arn', 'bucket_domain_name', 'bucket_regional_domain_name', 'hosted_zone_id', 'region', 'tags_all', 'website_endpoint', 'website_domain']
debug: Converted type from AWS::S3::Bucket to aws_s3_bucket
debug: Converting the intrinsic functions to Terraform expressions...
debug: Searcing for bucket in terraform docs...
debug: Best match was s3 bucket at /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown with score of 80.
debug: Converting property names to argument names...
debug: Searching for Bucket Encryption instead of BucketEncryption
debug: Converted BucketEncryption to bucket with 90% match.
debug: Checking if bucket has a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown.
debug: bucket does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
warning: bucket does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
debug: Searching for Logging Configuration instead of LoggingConfiguration
debug: Converted LoggingConfiguration to logging with 90% match.
debug: Checking if logging has a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown.
debug: Found section ### Logging with 100% match.
debug: Valid logging arguments are ['target_bucket', 'target_prefix']
debug: Searching for Destination Bucket Name instead of DestinationBucketName
debug: Converted DestinationBucketName to target_bucket with 86% match.
debug: Checking if target_bucket has a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown.
debug: target_bucket does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
debug: Searching for Log File Prefix instead of LogFilePrefix
debug: Converted LogFilePrefix to target_prefix with 64% match.
debug: Checking if target_prefix has a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown.
debug: target_prefix does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
debug: Converted dict_keys(['DestinationBucketName', 'LogFilePrefix']) to dict_keys(['target_bucket', 'target_prefix'])
debug: Searching for Public Access Block Configuration instead of PublicAccessBlockConfiguration
debug: Converted PublicAccessBlockConfiguration to grant with 72% match.
debug: Checking if grant has a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown.
debug: Found section ### Grant with 100% match.
debug: Valid grant arguments are ['id', 'type', 'permissions', 'uri']
debug: Searching for Block Public Acls instead of BlockPublicAcls
warning: No match found for BlockPublicAcls, commenting out this argument.
debug: Searching for Block Public Policy instead of BlockPublicPolicy
warning: No match found for BlockPublicPolicy, commenting out this argument.
debug: Searching for Ignore Public Acls instead of IgnorePublicAcls
warning: No match found for IgnorePublicAcls, commenting out this argument.
debug: Searching for Restrict Public Buckets instead of RestrictPublicBuckets
debug: Converted RestrictPublicBuckets to uri with 60% match.
debug: Checking if uri has a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown.
debug: uri does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
debug: Converted dict_keys(['BlockPublicAcls', 'BlockPublicPolicy', 'IgnorePublicAcls', 'RestrictPublicBuckets']) to dict_keys(['// CF Property(BlockPublicAcls)', '// CF Property(BlockPublicPolicy)', '// CF Property(IgnorePublicAcls)', 'uri'])
debug: Converted dict_keys(['BucketEncryption', 'LoggingConfiguration', 'PublicAccessBlockConfiguration']) to dict_keys(['bucket', 'logging', 'grant'])
debug: Converted properties to {'bucket': '{\n    ServerSideEncryptionConfiguration = [{\'ServerSideEncryptionByDefault\': {\'SSEAlgorithm\': \'"AES256"\'}}]\n  }', 'logging': {'target_bucket': 'aws_s3_bucket.access_logs_bucket83982689.id', 'target_prefix': '"cl-access-logs"'}, 'grant': {'// CF Property(BlockPublicAcls)': '"True"', '// CF Property(BlockPublicPolicy)': '"True"', '// CF Property(IgnorePublicAcls)': '"True"', 'uri': '"True"'}}
debug: Converting Cloudformation resource CLBucketPolicyF1DF7D4F to Terraform.
debug: Converted name to cl_bucket_policy_f1_df7_d4_f
debug: Searcing for bucket policy in terraform docs...
debug: Best match was s3 bucket policy at /tmp/terraform_src/website/docs/r/s3_bucket_policy.html.markdown with score of 90.
debug: Found documentation file /tmp/terraform_src/website/docs/r/s3_bucket_policy.html.markdown
debug: Unable to find items in section Attributes Reference of /tmp/terraform_src/website/docs/r/s3_bucket_policy.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['bucket', 'policy']
debug: Parsed the following attributes from the documentation: 
debug: []
debug: Converted type from AWS::S3::BucketPolicy to aws_s3_bucket_policy
debug: Converting the intrinsic functions to Terraform expressions...
debug: Searcing for bucket in terraform docs...
debug: Best match was s3 bucket at /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown with score of 80.
debug: Fn::GetAtt - Looking up resource FirehoseRoleAA67C190
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Fn::GetAtt - Looking up resource CLBucket116F9F6B
debug: Searcing for bucket in terraform docs...
debug: Best match was s3 bucket at /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown with score of 80.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
debug: Fn::GetAtt - Looking up resource CLBucket116F9F6B
debug: Searcing for bucket in terraform docs...
debug: Best match was s3 bucket at /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown with score of 80.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
debug: Converting property names to argument names...
debug: Searching for Bucket instead of Bucket
debug: Converted Bucket to bucket with 100% match.
debug: Checking if bucket has a section in /tmp/terraform_src/website/docs/r/s3_bucket_policy.html.markdown.
debug: bucket does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket_policy.html.markdown
debug: Searching for Policy Document instead of PolicyDocument
debug: Converted PolicyDocument to policy with 90% match.
debug: Checking if policy has a section in /tmp/terraform_src/website/docs/r/s3_bucket_policy.html.markdown.
debug: policy does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket_policy.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket_policy.html.markdown
debug: Converted dict_keys(['Bucket', 'PolicyDocument']) to dict_keys(['bucket', 'policy'])
debug: Converted properties to {'bucket': 'aws_s3_bucket.cl_bucket116_f9_f6_b.id', 'policy': '{\n    Statement = [{\'Action\': [\'"s3:Put*"\', \'"s3:Get*"\'], \'Effect\': \'"Allow"\', \'Principal\': {\'AWS\': \'aws_iam_role.firehose_role_aa67_c190.arn\'}, \'Resource\': [\'aws_s3_bucket.cl_bucket116_f9_f6_b.arn\', \'join("", [aws_s3_bucket.cl_bucket116_f9_f6_b.arn, "/*"])\']}]\n    Version = "2012-10-17"\n  }'}
debug: Converting Cloudformation resource FirehoseLogGroup1B45149B to Terraform.
debug: Converted name to firehose_log_group1_b45149_b
debug: Searcing for logs log group in terraform docs...
debug: Best match was lb target group at /tmp/terraform_src/website/docs/r/lb_target_group.html.markdown with score of 62.
