The AWS CDK is a software development framework to define cloud infrastructure as code and provision it through CloudFormation. The CDK integrates fully with AWS services and offers a higher-level object-oriented abstraction to define AWS resources imperatively. The CDK improves your end-to-end development experience because you get to use the power of modern programming languages to define your AWS infrastructure in a predictable and efficient manner.” You can build test and deploy a true Infrastructure as a Code architecture using Typescript. make Reusable code and enjoy the code completion feature of IDE’s to create your cloud Infrastructure.

1. Building Infrastructure as
Code with Typescript and
AWS CDK
by Andrea Valentini & Cristian Valeri

2. Agenda
● DevOps
● Infrastructure as Code
● AWS CDK
● Costrutti
● App & Stack
● Env, Assets & ACL

3. about me

5. Perchè DevOps?

6. Perchè DevOps atto 2

7. DevOps: Un po’ Dev un po’ Ops?
Definizione Wikipedia: “In informatica DevOps (dalla contrazione
inglese di development, "sviluppo", e operations, qui simile a "messa
in produzione" o "deployment") è un metodo di sviluppo del software
che punta alla comunicazione, collaborazione e integrazione tra
sviluppatori e addetti alle operations della information technology
(IT). DevOps vuole rispondere all'interdipendenza tra sviluppo
software e IT operations, puntando ad aiutare un'organizzazione a
sviluppare in modo più rapido ed efficiente prodotti e servizi
software.”

8. “DevOps is not a new technology or a product, it's an
approach or culture of software development that seeks
stability and performance at the same time that it speeds
software deliveries to the business”
- Andi Mann - CA Technologies -

9. DevOps significa:
Essere organizzati, responsabili, coinvolti e
collaborativi.
Avere servizi IT sempre più automatizzati =
risorse più libere da lavori ripetitivi (ma
necessari)
Impiegare meglio il tempo e concentrarsi sulla
progettazione del software e delle
infrastrutture

10. DevOps or not DevOps?
● Chi si occupa di mantenere il software deve essere considerato un “first class
citizen”
● Considerare sempre un “Developer On Call” che affiancherà chi mantiene
l’applicazione se necessario.
● Attivare processi di Continous Integration e Continous Delivery. Minore
intervento umano significa minore rischio di errore.
● Ridurre le barriere di comunicazione tra team di sviluppo e sistemisti
● Automatizzare quanto piu’ possibile il bug fixing sui sistemi
● Monitorare in maniera efficiente tutte le componenti aziendali per ridurre gli
errori

11. ...evitando che...

12. Processi a confronto

13. DevOps = Cambiamento
Comunicazione
Condivisione Obiettivi
Collaborazione
Rispetto e Fiducia
“Mettersi insieme è un inizio, rimanere insieme è un progresso, lavorare insieme un
successo.” - Henry Ford

14. Thank You

15. about me

16. INFRASTRUCTURE AS CODE

17. Infrastructure as Code
“is the process of managing and provisioning
computer data centers through machine-
readable definition files, rather than physical
hardware configuration or interactive
configuration tools.”

18. Infrastructure as Code
1. Ottimizzazione dei costi:
elimina la componente manuale del deployment, riducendo il numero di persone necessarie al
completamento dei task .
2. Maggiore velocità di deploy
permette di effettuare velocemente il deployment di macchine identiche ad altre già definite in
precedenza.
3. Riduzione dei rischi
separare la definizione delle best practices e delle caratterisitiche ”fisiche” dalla fase di
deployment riduce i rischi derivanti da errate configurazioni sia per eventuali
malfunzionamenti che per problemi di sicurezza.
4. Controllo di consistenza
permette di controllare e nel caso forzare la compliance della configurazione di una macchina
con uno standard ben definito.

20. AWS Cloudformation

24. AWS CDK (Cloud Development Kit)

25. AWS CDK: Requirements
$ pip3 install awscli --upgrade --user
$ npm install -g typescript@latest
$ npm install -g aws-cdk
$ cdk init sample-app --language
typescript

26. CDK Construct Library

27. Composizione

28. Usare i Costrutti
import s3 = require('@aws-cdk/aws-s3');
// ...
new s3.Bucket(this, 'MyFirstBucket', {
versioned: true,
encryption: s3.BucketEncryption.KMS,
websiteIndexDocument: 'index.html'
});
// ...

