aws / aws-cdk Goto Github PK

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code

License: Apache License 2.0

Shell 0.29% TypeScript 97.88% Python 0.53% JavaScript 1.13% Java 0.03% Batchfile 0.01% C# 0.02% HTML 0.01% Dockerfile 0.04% F# 0.01% Go 0.04% Alloy 0.02% Velocity Template Language 0.01% Ruby 0.01%

aws infrastructure-as-code typescript cloud-infrastructure hacktoberfest

aws-cdk's Introduction

AWS Cloud Development Kit (AWS CDK)

The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation.

It offers a high-level object-oriented abstraction to define AWS resources imperatively using the power of modern programming languages. Using the CDK’s library of infrastructure constructs, you can easily encapsulate AWS best practices in your infrastructure definition and share it without worrying about boilerplate logic.

The CDK is available in the following languages:

JavaScript, TypeScript (Node.js ≥ 14.15.0)
- We recommend using a version in Active LTS
Python (Python ≥ 3.8)
Java (Java ≥ 8 and Maven ≥ 3.5.4)
.NET (.NET ≥ 6.0)
Go (Go ≥ 1.16.4)

Third-party Language Deprecation: language version is only supported until its EOL (End Of Life) shared by the vendor or community and is subject to change with prior notice.

Developers use the CDK framework in one of the supported programming languages to define reusable cloud components called constructs, which are composed together into stacks, forming a "CDK app".

They then use the AWS CDK CLI to interact with their CDK app. The CLI allows developers to synthesize artifacts such as AWS CloudFormation Templates, deploy stacks to development AWS accounts and "diff" against a deployed stack to understand the impact of a code change.

The AWS Construct Library includes a module for each AWS service with constructs that offer rich APIs that encapsulate the details of how to use AWS. The AWS Construct Library aims to reduce the complexity and glue-logic required when integrating various AWS services to achieve your goals on AWS.

Modules in the AWS Construct Library are designated Experimental while we build them; experimental modules may have breaking API changes in any release. After a module is designated Stable, it adheres to semantic versioning, and only major releases can have breaking changes. Each module's stability designation is available on its Overview page in the AWS CDK API Reference. For more information, see Versioning in the CDK Developer Guide.

Getting Started

For a detailed walkthrough, see the tutorial in the AWS CDK Developer Guide.

At a glance

Install or update the AWS CDK CLI from npm (requires Node.js ≥ 14.15.0). We recommend using a version in Active LTS

npm i -g aws-cdk

(See Manual Installation for installing the CDK from a signed .zip file).

Initialize a project:

mkdir hello-cdk
cd hello-cdk
cdk init sample-app --language=typescript

This creates a sample project looking like this:

export class HelloCdkStack extends cdk.Stack {
  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const queue = new sqs.Queue(this, 'HelloCdkQueue', {
      visibilityTimeout: cdk.Duration.seconds(300)
    });

    const topic = new sns.Topic(this, 'HelloCdkTopic');

    topic.addSubscription(new subs.SqsSubscription(queue));
  }
}

Deploy this to your account:

cdk deploy

Use the cdk command-line toolkit to interact with your project:

cdk deploy: deploys your app into an AWS account
cdk synth: synthesizes an AWS CloudFormation template for your app
cdk diff: compares your app with the deployed stack

Getting Help

The best way to interact with our team is through GitHub. You can open an issue and choose from one of our templates for bug reports, feature requests, documentation issues, or guidance.

If you have a support plan with AWS Support, you can also create a new support case.

You may also find help on these community resources:

Look through the API Reference or Developer Guide
The #aws-cdk Slack channel in cdk.dev
Ask a question on Stack Overflow and tag it with aws-cdk

Roadmap

The AWS CDK Roadmap project board lets developers know about our upcoming features and priorities to help them plan how to best leverage the CDK and identify opportunities to contribute to the project. See ROADMAP.md for more information and FAQs.

Contributing

We welcome community contributions and pull requests. See CONTRIBUTING.md for information on how to set up a development environment and submit code.

