Option to add Retention policy for generated resources

[reidca]

I believe one of the strong user cases for former2 is being able to generate templates of manually created resources that can then be imported into CloudFormation using the new Import existing resource feature.

In order to do this, the template you use has to have a retention policy on each of the resources.

e.g.

VPC:
        Type: "AWS::EC2::VPC"
        DeletionPolicy: Retain
        Properties:
            CidrBlock: "10.1.0.0/16"
            EnableDnsSupport: true
            EnableDnsHostnames: true
            InstanceTenancy: "default"

If there was an option in Former2 to add that when generating the CloudFormation template that would take away a lot of manual work!

[iann0036]

Hey @reidca,

Have you seen the "Import" feature in the CloudFormation outputs? This feature does exactly that under the hood in order to directly import stacks into the associated account.

Is there a specific reason you would perform this action yourself? Would adding a "Download Template" button in the Import modal suffice?

[reidca]

I confess I had not seen this feature. However in my case I took the template generated by Former2 and made a number of modifications, principally changing the resource names (as discussed previously) to ones containing the resource type and adding some parameters for items such as CIDR block (to try and make the template more generic).

I do think it would be useful for Former2 to be able to generate the template for manual purposes containing the retention policy, if that's possible.

Can I assume that the "import" feature in Former2 strips out those resources (that would be most of them ;-) ) that are not yet supported by the cloudformation import feature? I would also love to have this an option when generating the templates for manual use as this would have saved me a lot of time.

Is there a specific reason you would perform this action yourself? Would adding a "Download Template" button in the Import modal suffice?

Yes I think that would work if the resources that cannot be imported are removed as well as the retention policy being added. Thanks

[iann0036]

The parameters can be set by adding the parameter keys and its value in the "Default Value" field in Settings > Parameters. It will perform the !Ref or !Sub for you.

The import feature will drop unsupported resource types from the imported stack and warn you about them before creating the stack.

I'll try to add the "Download Template" option on the Import modal.

[iann0036]

I've added the download template option in the modal (in the cleanest way I could from a UI perspective).

Give it a shot and let me know if this helps.

[reidca]

Thanks that's really useful, got to say that's a pretty impressive turnaround!

Regarding the import feature, a couple of comments:

I think

• one of the reasons I had not noticed it before is that the word "import" on the button does not lead me to believe it's importing existing resources into cloudformation. Since we are in the Former2 tool UI the use of the word "Import" imples importing something into Former2. I confess I am not sure what else you would call the button that clearly explains that the import is importing into cloudformation rather than into former2. Perhaps just calling it "Import resources into CloudFormation" would better explain it's meaning although that's quite wordy.

• When I created the IAM user for Former2 to use I was very specific to only grant the role ReadOnly credentials. I was even somewhat hesitant here since this in itself it placing a lot of trust to a third party. I personally have followed you for sometime and was aware of Console Recorded and other work you have done in this area therefore my trust was already gained. However I would be uncomfortable in extending this permission to the ability to create changesets in my environment or make other changes therefore I am not sure how useful having the functionality to create the change set from within former2 is. My preference would always be to save the template myself (which also gives me the ability to put it into my VCS) then perform the import myself.

Thanks again

[iann0036]

Thanks for the feedback, I appreciate it.

I agree with the fact that onboarding and general usage is currently very vague, something I'll have to put more thought into so the full feature-set is exposed.

I've also had feedback in the past about placing credentials in these sort of tools. I'm really optimising for ease-of-use for those new to IaC or AWS generally and I understand that some have security or compliance issues with running the tool. It was too good of a feature to pass up though. One thing I forgot to mention was that the import reference IDs/ARNs are automatically substituted during the import process (so it's completely seamless).