Hi folks, I am an AWS n00b but I control 3 things that we need to migrate from a Facebook-owned account to an osquery-owned account (the one you all are setting up). I have never used terraform before, so I am unsure what can/should be represented as code. I can describe at a high level what we need to do for the migration based on my limited understanding. S3. We have a bucket

osquery-packages

on an FB account. We can create a

osquery-packages2

on the osquery account, then use the CLI to sync all of the data. Next we delete the

osquery-packages

bucket and quickly re-create it on the osquery account, and finally sync again from

osquery-packages2

to

osquery-packages

. Route53. We have our

<http://osquery.io|osquery.io>

zone hosted here. There is a zone-transfer process we can follow, I am least worried about this. ACM. I'll have to delete the existing TLS keys and then create new ones on the osquery account. I am pretty sure I know how to do this through the AWS UI. CloudFront. We have configuration for

<http://osquery.io|osquery.io>

to reverse proxy the GH pages, to reverse proxy the S3 bucket and create a

<http://pkg.osquery.io|pkg.osquery.io>

.

AWS article on transferring S3 buckets to another account: http://aws.amazon.com/premiumsupport/knowledge-center/copy-s3-objects-account/ Also a medium post on it: https://engineering.checkr.com/migrating-s3-buckets-across-aws-accounts-cd0087f50574

This is a good find, I will try to do this. In the event it does not work then I don't think it's a big deal to have AWS generate a new certificate.

Once the transfer is completed we can define the resource in terraform and use terraform import pointed at the resource to import the “live” state and then manage in code going further

Sounds like a good “plan”