AWS CDK | Bring the power of programming language to your IaC

Over the years things have changed a lot the way we deploy our infrastructure on AWS. We have come a long way from where we started. After Troposphere being stable for a long time AWS CDK has appeared on the scene. From my initial understanding I think this will become the way de facto.

So what is CDK?

Cloud Development Kit is a software development framework to define and manage AWS resources or Cloud infrastructure using modern imperative programming language like Java, C#, TypeScript, JavaScript & Python. By enabling us to use the programming language it gives us more control on what and how resources are created, deployed, updated and destroyed. It covers almost all good things that we lacked in our previous approaches. Multi account reference support, Organizations and support for few services are still missing though.

It drastically reduces the number of lines of code we have to write. It does so by using higher level Object Oriented abstractions. We write our language code and behind the scene it renders CFN template. A single line of CDK code might generate whole lot of YAML code. Its smarter. With a single line it assign access policies to a role for specific service and its dependent services. E.g. If we have a bucket with encryption and a Lambda role to access it. Then it will add both bucket access and KMS key access policy to the role. Traditionally we have to specifically write it.


Similar abstraction has been added for subscribing to a topic and many other resource actions. This kind of reminds me of the below image.

CDK has autocomplete feature. This I like because I have gone through the pain of referring AWS documentation for Cloudformation. CDK also has asset helpers to define how we want to deal with S3 buckets, local files and Docker files. These are used to give Lambda code from S3, docker file to task definition, and metadata to EC2s.

CDK project LifeCycle:

CDK Project hierarchy:

APP: Root of the project. It deploys the Stack.

STACK: Single deployable unit of CDK App

Construct: AWS Resource representation a) High Level (Library like VPC or Custom one with multiple resources) b) Low level[CfnResources] (Like subnets / Gateways)

Environment: Target Account and region in which the stack will be deployed. It deploys the Stack. If we don’t specify it, explicitly, then it will try to resolve from the cli profile. Best practice is to set it explicitly. In python we have below syntax to assign ACCOUNT and REGION to the stack.

new MyStack(app, { env: { region: ‘REGION', account: 'ACCOUNT' } });

One APP can have stacks for multiple account and region and we can deploy them one by one. Each stack is comprised of either Library constructs (High level or custom one) or they can have low level constructs (CfnResources). This is similar to Composition concept of OOP. Also these constructs and libraries are reusable across stack. Like we can have a custom library with a Logging service (CloudTrail, Lambda, DynamoDB) which can be used in multiple stacks by providing a contract between communicating pieces. Like creating an interface and asking for a property which will be referenced.

Lets see how CDK for python is used.

#1. npm install -g aws-cdk
mkdir blogdemo && cd blogdemo
cdk init — language python
source .env/bin/activate
pip install -r requirements.txt

#1 — This installs aws-cdk in our system. This is a npm package.

#2 — We create our folder and switch to it

#3 — Here we are initializing the cdk project. Its similar to git init. This command creates necessary language specific setup. This generates the skeleton of the project.

#4 — In previous command cdk created a virtual environment for us to use. Here we just activate it. (virtualenv gives us an sandbox environment)

#5 — Here we install all the packages in virtual environment. All packages are installed like below.

At this point we will see a project structure as below.

There are files worth having a look are:

blogdemo_stack.pyThis stores the content of our stack
app.pyEntry or main of application
setup.pyIn this we will enter all the packages that we will use
cdk.jsonIt stores configuration. It tells the CDK Toolkit how to execute app.

What I am trying to create is a S3 bucket and a lambda function which is listening for any new file in the bucket and it will log the file metadata. So let us see the content of file.

Here I needed three packages aws_s3, aws_lambda, aws_s3_notifications. Way to do is just mention these in the file.

once we have entered the package name we save the file and run

pip install -r requirements

We are almost done. We run below command to store the CFN in local file system.

cdk synth > demoblog.yaml

We can also see what is going to be deployed with this app using below command.

cdk diff

The above image shows us a nice table of resources that is going to be created. Lets deploy this.

cdk deploy

Once it is done we can see a new file under cdk.out folder. Content of that file is as below.

As we see the 22 lines of CDK code rendered 226 lines of JSON. One thing I found interesting that CDK does not stores the YAML/JSON in any of our S3 buckets. For production cases we will need this for versioning. I guess in future releases it will be there. Below is the lifecycle of an App in CDK.

Clean up time.

cdk destroy

Above commands are similar to Cloudformation’s apis like(list-change-sets, describe-change-set, create-change-set, delete-change-set, execute-change-set).

Hope this was useful.

Cloud | ML | Big Data

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store