debug: Found documentation file /tmp/terraform_src/website/docs/r/lb_target_group.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['connection_termination', 'deregistration_delay', 'health_check', 'lambda_multi_value_headers_enabled', 'load_balancing_algorithm_type', 'name_prefix', 'name', 'port', 'preserve_client_ip', 'protocol_version', 'protocol', 'proxy_protocol_v2', 'slow_start', 'stickiness', 'tags', 'target_type', 'vpc_id']
debug: Parsed the following attributes from the documentation: 
debug: ['arn_suffix', 'arn', 'id', 'name', 'tags_all']
debug: Converted type from AWS::Logs::LogGroup to aws_lb_target_group
debug: Converting the intrinsic functions to Terraform expressions...
debug: Converting property names to argument names...
debug: Searching for Log Group Name instead of LogGroupName
debug: Converted LogGroupName to name with 90% match.
debug: Checking if name has a section in /tmp/terraform_src/website/docs/r/lb_target_group.html.markdown.
debug: name does not have a section in /tmp/terraform_src/website/docs/r/lb_target_group.html.markdown
debug: Searching for Retention In Days instead of RetentionInDays
debug: Converted RetentionInDays to deregistration_delay with 59% match.
debug: Checking if deregistration_delay has a section in /tmp/terraform_src/website/docs/r/lb_target_group.html.markdown.
debug: deregistration_delay does not have a section in /tmp/terraform_src/website/docs/r/lb_target_group.html.markdown
debug: Converted dict_keys(['LogGroupName', 'RetentionInDays']) to dict_keys(['name', 'deregistration_delay'])
debug: Converted properties to {'name': '"/aws/kinesisfirehose/CL-Firehose"', 'deregistration_delay': '"731"'}
debug: Converting Cloudformation resource FirehoseESLogStreamC35DD04E to Terraform.
debug: Converted name to firehose_es_log_stream_c35_dd04_e
debug: Searcing for logs log stream in terraform docs...
debug: Best match was cloudwatch log stream at /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown with score of 72.
debug: Found documentation file /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['name', 'log_group_name']
debug: Parsed the following attributes from the documentation: 
debug: ['arn']
debug: Converted type from AWS::Logs::LogStream to aws_cloudwatch_log_stream
debug: Converting the intrinsic functions to Terraform expressions...
debug: Searcing for logs log group in terraform docs...
debug: Best match was lb target group at /tmp/terraform_src/website/docs/r/lb_target_group.html.markdown with score of 62.
debug: Converting property names to argument names...
debug: Searching for Log Group Name instead of LogGroupName
debug: Converted LogGroupName to log_group_name with 100% match.
debug: Checking if log_group_name has a section in /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown.
debug: log_group_name does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown
debug: Searching for Log Stream Name instead of LogStreamName
debug: Converted LogStreamName to name with 90% match.
debug: Checking if name has a section in /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown.
debug: name does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown
debug: Converted dict_keys(['LogGroupName', 'LogStreamName']) to dict_keys(['log_group_name', 'name'])
debug: Converted properties to {'log_group_name': 'aws_lb_target_group.firehose_log_group1_b45149_b.arn_suffix', 'name': '"ElasticsearchDelivery"'}
debug: Converting Cloudformation resource FirehoseS3LogStreamB4DCF7B1 to Terraform.
debug: Converted name to firehose_s3_log_stream_b4_dcf7_b1
debug: Searcing for logs log stream in terraform docs...
debug: Best match was cloudwatch log stream at /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown with score of 72.
debug: Found documentation file /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['name', 'log_group_name']
debug: Parsed the following attributes from the documentation: 
debug: ['arn']
debug: Converted type from AWS::Logs::LogStream to aws_cloudwatch_log_stream
debug: Converting the intrinsic functions to Terraform expressions...
debug: Searcing for logs log group in terraform docs...
debug: Best match was lb target group at /tmp/terraform_src/website/docs/r/lb_target_group.html.markdown with score of 62.
debug: Converting property names to argument names...
debug: Searching for Log Group Name instead of LogGroupName
debug: Converted LogGroupName to log_group_name with 100% match.
debug: Checking if log_group_name has a section in /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown.
debug: log_group_name does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown
debug: Searching for Log Stream Name instead of LogStreamName
debug: Converted LogStreamName to name with 90% match.
debug: Checking if name has a section in /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown.
debug: name does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown
debug: Converted dict_keys(['LogGroupName', 'LogStreamName']) to dict_keys(['log_group_name', 'name'])
debug: Converted properties to {'log_group_name': 'aws_lb_target_group.firehose_log_group1_b45149_b.arn_suffix', 'name': '"S3Delivery"'}
debug: Converting Cloudformation resource FirehosePolicy3A3B2DF8 to Terraform.
debug: Converted name to firehose_policy3_a3_b2_df8
debug: Searcing for ia policy in terraform docs...
debug: Best match was iam policy at /tmp/terraform_src/website/docs/r/iam_policy.html.markdown with score of 95.
debug: Found documentation file /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['description', 'name', 'name_prefix', 'path', 'policy', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['id', 'arn', 'description', 'name', 'path', 'policy', 'policy_id', 'tags_all']
debug: Converted type from AWS::IAM::Policy to aws_iam_policy
debug: Converting the intrinsic functions to Terraform expressions...
debug: Searcing for bucket in terraform docs...
debug: Best match was s3 bucket at /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown with score of 80.
debug: Searcing for bucket in terraform docs...
debug: Best match was s3 bucket at /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown with score of 80.
debug: Searcing for bucket in terraform docs...
debug: Best match was s3 bucket at /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown with score of 80.
debug: Searcing for elasticsearch domain in terraform docs...
debug: Best match was elasticsearch domain at /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown with score of 100.
debug: Searcing for elasticsearch domain in terraform docs...
debug: Best match was elasticsearch domain at /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown with score of 100.
debug: Searcing for elasticsearch domain in terraform docs...
debug: Best match was elasticsearch domain at /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown with score of 100.
debug: Searcing for elasticsearch domain in terraform docs...
debug: Best match was elasticsearch domain at /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown with score of 100.
debug: Searcing for elasticsearch domain in terraform docs...
debug: Best match was elasticsearch domain at /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown with score of 100.
debug: Searcing for elasticsearch domain in terraform docs...
