Skip to main content

From Console Clicks to Code

Someone created resources through the AWS console? Azure portal? No problem. Cloudgeni scans your cloud accounts, finds unmanaged resources, and generates IaC code to bring them under version control.

Auto-Discovery

Scans AWS, Azure, GCP, OCI for all resources

AI Code Generation

Generates proper IaC for your stack

Relationship Mapping

Understands VPC → Subnet → Instance connections

One-Click Import

Creates PR with import blocks + resource code

How It Works

Scan

Cloudgeni discovers all resources in your cloud accounts

Select

Pick which resources to import (or select all unmanaged)

Generate

AI creates IaC matching your conventions

PR

Creates a pull request ready for review

What Gets Discovered

200+ resource types including:
  • EC2 instances, Auto Scaling groups
  • S3 buckets, EBS volumes
  • RDS databases, DynamoDB tables
  • VPCs, subnets, security groups
  • Lambda functions, API Gateways
  • IAM roles, policies, users

Resource States

Every resource gets tagged with its management state:
StateWhat It MeansIcon
DISCOVEREDExists in cloud, not in IaC
MANAGEDAlready in your IaC
DRIFTEDIn IaC but configs don’t match
Filter by DISCOVERED to find all the “ClickOps” resources that need to be imported.

Generated Code

Terraform

The AI generates complete, production-ready Terraform: 
# Import block (Terraform 1.5+)
import {
  to = aws_s3_bucket.application_logs
  id = "my-app-logs-prod-12345"
}

# Resource definition
resource "aws_s3_bucket" "application_logs" {
  bucket = "my-app-logs-prod-12345"

  tags = {
    Environment = "production"
    Team        = "platform"
    ManagedBy   = "terraform"
  }
}

# Related resources
resource "aws_s3_bucket_versioning" "application_logs" {
  bucket = aws_s3_bucket.application_logs.id
  versioning_configuration {
    status = "Enabled"
  }
}

resource "aws_s3_bucket_server_side_encryption_configuration" "application_logs" {
  bucket = aws_s3_bucket.application_logs.id
  rule {
    apply_server_side_encryption_by_default {
      sse_algorithm = "AES256"
    }
  }
}

Bicep

For Azure resources, native Bicep code: 
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
  name: 'myappstorageprod'
  location: 'eastus'
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
  properties: {
    minimumTlsVersion: 'TLS1_2'
    supportsHttpsTrafficOnly: true
    allowBlobPublicAccess: false
    encryption: {
      services: {
        blob: {
          enabled: true
        }
      }
      keySource: 'Microsoft.Storage'
    }
  }
}

Smart Relationships

Cloudgeni understands how resources connect: 
VPC
├── Subnet (public-1)
│   ├── EC2 Instance
│   │   ├── EBS Volume
│   │   └── Network Interface
│   └── NAT Gateway
├── Subnet (private-1)
│   └── RDS Instance
│       └── Security Group
└── Internet Gateway
When you import a resource, Cloudgeni can automatically include related resources. No more missing dependency errors.
RelationshipExample
ContainsVPC → Subnet → Instance
SecuresNSG → Subnet
AttachedEBS Volume → EC2 Instance
RoutesRoute Table → Internet Gateway

Import Workflow

Step 1: Run a Scan

  1. Go to Cloud Resources in the dashboard
  2. Select your cloud account
  3. Click Run Scan
  4. Wait for discovery to complete (usually 1-2 minutes)
  1. Filter by Status: DISCOVERED
  2. Optionally filter by resource type, region, or tags
  3. Review the list of unmanaged resources
  1. Check individual resources or use Select All
  2. Enable Include Related to grab dependencies
  3. Click Import Selected
SettingDescription
RepositoryWhere to put the generated code
PathDirectory within the repo
FormatYour IaC format (Terraform, Bicep, etc.)
  1. Review generated code in the preview
  2. Check for any warnings or suggestions
  3. Click Create Pull Request
  4. Merge in your Git provider

Best Practices

Start with Standalone Resources

Import S3 buckets, storage accounts, and IAM roles first. They usually have no dependencies.

Group Related Resources

Import a VPC with all its subnets, gateways, and route tables together.

Review Before Merge

Check for hardcoded values that should be variables. Look for sensitive data.

Run Terraform Plan

After merging, run terraform plan to verify no unexpected changes.
After importing: Run terraform plan to verify. You should see “No changes” if everything imported correctly.

Troubleshooting

IssueFix
Resource not showingRun a new scan. Check cloud account permissions.
Import failedVerify resource still exists. Check for required attributes.
Missing dependenciesEnable “Include Related Resources” option.
Code generation errorSome complex resources need manual tweaking. Check the logs.

Next Steps

AI DevOps

Use AI to modify imported resources

Configuration Drift

Detect when cloud drifts from IaC

Static Analysis

Scan imported code for security issues

Compliance

Check compliance on imported resources