Skip to content

CDK

Prerequisites

  • Follow this getting started with CDK guide
  • Make sure your AWS account and machine can deploy an AWS Cloudformation stack and have all the tokens and configuration as described in the page above.
  • CDK Best practices blog
  • Lambda layers best practices blog

CDK Deployment

alt_text

All CDK project files can be found under the CDK folder.

The CDK code create an API GW with a path of /api/orders which triggers the lambda on 'POST' requests.

The AWS Lambda handler uses a Lambda layer optimization which takes all the packages under the [packages] section in the Pipfile and downloads them in via a Docker instance.

This allows you to package any custom dependencies you might have.

In order to add a new dev dependency, add it to the Pipfile under the [tool.poetry.dependencies] section and run poetry update -vvv.

In order to add a new Lambda runtime dependency, add it to the Pipfile under the [tool.poetry.dependencies] section and run poetry update -vvv.

CDK Constants

All AWS Lambda function configurations are saved as constants at the cdk.service.constants.py file and can easily be changed.

  • Memory size
  • Timeout in seconds
  • Lambda dependencies build folder location
  • Lambda Layer dependencies build folder location
  • Various resources names
  • Lambda function environment variables names and values

Deployed Resources

  • AWS Cloudformation stack: cdk.service.service_stack.py which is consisted of one construct
  • Construct: cdk.service.api_construct.py which includes:
    • Lambda Layer - deployment optimization meant to be used with multiple handlers under the same API GW, sharing code logic and dependencies. You can read more about it here.
    • Lambda Function - The Lambda handler function itself. Handler code is taken from the service folder.
    • Lambda Role - The role of the Lambda function.
    • API GW with Lambda Integration - API GW with a Lambda integration POST /api/orders that triggers the Lambda function.
    • AWS DynamoDB table - stores request data. Created in the api_db_construct.py construct.
    • AWS DynamoDB table - stores idempotency data. Created in the api_db_construct.py construct.
  • Construct: cdk.service.configuration.configuration_construct.py which includes:
    • AWS AppConfig configuration with an environment, application, configuration and deployment strategy. You can read more about it here.

Infrastructure CDK & Security Tests

Under tests there is an infrastructure folder for CDK infrastructure tests.

The first test, test_cdk uses CDK's testing framework which asserts that required resources exists so the application will not break anything upon deployment.

The security tests are based on cdk_nag. It checks your cloudformation output for security best practices. It can be found in the service_stack.py as part of the stack definition. It will fail the deployment when there is a security issue.

For more information click here.

Deployed Resources

In the picture below you can see all the deployed resources ordered into domain groups. The image was created with the IDE plugin of AWS Application Composer.

alt_text