Export-PSCFNTerraform

SYNOPSIS

Export an existing CloudFormation stack to Terraform

SYNTAX

Export-PSCFNTerraform -WorkspaceDirectory <String> [-ExportNestedStacks] [-WithDefaultTag]
 [-ParameterFile <String>] [-ClientRequestToken <String>] [-Force] [-PassThru] [-RoleARN <String>]
 [-StackName] <String> [-AccessKey <String>] [-Credential <AWSCredentials>] [-EndpointUrl <String>]
 [-NetworkCredential <PSCredential>] [-ProfileLocation <String>] [-ProfileName <String>] [-Region <Object>]
 [-S3EndpointUrl <String>] [-SecretKey <String>] [-SessionToken <String>] [-STSEndpointUrl <String>]
 [<CommonParameters>]

DESCRIPTION

Reads the CloudFormation stack and exports as many of its resources as possible to a Terraform workspace. This provides a starting position for migration of stacks to Terraform.

Once the resource ownership has been passed to Terraform, all the resources within the CloudFormation template should have their deletion policy set to Retain, then the CloudFormation stack deleted, thus leaving the resources intact.

EXAMPLES

EXAMPLE 1

Export-PSCFNTerraform -StackName my-stack -WorkspaceDirectory ~/tf/my-stack

Reads my-stack from AWS via the CloudFormation service and generates Terraform code for that stack in the specified directory.

EXAMPLE 2

Export-PSCFNTerraform -StackName my-stack -WorkspaceDirectory ~/tf/my-stack -NonInteractive

As the first example, but does not ask questions about resources that cannot be imported directly. These resources are reported as not imported.

EXAMPLE 3

Export-PSCFNTerraform -StackName my-stack -WorkspaceDirectory ~/tf/my-stack -Force

As the first example, but if an existing state file is found in the workspace, it is overwritten without prompting.

PARAMETERS

-WorkspaceDirectory

Specifies the directory for the Terraform workspace. It will be created if it does not exist.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-ExportNestedStacks

If set, export nested stacks as Terraform modules.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-WithDefaultTag

If this switch is present, then a default_tags block is added to the AWS provider declaration. A default tag of terraform:stack_name with value being the name of the exported CloudFormation stack is added to all resources, enabling you to create a resource group by tag name in the AWS console of all resources in the new configuration that support tagging.

This has the side effect of marking all imported resources as requiring an in-place change to apply the new tag.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-ParameterFile

If present, location of a list of stack parameters to apply. This is a JSON or YAML list of parameter structures with fields ParameterKey and ParameterValue. This is similar to aws cloudformation create-stack except the other fields defined for that are ignored here. Parameters not supplied to an update operation are assumed to be UsePreviousValue. If a parameter of the same name is defined on the command line, the command line takes precedence. If your stack has a parameter with the same name as one of the parameters to this cmdlet, then you must set the stack parameter via a parameter file.

You can specify either a string containing JSON or YAML, or path to a file that contains the parameters.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-ClientRequestToken

A unique identifier for this CreateStack request. Specify this token if you plan to retry requests so that AWS CloudFormation knows that you're not attempting to create a stack with the same name. You might retry CreateStack requests to ensure that AWS CloudFormation successfully received them. All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a CreateStack operation with the token token1, then all the StackEvents generated by that operation will have ClientRequestToken set as token1. In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format Console-StackOperation-ID, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Force

This parameter overrides confirmation prompts to force the cmdlet to continue its operation. This parameter should always be used with caution.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-PassThru

If this is set, then the operation returns immediately after submitting the request to CloudFormation. If not set, then the operation is followed to completion, with stack events being output to the console.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-RoleARN

The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that AWS CloudFormation assumes to create the stack. AWS CloudFormation uses the role's credentials to make calls on your behalf. AWS CloudFormation always uses this role for all future operations on the stack. As long as users have permission to operate on the stack, AWS CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that is generated from your user credentials.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-StackName

The name that is associated with the stack. The name must be unique in the Region in which you are creating the stack.A stack name can contain only alphanumeric characters (case sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-AccessKey

The AWS access key for the user account. This can be a temporary access key if the corresponding session token is supplied to the -SessionToken parameter.

Type: String
Parameter Sets: (All)
Aliases: AK

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Credential

An AWSCredentials object instance containing access and secret key information, and optionally a token for session-based credentials.

Type: AWSCredentials
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-EndpointUrl

The endpoint to make CloudFormation calls against.

The cmdlets normally determine which endpoint to call based on the region specified to the -Region parameter or set as default in the shell (via Set-DefaultAWSRegion). Only specify this parameter if you must direct the call to a specific custom endpoint, e.g. if using LocalStack or some other AWS emulator or a VPC endpoint from an EC2 instance.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-NetworkCredential

Used with SAML-based authentication when ProfileName references a SAML role profile. Contains the network credentials to be supplied during authentication with the configured identity provider's endpoint. This parameter is not required if the user's default network identity can or should be used during authentication.