Metrics collection

This solution collects anonymous operational metrics to help AWS improve the quality and features of the CDK. For more information, including how to disable this capability, please see the developer guide.

More Resources

CDK Workshop
Construct Hub - Find and use open-source Cloud Development Kit (CDK) libraries
Best Practices
All developer blog posts about AWS CDK
CDK Construction Zone - A Twitch live coding series hosted by the CDK team, season one episodes:
- Triggers: Join us as we implement Triggers, a Construct for configuring deploy time actions. Episodes 1-3:
  - S1E1: Triggers (part 1); Participants: @NetaNir, @eladb, @richardhboyd
  - S1E2: Triggers (part 2); Participants: @NetaNir, @eladb, @iliapolo
  - S1E3: Triggers (part 3); Participants: @NetaNir, @eladb, @iliapolo, @RomainMuller
- S1E4: Tokens Deep Dive; Participants: @NetaNir,@rix0rrr, @iliapolo, @RomainMuller
- S1E5: Assets Deep Dive; Participants: @NetaNir, @eladb, @jogold
- S1E6: Best Practices; Participants: @skinny85, @eladb, @rix0rrr, @alexpulver
- S1E7: Tips and Tricks From The CDK Team; Participants: All the CDK team!
Examples
Changelog
NOTICE
License

aws-cdk's People

Stargazers

Watchers

Forkers

dededecline costleya moofish32 skinny85 gitter-badger liujiekm zhenyu-aws-lab knofler muhqu medanat pfeilbr x64bytes kiiadi spencerx mifish79 heyjustin mortifera mindstorms6 kyroskoh maciejwalkowiak zined jnmullen alexcasalboni cookejames somanyhs subfuzion sd3z tomfaulhaber sowmian dvirtosu daikiojm rednes breedloj akiym kantasubha seawatts jmhummel adamwads sroegner phaqtoo davidchristiansen aaronwalker zeldokavira nason rukenshia marcbowes nomane tiibun sentient-jbreindel cdlsoftware eaddingtonwhite levocode oren akkaash dstufft paulmaddox jonparker clareliguori pose oniono elexisvenator cohalz aereal taketo957 cockscomb shaaaah stephen-meyerhofer samhays ronndelarosa vkurkine skxnmdi5 cmaurer ns408 sam-gordon-f jlamande joetague dalavancloud jsauter mitchlloyd chimptech phstc spasam williambriscoe syldej austevick john-shaskin kalleeh justinmchase otterley ranguard akalyan zbrianw dnakov sumodgeorge tokkiyaa aweiher jfuss manrueda mikebild dotxlem

aws-cdk's Issues

Follow up on post merge PR comments

Please follow up on review comments for #108

Error message when trying to deploy without bootstrap stack is confusing

The error message reads as follows:

 ⏳  Starting deployment of stack cdk-build-pipelines...
The template for stack cdk-build-pipelines is 170837 bytes long, a CDK Toolkit stack is required for deployment of templates larger than 51,200 bytes. A CDK Toolkit stack can be created using cdk bootstrap '993655754359/us-east-1'
 ❌  Deployment of stack cdk-build-pipelines failed: Error: The template for stack cdk-build-pipelines is larger than 50,200 bytes, and no CDK Toolkit info was provided
The template for stack cdk-build-pipelines is larger than 50,200 bytes, and no CDK Toolkit info was provided

The very first error message seems fine. However:

Basically the same error is shown 3 times.
There is an inconsistency between the sizes mentioned: one is 51k, the other one is 50.
"No toolkit info provided" is too low-level to show to the user. "Toolkit info" is terminology internal to the Toolkit implementation, and does not concern the user.

Roles with Federated Principals

Hello my favorite CDK friends!

Roles are so fun! You can do amazing things with them - and I dig the way they feel right now. The assumedBy(principal) works really well for like most of the use cases and it's so much better than doing it by hand <3

However, I have a somewhat fun use case!

