This document provides an overview of a presentation about quick stack building using AWS CDK and infrastructure as code. The presentation introduces AWS CDK and infrastructure as code, discusses CloudFormation and CDK, and provides tips. Slides from the presentation will be made available online later.

1. Quick stack building,
an introduction to
AWS CDK and
infrastructure as code.
Slides will be online later
Leo Lapworth (@leolapworth)

2. Me: Leo Lapworth
@leolapworth

3. Me: Leo Lapworth
@leolapworth
• 20+ years developer / sysadmin / team lead

4. Me: Leo Lapworth
@leolapworth
• 20+ years developer / sysadmin / team lead
• Talk: @YAPC::EU 2007 - Evolving Architecture

5. Me: Leo Lapworth
@leolapworth
• 20+ years developer / sysadmin / team lead
• Talk: @YAPC::EU 2007 - Evolving Architecture
• Talk @ YAPC::EU 2008 - Evolving Architecture
- further

6. Me: Leo Lapworth
@leolapworth
• 20+ years developer / sysadmin / team lead
• Talk: @YAPC::EU 2007 - Evolving Architecture
• Talk @ YAPC::EU 2008 - Evolving Architecture
- further
• Everything has changed… even more!

7. Exceptions

8. Exceptions
• Cache invalidation

9. Exceptions
• Cache invalidation
• Naming

10. Topics

11. Topics
• Infrastructure as Code

12. Topics
• Infrastructure as Code
• CloudFormation

13. Topics
• Infrastructure as Code
• CloudFormation
• CDK

14. Topics
• Infrastructure as Code
• CloudFormation
• CDK
• Tips along the way

15. Context…

16. A history of…
before…
`Infrastructure as Code`
( abridged )

17. Version control (history)

18. Version control (history)
> cp important_file.txt important_file.txt.bak

19. Version control (history)
> cp important_file.txt important_file.txt.bak
> cp important_file.txt important_file.txt.bak2

20. Version control (history)
> cp important_file.txt important_file.txt.bak
> cp important_file.txt important_file.txt.bak2
> cvs

21. Version control (history)
> cp important_file.txt important_file.txt.bak
> cp important_file.txt important_file.txt.bak2
> cvs
> svn ➜ subversion

22. Version control (history)
> cp important_file.txt important_file.txt.bak
> cp important_file.txt important_file.txt.bak2
> cvs
> svn ➜ subversion
> mercurial

23. Version control (now)

24. Version control (now)
> git
“Git proved I could be more than a one-
hit wonder” - Linus Oct 2019

25. Provisioning

26. Provisioning
> Client “Hello”

27. Provisioning
> Client “Hello”
> Hosting “Hello, how can we help?”

28. Provisioning
> Client “Hello”
> Hosting “Hello, how can we help?”
> Client “Can I have a new server please?”

29. Provisioning
> Client “Hello”
> Hosting “Hello, how can we help?”
> Client “Can I have a new server please?”
> Hosting “Sure.. what are the specs and
which Christmas do you need it by?”

30. Configuration

31. Configuration
> scp config/* root@new99.example.com:/

32. Configuration
> scp config/* root@new99.example.com:/
> NEW_HOST=new99.example.com sh
setup_script.sh

33. Configuration
> scp config/* root@new99.example.com:/
> NEW_HOST=new99.example.com sh
setup_script.sh
> ssh root@new99.example.com; apt-get
install puppet; puppet run —master:
puppet.example.com; make tea; puppet run

34. Configuration
> scp config/* root@new99.example.com:/
> NEW_HOST=new99.example.com sh
setup_script.sh
> ssh root@new99.example.com; apt-get
install puppet; puppet run —master:
puppet.example.com; make tea; puppet run
> ansible new99.example.com <playbook>

35. Configuration?
provisioning?

36. Configuration?
provisioning?
> docker

37. Configuration?
provisioning?
> docker
> docker-compose

38. Configuration?
provisioning?
> docker
> docker-compose
> docker-swarm

39. Configuration?
provisioning?
> docker
> docker-compose
> docker-swarm
> Kubernetties something or other

40. History lesson
over

41. Provisioning AWS
resources
https://aws.amazon.com

51. Provisioning AWS

52. Provisioning AWS
> aws sqs create-queue

53. Provisioning AWS
> aws sqs create-queue
> aws ec2 run-instances --image-id ami-xxxxxxxx --count 1
--instance-type t2.micro --key-name MyKeyPair --security-
group-ids sg-903004f8 --subnet-id subnet-6e7f829e

54. Provisioning AWS
> aws sqs create-queue
> aws ec2 run-instances --image-id ami-xxxxxxxx --count 1
--instance-type t2.micro --key-name MyKeyPair --security-
group-ids sg-903004f8 --subnet-id subnet-6e7f829e
> aws s3api create-bucket —bucket demo-for-scl-2019

56. What about

57. What about

58. What about
Version control?

59. What about
Version control?

60. What about
Version control?
Reproducibility?

61. What about
Version control?
Reproducibility?

62. What about
Version control?
Reproducibility?
Speed of provisioning?

63. That’s what
Infrastructure as code
gives you!

64. Some approaches to IaC

65. Some approaches to IaC
• Serverless framework https://serverless.com/

66. Some approaches to IaC
• Serverless framework https://serverless.com/
• Arc https://arc.codes

67. Some approaches to IaC
• Serverless framework https://serverless.com/
• Arc https://arc.codes
• Terraform https://www.terraform.io/