debug: Best match was elasticsearch domain at /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown with score of 100.
debug: Searcing for elasticsearch domain in terraform docs...
debug: Best match was elasticsearch domain at /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown with score of 100.
debug: Searcing for elasticsearch domain in terraform docs...
debug: Best match was elasticsearch domain at /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown with score of 100.
debug: Searcing for elasticsearch domain in terraform docs...
debug: Best match was elasticsearch domain at /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown with score of 100.
debug: Fn::GetAtt - Looking up resource FirehoseLogGroup1B45149B
debug: Searcing for logs log group in terraform docs...
debug: Best match was lb target group at /tmp/terraform_src/website/docs/r/lb_target_group.html.markdown with score of 62.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/lb_target_group.html.markdown
debug: Fn::GetAtt - Looking up resource CLDataStream4DFB5423
debug: Searcing for kinesis stream in terraform docs...
debug: Best match was kinesis stream at /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown with score of 100.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Converting property names to argument names...
debug: Searching for Policy Document instead of PolicyDocument
debug: Converted PolicyDocument to policy with 90% match.
debug: Checking if policy has a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown.
debug: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Searching for Policy Name instead of PolicyName
debug: Converted PolicyName to name with 90% match.
debug: Checking if name has a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown.
debug: name does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Searching for Roles instead of Roles
warning: No match found for Roles, commenting out this argument.
debug: Converted dict_keys(['PolicyDocument', 'PolicyName', 'Roles']) to dict_keys(['policy', 'name', '// CF Property(Roles)'])
debug: Converted properties to {'policy': '{\n    Statement = [{\'Action\': [\'"s3:AbortMultipartUpload"\', \'"s3:GetBucketLocation"\', \'"s3:GetObject"\', \'"s3:ListBucket"\', \'"s3:ListBucketMultipartUploads"\', \'"s3:PutObject"\'], \'Effect\': \'"Allow"\', \'Resource\': [\'join("", ["arn:", data.aws_region.current.name, ":s3:::", aws_s3_bucket.cl_bucket116_f9_f6_b.id])\', \'join("", ["arn:", data.aws_region.current.name, ":s3:::", aws_s3_bucket.cl_bucket116_f9_f6_b.id, "/*"])\']}, {\'Action\': [\'"kms:GenerateDataKey"\', \'"kms:Decrypt"\'], \'Condition\': {\'StringEquals\': {\'kms:ViaService\': \'join("", ["s3.", data.aws_region.current.name, ".amazonaws.com"])\'}, \'StringLike\': {\'kms:EncryptionContext:aws:s3:arn\': [\'join("", ["arn:", data.aws_region.current.name, ":s3:::", aws_s3_bucket.cl_bucket116_f9_f6_b.id, "/*"])\']}}, \'Effect\': \'"Allow"\', \'Resource\': \'join("", ["arn:", data.aws_region.current.name, ":kms:", data.aws_region.current.name, ":", data.aws_region.current.name, ":key/*"])\'}, {\'Action\': [\'"ec2:DescribeVpcs"\', \'"ec2:DescribeVpcAttribute"\', \'"ec2:DescribeSubnets"\', \'"ec2:DescribeSecurityGroups"\', \'"ec2:DescribeNetworkInterfaces"\', \'"ec2:CreateNetworkInterface"\', \'"ec2:CreateNetworkInterfacePermission"\', \'"ec2:DeleteNetworkInterface"\'], \'Effect\': \'"Allow"\', \'Resource\': \'"*"\'}, {\'Action\': [\'"es:DescribeElasticsearchDomain"\', \'"es:DescribeElasticsearchDomains"\', \'"es:DescribeElasticsearchDomainConfig"\', \'"es:ESHttpPost"\', \'"es:ESHttpPut"\'], \'Effect\': \'"Allow"\', \'Resource\': [\'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn])\', \'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/*"])\']}, {\'Action\': \'"es:ESHttpGet"\', \'Effect\': \'"Allow"\', \'Resource\': [\'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/_all/_settings"])\', \'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/_cluster/stats"])\', \'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/cwl-kinesis/_mapping/kinesis"])\', \'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/_nodes"])\', \'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/_nodes/*/stats"])\', \'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/_stats"])\', \'join("", ["arn:", data.aws_region.current.name, ":es:", data.aws_region.current.name, ":", data.aws_region.current.name, ":domain/", aws_elasticsearch_domain.es_domain_b45006_da.arn, "/cwl-kinesis/_stats"])\']}, {\'Action\': [\'"logs:PutLogEvents"\', \'"logs:CreateLogStream"\'], \'Effect\': \'"Allow"\', \'Resource\': \'aws_lb_target_group.firehose_log_group1_b45149_b.arn\'}, {\'Action\': \'"kms:Decrypt"\', \'Condition\': {\'StringEquals\': {\'kms:ViaService\': \'join("", ["kinesis.", data.aws_region.current.name, ".amazonaws.com"])\'}, \'StringLike\': {\'kms:EncryptionContext:aws:kinesis:arn\': \'aws_kinesis_stream.cl_data_stream4_dfb5423.arn\'}}, \'Effect\': \'"Allow"\', \'Resource\': \'join("", ["arn:", data.aws_region.current.name, ":kms:", data.aws_region.current.name, ":", data.aws_region.current.name, ":key/*"])\'}]\n    Version = "2012-10-17"\n  }', 'name': '"CL-Firehose-Policy"', '// CF Property(Roles)': "['aws_iam_role.firehose_role_aa67_c190.arn']"}
debug: Converting Cloudformation resource CLFirehose to Terraform.
debug: Converted name to cl_firehose
debug: Searcing for kinesis firehose delivery stream in terraform docs...
debug: Best match was kinesis firehose delivery stream at /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown with score of 100.
debug: Found documentation file /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['name', 'tags', 'kinesis_source_configuration', 'server_side_encryption', 'destination', 's3_configuration', 'extended_s3_configuration', 'redshift_configuration', 'elasticsearch_configuration', 'splunk_configuration', 'http_endpoint_configuration', 'kinesis_stream_arn', 'role_arn', 'enabled', 'key_type', 'key_arn', 'role_arn', 'bucket_arn', 'prefix', 'buffer_size', 'buffer_interval', 'compression_format', 'error_output_prefix', 'kms_key_arn', 'cloudwatch_logging_options', 'data_format_conversion_configuration', 'processing_configuration', 's3_backup_mode', 's3_backup_configuration', 'dynamic_partitioning_configuration', 'cluster_jdbcurl', 'username', 'password', 'retry_duration', 'role_arn', 's3_backup_mode', 's3_backup_configuration', 'data_table_name', 'copy_options', 'data_table_columns', 'cloudwatch_logging_options', 'processing_configuration', 'buffering_interval', 'buffering_size', 'domain_arn', 'cluster_endpoint', 'index_name', 'index_rotation_period', 'retry_duration', 'role_arn', 's3_backup_mode', 'type_name', 'cloudwatch_logging_options', 'vpc_config', 'processing_configuration', 'hec_acknowledgment_timeout', 'hec_endpoint', 'hec_endpoint_type', 'hec_token', 's3_backup_mode', 'retry_duration', 'cloudwatch_logging_options', 'processing_configuration', 'url', 'name', 'access_key', 'role_arn', 's3_backup_mode', 'buffering_size', 'buffering_interval', 'cloudwatch_logging_options', 'processing_configuration', 'request_configuration', 'retry_duration', 'enabled', 'log_group_name', 'log_stream_name', 'enabled', 'processors', 'type', 'parameters', 'parameter_name', 'parameter_value', 'content_encoding', 'common_attributes', 'name', 'value', 'subnet_ids', 'security_group_ids', 'role_arn']