In building some things that use cognito as an IDP - I need to be able to set an assume role policy doc like (raw CFN):

AssumeRolePolicyDocument: 
  Version: "2012-10-17" 
  Statement: 
    - Effect: "Allow" 
      Principal: 
        Federated: "cognito-identity.amazonaws.com" 
      Action: - "sts:AssumeRoleWithWebIdentity" 
      Condition: 
        StringEquals: 
          cognito-identity.amazonaws.com:aud:
            Ref: <some pool>
        ForAnyValue:StringLike:
          cognito-identity.amazonaws.com:amr: authenticated

oh iam 🤨

The problem, and why I'm filing the issue: RoleProps takes an assumedBy, and then has this useful comment:

You can later modify the assume role policy document by accessing it via the assumeRolePolicy property.

Which is true! However, the type of assumeRolePolicy is PolicyDocument which only allows me to

export class PolicyDocument extends Token {
    public resolve(): any;
    get isEmpty(): boolean;
    public addStatement(statement: PolicyStatement): PolicyDocument;

I'm not sure of the right way to handle this.

The "short term" fix (IMO) is to just take an PolicyDocument as part of RoleProps, and use it if passed (basically it's legal to pass either an assumedBy or an assumeRolePolicyDoc but not both type thing)

What's your thoughts?

I'm going to do what I mentioned above to make headway - but wanted to make sure this gets solved in a fun way

<3 brebre

Cross-region/account references

We were in the progress of defining how to transparently make this work.

Tracking it here because it's one of the most important things to pick up post-release.

Add CognitoFederatedUser

See comments on #63

cdk init - followups on PR

See comments on #69

Signing is angry on master

Last build to master failed with

/codebuild/output/src671632077/src/dist/aws-cdk-0.6.0-pre+22aae38.zip
Retrieving key CDK/SigningKey...
Importing key...
gpg: keyring `/tmp/tmp.myA848KcTf/secring.gpg' created
gpg: keyring `/tmp/tmp.myA848KcTf/pubring.gpg' created
gpg: key C8CD0BC3: secret key imported
gpg: /tmp/tmp.myA848KcTf/trustdb.gpg: trustdb created
gpg: key C8CD0BC3: public key "AWS CDK Team <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg:       secret keys read: 1
gpg:   secret keys imported: 1
Signing Archive...
Signing /codebuild/output/src671632077/src/dist/aws-cdk-0.6.0-pre+22aae38.zip...
/codebuild/output/src671632077/src/sign.sh: line 37: $2: unbound variable
shred: /tmp/tmp.myA848KcTf/*: failed to open for writing: No such file or directory

[Container] 2018/06/07 22:08:14 Command did not exit successfully [ -f .BUILD_COMPLETED ] && /bin/bash ./bundle-beta.sh exit status 1
[Container] 2018/06/07 22:08:14 Phase complete: POST_BUILD Success: false
[Container] 2018/06/07 22:08:14 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: [ -f .BUILD_COMPLETED ] && /bin/bash ./bundle-beta.sh. Reason: exit status 1�

Relax constraints for construct names

At the moment, construct names are limited to only alphanumeric characters. This was due to coupling we had between construct names and CloudFormation resource logical IDs. But this has changed, since now we have a transformation function that takes a construct's path and allocates a logical ID for it. This means that we can now relax our constraints for construct names to anything other than "/" (which represents that path separator). This is useful since it is becoming increasingly common to reuse the name for other things (i.e. domain names in HostedZones, singleton unique id of a custom resource lambda function, etc).

"cdk init --lang typescript" is broken in multiple ways

Various errors:

$ cdk init --lang typescript --type lib
Command failed: npm install
npm ERR! code E404
npm ERR! 404 Not Found: jsii@^0.4.0
npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/benisrae/.npm/_logs/2018-06-13T13_16_03_507Z-debug.log

Can we somehow read the jsii version from the repo and not hard code it? At the moment it is 0.4.0-pre, but will probably change soon to 0.5.0-beta, etc.