68. Some approaches to IaC
• Serverless framework https://serverless.com/
• Arc https://arc.codes
• Terraform https://www.terraform.io/
• AWS SAM (Serverless Application Model)

69. Some approaches to IaC
• Serverless framework https://serverless.com/
• Arc https://arc.codes
• Terraform https://www.terraform.io/
• AWS SAM (Serverless Application Model)
• AWS Native cloudformation

70. How do they work?
(for AWS)

71. How do they work?
(for AWS)
• Interface with AWS service APIs

72. How do they work?
(for AWS)
• Interface with AWS service APIs
• AWS CloudFormation

73. What are we trying to
define?

74. What are we trying to
define?
Resources

75. What are we trying to
define?
ParametersResources

76. What are we trying to
define?
Permissions
ParametersResources

77. What are we trying to
define?
Permissions Triggers
ParametersResources

78. What are we trying to
define?
Permissions
Dependencies
Triggers
ParametersResources

79. What are we trying to
define?
Permissions
Dependencies
Triggers
Outputs
ParametersResources

80. Infrastructure graphs

81. Infrastructure graph

82. Infrastructure graph

83. Infrastructure graph
Event source

84. Infrastructure graph
Execution permissions
Event source

85. Infrastructure graph
Execution permissions
Read/Write permissions
Event source

86. Infrastructure graph
management
Graph
Desired Actual
Graph

87. Infrastructure graph
management
Graph
Desired Actual
Graph
Create

88. Infrastructure graph
management

89. Infrastructure graph
management
Graph
Desired Actual
Graph

90. Infrastructure graph
management
Graph
Desired Actual
Graph
Diff and action

92. > cat template.yaml
Resources:
MyDemoBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: demo-for-scl-2019

93. > cat template.yaml
Resources:
MyDemoBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: demo-for-scl-2019
> aws cloudformation deploy --template-file
template.yaml --stack-name DemoStack3

95. Waiting for change-set to be created..

96. Waiting for change-set to be created..
Waiting for stack create/update to complete

97. Waiting for change-set to be created..
Waiting for stack create/update to complete
Successfully created/updated stack - DemoStack3

98. Why DemoStack3?

99. Why DemoStack3?
BucketName: dem_for_scl_2019

100. Why DemoStack3?
BucketName: dem_for_scl_2019

101. Why DemoStack3?
BucketName: dem_for_scl_2019
Failed to create/update the stack. Run the following command

102. Why DemoStack3?
BucketName: dem_for_scl_2019
Failed to create/update the stack. Run the following command
to fetch the list of events leading up to the failure

103. Why DemoStack3?
BucketName: dem_for_scl_2019
Failed to create/update the stack. Run the following command
to fetch the list of events leading up to the failure

104. Why DemoStack3?
BucketName: dem_for_scl_2019
Failed to create/update the stack. Run the following command
to fetch the list of events leading up to the failure
aws cloudformation describe-stack-events --stack-name DemoStack3

105. Why DemoStack3?
BucketName: dem_for_scl_2019
Failed to create/update the stack. Run the following command
to fetch the list of events leading up to the failure
aws cloudformation describe-stack-events --stack-name DemoStack3
{
"StackEvents": [
{
"StackId": "arn:aws:cloudformation:eu-west-1:374733882471:stack/DemoStack2/0363ce60-d8ba-11e9-b8ea-069f6d7e1780",
"EventId": "1959c120-d8ba-11e9-bb16-0abc432e4032",
"StackName": "DemoStack2",
"LogicalResourceId": "DemoStack2",
"PhysicalResourceId": "arn:aws:cloudformation:eu-west-1:374733882471:stack/DemoStack2/0363ce60-d8ba-11e9-b8ea-069f6d7e1780",
"ResourceType": "AWS::CloudFormation::Stack",
"Timestamp": "2019-09-16T19:42:21.223Z",
"ResourceStatus": "ROLLBACK_COMPLETE"
},
{
"StackId": "arn:aws:cloudformation:eu-west-1:374733882471:stack/DemoStack2/0363ce60-d8ba-11e9-b8ea-069f6d7e1780",
"EventId": "MyFirstBucket-DELETE_COMPLETE-2019-09-16T19:42:20.814Z",
"StackName": "DemoStack2",
"LogicalResourceId": "MyFirstBucket",
"PhysicalResourceId": "",
"ResourceType": "AWS::S3::Bucket",
"Timestamp": "2019-09-16T19:42:20.814Z",
"ResourceStatus": "DELETE_COMPLETE",