debug: Parsed the following attributes from the documentation: 
debug: ['arn', 'tags_all']
debug: Converted type from AWS::KinesisFirehose::DeliveryStream to aws_kinesis_firehose_delivery_stream
debug: Converting the intrinsic functions to Terraform expressions...
debug: Searcing for logs log stream in terraform docs...
debug: Best match was cloudwatch log stream at /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown with score of 72.
debug: Fn::GetAtt - Looking up resource ESDomainB45006DA
debug: Searcing for elasticsearch domain in terraform docs...
debug: Best match was elasticsearch domain at /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown with score of 100.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown
debug: Fn::GetAtt - Looking up resource FirehoseRoleAA67C190
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Fn::GetAtt - Looking up resource CLBucket116F9F6B
debug: Searcing for bucket in terraform docs...
debug: Best match was s3 bucket at /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown with score of 80.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
debug: Searcing for logs log stream in terraform docs...
debug: Best match was cloudwatch log stream at /tmp/terraform_src/website/docs/r/cloudwatch_log_stream.html.markdown with score of 72.
debug: Fn::GetAtt - Looking up resource FirehoseRoleAA67C190
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Fn::GetAtt - Looking up resource FirehoseRoleAA67C190
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Fn::GetAtt - Looking up resource ESSGE420B5A1
debug: Searcing for e security group in terraform docs...
debug: Best match was security group at /tmp/terraform_src/website/docs/r/security_group.html.markdown with score of 93.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Searcing for e subnet in terraform docs...
debug: Best match was subnet at /tmp/terraform_src/website/docs/r/subnet.html.markdown with score of 86.
debug: Searcing for e subnet in terraform docs...
debug: Best match was subnet at /tmp/terraform_src/website/docs/r/subnet.html.markdown with score of 86.
debug: Converting property names to argument names...
debug: Searching for Delivery Stream Encryption Configuration Input instead of DeliveryStreamEncryptionConfigurationInput
debug: Converted DeliveryStreamEncryptionConfigurationInput to kinesis_source_configuration with 86% match.
debug: Checking if kinesis_source_configuration has a section in /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown.
debug: kinesis_source_configuration does not have a section in /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown
warning: kinesis_source_configuration does not have a section in /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown
debug: Searching for Delivery Stream Name instead of DeliveryStreamName
debug: Converted DeliveryStreamName to name with 90% match.
debug: Checking if name has a section in /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown.
debug: name does not have a section in /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown
debug: Searching for Delivery Stream Type instead of DeliveryStreamType
debug: Converted DeliveryStreamType to type with 90% match.
debug: Checking if type has a section in /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown.
debug: type does not have a section in /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown
debug: Searching for Elasticsearch Destination Configuration instead of ElasticsearchDestinationConfiguration
debug: Converted ElasticsearchDestinationConfiguration to elasticsearch_configuration with 95% match.
debug: Checking if elasticsearch_configuration has a section in /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown.
debug: elasticsearch_configuration does not have a section in /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown
warning: elasticsearch_configuration does not have a section in /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown
debug: Converted dict_keys(['DeliveryStreamEncryptionConfigurationInput', 'DeliveryStreamName', 'DeliveryStreamType', 'ElasticsearchDestinationConfiguration']) to dict_keys(['kinesis_source_configuration', 'name', 'type', 'elasticsearch_configuration'])
debug: Converted properties to {'kinesis_source_configuration': '{\n    KeyType = "AWS_OWNED_CMK"\n  }', 'name': '"CL-Firehose"', 'type': '"DirectPut"', 'elasticsearch_configuration': '{\n    CloudWatchLoggingOptions = {\n      Enabled = "True"\n      LogGroupName = "/aws/kinesisfirehose/CL-Firehose"\n      LogStreamName = aws_cloudwatch_log_stream.firehose_es_log_stream_c35_dd04_e.arn\n    }\n    DomainARN = aws_elasticsearch_domain.es_domain_b45006_da.arn\n    IndexName = "cwl"\n    IndexRotationPeriod = "OneDay"\n    RoleARN = aws_iam_role.firehose_role_aa67_c190.arn\n    S3BackupMode = "AllDocuments"\n    S3Configuration = {\n      BucketARN = aws_s3_bucket.cl_bucket116_f9_f6_b.arn\n      CloudWatchLoggingOptions = {\n        Enabled = "True"\n        LogGroupName = "/aws/kinesisfirehose/CL-Firehose"\n        LogStreamName = aws_cloudwatch_log_stream.firehose_s3_log_stream_b4_dcf7_b1.arn\n      }\n      RoleARN = aws_iam_role.firehose_role_aa67_c190.arn\n    }\n    VpcConfiguration = {\n      RoleARN = aws_iam_role.firehose_role_aa67_c190.arn\n      SecurityGroupIds = [\'aws_security_group.essge420_b5_a1.id\']\n      SubnetIds = [\'aws_subnet.esvpces_isolated_subnet_subnet1_subnet_bc48_a527.id\', \'aws_subnet.esvpces_isolated_subnet_subnet2_subnet_f8_d4_db34.id\']\n    }\n  }'}
debug: Converting Cloudformation resource CWDestinationRole20A8055F to Terraform.
debug: Converted name to cw_destination_role20_a8055_f
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Found documentation file /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['assume_role_policy', 'description', 'force_detach_policies', 'inline_policy', 'managed_policy_arns', 'max_session_duration', 'name', 'name_prefix', 'path', 'permissions_boundary', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['arn', 'create_date', 'id', 'name', 'tags_all', 'unique_id']
debug: Converted type from AWS::IAM::Role to aws_iam_role
debug: Converting the intrinsic functions to Terraform expressions...
debug: Converting property names to argument names...
debug: Searching for Assume Role Policy Document instead of AssumeRolePolicyDocument
debug: Converted AssumeRolePolicyDocument to assume_role_policy with 90% match.
debug: Checking if assume_role_policy has a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown.
debug: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
warning: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Converted dict_keys(['AssumeRolePolicyDocument']) to dict_keys(['assume_role_policy'])
debug: Converted properties to {'assume_role_policy': '{\n    Statement = [{\'Effect\': \'"Allow"\', \'Principal\': {\'Service\': \'"logs.amazonaws.com"\'}, \'Action\': \'"sts:AssumeRole"\'}]\n    Version = "2012-10-17"\n  }'}