$ cdk init --lang typescript --type app
Command failed: npm install
No valid rules have been specified for TypeScript files
npm ERR! code ELIFECYCLE
npm ERR! errno 2
npm ERR! [email protected] prepare: `tslint -p . && tsc && chmod a+x bin/hello-world.js`
npm ERR! Exit status 2
npm ERR!
npm ERR! Failed at the [email protected] prepare script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/benisrae/.npm/_logs/2018-06-13T13_17_26_143Z-debug.log

I don't thinnk we need tslint for the project template, maybe only for the library, but definitely not the app.

Unexpected behavior of default environment (region/account)

Hiya friends!

AWS IS SO SECURE 🔐

Tl;dr I have some creds in my env

> env | grep AWS
AWS_ACCESS_KEY_ID=nope
AWS_SECRET_ACCESS_KEY=nope
AWS_SESSION_TOKEN=nice try
┌[breland☮Brelands-MacBook-Pro-2.local]-(~/repos/aws-cdk/packages/swa-test)-[git://dev-brelandm ✗]-

And I'd love to use them:

┌[breland☮Brelands-MacBook-Pro-2.local]-(~/repos/aws-cdk/packages/swa-test)-[git://dev-brelandm ✗]-
└> ../aws-cdk-toolkit/bin/cdk -v bootstrap
Defaults: {  "app": "node index.js"}
Obtaining default region from AWS configuration
Setting "default-region" context to undefined
Looking up default account ID from STS
Setting "default-account" context to 532610000315
node index.js '{"type":"list","context":{"default-account":"532610000315"}}'
Stack name not specified, so defaulting to all available stacks: SWA
 ⏳  Bootstrapping environment 532610000315/us-west-1...
 ❌  Environment 532610000315/us-west-1 failed bootstrapping: Error: Need to perform AWS calls for account 532610000315, but no credentials found. Tried: default credentials.
Need to perform AWS calls for account 532610000315, but no credentials found. Tried: default credentials.
Error: Need to perform AWS calls for account 532610000315, but no credentials found. Tried: default credentials.
    at SDK.getCredentialProvider (/Users/breland/repos/aws-cdk/packages/aws-cdk-toolkit/lib/api/util/sdk.ts:124:15)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:160:7)
┌[breland☮Brelands-MacBook-Pro-2.local]-(~/repos/aws-cdk/packages/swa-test)-[git://dev-brelandm ✗]-

Is there some magic trick I need to use? The docs would indicate this should work... What am I missing?

Out of memory?

I have no idea what I did - does anyone know how I could increase the memory limit?

lerna ERR! execute Error occured with 'cdk-bones' while running 'npm run prepare'
lerna ERR! npm run prepare [cdk-bones] Output from stdout:

> [email protected] prepare /Users/breland/repos/aws-cdk/packages/cdk-bones
> jsii && tslint -p .


<--- Last few GCs --->

[201:0x102802400]    19266 ms: Mark-sweep 1016.7 (1116.3) -> 1015.0 (1122.3) MB, 399.1 / 0.0 ms  allocation failure GC in old space requested
[201:0x102802400]    19628 ms: Mark-sweep 1015.0 (1122.3) -> 1014.9 (1082.3) MB, 361.6 / 0.0 ms  last resort GC in old space requested
[201:0x102802400]    19975 ms: Mark-sweep 1014.9 (1082.3) -> 1014.9 (1078.3) MB, 346.7 / 0.0 ms  last resort GC in old space requested


<--- JS stacktrace --->

==== JS stack trace =========================================

Security context: 0x26bd4df25501 <JSObject>
    1: fromString(aka fromString) [buffer.js:338] [bytecode=0x26bd91dd7699 offset=161](this=0x26bd549822d1 <undefined>,string=0x26bd37e8a3d1 <Very long string[359501859]>,encoding=0x26bd4df35bf1 <String[4]: utf8>)
    2: from [buffer.js:189] [bytecode=0x26bd91dd7179 offset=14](this=0x26bdd4dbc291 <JSFunction Buffer (sfi = 0x26bd4df7e3f1)>,value=0x26bd37e8a3d1 <Very long string[359501859]>,encodi...