106. "StackName": "DemoStack2",
"LogicalResourceId": "DemoStack2",
"PhysicalResourceId": "arn:aws:cloudformation:eu-west-1:374733882471:stack/DemoStack2/0
d8ba-11e9-b8ea-069f6d7e1780",
"ResourceType": "AWS::CloudFormation::Stack",
"Timestamp": "2019-09-16T19:41:52.401Z",
"ResourceStatus": "ROLLBACK_IN_PROGRESS",
"ResourceStatusReason": "The following resource(s) failed to create: [MyFirstBucket]. .
uested by user."
},
{
"StackId": "arn:aws:cloudformation:eu-west-1:374733882471:stack/DemoStack2/0363ce60-d8b
b8ea-069f6d7e1780",
"EventId": "MyFirstBucket-CREATE_FAILED-2019-09-16T19:41:52.005Z",
"StackName": "DemoStack2",
"LogicalResourceId": "MyFirstBucket",
"PhysicalResourceId": "",
"ResourceType": "AWS::S3::Bucket",
"Timestamp": "2019-09-16T19:41:52.005Z",
"ResourceStatus": "CREATE_FAILED",
"ResourceStatusReason": "Bucket name should not contain '_'",
"ResourceProperties": "{"BucketName":"dem_for_scl_2019"}"
},
{
"StackId": "arn:aws:cloudformation:eu-west-1:374733882471:stack/DemoStack2/0363ce60-d8b
b8ea-069f6d7e1780",
"EventId": "MyFirstBucket-CREATE_IN_PROGRESS-2019-09-16T19:41:51.590Z",
"StackName": "DemoStack2",
"LogicalResourceId": "MyFirstBucket",
"PhysicalResourceId": "",
"ResourceType": "AWS::S3::Bucket",
"Timestamp": "2019-09-16T19:41:51.590Z",
"ResourceStatus": "CREATE_IN_PROGRESS",

107. I thought this was a talk
about CDK?

108. Using CDK to generate
CloudFormation

109. import cdk = require('@aws-cdk/core');
import s3 = require('@aws-cdk/aws-s3');

110. import cdk = require('@aws-cdk/core');
import s3 = require('@aws-cdk/aws-s3');
new s3.Bucket(this, 'MyFirstBucket', {
bucketName: “demo_for_scl_2019",
});

111. import cdk = require('@aws-cdk/core');
import s3 = require('@aws-cdk/aws-s3');
export class HelloCdkStack extends cdk.Stack {
constructor(scope: cdk.App, id: string) {
super(scope, id);
new s3.Bucket(this, 'MyFirstBucket', {
bucketName: “demo_for_scl_2019",
});
}
}

112. import cdk = require('@aws-cdk/core');
import s3 = require('@aws-cdk/aws-s3');
export class HelloCdkStack extends cdk.Stack {
constructor(scope: cdk.App, id: string) {
super(scope, id);
new s3.Bucket(this, 'MyFirstBucket', {
bucketName: “demo_for_scl_2019",
});
}
}
const app = new cdk.App();
new HelloCdkStack(app, 'StoreStack');
app.synth();

113. CDK synth

114. CDK synth
> cdk synth

115. CDK synth
> cdk synth
@aws-cdk/aws-s3/lib/bucket.js:539
throw new Error(`Invalid S3 bucket name (value: ${bucketName})${os_1.EOL}$
{errors.join(os_1.EOL)}`);
Error: Invalid S3 bucket name (value: demo_for_scl_2019)
Bucket name must only contain lowercase characters and the symbols, period (.) and
dash (-) (offset: 3)
at ….

116. CDK synth
> cdk synth
@aws-cdk/aws-s3/lib/bucket.js:539
throw new Error(`Invalid S3 bucket name (value: ${bucketName})${os_1.EOL}$
{errors.join(os_1.EOL)}`);
Error: Invalid S3 bucket name (value: demo_for_scl_2019)
Bucket name must only contain lowercase characters and the symbols, period (.) and
dash (-) (offset: 3)
at ….

117. CDK synth
> cdk synth
@aws-cdk/aws-s3/lib/bucket.js:539
throw new Error(`Invalid S3 bucket name (value: ${bucketName})${os_1.EOL}$
{errors.join(os_1.EOL)}`);
Error: Invalid S3 bucket name (value: demo_for_scl_2019)
Bucket name must only contain lowercase characters and the symbols, period (.) and
dash (-) (offset: 3)
at ….

118. import cdk = require('@aws-cdk/core');
import s3 = require('@aws-cdk/aws-s3');
export class HelloCdkStack extends cdk.Stack {
constructor(scope: cdk.App, id: string) {
super(scope, id);
new s3.Bucket(this, 'MyFirstBucket', {
bucketName: 'demo_for_scl_2019',
});
}
}
const app = new cdk.App();
new HelloCdkStack(app, 'StoreStack');
app.synth();

119. import cdk = require('@aws-cdk/core');
import s3 = require('@aws-cdk/aws-s3');
export class HelloCdkStack extends cdk.Stack {
constructor(scope: cdk.App, id: string) {
super(scope, id);
new s3.Bucket(this, 'MyFirstBucket', {
bucketName: ‘demo-for-scl-2019’,
});
}
}
const app = new cdk.App();
new HelloCdkStack(app, 'StoreStack');
app.synth();

121. > cdk synth

122. > cdk synth
Resources:
MyFirstBucketB8884501:
Type: AWS::S3::Bucket
Properties:
BucketName: demo-for-scl-2019

123. Resources:
MyFirstBucketB8884501:
Type: AWS::S3::Bucket
Properties:
BucketName: demo-for-scl-2019
UpdateReplacePolicy: Retain
DeletionPolicy: Retain