debug: Converting Cloudformation resource CWDestPolicy3DD10F82 to Terraform.
debug: Converted name to cw_dest_policy3_dd10_f82
debug: Searcing for ia policy in terraform docs...
debug: Best match was iam policy at /tmp/terraform_src/website/docs/r/iam_policy.html.markdown with score of 95.
debug: Found documentation file /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['description', 'name', 'name_prefix', 'path', 'policy', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['id', 'arn', 'description', 'name', 'path', 'policy', 'policy_id', 'tags_all']
debug: Converted type from AWS::IAM::Policy to aws_iam_policy
debug: Converting the intrinsic functions to Terraform expressions...
debug: Fn::GetAtt - Looking up resource CLDataStream4DFB5423
debug: Searcing for kinesis stream in terraform docs...
debug: Best match was kinesis stream at /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown with score of 100.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Converting property names to argument names...
debug: Searching for Policy Document instead of PolicyDocument
debug: Converted PolicyDocument to policy with 90% match.
debug: Checking if policy has a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown.
debug: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Searching for Policy Name instead of PolicyName
debug: Converted PolicyName to name with 90% match.
debug: Checking if name has a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown.
debug: name does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Searching for Roles instead of Roles
warning: No match found for Roles, commenting out this argument.
debug: Converted dict_keys(['PolicyDocument', 'PolicyName', 'Roles']) to dict_keys(['policy', 'name', '// CF Property(Roles)'])
debug: Converted properties to {'policy': '{\n    Statement = [{\'Action\': \'"kinesis:PutRecord"\', \'Effect\': \'"Allow"\', \'Resource\': \'aws_kinesis_stream.cl_data_stream4_dfb5423.arn\'}]\n    Version = "2012-10-17"\n  }', 'name': '"CWDestPolicy3DD10F82"', '// CF Property(Roles)': "['aws_iam_role.cw_destination_role20_a8055_f.arn']"}
debug: Converting Cloudformation resource HelperRolePolicy285D208F4 to Terraform.
debug: Converted name to helper_role_policy285_d208_f4
debug: Searcing for ia policy in terraform docs...
debug: Best match was iam policy at /tmp/terraform_src/website/docs/r/iam_policy.html.markdown with score of 95.
debug: Found documentation file /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['description', 'name', 'name_prefix', 'path', 'policy', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['id', 'arn', 'description', 'name', 'path', 'policy', 'policy_id', 'tags_all']
debug: Converted type from AWS::IAM::Policy to aws_iam_policy
debug: Converting the intrinsic functions to Terraform expressions...
debug: Fn::GetAtt - Looking up resource CWDestinationRole20A8055F
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Converting property names to argument names...
debug: Searching for Policy Document instead of PolicyDocument
debug: Converted PolicyDocument to policy with 90% match.
debug: Checking if policy has a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown.
debug: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Searching for Policy Name instead of PolicyName
debug: Converted PolicyName to name with 90% match.
debug: Checking if name has a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown.
debug: name does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
debug: Searching for Roles instead of Roles
warning: No match found for Roles, commenting out this argument.
debug: Converted dict_keys(['PolicyDocument', 'PolicyName', 'Roles']) to dict_keys(['policy', 'name', '// CF Property(Roles)'])
debug: Converted properties to {'policy': '{\n    Statement = [{\'Action\': \'"iam:PassRole"\', \'Effect\': \'"Allow"\', \'Resource\': \'aws_iam_role.cw_destination_role20_a8055_f.arn\'}]\n    Version = "2012-10-17"\n  }', 'name': '"HelperRolePolicy285D208F4"', '// CF Property(Roles)': "['aws_iam_role.helper_role_d1833_f54.arn']"}
debug: Converting Cloudformation resource CWDestination to Terraform.
debug: Converted name to cw_destination
debug: Searcing for custom cw destination in terraform docs...
debug: Best match was cloudwatch log destination at /tmp/terraform_src/website/docs/r/cloudwatch_log_destination.html.markdown with score of 68.
debug: Found documentation file /tmp/terraform_src/website/docs/r/cloudwatch_log_destination.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['name', 'role_arn', 'target_arn']
debug: Parsed the following attributes from the documentation: 
debug: ['arn']
debug: Converted type from Custom::CWDestination to aws_cloudwatch_log_destination
debug: Converting the intrinsic functions to Terraform expressions...
debug: Fn::GetAtt - Looking up resource HelperProviderframeworkonEvent1079DE9D
debug: Searcing for lambda function in terraform docs...
debug: Best match was lambda function at /tmp/terraform_src/website/docs/r/lambda_function.html.markdown with score of 100.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
debug: Fn::GetAtt - Looking up resource CreateUUID
debug: Searcing for custom create uuid in terraform docs...
debug: Best match was shield protection at /tmp/terraform_src/website/docs/r/shield_protection.html.markdown with score of 51.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/shield_protection.html.markdown
debug: Fn::GetAtt - Looking up resource CWDestinationRole20A8055F
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Fn::GetAtt - Looking up resource CLDataStream4DFB5423
debug: Searcing for kinesis stream in terraform docs...
debug: Best match was kinesis stream at /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown with score of 100.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown
debug: Converting property names to argument names...
debug: Searching for Service Token instead of ServiceToken
warning: No match found for ServiceToken, commenting out this argument.
debug: Searching for Regions instead of Regions
warning: No match found for Regions, commenting out this argument.
debug: Searching for Destination Name instead of DestinationName
debug: Converted DestinationName to name with 90% match.
debug: Checking if name has a section in /tmp/terraform_src/website/docs/r/cloudwatch_log_destination.html.markdown.
debug: name does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_log_destination.html.markdown
debug: Searching for Role instead of Role
debug: Converted Role to role_arn with 90% match.
debug: Checking if role_arn has a section in /tmp/terraform_src/website/docs/r/cloudwatch_log_destination.html.markdown.
debug: role_arn does not have a section in /tmp/terraform_src/website/docs/r/cloudwatch_log_destination.html.markdown
debug: Searching for Data Stream instead of DataStream
warning: No match found for DataStream, commenting out this argument.
debug: Searching for Spoke Accounts instead of SpokeAccounts
warning: No match found for SpokeAccounts, commenting out this argument.
