很多资源都是在我们的云平台中手动创建的。如何通过cdk导入和管理/更新这些资源? AWS资源的更新可以是标签、状态等
我发现了一些示例,但使用上述步骤部署每个资源可能需要很长时间。
要开始迁移,从 KMS 密钥开始,发现有一个方法
fromKeyArnimport * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { Tags, RemovalPolicy } from 'aws-cdk-lib';
import { Key } from 'aws-cdk-lib/aws-kms'
export class CoreAwsInfraStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
Tags.of(this).add('Environment', 'Production');
Tags.of(this).add('Project', 'MyProject');
const kmsKeyArn = 'arn:aws:kms:<region>:<account>:key/<kmskeyid>';
const kmsKey = Key.fromKeyArn(this, 'ImportedKmsKey', kmsKeyArn);
console.log("here is kms key",kmsKey)
}
}<ref *1> Import {
node: Node {
host: [Circular *1],
_locked: false,
_children: {},
_context: {},
_metadata: [],
_dependencies: Set(0) {},
_validations: [ [Object] ],
id: 'ImportedKmsKey',
scope: CoreAwsInfraStack {
node: [Node],
_missingContext: [],
_stackDependencies: {},
templateOptions: {},
_crossRegionReferences: false,
_suppressTemplateIndentation: false,
_logicalIds: [LogicalIDs],
account: '52xxxxxx',
region: 'ap-southeast-2',
environment: 'aws://526129xxx/ap-souxxxxx',
_terminationProtection: false,
_stackName: 'CoreAwsInfraStack',
tags: [TagManager],
artifactId: 'CoreAwsInfraStack',
templateFile: 'CoreAwsInfraStack.template.json',
_versionReportingEnabled: true,
synthesizer: [DefaultStackSynthesizer],
[Symbol(@aws-cdk/core.DependableTrait)]: [Object]
}
},
stack: <ref *2> CoreAwsInfraStack {
node: Node {
host: [Circular *2],
_locked: false,
_children: [Object],
_context: {},
_metadata: [],
_dependencies: Set(0) {},
_validations: [],
id: 'CoreAwsInfraStack',
scope: [App]
},
_missingContext: [],
_stackDependencies: {},
templateOptions: {},
_crossRegionReferences: false,
_suppressTemplateIndentation: false,
_logicalIds: LogicalIDs { renames: {}, reverse: {} },
account: '52xxxxxx',
region: 'ap-southeast-2',
environment: 'aws://xxxxxx/ap-soxxxxx',
_terminationProtection: false,
_stackName: 'CoreAwsInfraStack',
tags: TagManager {
tags: Map(0) {},
priorities: Map(0) {},
externalTagPriority: 50,
resourceTypeName: 'aws:cdk:stack',
tagFormatter: KeyValueFormatter {},
tagPropertyName: 'tags',
didHaveInitialTags: false,
renderedTags: [LazyAny]
},
artifactId: 'CoreAwsInfraStack',
templateFile: 'CoreAwsInfraStack.template.json',
_versionReportingEnabled: true,
synthesizer: DefaultStackSynthesizer {
_boundStack: [Circular *2],
qualifier: 'hnb659fds',
bucketName: 'xxxxx',
repositoryName: 'xxxxxx',
_deployRoleArn: 'arn:${AWS::Partition}:iam::xxx:role/cdk-hnb659fds-deploy-role-xxx-ap-souxxx',
_cloudFormationExecutionRoleArn: 'arn:${AWS::Partition}:iam::xxxx:role/cdk-hnb659fds-cfn-exec-role-xxx-ap-southeast-2',
fileAssetPublishingRoleArn: 'arn:${AWS::Partition}:iam::xxx:role/cdk-hnb659fds-file-publishing-role-xxxx-ap-xxx',
imageAssetPublishingRoleArn: 'arn:${AWS::Partition}:iam::xxxx:role/cdk-hnb659fds-image-publishing-role-xxxxx-ap-southeast-2',
lookupRoleArn: 'arn:${AWS::Partition}:iam::xxxx:role/cdk-hnb659fds-lookup-role-xxx-ap-soutxxx',
bucketPrefix: '',
dockerTagPrefix: '',
bootstrapStackVersionSsmParameter: '/cdk-bootstrap/hnb659fds/version'
},
[Symbol(@aws-cdk/core.DependableTrait)]: { dependencyRoots: [Array] }
},
env: { account: 'xxxx', region: 'ap-sxxx' },
_physicalName: undefined,
_allowCrossEnvironment: false,
physicalName: '${Token[TOKEN.9]}',
aliases: [],
keyArn: 'arn:aws:kms:ap-soxxx:xxx:key/a00xxxxxxx',
policy: undefined,
trustAccountIdentities: true,
keyId: 'a00d1xxxx',
[Symbol(@aws-cdk/core.DependableTrait)]: { dependencyRoots: [ [Circular *1] ] }
}您不能为此使用
fromKeyArn当您想要将现有密钥指定为堆栈中另一个资源(例如您将使用该密钥加密的存储桶)的属性时,可以使用
fromKeyArnfromKeyArn当您说使用这篇文章中的步骤部署每个资源将需要很长时间时,我假设您的意思是为要导入的所有资源找出正确的CDK将花费很长时间,而不是说您会花很长时间一次针对一个资源运行
cdk import基于 docs,您应该能够使用一个
cdk import但是你必须先为现有资源编写CDK。
为了缩短为要导入的资源手动编写 CDK 代码的时间,您可以使用 IaC Generator(它应该从已部署的资源生成 CloudFormation)和 CDK Migrate。
我不确定 CDK Migrate 是否会将资源引入现有的 CDK 堆栈。如果没有,您可以使用它为新的 CDK 应用程序生成代码,然后将资源从那里复制到现有的 CDK 应用程序中。