124. CDK synth
Resources:
MyFirstBucketB8884501:
Type: AWS::S3::Bucket
Properties:
BucketName: demo-for-scl-2019
UpdateReplacePolicy: Retain
DeletionPolicy: Retain
Metadata:
aws:cdk:path: StoreStack/MyFirstBucket/Reso
CDKMetadata:
Type: AWS::CDK::Metadata
Properties: ……

125. CDK structure
(bottom up)

126. CDK structure
(bottom up)
• CloudFormation (Cfn)

127. CDK structure
(bottom up)
• CloudFormation (Cfn)
• Resource Constructs

128. CDK structure
(bottom up)
• CloudFormation (Cfn)
• Resource Constructs
• Constructs (reusable)

129. CDK structure
(bottom up)
• CloudFormation (Cfn)
• Resource Constructs
• Constructs (reusable)
• Stacks

130. CDK structure
(bottom up)
• CloudFormation (Cfn)
• Resource Constructs
• Constructs (reusable)
• Stacks
• Applications

132. Basic stack demo

133. CDK constructor interface
(3 params)

134. CDK constructor interface
(3 params)
• Scope ( app for stacks, this for constructs )

135. CDK constructor interface
(3 params)
• Scope ( app for stacks, this for constructs )
• Id (unique within this scope)

136. CDK constructor interface
(3 params)
• Scope ( app for stacks, this for constructs )
• Id (unique within this scope)
• Properties (arguments)

137. export class HelloCdkStack extends cdk.Stack {
constructor(
scope: cdk.App,
id: string,
props?: props
) {
super(scope, id);
new s3.Bucket(
this,
‘MyFirstBucket',
{
bucketName: “demo-for-scl-2019”,
}
);
}
}

138. export class HelloCdkStack extends cdk.Stack {
constructor(
scope: cdk.App,
id: string,
props?: props
) {
super(scope, id);
new s3.Bucket(
this,
‘MyFirstBucket',
{
bucketName: “demo-for-scl-2019”,
}
);
}
}
Scope

139. export class HelloCdkStack extends cdk.Stack {
constructor(
scope: cdk.App,
id: string,
props?: props
) {
super(scope, id);
new s3.Bucket(
this,
‘MyFirstBucket',
{
bucketName: “demo-for-scl-2019”,
}
);
}
}
Scope
Id

140. export class HelloCdkStack extends cdk.Stack {
constructor(
scope: cdk.App,
id: string,
props?: props
) {
super(scope, id);
new s3.Bucket(
this,
‘MyFirstBucket',
{
bucketName: “demo-for-scl-2019”,
}
);
}
}
Scope
Id
Properties

141. export class HelloCdkStack extends cdk.Stack {
constructor(
scope: cdk.App,
id: string,
props?: props
) {
super(scope, id);
new s3.Bucket(
this,
‘MyFirstBucket',
{
bucketName: “demo-for-scl-2019”,
}
);
}
}
Scope
Id
Properties
Scope

142. export class HelloCdkStack extends cdk.Stack {
constructor(
scope: cdk.App,
id: string,
props?: props
) {
super(scope, id);
new s3.Bucket(
this,
‘MyFirstBucket',
{
bucketName: “demo-for-scl-2019”,
}
);
}
}
Scope
Id
Properties
Scope
Id

143. export class HelloCdkStack extends cdk.Stack {
constructor(
scope: cdk.App,
id: string,
props?: props
) {
super(scope, id);
new s3.Bucket(
this,
‘MyFirstBucket',
{
bucketName: “demo-for-scl-2019”,
}
);
}
}
Scope
Id
Properties
Scope
Id
Properties

144. API Reference
( https://docs.aws.amazon.com/
cdk/api/latest/ )

148. Events & Permissions

149. S3 event source

150. S3 event source
Execution permissions
Event source

151. S3 event source
Execution permissions
Read/Write permissions
Event source

152. import cdk = require('@aws-cdk/core');
import s3 = require('@aws-cdk/aws-s3');
import lambda = require('@aws-cdk/aws-lambda');
import { S3EventSource } from '@aws-cdk/aws-lambda-event-sources';
export class EventS3LambdaStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// object store
const myBucket = new s3.Bucket(this, 'aBucket', {});
// create an event source for new objects
let bucketEvents = new S3EventSource(myBucket, {
events: [ s3.EventType.OBJECT_CREATED],
});
// A function to process the S3 event
const fn = new lambda.Function(this, 'EchoS3', {
runtime: lambda.Runtime.NODEJS_8_10,
handler: 'index.handler',
code: lambda.Code.fromAsset('./lib/funcs/echo_s3/'),
events: [bucketEvents],
});
// Remember to let the function read/write to the
// bucket if it needs more than just the object key
myBucket.grantReadWrite(fn);
}
}

154. import cdk =

155. import cdk =
require('@aws-cdk/core');

156. import cdk =
require('@aws-cdk/core');

157. import cdk =
require('@aws-cdk/core');
import s3 =

158. import cdk =
require('@aws-cdk/core');
import s3 =
require('@aws-cdk/aws-s3');

159. import cdk =
require('@aws-cdk/core');
import s3 =
require('@aws-cdk/aws-s3');

160. import cdk =
require('@aws-cdk/core');
import s3 =
require('@aws-cdk/aws-s3');
import lambda =

