Skip to content

CDK

Prerequisites

  • Follow this getting started with CDK guide
  • Make sure your AWS account and machine can deploy an AWS Cloudformation stack and have all the tokens and configuration as described in the page above.
  • CDK Best practices blog
  • Lambda layers best practices blog

CDK Deployment

alt_text

All CDK project files can be found under the CDK folder.

The CDK code create an API GW with a path of /api/orders which triggers the lambda on 'POST' requests.

The AWS Lambda handler uses a Lambda layer optimization which takes all the packages under the [packages] section in the Pipfile and downloads them in via a Docker instance.

This allows you to package any custom dependencies you might have.

In order to add a new dev dependency, add it to the Pipfile under the [tool.poetry.dependencies] section and run poetry update -vvv.

In order to add a new Lambda runtime dependency, add it to the Pipfile under the [tool.poetry.dependencies] section and run poetry update -vvv.

CDK Constants

All AWS Lambda function configurations are saved as constants at the cdk.service.constants.py file and can easily be changed.

  • Memory size
  • Timeout in seconds
  • Lambda dependencies build folder location
  • Lambda Layer dependencies build folder location
  • Various resources names
  • Lambda function environment variables names and values

Deployed Resources

  • AWS Cloudformation stack: cdk.service.service_stack.py which is consisted of one construct
  • Construct: cdk.service.api_construct.py which includes:
    • Lambda Layer - deployment optimization meant to be used with multiple handlers under the same API GW, sharing code logic and dependencies. You can read more about it here.
    • Lambda Function - The Lambda handler function itself. Handler code is taken from the service folder.
    • Lambda Role - The role of the Lambda function.
    • API GW with Lambda Integration - API GW with a Lambda integration POST /api/orders that triggers the Lambda function.
    • AWS DynamoDB table - stores request data. Created in the api_db_construct.py construct.
    • AWS DynamoDB table - stores idempotency data. Created in the api_db_construct.py construct.
  • Construct: cdk.service.configuration.configuration_construct.py which includes:
    • AWS AppConfig configuration with an environment, application, configuration and deployment strategy. You can read more about it here.

Infrastructure CDK & Security Tests

Under tests there is an infrastructure folder for CDK infrastructure tests.

The first test, test_cdk uses CDK's testing framework which asserts that required resources exists so the application will not break anything upon deployment.

The security tests are based on cdk_nag. It checks your cloudformation output for security best practices. It can be found in the service_stack.py as part of the stack definition. It will fail the deployment when there is a security issue.

For more information click here.

Last update: 2023-11-17