Skip to content

CDK

Prerequisites

  • Follow this getting started with CDK guide
  • Make sure your AWS account and machine can deploy an AWS Cloudformation stack and have all the tokens and configuration as described in the page above.
  • CDK Best practices blog
  • Lambda layers best practices blog

CDK Deployment

alt_text

All CDK project files can be found under the CDK folder.

The CDK code create an API GW with a path of /api/orders which triggers the lambda on 'POST' requests.

The AWS Lambda handler uses a Lambda layer optimization which takes all the packages under the [packages] section in the Pipfile and downloads them in via a Docker instance.

This allows you to package any custom dependencies you might have.

In order to add a new dev dependency, add it to the Pipfile under the [tool.poetry.dependencies] section and run poetry update -vvv.

In order to add a new Lambda runtime dependency, add it to the Pipfile under the [tool.poetry.dependencies] section and run poetry update -vvv.

CDK Constants

All ASW Lambda function configurations are saved as constants at the cdk.my_service.constants.py file and can easily be changed.

  • Memory size
  • Timeout in seconds
  • Lambda dependencies build folder location
  • Lambda Layer dependencies build folder location
  • Various resources names
  • Lambda function environment variables names and values

Deployed Resources

  • AWS Cloudformation stack: cdk.my_service.service_stack.py which is consisted of one construct
  • Construct: cdk.my_service.api_construct.py which includes:
    • Lambda Layer - deployment optimization meant to be used with multiple handlers under the same API GW, sharing code logic and dependencies. You can read more about it here.
    • Lambda Function - The Lambda handler function itself. Handler code is taken from the service folder.
    • Lambda Role - The role of the Lambda function.
    • API GW with Lambda Integration - API GW with a Lambda integration POST /api/orders that triggers the Lambda function.
    • AWS DynamoDB table - stores request data. Created in its own construct: api_db_construct.py

Infrastructure CDK & Security Tests

Under tests there is an infrastructure folder for CDK & security infrastructure tests.

The first test, 'test_cdk' uses CDK's testing framework which asserts that required resources exists so the application will not break anything upon deployment.

The second test, 'test_cdk_nag' checks your cloudformation output for security best practices. For more information click here.

Last update: 2023-03-22