29. Usare i Costrutti
const rawData = new s3.Bucket(this,
'raw-data');
const dataScience = new iam.Group(this,
'data-science');
rawData.grantRead(dataScience);

30. Usare i Costrutti
const jobsQueue = new sqs.Queue(this, 'jobs');
const createJobLambda = new lambda.Function(this,
'create-job', {
runtime: lambda.Runtime.NODEJS_8_10,
handler: 'index.handler',
code:
lambda.Code.fromAsset('./create-job-lambda-code'),
environment: {
QUEUE_URL: jobsQueue.queueUrl
}
});

31. Creare Costrutti
export interface NBProps {
prefix?: string;
}
export class NotifyingBucket extends Construct {
constructor(scope: Construct, id: string, props:
NBProps = {}) {
super(scope, id);
const bucket = new s3.Bucket(this, 'bucket');
this.topic = new sns.Topic(this, 'topic');
bucket.addObjectCreatedNotification(topic, { prefix:
props.prefix });
}
}

32. Creare Costrutti
const queue = new sqs.Queue(this,
'NewImagesQueue');
const images = new NotifyingBucket(this,
'Images');
images.topic.addSubscription(new
sns_sub.QueueSubscription(queue));

33. App & Stack

34. App & Stack - Stack
class MyFirstStack extends Stack {
constructor(scope: Construct, id:
string, props: StackProps){
super(scope, id, props);
new s3.Bucket(this, 'MyFirstBucket');
}
}

35. App & Stack - Stack
class ControlPlane extends Stack {}
class Dataplane extends Stack {}
class Monitoring extends Stack {}
class MyService extends cdk.Construct {
constructor(scope: Construct, id: string, props?: EnvProps)
{
super(scope, id);
new ControlPlane(this, "cp", {});
new Dataplane(this, "data", {});
new Monitoring(this, "mon", {});
}
}

36. App & Stack - Stack
const app = new cdk.App();
new MyService(app, "beta");
new MyService(app, "prod",
{
prod: true
});
app.synth();
$ cdk ls
betacpDA8372D3
betadataE23DB2BA
betamon632BD457
prodcp187264CE
proddataF7378CE5
prodmon631A1083

37. App & Stack - Stack
const prod = { account: '123456789012', region:
'us-east-1' };
const stack1 = new StackThatProvidesABucket(app,
'Stack1' , { env: prod });
// stack2 will take a property { bucket: IBucket }
const stack2 = new StackThatExpectsABucket(app,
'Stack2', {
bucket: stack1.bucket,
env: prod
});

38. App & Stack - Importing External Resources
Bucket.fromName(this, 'Bucket', 'my-bucket-name');
Bucket.fromArn(this, 'Bucket',
'arn:aws:s3:::my-bucket-name');
// Construct a resource by giving more than one
attribute Resource.fromAttributes(this,
'MyResource', {
resourceName: 'booh',
vpc: vpc
});

39. App & Stack - App
class MyApp extends App {
constructor() {
new MyFirstStack(this, 'hello-cdk');
}
}
new MyApp().synth();

40. App & Stack - App LifeCycle

41. Assets
import { Asset } from '@aws-cdk/aws-s3-assets';
// Archived and uploaded to Amazon S3 as a .zip file
const directoryAsset = new Asset(this,
"SampleZippedDirAsset", {
path: path.join(__dirname, "sample-asset-directory")
});
// Uploaded to Amazon S3 as-is
const fileAsset = new Asset(this, 'SampleFileAsset', {
path: path.join(__dirname, 'file-asset.txt')
});

42. Assets
import {Stack, Construct, StackProps } =
require('@aws-cdk/core');
import lambda = require('@aws-cdk/aws-lambda');
export class HelloAssetStack extends Stack {
constructor(scope: Construct, id: string, props?:StackProps) {
super(scope, id, props);
new lambda.Function(this, 'myLambdaFunction', {
code: lambda.Code.asset(path.join(__dirname, 'handler')),
runtime: lambda.Runtime.NODE,
handler: 'index.handler'
});
}
}

43. Permessi e ACL
import iam = require('@aws-cdk/aws-iam');
const role = new iam.Role(this, 'Role', {
assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),});
const policy = new iam.PolicyStatement({
effect: iam.Effect.DENY,
resources: [bucket.bucketArn, otherRole.roleArn],
actions: ['ec2:SomeAction', 's3:AnotherAction'],
conditions: {StringEquals: {
'ec2:AuthorizedService': 'codebuild.amazonaws.com',
}}});
role.addToPolicy(policy);

44. ENV
const envEU = { account: '2383838383',
region: 'eu-west-1' };
const envUSA = { account: '8373873873',
region: 'us-west-1' };
new MyFirstStack(this, 'first-stack-us', {
env: envUSA, encryption: false });
new MyFirstStack(this, 'first-stack-eu', {
env: envEU, encryption: true });

45. ENV
new MyStack(this, 'dev', {
env: {
account:
process.env.CDK_DEFAULT_ACCOUNT
region:
process.env.CDK_DEFAULT_REGION
}});

46. Info & Resources
● Construct Library API Reference:
https://docs.aws.amazon.com/cdk/api/latest/docs/a
ws-construct-library.html
● CDK Examples:
https://github.com/aws-samples/aws-cdk-examples

48. Thank You