ASEA Resource Handlers(link)
In order to accomplish upgrading from ASEA to LZA, the solution relies on a concept called ASEA Resource Handlers. These resource handlers utilize the CFN Include module to allow the LZA engine to manage ASEA resources in their original CloudFormation stacks. By using the CFN Include Module, the LZA application can modify certain properties of CloudFormation constructs. The current state of supported resources can be found in the table below:
| Resource Type | Resource Deletion Supported | Resource Update Supported | Modifiable Attributes | |
|---|---|---|---|---|
| Application Load Balancers | FALSE | FALSE | ||
| EC2 Firewall Instance (Fortinet) | FALSE | FALSE | ||
| ELB Target Group | FALSE | FALSE | ||
| IAM Groups | TRUE | TRUE | Group Name Managed Policy Arns | |
| IAM Managed Policies | TRUE | TRUE | Managed Policy Name Managed Policy Document | |
| IAM Roles | TRUE | TRUE | Permissions Boundary Managed Policy Arns Assume Role Policy Document Instance Profile | |
| IAM Users | TRUE | TRUE | Groups Permissions Boundary | |
| Internet Gateway (IGW) | FALSE | FALSE | ||
| ManagedAD | FALSE | FALSE | ||
| NACL Subnet Associations | FALSE | TRUE | NACL Id Subnet Id | |
| NAT Gateway | FALSE | TRUE | Subnet Id | |
| Network Firewall | TRUE | TRUE | Firewall Logging Configuration | |
| Network Firewall Policy | TRUE | FALSE | ||
| Network Firewall Rule Group | TRUE | FALSE | ||
| Route53 Hosted Zone | FALSE | FALSE | ||
| Route53 Query Logging Association | FALSE | FALSE | ||
| Route53 Record Set | FALSE | FALSE | ||
| Route53 Resolver Endpoint | FALSE | FALSE | ||
| Security Groups | FALSE | TRUE | Security Group Ingress Rules Security Group Egress Rules | |
| Shared Security Group | FALSE | FALSE | ||
| SSM Association | FALSE | FALSE | ||
| SSM Resource Data Sync | FALSE | FALSE | ||
| Subnets | FALSE | TRUE | Subnet CIDR Block Subnet Availability Zone Subnet Map Public IP on Launch | |
| Transit Gateway Associations | FALSE | FALSE | ||
| Transit Gateway Black Hole Routes | FALSE | FALSE | ||
| Transit Gateway Propagations | FALSE | FALSE | ||
| Transit Gateway Route Tables | FALSE | FALSE | ||
| Transit Gateway Routes | FALSE | FALSE | ||
| Transit Gateways | FALSE | TRUE | Amazon Side ASN Auto Accept Shared Attachments Default Route Table Associations Default Route Table Propagations DNS Support VPN ECMP Support | |
| Virtual Private Gateway | FALSE | TRUE | Amazon Side ASN | |
| VPC | FALSE | TRUE | CIDR Blocks Enable DNS Host Names Enable DNS Support Instance Tenancy | |
| VPC Endpoint | FALSE | FALSE | ||
| VPC Endpoint (Gateway) | FALSE | TRUE | Route Table Ids | |
| VPC Peering Connection | FALSE | FALSE |