161. import cdk =
require('@aws-cdk/core');
import s3 =
require('@aws-cdk/aws-s3');
import lambda =
require('@aws-cdk/aws-lambda');

162. import cdk =
require('@aws-cdk/core');
import s3 =
require('@aws-cdk/aws-s3');
import lambda =
require('@aws-cdk/aws-lambda');

163. import cdk =
require('@aws-cdk/core');
import s3 =
require('@aws-cdk/aws-s3');
import lambda =
require('@aws-cdk/aws-lambda');
import { S3EventSource }

164. import cdk =
require('@aws-cdk/core');
import s3 =
require('@aws-cdk/aws-s3');
import lambda =
require('@aws-cdk/aws-lambda');
import { S3EventSource }
from

165. import cdk =
require('@aws-cdk/core');
import s3 =
require('@aws-cdk/aws-s3');
import lambda =
require('@aws-cdk/aws-lambda');
import { S3EventSource }
from
'@aws-cdk/aws-lambda-event-sources';

167. // object store

168. // object store
const myBucket = new s3.Bucket(

169. // object store
const myBucket = new s3.Bucket(
this,

170. // object store
const myBucket = new s3.Bucket(
this,
'aBucket',

171. // object store
const myBucket = new s3.Bucket(
this,
'aBucket',
{}

172. // object store
const myBucket = new s3.Bucket(
this,
'aBucket',
{}
);

173. // object store
const myBucket = new s3.Bucket(
this,
'aBucket',
{}
);

174. // object store
const myBucket = new s3.Bucket(
this,
'aBucket',
{}
);

175. // object store
const myBucket = new s3.Bucket(
this,
'aBucket',
{}
);
// create an event source
let bucketEvents = new S3EventSource(
myBucket, {
events: [
s3.EventType.OBJECT_CREATED
],
});

177. // A function to process the S3 event

178. // A function to process the S3 event
const fn = new lambda.Function(

179. // A function to process the S3 event
const fn = new lambda.Function(
this,

180. // A function to process the S3 event
const fn = new lambda.Function(
this,
‘EchoS3',

181. // A function to process the S3 event
const fn = new lambda.Function(
this,
‘EchoS3',
{

182. // A function to process the S3 event
const fn = new lambda.Function(
this,
‘EchoS3',
{
runtime: lambda.Runtime.NODEJS_8_10,

183. // A function to process the S3 event
const fn = new lambda.Function(
this,
‘EchoS3',
{
runtime: lambda.Runtime.NODEJS_8_10,
code: lambda.Code.fromAsset(

184. // A function to process the S3 event
const fn = new lambda.Function(
this,
‘EchoS3',
{
runtime: lambda.Runtime.NODEJS_8_10,
code: lambda.Code.fromAsset(
'./lib/funcs/echo_s3/'),

185. // A function to process the S3 event
const fn = new lambda.Function(
this,
‘EchoS3',
{
runtime: lambda.Runtime.NODEJS_8_10,
code: lambda.Code.fromAsset(
'./lib/funcs/echo_s3/'),
handler: 'index.handler',

186. // A function to process the S3 event
const fn = new lambda.Function(
this,
‘EchoS3',
{
runtime: lambda.Runtime.NODEJS_8_10,
code: lambda.Code.fromAsset(
'./lib/funcs/echo_s3/'),
handler: 'index.handler',
events: [bucketEvents],

187. // A function to process the S3 event
const fn = new lambda.Function(
this,
‘EchoS3',
{
runtime: lambda.Runtime.NODEJS_8_10,
code: lambda.Code.fromAsset(
'./lib/funcs/echo_s3/'),
handler: 'index.handler',
events: [bucketEvents],
});

188. // A function to process the S3 event
const fn = new lambda.Function(
this,
‘EchoS3',
{
runtime: lambda.Runtime.NODEJS_8_10,
code: lambda.Code.fromAsset(
'./lib/funcs/echo_s3/'),
handler: 'index.handler',
events: [bucketEvents],
});

189. // A function to process the S3 event
const fn = new lambda.Function(
this,
‘EchoS3',
{
runtime: lambda.Runtime.NODEJS_8_10,
code: lambda.Code.fromAsset(
'./lib/funcs/echo_s3/'),
handler: 'index.handler',
events: [bucketEvents],
});
// Give function read/write to the
// bucket if it is needed
myBucket.grantReadWrite(fn);

190. import cdk = require('@aws-cdk/core');
import s3 = require('@aws-cdk/aws-s3');
import lambda = require('@aws-cdk/aws-lambda');
import { S3EventSource } from '@aws-cdk/aws-lambda-event-sources';
export class EventS3LambdaStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// object store
const myBucket = new s3.Bucket(this, 'aBucket', {});
// create an event source for new objects
let bucketEvent = new S3EventSource(myBucket, {
events: [ s3.EventType.OBJECT_CREATED],
});
// A function to process the S3 event
const fn = new lambda.Function(this, 'EchoS3', {
runtime: lambda.Runtime.NODEJS_8_10,
handler: 'index.handler',
code: lambda.Code.fromAsset('./lib/funcs/echo_s3/'),
events: [bucketEvent],
});
// Remember to let the function read/write to the
// bucket if it needs more than just the object key
myBucket.grantReadWrite(fn);
}
}
30
lines
ofcode

