AWS Flags
AWS-specific flags in Cloud to Code help you control which AWS resources are imported into Terraform configuration files. Here's how they work:
Usage
cloud2code import aws --region <region> [--arns <arns>] [--ids <ids>] [--resource-type <resource_type>] [--view-arn <view_arn>]
| Flag | Description | Required |
|---|---|---|
--region | The AWS region from which resources will be imported. Example: us-east-1. | Yes |
--arns | Comma-separated list of AWS ARNs to import specific resources. Example: arn:aws:s3:::my-bucket. | Optional |
--ids | Comma-separated list of resource IDs to import specific resources. Example: i-1234567890abcdef0. | Optional |
--resource-type | Specifies the Terraform resource type to import. Example: aws_instance, aws_s3_bucket. | Optional |
--view-arn | ARN of the AWS Resource Explorer view to validate imported resources. Must be set up beforehand. | Optional |
Examples
Import All Resources from a Region
Import all AWS resources from the us-east-1 region into Terraform.
cloud2code import aws --region us-east-1
Import Specific Resources Using ARNs
Import only the specified S3 bucket and EC2 instance.
cloud2code import aws --region us-east-1 --arns arn:aws:s3:::my-bucket,arn:aws:ec2:us-east-1:123456789012:instance/i-0abcd1234efgh5678
Import Specific Resources Using Resource IDs
Import an EC2 instance and an S3 bucket by their resource IDs.
cloud2code import aws --region us-west-2 --ids i-0abcd1234efgh5678,s3-bucket-name
Import Only Specific AWS Resource Types
Import only EC2 instances and S3 buckets from the specified region.
cloud2code import aws --region us-east-1 --resource-type aws_instance,aws_s3_bucket
Verify Import Using AWS Resource Explorer
Verify if Cloud to Code fetched all requested resources using an AWS Resource Explorer view ARN.
cloud2code import aws --region us-east-1 --view-arn arn:aws:resource-explorer-2:us-east-1:123456789012:view/my-view
Authentication Flags
Specify these authentication flags below if you don’t want to use the default AWS CLI credentials and you want to specify your AWS authentication details manually:
| Flag | Description | Required |
|---|---|---|
--access-key | AWS access key ID for authentication. | Optional |
--secret-key | AWS secret access key for authentication. | Optional |
--session-token | Temporary AWS session token (for temporary credentials). | Optional |
--profile | AWS credentials profile name from the ~/.aws/credentials file. | Optional |
--shared-credentials-file | Custom path to the AWS credentials file (if not using default). | Optional |
--shared-config-file | Custom path to the AWS config file (if not using default). | Optional |
Sample Usage
The following commands will import S3 buckets and EC2 instances from the us-east-1 AWS region into Terraform configuration files (.tf).
Using explicit credentials
Not recommended for security reasons
cloud2code import aws --region us-east-1 \
--include aws_s3_bucket,aws_instance \
--access-key AKIAEXAMPLEKEY \
--secret-key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \
--session-token FwoGZXIvYXdzEBwaEXAMPLESESSIONTOKEN
Using a specific AWS profile
cloud2code import aws --region us-east-1 \
--include aws_s3_bucket,aws_instance \
--profile my-aws-profile
Using a custom credentials file
cloud2code import aws --region us-east-1 \
--include aws_s3_bucket,aws_instance \
--shared-credentials-file /path/to/credentials \
--shared-config-file /path/to/config