lerna ERR! npm run prepare [cdk-bones] Output from stderr:
FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed - JavaScript heap out of memory
 1: node::Abort() [/usr/local/bin/node]
 2: node::FatalTryCatch::~FatalTryCatch() [/usr/local/bin/node]
 3: v8::internal::V8::FatalProcessOutOfMemory(char const*, bool) [/usr/local/bin/node]
 4: v8::internal::Factory::NewRawTwoByteString(int, v8::internal::PretenureFlag) [/usr/local/bin/node]
 5: v8::internal::String::SlowFlatten(v8::internal::Handle<v8::internal::ConsString>, v8::internal::PretenureFlag) [/usr/local/bin/node]
 6: v8::String::WriteUtf8(char*, int, int*, int) const [/usr/local/bin/node]
 7: node::StringBytes::Write(v8::Isolate*, char*, unsigned long, v8::Local<v8::Value>, node::encoding, int*) [/usr/local/bin/node]
 8: node::Buffer::New(v8::Isolate*, v8::Local<v8::String>, node::encoding) [/usr/local/bin/node]
 9: node::Buffer::(anonymous namespace)::CreateFromString(v8::FunctionCallbackInfo<v8::Value> const&) [/usr/local/bin/node]
10: v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) [/usr/local/bin/node]
11: v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(v8::internal::Isolate*, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::FunctionTemplateInfo>, v8::internal::Handle<v8::internal::Object>, v8::internal::BuiltinArguments) [/usr/local/bin/node]
12: v8::internal::Builtin_Impl_HandleApiCall(v8::internal::BuiltinArguments, v8::internal::Isolate*) [/usr/local/bin/node]
13: 0x3b37858842fd
sh: line 1:   201 Abort trap: 6           jsii
npm ERR! code ELIFECYCLE
npm ERR! errno 134
npm ERR! [email protected] prepare: `jsii && tslint -p .`
npm ERR! Exit status 134
npm ERR!
npm ERR! Failed at the [email protected] prepare script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/breland/.npm/_logs/2018-06-07T06_19_38_370Z-debug.log

lerna ERR! execute Error occured with 'cdk-bones' while running 'npm run prepare'
{ Error: Command failed: npm run prepare
FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed - JavaScript heap out of memory
 1: node::Abort() [/usr/local/bin/node]
 2: node::FatalTryCatch::~FatalTryCatch() [/usr/local/bin/node]
 3: v8::internal::V8::FatalProcessOutOfMemory(char const*, bool) [/usr/local/bin/node]
 4: v8::internal::Factory::NewRawTwoByteString(int, v8::internal::PretenureFlag) [/usr/local/bin/node]
 5: v8::internal::String::SlowFlatten(v8::internal::Handle<v8::internal::ConsString>, v8::internal::PretenureFlag) [/usr/local/bin/node]
 6: v8::String::WriteUtf8(char*, int, int*, int) const [/usr/local/bin/node]
 7: node::StringBytes::Write(v8::Isolate*, char*, unsigned long, v8::Local<v8::Value>, node::encoding, int*) [/usr/local/bin/node]
 8: node::Buffer::New(v8::Isolate*, v8::Local<v8::String>, node::encoding) [/usr/local/bin/node]
 9: node::Buffer::(anonymous namespace)::CreateFromString(v8::FunctionCallbackInfo<v8::Value> const&) [/usr/local/bin/node]
10: v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) [/usr/local/bin/node]
11: v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(v8::internal::Isolate*, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::FunctionTemplateInfo>, v8::internal::Handle<v8::internal::Object>, v8::internal::BuiltinArguments) [/usr/local/bin/node]
12: v8::internal::Builtin_Impl_HandleApiCall(v8::internal::BuiltinArguments, v8::internal::Isolate*) [/usr/local/bin/node]
13: 0x3b37858842fd
sh: line 1:   201 Abort trap: 6           jsii
npm ERR! code ELIFECYCLE
npm ERR! errno 134
npm ERR! [email protected] prepare: `jsii && tslint -p .`
npm ERR! Exit status 134
npm ERR!
npm ERR! Failed at the [email protected] prepare script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/breland/.npm/_logs/2018-06-07T06_19_38_370Z-debug.log

> [email protected] prepare /Users/breland/repos/aws-cdk/packages/cdk-bones
> jsii && tslint -p .


