I 🔨 things. Interested in plain text productivity (ObsidianMD) & engineering. If you want to talk about this mail me.


how to manage infrastructure with CDK

This article describes how to manage infrastructure as code. An essential part of every application is the underlying infrastructure. The principles of simplicity, automation & abstractions apply. Therefore I use the cdk to manage infrastructure with a programming language. This article doesn't contains any code snippets but links to the diff between the sample steps in the sample repository.

Check Prerequisits

Create CDK Project

mkdir cdk_workshop && cd cdk_workshop
cdk init sample-app --language python

chore: init cdk

Activating the Virtualenv & Install Dependencies

source .venv/bin/activate
pip install -r requirements.txt

Login to Aws & Cdk Bootstrap

  • create credentials with adminaccess to bootstrap cdk, setup credentials on your machine
  • The first time you deploy an AWS CDK app into an environment (account/region), install a “bootstrap stack”. The CDK CLI requires you to be in the same directory as your cdk.json file!
export AWS_ACCESS_KEY_ID=$(bw get username xxx)
export AWS_SECRET_ACCESS_KEY=$(bw get password xxx)
cdk bootstrap

Implement Infrastructure

Clean up the Stack

Remove all default resources from the CdkWorkshopStack constructor in cdk_workshop/cdk_workshop_stack.py

chore: remove sample code from stack

Implement Code and Use Level 2/3 Contructs (Add an AWS Lambda Function to Your Stack)

This example implements a lambda function. Create a folder & file cdk_workshop/lambdas/hello.py . Further add an external dependency e.g. import boto3 to the function. Install with pip install boto3. This requires that we add a cdk_workshop/lambdas/requirement.txt. Otherwise cdk won't build and include the depedencies. Then add a lambda construct to the stack in cdk_infra/cdk_infra_stack.py. This uses a level 2 construct you need to add with pip install aws_cdk.aws_lambda_python_alpha pip && pip freeze > requirements.txt . And then add a cron trigger.

feat: add lambda function with dependencies

Else you'll face:

Deploy to Environment

Save your code, and let’s take a quick look at the diff before we deploy:

cdk diff
# after you validated the changes run:
cdk deploy

Test the Lambda

Test the function with an artifical event in the ui.

Redeploy (only in development!)

  • Use cdk deploy in production to upload the complete cloudformation stack and all the assets.
  • Use cdk deploy --hotswap To be faster during development(!) use to only update the assets and the resources directly through the aws service apis, not the stack.
  • cdk watch monitors your code and assets for changes and attempts to perform a deployment automatically when a change is detected. CDK watch uses the cdk.json to identify the excluded and included files.

Add Cron Job

add an eventbridge cron job that triggers the lambda function everyday at UTC 8:00.

feat: add cron job for lambda function

Store Credentials Securly Using SSM

This requires to create SSM entry. Currently I need to create them in the UI for secret strings. Then use boto3 from the function to access the ssm. Further you need to attach a policy to the lambda that allows the lambda function to access this SSM value.

feat: get values from SSM

Build Own Contstructs

Footnotes & Resources

  • https://thecdkbook.com/
    • https://aws-blog.de/2022/01/the-cdk-book-the-missing-go-code-examples.html
    • https://www.freetutorialsus.com/infrastructure-as-code-master-aws-cloud-development-kit-cdk/ / https://tutsnode.com/infrastructure-as-code-master-aws-cloud-development-kit-cdk/
  • https://www.youtube.com/watch?v=T-H4nJQyMig