The document discusses Cloud Development Kit (CDK) as the next big thing for infrastructure as code (IaC). It provides an overview of IaC and some of its challenges around misconfiguration and security. The introduction of CDK aims to address these challenges by allowing IaC to be implemented as a programming language, inheriting strengths like object-oriented programming and better testing capabilities. Examples are shown for CDK on AWS, Terraform, and Kubernetes to demonstrate how infrastructure can be defined and provisioned code. The document concludes with a proposed practice of using CDK to define cloud infrastructure for a micro-services system from business applications.

1. 2020 Viet OpenInfra 1
Cloud Development Kit (CDK) –
The next big thing
Phuong Xuong Quang
FPT Software Solution Architect
alexquang169@gmail.com

2. 2020 Viet OpenInfra 2
Contents
 Introduction
 IaC overview
 CDK introduction
 Examples
 CDK practice

3. 2020 Viet OpenInfra 3
About myself
• 5 years in Software Development.
• 3 years as Cloud Solution Architect.
• Site Reliability, DevOps, Micro-service and Cloud native experiences.
• Currently work as Solution Architect for a Platform Product at FPT
Software HCM.
Certificates:
• AWS Solution Architect Certified Associate and Professional.
• GE Predix Developer.
• OPSWAT Critical Infrastructure Protection associate.

4. 2020 Viet OpenInfra 4
IaC Overview - Numbers
2
Incorrect Configuration and
Inappropriate change control
is top 2 of Challenges in Cloud
Security (refer to 2020 Cloud
Security Report)
5
Misconfiguration
is top 5 of Web application
security risks (refer to 2020
OWASP top 10)
99
99% of cloud security
failure
Through 2025, 99% of cloud
security failures will be the
customer’s fault. (refer to
Gartner)

5. 2020 Viet OpenInfra 5
IaC Overview
• Question: Was IaC born to accept the above challenges?
• Infrastructure as Code (IaC): is a process to manage and provision computer data-center via definition
files, rather than physical hardware configuration or configuration tools.
• Before CDK: Definition files == Configuration files != Programming files
Configuration language Programming language
.json
.yaml
.hcl
.tf
.java
.py
.js
.ts

6. 2020 Viet OpenInfra 6
IaC Overview
Refer: cisco blog
Popular orchestration:
• Terraform
• CloudFormation
• ARM
• Google Cloud
development manager
• Pulumi
• Ansible
• Chef
• Puppet

7. 2020 Viet OpenInfra 7
IaC Overview: Some examples

8. 2020 Viet OpenInfra 8
IaC Overview: Configuration language gap
• Programming developer must study new language and coding convention.
• Configuration language cannot implement business logic. We must implement separate pipeline for each
business logic -> Not follow DRY principle.
• Must implement collaboration workspace by self (or use Cloud or paid version - vendor lock-in)
• Testing problem

9. 2020 Viet OpenInfra 9
Cloud Development Kit (CDK) introduction
• Make IaC as a programming language (Java, Python,
TS, whatever,…)
• Inherit all programing strength: OOP, nice programming
pattern for CDK: Constructs
• Testing and QA capabilities
• Different from SDK: CDK is used for the whole
infrastructure construct, SDK is used for software (or
application) to interact with the cloud.

10. 2020 Viet OpenInfra 10
TL;DR - Some CDK examples: AWS CDK
Refer: AWS docs

11. 2020 Viet OpenInfra 11
TL;DR - Some CDK examples: AWS CDK
Demo
References: https://github.com/aws-samples/aws-cdk-examples

12. 2020 Viet OpenInfra 12
TL;DR - Some CDK examples: CDKTF
Refer: Terraform

13. 2020 Viet OpenInfra 13
TL;DR - Some CDK examples: CDKTF
Demo
References: https://github.com/hashicorp/terraform-cdk/tree/master/examples

14. 2020 Viet OpenInfra 14
TL;DR - Some CDK examples: CDK8S

15. 2020 Viet OpenInfra 15
TL;DR – Some CDK examples: CDK testing
Demo
https://www.npmjs.com/package/@aws-cdk/assert

16. Our micro-service system
2020 Viet OpenInfra 16
CDK practice
Business
App 1
Business
App 2
CDK App
Cloud
Infrastructure
execute provision
Data lake

17. 2020 Viet OpenInfra 17
Thanks for watching
Send email to alexquang169@gmail.com or direct message FB: fb.com/alaexquang169
Q & A