<--- Last few GCs --->

[201:0x102802400]    19266 ms: Mark-sweep 1016.7 (1116.3) -> 1015.0 (1122.3) MB, 399.1 / 0.0 ms  allocation failure GC in old space requested
[201:0x102802400]    19628 ms: Mark-sweep 1015.0 (1122.3) -> 1014.9 (1082.3) MB, 361.6 / 0.0 ms  last resort GC in old space requested
[201:0x102802400]    19975 ms: Mark-sweep 1014.9 (1082.3) -> 1014.9 (1078.3) MB, 346.7 / 0.0 ms  last resort GC in old space requested


<--- JS stacktrace --->

==== JS stack trace =========================================

Security context: 0x26bd4df25501 <JSObject>
    1: fromString(aka fromString) [buffer.js:338] [bytecode=0x26bd91dd7699 offset=161](this=0x26bd549822d1 <undefined>,string=0x26bd37e8a3d1 <Very long string[359501859]>,encoding=0x26bd4df35bf1 <String[4]: utf8>)
    2: from [buffer.js:189] [bytecode=0x26bd91dd7179 offset=14](this=0x26bdd4dbc291 <JSFunction Buffer (sfi = 0x26bd4df7e3f1)>,value=0x26bd37e8a3d1 <Very long string[359501859]>,encodi...


    at Promise.all.then.arr (/Users/breland/repos/aws-cdk/node_modules/lerna/node_modules/execa/index.js:236:11)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:160:7)
  code: 134,
  killed: false,
  stdout: '\n> [email protected] prepare /Users/breland/repos/aws-cdk/packages/cdk-bones\n> jsii && tslint -p .\n\n\n<--- Last few GCs --->\n\n[201:0x102802400]    19266 ms:Mark-sweep 1016.7 (1116.3) -> 1015.0 (1122.3) MB, 399.1 / 0.0 ms  allocation failure GC in old space requested\n[201:0x102802400]    19628 ms: Mark-sweep 1015.0 (1122.3) -> 1014.9 (1082.3) MB, 361.6 / 0.0 ms  last resort GC in old space requested\n[201:0x102802400]    19975 ms: Mark-sweep 1014.9 (1082.3) -> 1014.9 (1078.3) MB, 346.7 / 0.0 ms last resort GC in old space requested\n\n\n<--- JS stacktrace --->\n\n==== JS stack trace =========================================\n\nSecurity context: 0x26bd4df25501 <JSObject>\n    1: fromString(aka fromString) [buffer.js:338] [bytecode=0x26bd91dd7699 offset=161](this=0x26bd549822d1 <undefined>,string=0x26bd37e8a3d1 <Very long string[359501859]>,encoding=0x26bd4df35bf1 <String[4]: utf8>)\n    2: from [buffer.js:189] [bytecode=0x26bd91dd7179 offset=14](this=0x26bdd4dbc291 <JSFunction Buffer (sfi = 0x26bd4df7e3f1)>,value=0x26bd37e8a3d1 <Very long string[359501859]>,encodi...\n\n',
  stderr: 'FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed - JavaScript heap out of memory\n 1: node::Abort() [/usr/local/bin/node]\n 2: node::FatalTryCatch::~FatalTryCatch() [/usr/local/bin/node]\n 3: v8::internal::V8::FatalProcessOutOfMemory(char const*, bool) [/usr/local/bin/node]\n 4: v8::internal::Factory::NewRawTwoByteString(int, v8::internal::PretenureFlag) [/usr/local/bin/node]\n 5: v8::internal::String::SlowFlatten(v8::internal::Handle<v8::internal::ConsString>, v8::internal::PretenureFlag) [/usr/local/bin/node]\n 6: v8::String::WriteUtf8(char*, int, int*, int) const [/usr/local/bin/node]\n 7: node::StringBytes::Write(v8::Isolate*, char*, unsigned long, v8::Local<v8::Value>, node::encoding, int*) [/usr/local/bin/node]\n 8: node::Buffer::New(v8::Isolate*, v8::Local<v8::String>, node::encoding) [/usr/local/bin/node]\n 9: node::Buffer::(anonymous namespace)::CreateFromString(v8::FunctionCallbackInfo<v8::Value> const&) [/usr/local/bin/node]\n10: v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) [/usr/local/bin/node]\n11: v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(v8::internal::Isolate*, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::FunctionTemplateInfo>, v8::internal::Handle<v8::internal::Object>, v8::internal::BuiltinArguments) [/usr/local/bin/node]\n12: v8::internal::Builtin_Impl_HandleApiCall(v8::internal::BuiltinArguments, v8::internal::Isolate*) [/usr/local/bin/node]\n13: 0x3b37858842fd\nsh: line 1:   201 Abort trap: 6           jsii\nnpm ERR! code ELIFECYCLE\nnpm ERR! errno 134\nnpm ERR! [email protected] prepare: `jsii && tslint -p .`\nnpm ERR! Exit status 134\nnpm ERR! \nnpm ERR! Failed at the [email protected] prepare script.\nnpm ERR! This is probably not a problem with npm. There is likely additional logging output above.\n\nnpm ERR! A complete log of this run can be found in:\nnpm ERR!     /Users/breland/.npm/_logs/2018-06-07T06_19_38_370Z-debug.log\n',
  failed: true,
  signal: null,
  cmd: 'npm run prepare',
  timedOut: false,
  pkg:
   Package {
     _package:
      { name: 'cdk-bones',
        version: '0.6.0',
        description: 'The BONES standard resources',
        main: 'lib/index.js',
        types: 'lib/index.d.ts',
        jsii: [Object],
        repository: [Object],
        scripts: [Object],
        keywords: [Array],
        author: [Object],
        license: 'Apache-2.0',
        devDependencies: [Object],
        dependencies: [Object] },
     _location: '/Users/breland/repos/aws-cdk/packages/cdk-bones' },
  exitCode: 1 }
┌[breland☮Brelands-MacBook-Pro-2.local]-(~/repos/aws-cdk)-[git://dev-brelandm-cloudfront ✗]-