191. CDK synth

193. Resources:
aBucket43B84104:
Type: AWS::S3::Bucket
UpdateReplacePolicy: Retain
DeletionPolicy: Retain
Metadata:
aws:cdk:path: EventS3LambdaStack/aBucket/Resource
aBucketNotificationsC5696022:
Type: Custom::S3BucketNotifications
Properties:
ServiceToken:
Fn::GetAtt:
- BucketNotificationsHandler050a0587b7544547bf325f094a
- Arn
BucketName:
Ref: aBucket43B84104
NotificationConfiguration:
LambdaFunctionConfigurations:
- Events:
- s3:ObjectCreated:*
250
lines
of
C
loudForm
ation
YAM
L

194. Full s3/lambda demo

195. Other Lambda event
sources?

196. Other Lambda event
sources?
• SQS

197. Other Lambda event
sources?
• SQS
• SNS

198. Other Lambda event
sources?
• SQS
• SNS
• DynamoDB Streams

199. Other Lambda event
sources?
• SQS
• SNS
• DynamoDB Streams
• Kinesis

200. Other Lambda event
sources?
• SQS
• SNS
• DynamoDB Streams
• Kinesis
• More planned

201. HTTP event source with ApiGateway

202. HTTP event source with ApiGateway
const apigateway = require("@aws-cdk/aws-apigateway");

203. HTTP event source with ApiGateway
const apigateway = require("@aws-cdk/aws-apigateway");

204. HTTP event source with ApiGateway
const apigateway = require("@aws-cdk/aws-apigateway");
const api = new apigateway.RestApi(this, "itemsApi", {

205. HTTP event source with ApiGateway
const apigateway = require("@aws-cdk/aws-apigateway");
const api = new apigateway.RestApi(this, "itemsApi", {
restApiName: "Items Service"

206. HTTP event source with ApiGateway
const apigateway = require("@aws-cdk/aws-apigateway");
const api = new apigateway.RestApi(this, "itemsApi", {
restApiName: "Items Service"
});

207. HTTP event source with ApiGateway
const apigateway = require("@aws-cdk/aws-apigateway");
const api = new apigateway.RestApi(this, "itemsApi", {
restApiName: "Items Service"
});

208. HTTP event source with ApiGateway
const apigateway = require("@aws-cdk/aws-apigateway");
const api = new apigateway.RestApi(this, "itemsApi", {
restApiName: "Items Service"
});
const items = api.root.addResource("items");

209. HTTP event source with ApiGateway
const apigateway = require("@aws-cdk/aws-apigateway");
const api = new apigateway.RestApi(this, "itemsApi", {
restApiName: "Items Service"
});
const items = api.root.addResource("items");

210. HTTP event source with ApiGateway
const apigateway = require("@aws-cdk/aws-apigateway");
const api = new apigateway.RestApi(this, "itemsApi", {
restApiName: "Items Service"
});
const items = api.root.addResource("items");
const lambdaIntergration

211. HTTP event source with ApiGateway
const apigateway = require("@aws-cdk/aws-apigateway");
const api = new apigateway.RestApi(this, "itemsApi", {
restApiName: "Items Service"
});
const items = api.root.addResource("items");
const lambdaIntergration
= new apigateway.LambdaIntegration(aLambdaObject);

212. HTTP event source with ApiGateway
const apigateway = require("@aws-cdk/aws-apigateway");
const api = new apigateway.RestApi(this, "itemsApi", {
restApiName: "Items Service"
});
const items = api.root.addResource("items");
const lambdaIntergration
= new apigateway.LambdaIntegration(aLambdaObject);

213. HTTP event source with ApiGateway
const apigateway = require("@aws-cdk/aws-apigateway");
const api = new apigateway.RestApi(this, "itemsApi", {
restApiName: "Items Service"
});
const items = api.root.addResource("items");
const lambdaIntergration
= new apigateway.LambdaIntegration(aLambdaObject);
items.addMethod("GET", lambdaIntergration);

214. Tips & tricks

215. Stack base class

216.
import cdk = require('@aws-cdk/core');
export interface IEnv {
region: string,
account: string,
}
export interface IBaseStack {
env: IEnv,
stackName: string,
}
export class BaseStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props: IBaseStack) {
let superProps = {
env: props.env,
stackName: props.stackName
}
super(scope, id, superProps);
// Tag everything in the stack with the stack name
cdk.Tag.add(this, 'stack', props.stackName);
}
}

217.
import cdk = require('@aws-cdk/core');
export interface IEnv {
region: string,
account: string,
}
export interface IBaseStack {
env: IEnv,
stackName: string,
}
export class BaseStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props: IBaseStack) {
let superProps = {
env: props.env,
stackName: props.stackName
}
super(scope, id, superProps);
// Tag everything in the stack with the stack name
cdk.Tag.add(this, 'stack', props.stackName);
}
}

218.
import cdk = require('@aws-cdk/core');
export interface IEnv {
region: string,
account: string,
}
export interface IBaseStack {
env: IEnv,
stackName: string,
}
export class BaseStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props: IBaseStack) {
let superProps = {
env: props.env,
stackName: props.stackName
}
super(scope, id, superProps);
// Tag everything in the stack with the stack name
cdk.Tag.add(this, 'stack', props.stackName);
}
}

