Procedure Retrieve the CloudFormation Template
For an already deployed SAM project, a Stack has been created in CloudFormation.Template tab, save the template contents locally as template.yml.
Add the Resource You Want to Import to template.yml 1 2 3 4 5 6 7 8 9 10 11 12 13 ... Resources: ... ApiGatewayAccessLogGroup: Type: AWS::Logs::LogGroup DeletionPolicy: Retain Properties: LogGroupName: /aws/apigateway/xxx-Bot-Stack
This time we will import the log group used for managing API Gateway access logs.DeletionPolicy: Retain so that the resource is not created but instead imported into the Stack.
Describe the Resource to Import in import.json 1 2 3 4 5 6 7 8 9 [ { "ResourceType": "AWS::Logs::LogGroup", "LogicalResourceId": "ApiGatewayAccessLogGroup", "ResourceIdentifier": { "LogGroupName":"/aws/apigateway/xxx-Bot-Stack" } } ]
Add the resource to be imported into import.json and
Create a Change Set 1 2 3 4 5 6 7 $ aws cloudformation create-change-set \ --stack-name xxx-Bot-Stack \ --change-set-name import-apigateway-accesslog-loggroup \ --resources-to-import file://import.json \ --change-set-type IMPORT \ --template-body file://template.yml \ --capabilities CAPABILITY_IAM
The import is not actually executed at the point this command is run.
After running the command, you are good to go if a set has been added to Change sets as shown below.
The Name of the change set is a link, so click it.
Execute the Change Set (Run the Import)
Click the Execute change set button in the top right to run the import into the Stack.
The import is complete once the status reaches IMPORT_COMPLETE.
Tags Are Added to the Imported Resource
You can confirm that a tag indicating the resource is managed by the Stack has been added to the resource imported into the Stack.
Update the SAM Project template.yml Define the imported resource in the yml file referenced at deploy time, which is different from the template.yml prepared for the import.DeletionPolicy: Retain is not needed.
1 2 3 4 5 6 7 8 Resources: ... ApiGatewayAccessLogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: /aws/apigateway/xxx-Bot-Stack RetentionInDays: 14
Because the template file managed by the SAM project has a difference in DeletionPolicy: Retain, a change diff appears.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 $ sam deploy -t ${TEMPLATE_FILE} \ --stack-name xxx-Bot-Stack \ --s3-prefix xxx-Bot-Stack \ --s3-bucket yyy \ --capabilities CAPABILITY_IAM \ --region ap-northeast-1 \ --no-fail-on-empty-changeset \ --no-progressbar Initiating deployment ===================== File with same data already exists at xxx-Bot-Stack/nnn.template, skipping upload Waiting for changeset to be created.. CloudFormation stack changeset --------------------------------------------------------------------------------------------------------------------------------- Operation LogicalResourceId ResourceType Replacement --------------------------------------------------------------------------------------------------------------------------------- * Modify ApiGatewayAccessLogGroup AWS::Logs::LogGroup False --------------------------------------------------------------------------------------------------------------------------------- Changeset created successfully. arn:aws:cloudformation:ap-northeast-1:123456789012:changeSet/samcli-deploy123/zzz 2023-06-07 12:22:16 - Waiting for stack create/update to complete CloudFormation events from stack operations (refresh every 5.0 seconds) --------------------------------------------------------------------------------------------------------------------------------- ResourceStatus ResourceType LogicalResourceId ResourceStatusReason --------------------------------------------------------------------------------------------------------------------------------- UPDATE_COMPLETE AWS::Logs::LogGroup ApiGatewayAccessLogGroup - UPDATE_COMPLETE_CLEANUP_IN_PRO AWS::CloudFormation::Stack xxx-Bot-Stack - GRESS UPDATE_COMPLETE AWS::CloudFormation::Stack xxx-Bot-Stack - --------------------------------------------------------------------------------------------------------------------------------- CloudFormation outputs from deployed stack ------------------------------------------------------------------------------------------------------------------------------------ Outputs ------------------------------------------------------------------------------------------------------------------------------------ Key SlackMessageApi Description - Value https://yyy.execute-api.ap-northeast-1.amazonaws.com/Prod/message/ ------------------------------------------------------------------------------------------------------------------------------------ Successfully created/updated stack - xxx-Bot-Stack in ap-northeast-1
After deploying, you can confirm that the diff disappears when you try to deploy again.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 $ sam deploy -t ${TEMPLATE_FILE} \ --stack-name xxx-Bot-Stack \ --s3-prefix xxx-Bot-Stack \ --s3-bucket yyy \ --capabilities CAPABILITY_IAM \ --region ap-northeast-1 \ --no-fail-on-empty-changeset \ --no-progressbar File with same data already exists at xxx-Bot-Stack/7d47ca74f4c587c742cd0df1f7252ecd.template, skipping upload Waiting for changeset to be created.. No changes to deploy. Stack xxx-Bot-Stack is up to date
With this, we confirmed that the import completed without issues.
Bonus: Removing a SAM Resource from Management (the Reverse of Import) Save Stack > Template as template.yml, delete the target resource, and run the following command.
This creates a Change set that removes the imported log group.
1 2 3 4 5 6 aws cloudformation create-change-set \ --stack-name xxx-Bot-Stack \ --change-set-name remove-apigateway-loggroup \ --change-set-type UPDATE \ --template-body file://template.yml \ --capabilities CAPABILITY_IAM
You can delete it by running Execute change set in the console.
That’s all.
