Version control your infrastructure is not a dream


  • IaC infrastructure as code, provisioning and managing your cloud resources by writing a template file that is both human readable, and machine consumable
  • AWS CDK (AWS Cloud Development Kit) is a software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation.
  • Constructs
    • Constructs are the basic building blocks of AWS CDK apps.
    • A construct represents a “cloud component” and encapsulates everything AWS CloudFormation needs to create the component
    • A construct can represent
      • a single resource, such as an Amazon S3 bucket
      • or a higher-level component consisting of multiple AWS resources
    • Initialize a construct takes 3 parameters
      • Scope the scope in which this construct is created, usually pass this means current scope
      • id serves as a namespace, used to calculate the CloudFormation Logical ID
      • Props, a set of properties. if all props elements are optional, you can leave out the props parameter completely. E.g., lambda.Function construct accepts properties like runtime, code and handler
  • AWS Construct Library has 3 levels
    1. Bottom level: CFN Resources. (AWS CloudFormation-only) (L1)
      • These constructs directly represent all resources available in AWS CloudFormation.
      • They are named CfnXyz, where Xyz is name of the resource
      • When you use Cfn resources, you must explicitly configure all resource properties, which requires a complete understanding of the details of the underlying AWS CloudFormation resource model.
    2. Higher level: AWS constructs, intent-based API.
      • provide the defaults, boilerplate, and glue logic you’d be writing yourself with a CFN Resource construct.
    3. even higher-level constructs, which we call patterns.
      • designed to help you complete common tasks in AWS, often involving multiple kinds of resources
      • e.g., The aws-apigateway.LambdaRestApi construct represents an Amazon API Gateway API that’s backed by an AWS Lambda function.
  • Composition
    • Composition lets you define reusable components and share them like any other code.
  • Stack
    • The unit of deployment in the AWS CDK is called a stack.
    • All AWS resources defined within the scope of a stack, either directly or indirectly, are provisioned as a single unit.
    public class MyFirstStack extends Stack {
        public MyFirstStack(final Construct scope, final String id) {
            this(scope, id, null);
        public MyFirstStack(final Construct scope, final String id, final StackProps props) {
            super(scope, id, props);
            new Bucket(this, "MyFirstBucket");
  • Nested stacks
    • When you apply template changes to update a top-level stack, CloudFormation updates the top-level stack and initiates an update to its nested stacks. CloudFormation updates the resources of modified nested stacks, but does not update the resources of unmodified nested stacks.
    • Furthermore, this stack will not be treated as an independent deployment artifact (won’t be listed in “cdk list” or deployable through “cdk deploy”), but rather only synthesized as a template and uploaded as an asset to S3.
    • parent stacks v.s nested stacks: Nested stacks are bound to their parent stack and are not treated as independent deployment artifacts; they are not listed by cdk list nor can they be deployed by cdk deploy.
  • App
    • To define the previous stack within the scope of an application, use the App construct.
    • It’s the only construct that can be used as a root for the construct tree
    • You would normally define an App instance in your program’s entrypoint, then define constructs where the app is used as the parent scope.
    • After all the child constructs are defined within the app, you should call app.synth() which will emit a “cloud assembly” from this app into the directory specified by outdir. Cloud assemblies includes artifacts such as CloudFormation templates and assets that are needed to deploy this app into the AWS cloud.
    App app = new App();
    new MyFirstStack(app, "hello-cdk");
  • App lifecycle
    1. Construction (or Initialization)
      • Most of your app code is executed in this stage
      • all of the constructs (app, stacks, and their child constructs) are instantiated and the constructor chain is executed
    2. Preparation
      • All constructs that have implemented the prepare method
      • It’s rare to need to use the “prepare” hook, and generally not recommended.
    3. Validation
      • All constructs that have implemented the validate method
    4. Synthesis
      • final stage of the execution of your AWS CDK app. app.synth()
      • In most cases, you won’t need to implement the synthesize method
    5. Deployment
      • It uploads assets to Amazon S3 and Amazon ECR and then starts an AWS CloudFormation deployment to deploy the application and create the resources.
  • Cloud assemblies
    • The call to app.synth() is what tells the AWS CDK to synthesize a cloud assembly from an app.
    • Typically you don’t interact directly with cloud assemblies.
    • They are files that include everything needed to deploy your app to a cloud environment. For example, it includes an AWS CloudFormation template for each stack in your app, and a copy of any file assets or Docker images that you reference in your app.
  • Environments
    • Each Stack instance in your AWS CDK app is explicitly or implicitly associated with an environment (env).
    • An environment is the target AWS account and AWS Region into which the stack is intended to be deployed.
    • For production stacks, we recommend that you explicitly specify the environment for each stack in your app using the env property.
    const envEU  = { account: '2383838383', region: 'eu-west-1' };
    const envUSA = { account: '8373873873', region: 'us-west-2' };
    new MyFirstStack(app, 'first-stack-us', { env: envUSA });
    new MyFirstStack(app, 'first-stack-eu', { env: envEU });

CDK Pros n Cons


  • FREE!!!
  • Support Java and Typescript
  • IaC (Infrastructure as Code)
  • Version Control your infrastructure
  • Tired of CloudFormation Yaml or AWS CLI
  • The benefit of Iac
    • Visibility, both resource and parameteres
    • Stability, version control, avoid breaking things
    • Scalability, write it once and reuse it many times, scale horizontally easy
    • Security, create one well secured architecture, reuse it often
    • Transactional, roll back gracefully on failure


Limitations of AWS CloudFormation

  • Each AWS CloudFormation template can have at most:
    • 500 resources
    • 200 parameters
    • 200 mappings
    • 200 outputs
  • AWS CloudFormation resource name max length 255 characters
  • AWS CloudFormation stack maximum 200

Common Commands

  1. Install aws-cdk

     npm install -g aws-cdk
     npm update -g aws-cdk
     cdk --version
  2. Useful commands

    • mvn package compile and run tests
    • cdk ls list all stacks in the app
    • cdk synth emits the synthesized CloudFormation template
    • cdk deploy deploy this stack to your default AWS account/region
    • cdk diff compare deployed stack with current state
    • cdk docs open CDK documentation
  3. First app

mkdir cdk-workshop && cd cdk-workshop
cdk init sample-app --language java

cdk synth # generate an AWS CloudFormation template for each stack defined in your application.

cdk bootstrap # install the bootstrap stack into an environment:

mvn package
cdk deploy

# To list all the stacks in an AWS CDK app
cdk ls


Create a static website on S3


CDK pipelines CICD

The CDK Pipelines construct makes that proccess easy and streamlined from within your existing CDK infrastructure design.


Tags: ,