Skip to content

ASEA Import Stacks⚓︎

Overview⚓︎

The ASEA (AWS Secure Environment Accelerator) Import stacks handle migration from the legacy ASEA solution to LZA. They import existing CloudFormation resources into LZA management without recreating them, preserving existing infrastructure.

Deployment Scope⚓︎

  • Stage: import-asea-resources
  • Deployed to: Accounts with ASEA resources, enabled regions
  • Config files consumed: network-config.yaml, ASEA resource mapping files

What It Deploys⚓︎

Resource Import⚓︎

  • Uses CloudFormationInclude to import existing ASEA CloudFormation stacks
  • Maps ASEA resource logical IDs to LZA resource types
  • Supports nested stack imports

ASEA Resource Handlers⚓︎

Specialized handlers for each resource type:

Handler Resources
VpcResources VPCs, subnets, route tables, security groups, NAT gateways, IGWs, TGW attachments, NACLs, Network Firewall
Lambda Lambda functions, IAM roles/policies, Step Functions, EventBridge rules
Other handlers IAM, KMS, S3, CloudWatch, etc.

Resource Deletion⚓︎

  • Supports marking ASEA resources for deletion when they're no longer needed
  • Handles nested stack resource deletion
  • Manages deletion ordering to avoid dependency issues

SSM Parameters⚓︎

  • Creates SSM parameters for imported resources so downstream LZA stacks can reference them
  • Manages dependencies between SSM parameter creation

Key Code Paths⚓︎

Component File
Stack class accelerator/lib/stacks/import-asea-resources-stack.ts
VPC resource handler accelerator/lib/asea-resources/vpc-resources.ts
Lambda resource handler accelerator/lib/asea-resources/lambda.ts
Resource mapping utils accelerator/utils/app-utils.ts → writeImportResources()

How It Works⚓︎

  1. ASEA resource mappings are loaded from S3 (generated by a separate mapping tool)
  2. ImportAseaResourcesStack.init() loads the CloudFormation templates
  3. Each resource handler processes its resource types, updating properties to match LZA conventions
  4. SSM parameters are created for each imported resource
  5. Subsequent LZA stacks can then manage these resources normally

Important Notes⚓︎

  • ASEA import is a one-time migration process
  • After import, resources are managed by standard LZA stacks
  • The post-import-asea-resources stage handles cleanup after initial import