Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

cdk migrate --from-scan fails due to unsupported/unknown resource properties

0

I manually created AWS resources using the AWS Console, including an Amazon S3 bucket, an API Gateway REST API, and an AWS Lambda function triggered by the REST API. I then attempted to migrate this existing infrastructure into an AWS CDK application using the cdk migrate --from-scan command. While the scan phase successfully detected the resources, the migration failed during stack generation because the generated CloudFormation/CDK template included unsupported or invalid properties for multiple services, such as S3 (AbacStatus), API Gateway (SecurityPolicy), and Lambda (RecursiveLoop). Due to these incompatibilities, AWS CDK is unable to correctly translate the detected resource configurations into CDK constructs, causing the migration process to fail. What is the recommended solution or best practice to handle these unsupported properties when using cdk migrate --from-scan?

Topics
ServerlessFront-End Web & MobileManagement & GovernanceMigration & ModernizationAWS Cloud Development Kit (CDK)Networking & Content Delivery
Tags
Amazon API GatewayAWS CloudFormationMigration & ModernizationAWS Cloud Development Kit (CDK)
Language
English
asked 14 days ago60 views
2 Answers
1

Hello.

As mentioned in the GitHub issue, you will likely encounter errors with the migrate command until unsupported properties, such as the "RecursiveLoop" property, are supported.
https://github.com/aws/aws-cdk-cli/issues/642

If you absolutely want to manage it with CDK, you might want to try out IaC generators as well.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/generate-IaC.html#generate-template-considerations

EXPERT
answered 14 days ago
EXPERT
reviewed 13 days ago
  • Rutika Karande
    13 days ago

    Thanks for the reference. I was able to make the migration work after generating a CloudFormation template and manually removing unsupported properties, but I’m looking for a way to achieve a fully automated migration using cdk migrate without manual cleanup.

  • Riku_Kobayashi EXPERT
    13 days ago

    Currently, the migration command includes unsupported properties, making complete compatibility difficult.

0

The issue you're experiencing with cdk migrate --from-scan failing due to unsupported or unknown resource properties is a known challenge when migrating manually created AWS resources. The scan process detects your existing resources, but the migration can fail when certain properties returned by the AWS APIs aren't directly supported in CloudFormation or CDK constructs.

Here are some approaches to resolve this:

1. Manual Property Cleanup After the scan completes but before synthesis, you may need to manually edit the generated CDK code to remove or modify unsupported properties. Properties like AbacStatus, SecurityPolicy, and RecursiveLoop that you mentioned may be read-only attributes or service-specific metadata that shouldn't be included in the infrastructure-as-code definition.

2. Use Supported Properties Only When defining resources in CDK, focus on the core configuration properties that are officially supported by CloudFormation. For Lambda functions, this includes properties like Code, Handler, Role, and Runtime. For S3 buckets, focus on bucket policies, encryption settings, and lifecycle rules rather than internal service attributes.

3. Incremental Migration Instead of migrating all resources at once, consider migrating resources incrementally. Start with simpler resources (like S3 buckets) and gradually add more complex ones (like API Gateway and Lambda integrations). This allows you to identify and fix property issues one resource at a time.

4. Review Generated Templates Examine the CloudFormation template generated during the synthesis phase. Remove any properties that aren't documented in the official CloudFormation resource specifications for the respective services.

5. Consider Alternative Migration Paths If cdk migrate --from-scan continues to fail, you might need to manually recreate the CDK constructs using the CDK Construct Library, which provides higher-level abstractions with smart defaults and best practices. This approach gives you more control over which properties are included and ensures compatibility with CDK standards.

The root cause is that the scan process captures the complete state of your resources as returned by AWS APIs, which includes internal metadata and read-only properties that aren't meant to be specified in infrastructure definitions. CloudFormation and CDK only support a subset of these properties for resource creation and management.
Sources
interface CodeProperty · AWS CDK
Deploying Lambda functions with AWS CDK - AWS Lambda

answered 14 days ago
EXPERT
reviewed 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content