debug: Converted dict_keys(['ServiceToken', 'Regions', 'DestinationName', 'Role', 'DataStream', 'SpokeAccounts']) to dict_keys(['// CF Property(ServiceToken)', '// CF Property(Regions)', 'name', 'role_arn', '// CF Property(DataStream)', '// CF Property(SpokeAccounts)'])
debug: Converted properties to {'// CF Property(ServiceToken)': 'aws_lambda_function.helper_providerframeworkon_event1079_de9_d.arn', '// CF Property(Regions)': 'var.spoke_regions', 'name': 'join("", ["CL-Destination-", aws_shield_protection.create_uuid.id])', 'role_arn': 'aws_iam_role.cw_destination_role20_a8055_f.arn', '// CF Property(DataStream)': 'aws_kinesis_stream.cl_data_stream4_dfb5423.arn', '// CF Property(SpokeAccounts)': 'var.spoke_accounts'}
debug: Converting Cloudformation resource CLJumpboxJumpboxSGD93E94FC to Terraform.
debug: Converted name to cl_jumpbox_jumpbox_sgd93_e94_fc
debug: Searcing for e security group in terraform docs...
debug: Best match was security group at /tmp/terraform_src/website/docs/r/security_group.html.markdown with score of 93.
debug: Found documentation file /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['description', 'egress', 'ingress', 'name_prefix', 'name', 'revoke_rules_on_delete', 'tags', 'vpc_id']
debug: Parsed the following attributes from the documentation: 
debug: ['arn', 'id', 'owner_id', 'tags_all']
debug: Converted type from AWS::EC2::SecurityGroup to aws_security_group
debug: Converting the intrinsic functions to Terraform expressions...
debug: Searcing for e vpc in terraform docs...
debug: Best match was vpc at /tmp/terraform_src/website/docs/r/vpc.html.markdown with score of 75.
debug: Converting property names to argument names...
debug: Searching for Group Description instead of GroupDescription
debug: Converted GroupDescription to description with 90% match.
debug: Checking if description has a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown.
debug: description does not have a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Searching for Security Group Egress instead of SecurityGroupEgress
debug: Converted SecurityGroupEgress to egress with 90% match.
debug: Checking if egress has a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown.
debug: Found section ### egress with 100% match.
debug: Valid egress arguments are ['from_port', 'to_port', 'cidr_blocks', 'description', 'ipv6_cidr_blocks', 'prefix_list_ids', 'protocol', 'security_groups', 'self']
debug: Searching for Cidr Ip instead of CidrIp
debug: Converted CidrIp to cidr_blocks with 86% match.
debug: Checking if cidr_blocks has a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown.
debug: cidr_blocks does not have a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Searching for Description instead of Description
debug: Converted Description to description with 100% match.
debug: Checking if description has a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown.
debug: description does not have a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Searching for From Port instead of FromPort
debug: Converted FromPort to from_port with 100% match.
debug: Checking if from_port has a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown.
debug: from_port does not have a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Searching for Ip Protocol instead of IpProtocol
debug: Converted IpProtocol to protocol with 95% match.
debug: Checking if protocol has a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown.
debug: protocol does not have a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Searching for To Port instead of ToPort
debug: Converted ToPort to to_port with 100% match.
debug: Checking if to_port has a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown.
debug: to_port does not have a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Converted dict_keys(['CidrIp', 'Description', 'FromPort', 'IpProtocol', 'ToPort']) to dict_keys(['cidr_blocks', 'description', 'from_port', 'protocol', 'to_port'])
debug: Searching for Cidr Ip instead of CidrIp
debug: Converted CidrIp to cidr_blocks with 86% match.
debug: Checking if cidr_blocks has a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown.
debug: cidr_blocks does not have a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Searching for Description instead of Description
debug: Converted Description to description with 100% match.
debug: Checking if description has a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown.
debug: description does not have a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Searching for From Port instead of FromPort
debug: Converted FromPort to from_port with 100% match.
debug: Checking if from_port has a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown.
debug: from_port does not have a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Searching for Ip Protocol instead of IpProtocol
debug: Converted IpProtocol to protocol with 95% match.
debug: Checking if protocol has a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown.
debug: protocol does not have a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Searching for To Port instead of ToPort
debug: Converted ToPort to to_port with 100% match.
debug: Checking if to_port has a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown.
debug: to_port does not have a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Converted dict_keys(['CidrIp', 'Description', 'FromPort', 'IpProtocol', 'ToPort']) to dict_keys(['cidr_blocks', 'description', 'from_port', 'protocol', 'to_port'])
debug: Searching for Vpc Id instead of VpcId
debug: Converted VpcId to vpc_id with 100% match.
debug: Checking if vpc_id has a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown.
debug: vpc_id does not have a section in /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Converted dict_keys(['GroupDescription', 'SecurityGroupEgress', 'VpcId']) to dict_keys(['description', 'egress', 'vpc_id'])
debug: Converted properties to {'description': '"CL-PrimaryStack/CL-Jumpbox/JumpboxSG"', 'egress': [{'cidr_blocks': '"0.0.0.0/0"', 'description': '"allow outbound https"', 'from_port': '"80"', 'protocol': '"tcp"', 'to_port': '"80"'}, {'cidr_blocks': '"0.0.0.0/0"', 'description': '"allow outbound https"', 'from_port': '"443"', 'protocol': '"tcp"', 'to_port': '"443"'}], 'vpc_id': 'aws_vpc.esvpc3_cead2_a7.arn'}
debug: Converting Cloudformation resource CLJumpboxJumpboxEC2InstanceRole92DDA704 to Terraform.
debug: Converted name to cl_jumpbox_jumpbox_ec2_instance_role92_dda704
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Found documentation file /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['assume_role_policy', 'description', 'force_detach_policies', 'inline_policy', 'managed_policy_arns', 'max_session_duration', 'name', 'name_prefix', 'path', 'permissions_boundary', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['arn', 'create_date', 'id', 'name', 'tags_all', 'unique_id']
debug: Converted type from AWS::IAM::Role to aws_iam_role
debug: Converting the intrinsic functions to Terraform expressions...
debug: Converting property names to argument names...
debug: Searching for Assume Role Policy Document instead of AssumeRolePolicyDocument