219. Importing existing
resources

221. const bucket = s3.Bucket.fromBucketAttributes(

222. const bucket = s3.Bucket.fromBucketAttributes(
this,

223. const bucket = s3.Bucket.fromBucketAttributes(
this,
"ImportedBucket",

224. const bucket = s3.Bucket.fromBucketAttributes(
this,
"ImportedBucket",
{

225. const bucket = s3.Bucket.fromBucketAttributes(
this,
"ImportedBucket",
{
bucketArn: "arn:aws:s3:::my-bucket"

226. const bucket = s3.Bucket.fromBucketAttributes(
this,
"ImportedBucket",
{
bucketArn: "arn:aws:s3:::my-bucket"
}

227. const bucket = s3.Bucket.fromBucketAttributes(
this,
"ImportedBucket",
{
bucketArn: "arn:aws:s3:::my-bucket"
}
);

228. const bucket = s3.Bucket.fromBucketAttributes(
this,
"ImportedBucket",
{
bucketArn: "arn:aws:s3:::my-bucket"
}
);

229. const bucket = s3.Bucket.fromBucketAttributes(
this,
"ImportedBucket",
{
bucketArn: "arn:aws:s3:::my-bucket"
}
);
// now you can just call methods on the bucket

230. const bucket = s3.Bucket.fromBucketAttributes(
this,
"ImportedBucket",
{
bucketArn: "arn:aws:s3:::my-bucket"
}
);
// now you can just call methods on the bucket
bucket.grantReadWrite(lambdaFunction);

231. Misc

232. Misc
• Stack.of(construct) - access stack at any
point (useful if you need stack.region)

233. Misc
• Stack.of(construct) - access stack at any
point (useful if you need stack.region)
• Do not edit anything through web UI

234. Local development
(using SAM)

235. Serverless Application
Model (SAM)

236. Serverless Application
Model (SAM)
• Serverless YAML shortcuts for
CloudFormation YAML (not as nice as CDK
IMHO!)

237. Serverless Application
Model (SAM)
• Serverless YAML shortcuts for
CloudFormation YAML (not as nice as CDK
IMHO!)
• Local testing and debugging

238. Setup for local testing

239. Setup for local testing
• cdk synth —no-staging > template.yaml

240. Setup for local testing
• cdk synth —no-staging > template.yaml
• Find lambda resource name

241. Setup for local testing
• cdk synth —no-staging > template.yaml
• Find lambda resource name
• Create payload.json (sam local generate-
event s3) and env.json

242. Setup for local testing
• cdk synth —no-staging > template.yaml
• Find lambda resource name
• Create payload.json (sam local generate-
event s3) and env.json
• sam local invoke —env-var env.json —
event payload.json lambdaResourceName

243. Local invoke demo

244. Lambda Layers

245. Layer

246. Layer
• Runtime (OS + Language)

247. Layer
• Runtime (OS + Language)
• Your code (with all dependencies)

248. Layer

249. Layer
• Runtime (OS + Language)

250. Layer
• Runtime (OS + Language)
• Shared dependencies (in a Layer)

251. Layer
• Runtime (OS + Language)
• Shared dependencies (in a Layer)
• Your code

252. Creating a layer

253. // Create a layer
const baseLayer = new lambda.LayerVersion(
this,
'MyBaseLayer',
{
compatibleRuntimes: [
lambda.Runtime.NODEJS_8_10
],
code:
lambda.Code.fromAsset('../layer/base')
}
);

254. // Create a layer
const baseLayer = new lambda.LayerVersion(
this,
'MyBaseLayer',
{
compatibleRuntimes: [
lambda.Runtime.NODEJS_8_10
],
code:
lambda.Code.fromAsset('../layer/base')
}
);
layer
└── base
└── nodejs
├── node_modules/..
├── package-lock.json
└── package.json

255. // Create a layer
const baseLayer = new lambda.LayerVersion(
this,
'MyBaseLayer',
{
compatibleRuntimes: [
lambda.Runtime.NODEJS_8_10
],
code:
lambda.Code.fromAsset('../layer/base')
}
);
layer
└── base
└── nodejs
├── node_modules/..
├── package-lock.json
└── package.json

256. CDK: Chicken & Egg
• Layer has ARN (Amazon Resource Name)
• Lambda depends on ARN
• CDK: Updating layer deletes old ARN…
which breaks dependency across stacks

257. ParamStore to the
rescue

259. // Record the versionArn into SSM

260. // Record the versionArn into SSM

261. // Record the versionArn into SSM
const layerParamName =

262. // Record the versionArn into SSM
const layerParamName =
‘/layers/baseLayer';

263. // Record the versionArn into SSM
const layerParamName =
‘/layers/baseLayer';

264. // Record the versionArn into SSM
const layerParamName =
‘/layers/baseLayer';

265. // Record the versionArn into SSM
const layerParamName =
‘/layers/baseLayer';
new ssm.StringParameter(

266. // Record the versionArn into SSM
const layerParamName =
‘/layers/baseLayer';
new ssm.StringParameter(
this,

267. // Record the versionArn into SSM
const layerParamName =
‘/layers/baseLayer';
new ssm.StringParameter(
this,
‘VersionArn',

