The document discusses Infrastructure as Code (IaC) and the use of the AWS Cloud Development Kit (CDK) for managing cloud resources. It contrasts declarative and imperative programming approaches, highlights challenges with resource management, and introduces CDK features such as constructs and libraries for efficient and reusable cloud infrastructure. The document emphasizes best practices, security, and community sharing of constructs while noting that CDK is still in beta and has limitations.

1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Boost Your AWS Infrastructure
Lead Platform Engineer
Scout24
Philipp Garbe
@pgarbe

6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
About
Philipp Garbe
@pgarbe
Lead Platform Engineer at Scout24
AWS Container Hero

7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Agenda
Infrastructure as Code
Limits of CloudFormation
What is the CDK?
Boost!

8. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

9. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
“The enabling idea of infrastructure as code is
that the systems and devices
which are used to run software
can be treated as if they, themselves,
are software.”
Kief Morris, Author, Cloud Specialist
@kief

10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Why Infrastructure as Code?
RepeatableAutomation Versioned

11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Programming Options
Declarative - „what“
• Easy to get started
• Limitations
Imperative - „how“
• More advanced (language
should be known)
• More flexibility (tooling,
language constructs)

12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CloudFormation Programming Options
Declarative
• Basic YAML/JSON
• Basic Transforms
• Include
• SAM
• Advanced Transforms
• Macros
Imperative
• CDK
• Troposphere
• SparkleFormation
• GoFormation
• …
è At the end it‘s always basic YAML/JSON (no direct API calls)

13. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Challenges
Time
TrustSecurity

15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Can Become Complex
• Often, many resources for a single „job“
• Needs to be maintained
• Refactoring is difficult / impossible

16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Copy & Paste
• Start from scratch
• Copy existing templates
• Copy snippets

17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Trust
• Who wrote the snippet?
• Is something missing?

18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Updates
• Security Fixes
• Improvements

19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Align on Best Practices
• How can best practices be shared?
• Example: IAM Permission
• AWS Docs is just a reference, no best practices

20. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
• Imperative approach
• Supported Languages:
JavaScript, TypeScript, Java and
.NET (more coming…)
• Currently in Beta
• Open Source
Cloud
Development
Kit

22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Cloud Development Kit
Apps
• Executable program
• Used to render and deploy cfn templates
Stacks
• Deployable unit
• Knows about region and account
Constructs
• Representations of AWS resources
• Can form a hierarchical tree structure

23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Cloud Development Kit

24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
3 Levels of Constructs
Level 1: CloudFormation Resources
• One-to-one mapping of existing resources
• Autogenerated based on „AWS Resource Types Reference“

25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
3 Levels of Constructs
Level 2: AWS Construct Library
• On a AWS Service Level
• Opinionated, well-architected, hand-written
• Community

26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
3 Levels of Constructs
Level 3: Your awesome stuff
• Create production ready services
• Typical alarms
• Backup and restore
• Build re-usable solutions
• E.g. Tweet Queue

27. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

28. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Leverage Level 2 Constructs
• Lot of standard use cases
• Sane defaults
• IAM permissions included

30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Share your Level 3 Constructs
• Build re-usable constructs as CDK Libs
• Publish them with existing package manager (like npm)
• Benefit from libs in your CDK Apps
Build Publish Benefit

31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CDK Libs
Trust
TimeSecurity

32. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CDK …
• an imperative way to use CloudFormation
• available for your favorite programming language
• can save you time
• No need to start from scratch
• Re-use shared constructs
• makes it easy to align on best practices
• Leverage Level 2 constructs
• Share your own constructs within your company or community
• keeps you secure

34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Good to know!
• Beta
• Breaking changes
• Level 2 Constructs don’t exist for every AWS service, yet
• Migration path not clear
• CloudFormation Limits still exist
• E.g. 200 resource per stack
• Not that obvious anymore
• Language support
• Only TypeScript constructs can be compiled in different languages

35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
And much more
• Unit-Testing
• Compile into multiple languages
• …
Get your hands dirty:
• https://cdkworkshop.com
• https://github.com/awslabs/aws-cdk
• https://awslabs.github.io/aws-cdk
• https://gitter.im/awslabs/aws-cdk
• https://docs.aws.amazon.com/CDK/latest/userguide

36. Thank you!
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lead Platform Engineer
Scout24
Philipp Garbe
@pgarbe

37. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.