cdk init presently doesn't npm install

OS: Arch Linux (but I don't think it's specific to that)

No --language was provided, but 'app' supports only 'typescript', so defaulting to --language=typescript
Initializing a new git repository...
Applying project template app for typescript
Installing CDK modules from /home/leepa/.cdk/repo/npm...

> [email protected] postinstall /home/leepa/Code/tcdk/node_modules/jsii/node_modules/uglifyjs-webpack-plugin
> node lib/post_install.js
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
+ [email protected]
added 761 packages from 410 contributors and audited 379 packages in 15.858s
found 0 vulnerabilities

npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/jsii/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

Executing npm install...
Command failed: npm install
npm ERR! code ELIFECYCLE
npm ERR! errno 2
npm ERR! [email protected] prepare: `tslint -p . && tsc && chmod a+x bin/tcdk.js`
npm ERR! Exit status 2
npm ERR! 
npm ERR! Failed at the [email protected] prepare script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR!     /home/leepa/.npm/_logs/2018-06-09T07_57_01_653Z-debug.log

Looks like it's running npm install before putting the bin folder in with 'tcdk.ts'.

Packaging for beta releases

Let's work backwards from how we want beta participants to use the CDK.

Installation

Theoretically, this step should only install the toolkit on the system, but since we still don't have the CDK libraries released into package managers, the installed bundle will also contain a local repository of all modules in all languages. The "magic" will happen in cdk init, which will take care of binding the newly created project to the local copy instead of the package manager (depending on the language).

Download a zip from an authenticated URL (GitHub releases would be an idiomatic way to do it, but we can also publish to S3 and have users download using the CLI).
Run a setup command which unzips the file and install it under ~/.cdk. Ideally we don't want any system-level installs (including jsii-runtime), but as a temporary workaround until we bundle the runtime with the java client we can do with a installing jsii-runtime to /usr/local/bin (requires sudo).
Ask users to add ~/.cdk/bin to their PATH.