debug: Converted AssumeRolePolicyDocument to assume_role_policy with 90% match.
debug: Checking if assume_role_policy has a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown.
debug: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
warning: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Searching for Tags instead of Tags
debug: Converted Tags to tags with 100% match.
debug: Checking if tags has a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown.
debug: tags does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
debug: Converted dict_keys(['AssumeRolePolicyDocument', 'Tags']) to dict_keys(['assume_role_policy', 'tags'])
debug: Converted properties to {'assume_role_policy': '{\n    Statement = [{\'Action\': \'"sts:AssumeRole"\', \'Effect\': \'"Allow"\', \'Principal\': {\'Service\': \'join("", ["ec2.", data.aws_partition.current.dns_suffix])\'}}]\n    Version = "2012-10-17"\n  }', 'tags': [{'Key': '"Name"', 'Value': '"CL-PrimaryStack/CL-Jumpbox/JumpboxEC2"'}]}
debug: Converting Cloudformation resource CLJumpboxJumpboxEC2InstanceProfile10A8921D to Terraform.
debug: Converted name to cl_jumpbox_jumpbox_ec2_instance_profile10_a8921_d
debug: Searcing for ia instance profile in terraform docs...
debug: Best match was iam instance profile at /tmp/terraform_src/website/docs/r/iam_instance_profile.html.markdown with score of 97.
debug: Found documentation file /tmp/terraform_src/website/docs/r/iam_instance_profile.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['name', 'name_prefix', 'path', 'role', 'tags']
debug: Parsed the following attributes from the documentation: 
debug: ['arn', 'create_date', 'id', 'tags_all', 'unique_id']
debug: Converted type from AWS::IAM::InstanceProfile to aws_iam_instance_profile
debug: Converting the intrinsic functions to Terraform expressions...
debug: Searcing for ia role in terraform docs...
debug: Best match was iam role at /tmp/terraform_src/website/docs/r/iam_role.html.markdown with score of 93.
debug: Converting property names to argument names...
debug: Searching for Roles instead of Roles
debug: Converted Roles to role with 89% match.
debug: Checking if role has a section in /tmp/terraform_src/website/docs/r/iam_instance_profile.html.markdown.
debug: role does not have a section in /tmp/terraform_src/website/docs/r/iam_instance_profile.html.markdown
debug: Converted dict_keys(['Roles']) to dict_keys(['role'])
debug: Converted properties to {'role': ['aws_iam_role.cl_jumpbox_jumpbox_ec2_instance_role92_dda704.arn']}
debug: Converting Cloudformation resource CLJumpboxJumpboxEC210DE4297 to Terraform.
debug: Converted name to cl_jumpbox_jumpbox_ec210_de4297
debug: Searcing for e instance in terraform docs...
debug: Best match was instance at /tmp/terraform_src/website/docs/r/instance.html.markdown with score of 89.
debug: Found documentation file /tmp/terraform_src/website/docs/r/instance.html.markdown
debug: Parsed the following arguments from the documentation: 
debug: ['ami', 'associate_public_ip_address', 'availability_zone', 'capacity_reservation_specification', 'cpu_core_count', 'cpu_threads_per_core', 'credit_specification', 'disable_api_stop', 'disable_api_termination', 'ebs_block_device', 'ebs_optimized', 'enclave_options', 'ephemeral_block_device', 'get_password_data', 'hibernation', 'host_id', 'iam_instance_profile', 'instance_initiated_shutdown_behavior', 'instance_type', 'ipv6_address_count', 'ipv6_addresses', 'key_name', 'launch_template', 'maintenance_options', 'metadata_options', 'monitoring', 'network_interface', 'placement_group', 'placement_partition_number', 'private_dns_name_options', 'private_ip', 'root_block_device', 'secondary_private_ips', 'security_groups', 'source_dest_check', 'subnet_id', 'tags', 'tenancy', 'user_data', 'user_data_base64', 'user_data_replace_on_change', 'volume_tags', 'vpc_security_group_ids']
debug: Parsed the following attributes from the documentation: 
debug: ['arn', 'capacity_reservation_specification', 'instance_state', 'outpost_arn', 'password_data', 'primary_network_interface_id', 'private_dns', 'public_dns', 'public_ip', 'tags_all', 'volume_id', 'volume_id', 'device_name']
debug: Converted type from AWS::EC2::Instance to aws_instance
debug: Converting the intrinsic functions to Terraform expressions...
debug: Searcing for ia instance profile in terraform docs...
debug: Best match was iam instance profile at /tmp/terraform_src/website/docs/r/iam_instance_profile.html.markdown with score of 97.
debug: Fn::GetAtt - Looking up resource CLJumpboxJumpboxSGD93E94FC
debug: Searcing for e security group in terraform docs...
debug: Best match was security group at /tmp/terraform_src/website/docs/r/security_group.html.markdown with score of 93.
debug: Fn::GetAtt - Parsing attributes for /tmp/terraform_src/website/docs/r/security_group.html.markdown
debug: Searcing for e subnet in terraform docs...
debug: Best match was subnet at /tmp/terraform_src/website/docs/r/subnet.html.markdown with score of 86.
debug: Converting property names to argument names...
debug: Searching for Availability Zone instead of AvailabilityZone
debug: Converted AvailabilityZone to availability_zone with 100% match.
debug: Checking if availability_zone has a section in /tmp/terraform_src/website/docs/r/instance.html.markdown.
debug: availability_zone does not have a section in /tmp/terraform_src/website/docs/r/instance.html.markdown
debug: Searching for Iam Instance Profile instead of IamInstanceProfile
debug: Converted IamInstanceProfile to iam_instance_profile with 100% match.
debug: Checking if iam_instance_profile has a section in /tmp/terraform_src/website/docs/r/instance.html.markdown.
debug: iam_instance_profile does not have a section in /tmp/terraform_src/website/docs/r/instance.html.markdown
debug: Searching for Image Id instead of ImageId
debug: Converted ImageId to private_dns_name_options with 56% match.
debug: Checking if private_dns_name_options has a section in /tmp/terraform_src/website/docs/r/instance.html.markdown.
debug: Found section ### Private DNS Name Options with 100% match.
Traceback (most recent call last):
  File "/usr/local/bin/cf2tf", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/app.py", line 44, in cli
    config = TemplateConverter(cf_template, search_manger).convert()
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 59, in convert
    tf_resources = self.convert_to_tf(self.manifest)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 111, in convert_to_tf
    tf_resources.extend(converter(resources))
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 293, in convert_resources
    arguments = props_to_args(resolved_values, valid_arguments, docs_path)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 430, in props_to_args
    tf_arg_name, tf_arg_value = convert_prop_to_arg(
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 464, in convert_prop_to_arg
    tf_arg, tf_values = parse_subsection(tf_arg_name, prop_value, docs_path)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 492, in parse_subsection
    raise TypeError(
TypeError: Found section ### Private DNS Name Options but prop_value was str not dict or list.
Fortunes-MacBook-Pro:cloudFormation fortuneking$