268. // Record the versionArn into SSM
const layerParamName =
‘/layers/baseLayer';
new ssm.StringParameter(
this,
‘VersionArn',
{

269. // Record the versionArn into SSM
const layerParamName =
‘/layers/baseLayer';
new ssm.StringParameter(
this,
‘VersionArn',
{
parameterName: layerParamName,

270. // Record the versionArn into SSM
const layerParamName =
‘/layers/baseLayer';
new ssm.StringParameter(
this,
‘VersionArn',
{
parameterName: layerParamName,
stringValue:

271. // Record the versionArn into SSM
const layerParamName =
‘/layers/baseLayer';
new ssm.StringParameter(
this,
‘VersionArn',
{
parameterName: layerParamName,
stringValue:
baseLayer.layerVersionArn,

272. // Record the versionArn into SSM
const layerParamName =
‘/layers/baseLayer';
new ssm.StringParameter(
this,
‘VersionArn',
{
parameterName: layerParamName,
stringValue:
baseLayer.layerVersionArn,
});

273. // Record the versionArn into SSM
const layerParamName =
‘/layers/baseLayer';
new ssm.StringParameter(
this,
‘VersionArn',
{
parameterName: layerParamName,
stringValue:
baseLayer.layerVersionArn,
});

274. // Record the versionArn into SSM
const layerParamName =
‘/layers/baseLayer';
new ssm.StringParameter(
this,
‘VersionArn',
{
parameterName: layerParamName,
stringValue:
baseLayer.layerVersionArn,
});

275. import cdk = require('@aws-cdk/core');
import lambda = require('@aws-cdk/aws-lambda');
import ssm = require('@aws-cdk/aws-ssm');
const layerParamName = '/layers/baseLayer';
export class LayerEgStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Create a layer
const baseLayer = new lambda.LayerVersion(
this,
'MyBaseLayer',
{
compatibleRuntimes: [
lambda.Runtime.NODEJS_8_10
],
code: lambda.Code.fromAsset('../layer/base')
}
);
// Record the versionArn into SSM
new ssm.StringParameter(this, 'VersionArn', {
parameterName: layerParamName,
stringValue: baseLayer.layerVersionArn,
});
}

276. import cdk = require('@aws-cdk/core');
import lambda = require('@aws-cdk/aws-lambda');
import ssm = require('@aws-cdk/aws-ssm');
const layerParamName = '/layers/baseLayer';
export class LayerEgStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Create a layer
const baseLayer = new lambda.LayerVersion(
this,
'MyBaseLayer',
{
compatibleRuntimes: [
lambda.Runtime.NODEJS_8_10
],
code: lambda.Code.fromAsset('../layer/base')
}
);
// Record the versionArn into SSM
new ssm.StringParameter(this, 'VersionArn', {
parameterName: layerParamName,
stringValue: baseLayer.layerVersionArn,
});
}

277. Using the layer
(in another stack)

279. const layerParamName = "/layers/baseLayer";

280. const layerParamName = "/layers/baseLayer";
// fetch the Arn from param store
const baseLayerArn =
ssm.StringParameter.valueForStringParameter(
this,
layerParamName
);

281. const layerParamName = "/layers/baseLayer";
// fetch the Arn from param store
const baseLayerArn =
ssm.StringParameter.valueForStringParameter(
this,
layerParamName
);
// generate layer version from Arn
const layer1 =
lambda.LayerVersion.fromLayerVersionArn(
this,
"BaseLayerFromArn",
baseLayerArn
);

282. // Then supply when you create a lambda
new lambda.Function(this, "SomeName", {
runtime: lambda.Runtime.NODEJS_8_10,
code:
lambda.Code.fromAsset(
“../lambda/aFunction"),
handler: "index.handler",
layers: [layer1]
});

283. // Then supply when you create a lambda
new lambda.Function(this, "SomeName", {
runtime: lambda.Runtime.NODEJS_8_10,
code:
lambda.Code.fromAsset(
“../lambda/aFunction"),
handler: "index.handler",
layers: [layer1]
});

285. Balance

288. YAML Is Better than Your Favorite
Language: Fightin' words about
Infrastructure as code | Ben Kehoe
https://acloud.guru/series/
serverlessconf-nyc-2019/view/
yaml-better

289. Review

290. Review

291. Review
• IaC: repeatable, versionable, speed of deploy

292. Review
• IaC: repeatable, versionable, speed of deploy
• CloudFormation: Infrastructure Graph Engine
- learn to read it

293. Review
• IaC: repeatable, versionable, speed of deploy
• CloudFormation: Infrastructure Graph Engine
- learn to read it
• CDK: apps, stacks, constructs

294. Review
• IaC: repeatable, versionable, speed of deploy
• CloudFormation: Infrastructure Graph Engine
- learn to read it
• CDK: apps, stacks, constructs
• Local dev and Lambda Layers

295. Review
• IaC: repeatable, versionable, speed of deploy
• CloudFormation: Infrastructure Graph Engine
- learn to read it
• CDK: apps, stacks, constructs
• Local dev and Lambda Layers
• A bunch of other bits that I hope are useful

296. The end
• Slides online later
• Contact / follow: @leolapworth
• Thank you

297. Here to answer questions
Richard Boyd - AWS Developer Advocate
for developer tools