Getting started

Up and running in four commands

Three tools required: AWS CLI v2, Terraform 1.5+, and jq. Works on the Bash that ships with macOS (3.2+). Install everything at once on macOS: brew install awscli terraform jq. Clone the repo, run a dry-run, export your estate, then populate all service directories at once.

Quickstart

Up and running in four commands

Three tools required: AWS CLI v2, Terraform 1.5+, and jq. All AWS API calls automatically retry on throttling with exponential back-off.

1

Clone the repo

Clone and make all scripts executable.

git clone https://github.com/andrewbakercloudscale/cloudtorepo.git
cd cloudtorepo
chmod +x cloudtorepo.sh reconcile.sh drift.sh run.sh report.sh import.sh
2

Dry-run to preview resource counts

Scan without writing any files. Shows resource counts per service before you commit to a full export.

./cloudtorepo.sh \
  --regions "us-east-1" \
  --services "ec2,vpc,rds" \
  --dry-run
3

Export with S3 remote state

Full export across regions and services. --state-bucket writes a ready-to-init backend.tf in each service directory. --parallel 5 scans five services simultaneously.

./cloudtorepo.sh \
  --regions "us-east-1,eu-west-1" \
  --services "ec2,eks,rds,s3,vpc" \
  --state-bucket my-tf-state-prod \
  --parallel 5 \
  --output ./tf-output
4

Named AWS profile (optional)

Pass any named profile from ~/.aws/config. Works alongside --role for cross-account sweeps; the profile authenticates the base caller, the role is assumed per account.

./cloudtorepo.sh \
  --profile prod-readonly \
  --regions "eu-west-1" \
  --services "ec2,vpc,rds,eks" \
  --output ./tf-output
5

Filter by tags (optional)

Only imports resources that carry the specified tags. Uses the Resource Groups Tagging API with no extra setup required beyond the tags themselves.

./cloudtorepo.sh \
  --regions "us-east-1" \
  --tags "Env=prod,Team=sre" \
  --output ./tf-output
6

Resume a partial scan (optional)

Skips account/region/service combinations already written to the output directory. Safe to run again after a network interruption or timeout.

./cloudtorepo.sh \
  --regions "us-east-1,eu-west-1" \
  --output ./tf-output \
  --resume
7

Populate all service directories at once

Runs terraform init + terraform plan -generate-config-out=generated.tf in every service directory. Review generated.tf, remove computed attributes, and commit.

./run.sh --output ./tf-output