note that the main.tf file still has nothing but existing repo found. inside with 77 empty lines.

chunkingz commented 2 years ago

@chunkingz it might have been the redirect to main.tf. It might work if you run it like this cf2tf aws-centralized-logging.template without the redirect.

The redirect makes the stacktrace just disappear.

Will investigate.

@shadycuz without the redirect, still doesnt work, see the output below

Fortunes-MacBook-Pro:cloudFormation fortuneking$ cf2tf aws-centralized-logging.template
// Converting aws-centralized-logging.template to Terraform!
 existing repo found.
warning: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: No match found for Roles, commenting out this argument.
warning: code_signing_config_arn does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
warning: variables does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
warning: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: No match found for Roles, commenting out this argument.
warning: code_signing_config_arn does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
warning: variables does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
warning: No match found for ServiceToken, commenting out this argument.
warning: No match found for SolutionVersion, commenting out this argument.
warning: No match found for SolutionUuid, commenting out this argument.
warning: No match found for RecoveryMechanisms, commenting out this argument.
warning: admin_create_user_config does not have a section in /tmp/terraform_src/website/docs/r/cognito_user_pool.markdown
warning: password_policy does not have a section in /tmp/terraform_src/website/docs/r/cognito_user_pool.markdown
warning: user_pool_add_ons does not have a section in /tmp/terraform_src/website/docs/r/cognito_user_pool.markdown
warning: verification_message_template does not have a section in /tmp/terraform_src/website/docs/r/cognito_user_pool.markdown
warning: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
warning: roles does not have a section in /tmp/terraform_src/website/docs/r/cognito_identity_pool_roles_attachment.markdown
warning: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: No match found for Roles, commenting out this argument.
warning: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
warning: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: No match found for Roles, commenting out this argument.
warning: access_policies does not have a section in /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown
warning: cognito_options does not have a section in /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown
warning: domain_endpoint_options does not have a section in /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown
warning: ebs_options does not have a section in /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown
warning: cluster_config does not have a section in /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown
warning: advanced_options does not have a section in /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown
warning: log_publishing_options does not have a section in /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown
warning: node_to_node_encryption does not have a section in /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown
warning: vpc_options does not have a section in /tmp/terraform_src/website/docs/r/elasticsearch_domain.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: No match found for Roles, commenting out this argument.
warning: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: No match found for Roles, commenting out this argument.
warning: code_signing_config_arn does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
warning: dead_letter_config does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
warning: variables does not have a section in /tmp/terraform_src/website/docs/r/lambda_function.html.markdown
warning: No match found for Protocol, commenting out this argument.
warning: No match found for Endpoint, commenting out this argument.
warning: encryption_type does not have a section in /tmp/terraform_src/website/docs/r/kinesis_stream.html.markdown
warning: bucket does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
warning: No match found for BlockPublicAcls, commenting out this argument.
warning: No match found for BlockPublicPolicy, commenting out this argument.
warning: No match found for IgnorePublicAcls, commenting out this argument.
warning: bucket does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket.html.markdown
warning: No match found for BlockPublicAcls, commenting out this argument.
warning: No match found for BlockPublicPolicy, commenting out this argument.
warning: No match found for IgnorePublicAcls, commenting out this argument.
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/s3_bucket_policy.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: No match found for Roles, commenting out this argument.
warning: kinesis_source_configuration does not have a section in /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown
warning: elasticsearch_configuration does not have a section in /tmp/terraform_src/website/docs/r/kinesis_firehose_delivery_stream.html.markdown
warning: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: No match found for Roles, commenting out this argument.
warning: policy does not have a section in /tmp/terraform_src/website/docs/r/iam_policy.html.markdown
warning: No match found for Roles, commenting out this argument.
warning: No match found for ServiceToken, commenting out this argument.
warning: No match found for Regions, commenting out this argument.
warning: No match found for DataStream, commenting out this argument.
warning: No match found for SpokeAccounts, commenting out this argument.
warning: assume_role_policy does not have a section in /tmp/terraform_src/website/docs/r/iam_role.html.markdown
Traceback (most recent call last):
  File "/usr/local/bin/cf2tf", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.9/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/app.py", line 44, in cli
    config = TemplateConverter(cf_template, search_manger).convert()
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 59, in convert
    tf_resources = self.convert_to_tf(self.manifest)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 111, in convert_to_tf
    tf_resources.extend(converter(resources))
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 293, in convert_resources
    arguments = props_to_args(resolved_values, valid_arguments, docs_path)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 430, in props_to_args
    tf_arg_name, tf_arg_value = convert_prop_to_arg(
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 464, in convert_prop_to_arg
    tf_arg, tf_values = parse_subsection(tf_arg_name, prop_value, docs_path)
  File "/usr/local/lib/python3.9/site-packages/cf2tf/convert.py", line 492, in parse_subsection
    raise TypeError(
TypeError: Found section ### Private DNS Name Options but prop_value was str not dict or list.
Fortunes-MacBook-Pro:cloudFormation fortuneking$
shadycuz commented 2 years ago

@chunkingz Did you update? Do you have version 2.1? 

$ cf2tf --version
cf2tf, version 0.2.1
chunkingz commented 2 years ago

@chunkingz Did you update? Do you have version 2.1?

$ cf2tf --version
cf2tf, version 0.2.1

@shadycuz yes I already did. I added it to my reply after where you mentioned that I should update with pip.

shadycuz commented 2 years ago

Okay strange... I had this fixed 😞

It's late for me, I will try and take a look at it tomorrow.

Oh yeah, I broke an if statement =/ 

prop_value was str not dict or list.
shadycuz commented 2 years ago

@chunkingz I have tracked it down to a change in the source code of terraform. Since I downloaded the source code a few days ago, I dont have the recent changes. This is still a bug in the program, which I will look into.

chunkingz commented 2 years ago

No worries, I'll wait for the fix.

shadycuz commented 2 years ago

@chunkingz This should be fixed for you. I fixed it in the last release.

shadycuz commented 2 years ago

If anyone else is having no output issues then please open a new issue.