CDK
Prerequisites¶
- Follow this getting started with CDK guide
- Make sure your AWS account and machine can deploy an AWS Cloudformation stack and have all the tokens and configuration as described in the page above.
- CDK Best practices blog
- Lambda layers best practices blog
CDK Deployment¶
All CDK project files can be found under the CDK folder.
The CDK code create an API GW with a path of /api/orders which triggers the lambda on 'POST' requests.
The AWS Lambda handler uses a Lambda layer optimization which takes all the packages under the [packages] section in the Pipfile and downloads them in via a Docker instance.
This allows you to package any custom dependencies you might have.
In order to add a new dev dependency, add it to the Pipfile under the [tool.poetry.dependencies] section and run poetry update -vvv
.
In order to add a new Lambda runtime dependency, add it to the Pipfile under the [tool.poetry.dependencies] section and run poetry update -vvv
.
CDK Constants¶
All AWS Lambda function configurations are saved as constants at the cdk.service.constants.py
file and can easily be changed.
- Memory size
- Timeout in seconds
- Lambda dependencies build folder location
- Lambda Layer dependencies build folder location
- Various resources names
- Lambda function environment variables names and values
Deployed Resources¶
- AWS Cloudformation stack: cdk.service.service_stack.py which is consisted of one construct
- Construct: cdk.service.api_construct.py which includes:
- Lambda Layer - deployment optimization meant to be used with multiple handlers under the same API GW, sharing code logic and dependencies. You can read more about it here.
- Lambda Function - The Lambda handler function itself. Handler code is taken from the service
folder
. - Lambda Role - The role of the Lambda function.
- API GW with Lambda Integration - API GW with a Lambda integration POST /api/orders that triggers the Lambda function.
- AWS DynamoDB table - stores request data. Created in the
api_db_construct.py
construct. - AWS DynamoDB table - stores idempotency data. Created in the
api_db_construct.py
construct.
- Construct: cdk.service.configuration.configuration_construct.py which includes:
- AWS AppConfig configuration with an environment, application, configuration and deployment strategy. You can read more about it here.
Infrastructure CDK & Security Tests¶
Under tests there is an infrastructure
folder for CDK infrastructure tests.
The first test, test_cdk
uses CDK's testing framework which asserts that required resources exists so the application will not break anything upon deployment.
The security tests are based on cdk_nag
. It checks your cloudformation output for security best practices. It can be found in the service_stack.py
as part of the stack definition. It will fail the deployment when there is a security issue.
For more information click here.