Type: PSCredential
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-ProfileLocation

Used to specify the name and location of the ini-format credential file (shared with the AWS CLI and other AWS SDKs)

If this optional parameter is omitted this cmdlet will search the encrypted credential file used by the AWS SDK for .NET and AWS Toolkit for Visual Studio first. If the profile is not found then the cmdlet will search in the ini-format credential file at the default location: (user's home directory).aws\credentials.

If this parameter is specified then this cmdlet will only search the ini-format credential file at the location given.

As the current folder can vary in a shell or during script execution it is advised that you use specify a fully qualified path instead of a relative path.

Type: String
Parameter Sets: (All)
Aliases: AWSProfilesLocation, ProfilesLocation

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-ProfileName

The user-defined name of an AWS credentials or SAML-based role profile containing credential information. The profile is expected to be found in the secure credential file shared with the AWS SDK for .NET and AWS Toolkit for Visual Studio. You can also specify the name of a profile stored in the .ini-format credential file used with the AWS CLI and other AWS SDKs.

Type: String
Parameter Sets: (All)
Aliases: StoredCredentials, AWSProfileName

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Region

The system name of an AWS region or an AWSRegion instance. This governs the endpoint that will be used when calling service operations. Note that the AWS resources referenced in a call are usually region-specific.

Type: Object
Parameter Sets: (All)
Aliases: RegionToCall

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-S3EndpointUrl

The endpoint to make S3 calls against.

S3 is used by these cmdlets for managing S3 based templates and by the packager for uploading code artifacts and nested templates.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-SecretKey

The AWS secret key for the user account. This can be a temporary secret key if the corresponding session token is supplied to the -SessionToken parameter.

Type: String
Parameter Sets: (All)
Aliases: SK, SecretAccessKey

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-SessionToken

The session token if the access and secret keys are temporary session-based credentials.

Type: String
Parameter Sets: (All)
Aliases: ST

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-STSEndpointUrl

The endpoint to make STS calls against.

STS is used only if creating a bucket to store oversize templates and packager artifacts to get the caller account ID to use as part of the generated bucket name.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

System.String

Specifies the directory for the Terraform workspace. It will be created if it does not exist.

System.Management.Automation.SwitchParameter

If set, export nested stacks as Terraform modules.

System.Management.Automation.SwitchParameter

This has the side effect of marking all imported resources as requiring an in-place change to apply the new tag.

System.String

You can specify either a string containing JSON or YAML, or path to a file that contains the parameters.

System.String

System.Management.Automation.SwitchParameter

This parameter overrides confirmation prompts to force the cmdlet to continue its operation. This parameter should always be used with caution.

System.Management.Automation.SwitchParameter

System.String

The AWS access key for the user account. This can be a temporary access key if the corresponding session token is supplied to the -SessionToken parameter.

Amazon.Runtime.AWSCredentials

An AWSCredentials object instance containing access and secret key information, and optionally a token for session-based credentials.

System.String

The endpoint to make CloudFormation calls against.

System.Management.Automation.PSCredential

System.String

Used to specify the name and location of the ini-format credential file (shared with the AWS CLI and other AWS SDKs)

If this parameter is specified then this cmdlet will only search the ini-format credential file at the location given.

As the current folder can vary in a shell or during script execution it is advised that you use specify a fully qualified path instead of a relative path.

System.String

System.Object

System.String

The endpoint to make S3 calls against.

S3 is used by these cmdlets for managing S3 based templates and by the packager for uploading code artifacts and nested templates.

System.String

The AWS secret key for the user account. This can be a temporary secret key if the corresponding session token is supplied to the -SessionToken parameter.

System.String

The session token if the access and secret keys are temporary session-based credentials.

System.String

The endpoint to make STS calls against.

STS is used only if creating a bucket to store oversize templates and packager artifacts to get the caller account ID to use as part of the generated bucket name.

Export-PSCFNTerraform

SYNOPSIS

SYNTAX

DESCRIPTION

EXAMPLES

EXAMPLE 1

EXAMPLE 2

EXAMPLE 3

PARAMETERS

-WorkspaceDirectory

-ExportNestedStacks

-WithDefaultTag

-ParameterFile

-ClientRequestToken

-Force

-PassThru

-RoleARN

-StackName

-AccessKey

-Credential

-EndpointUrl

-NetworkCredential

-ProfileLocation

-ProfileName

-Region

-S3EndpointUrl

-SecretKey

-SessionToken

-STSEndpointUrl

CommonParameters

INPUTS

System.String

System.Management.Automation.SwitchParameter

System.Management.Automation.SwitchParameter

System.String

System.String

System.Management.Automation.SwitchParameter

System.Management.Automation.SwitchParameter

System.String

System.String

System.String

Amazon.Runtime.AWSCredentials

System.String

System.Management.Automation.PSCredential

System.String

System.String

System.Object

System.String

System.String

System.String

System.String

OUTPUTS

NOTES

RELATED LINKS