This article describes how to manage infrastructure as code. An essential part of every application is the underlying infrastructure. The principles of simplicity, automation & abstractions apply. Therefore I use the cdk to manage infrastructure with a programming language. This article doesn't contains any code snippets but links to the diff between the sample steps in the sample repository.
- AWS CLI:
brew install awscli
- AWS Account and User (
brew install node
- AWS CDK Toolkit:
npm i -g aws-cdk
- Python: setup a python development environment
Create CDK Project
mkdir cdk_workshop && cd cdk_workshop cdk init sample-app --language python
Activating the Virtualenv & Install Dependencies
source .venv/bin/activate pip install -r requirements.txt
Login to Aws & Cdk Bootstrap
- create credentials with adminaccess to bootstrap cdk, setup credentials on your machine
- The first time you deploy an AWS CDK app into an environment (account/region), install a “bootstrap stack”. The CDK CLI requires you to be in the same directory as your
export AWS_ACCESS_KEY_ID=$(bw get username xxx) export AWS_SECRET_ACCESS_KEY=$(bw get password xxx) cdk bootstrap
Clean up the Stack
Remove all default resources from the
CdkWorkshopStack constructor in
Implement Code and Use Level 2/3 Contructs (Add an AWS Lambda Function to Your Stack)
This example implements a lambda function. Create a folder & file
cdk_workshop/lambdas/hello.py . Further add an external dependency e.g.
import boto3 to the function. Install with
pip install boto3. This requires that we add a
cdk_workshop/lambdas/requirement.txt. Otherwise cdk won't build and include the depedencies. Then add a lambda construct to the stack in
cdk_infra/cdk_infra_stack.py. This uses a level 2 construct you need to add with
pip install aws_cdk.aws_lambda_python_alpha pip && pip freeze > requirements.txt .
And then add a cron trigger.
Else you'll face:
Save your code, and let’s take a quick look at the diff before we deploy:
cdk diff # after you validated the changes run: cdk deploy
Test the Lambda
cdk deployin production to upload the complete cloudformation stack and all the assets.
cdk deploy --hotswapTo be faster during development(!) use to only update the assets and the resources directly through the aws service apis, not the stack.
cdk watchmonitors your code and assets for changes and attempts to perform a deployment automatically when a change is detected. CDK watch uses the
cdk.jsonto identify the excluded and included files.
Add Cron Job
add an eventbridge cron job that triggers the lambda function everyday at UTC 8:00.
Store Credentials Securly Using SSM
This requires to create SSM entry. Currently I need to create them in the UI for secret strings. Then use boto3 from the function to access the ssm. Further you need to attach a policy to the lambda that allows the lambda function to access this SSM value.
Build Own Contstructs
Footnotes & Resources
- https://www.freetutorialsus.com/infrastructure-as-code-master-aws-cloud-development-kit-cdk/ / https://tutsnode.com/infrastructure-as-code-master-aws-cloud-development-kit-cdk/