Creating Projects

During beta we expect all CDK projects to be created using cdk init.

Post-beta users will be able to create CDK projects in any way they want and just consume modules idiomatically through their package manager, but this technique should also work.

We should have two types of templates for each supported language:

CDK App: defines a user Stack, an App and the build process will synthesize CloudFormation templates for all stacks defined in the app.
CDK Library: exports a construct.

TypeScript

For example, cdk init typescript-app will initialize the current directory with a typescript CDK app project and then run npm install to bring in all the deps.

The directory will include:

package.json file with devDependencies which includes pointers to file:// tarballs installed udner ~/.cdk. The package.json file will include all CDK modules (aws-cdk-xxx). This will make it easier for users to get started, and will also solve the issue of dependency resolution without npm.
prepare and watch scripts use tsc (not jsii), since this is an app, also requires tsconfig.json.
cdk.json has { app: node index.js }
cdk script will run the toolkit cdk.
prepare script will also invoke cdk synth -o cdk-out or something like that. Which means that building the project will automatically synthesize the templates.

Java

cdk init java-app will initialize the current directory with a java maven project. The pom.xml file will use a system scope (or file:// repository, whichever makes more sense) to point to aws-cdk and jsii-java-runtime packages under ~/.cdk.

The maven project will also include a post-build step that will invoke synthesize and will produce templates to cdk-out (same name as the JS projects, to make it easier for CI/CD to be set up later).

Bidirectionally restrictive permissions

Let's reopen the discussion!

In some cases, bidirectional permissions are redundant (S3) but in others they are required (KMS).

Do we have to inventarize? At least we have to revisit our generic strategy.

aws-cdk-codepipeline: can we tighten InvokeLambdaAction permissions?

The function invoked by the pipeline needs codepipeline:PutJobXxxResult permissions, and based on the docs we are using "*" as the resource instead of the pipeline's ARN.

Try to see if there is a way to specify an explicit pipeline instead.

See context in #29

Custom Resources + Additional Permissions

Howdy!

Sometimes, when you're making a custom resource - you want it to do amazing things.

For example, say I want a custom resource that can do DNS Cross Account Delegation. Thus, my lambda role needs to be able to sts:AssumeRole into whatever target account, as well as route53:Get* in my account. This is of course super frequent (custom resources doing things that require additional AWS Permissions)

We currently have a custom resource provider that's amazing and beautiful - but it doesn't offer the ability to add additional policies to the created lambda, which makes me sad.

This issue is about fixing that, and getting feedback on how to do so.

Options (that I know of):

In the LambdaBackedCustomResourceProps, add a thing like additionalPermissions, and add them to the Lambda during ensureLambda. (or extend the LambdaProps class of LambdaBackedCustomResourceProps to be something like CustomResourceLambdaProps and add a new field additionalPermissions). Functionally, these are the same, it's just where that property lives.

This isn't super elegant - the Lambda is a singleton, but the custom resource can be added over and over, backed by the same lambda. (This is generally how it's meant to be used). It's unlikely each one would have different perms (or lambda props), but could be confusing to customers. Right now the uuid is what determines if a new Lambda is created. (The confusing bit being - I created 2 custom resources with different props, but the same UUID, but that means the first one will be the one the props are taken for)

Refactor this class to just take in a Lambda (optionally of course) that we would just always use if present.

This option lets the customer go crazy on customizing the Lambda - and we just use it without too much hassle.

Whatcha think?

Make EncryptionKeyAlias implement EncryptionKeyRef

We want to refer to keys by alias, so that we can rotate the key.

However, we need to be able to get an ARN from the alias, and we need to be able to add policies to the original key.

AWS Tags Support

It should be possible to apply tags to AWS resources which support them and we would like to have a uniform API for tags across the AWS construct library

cdk-integ —no-clean

Allow invoking cdk-integ in a mode that keeps the stack around after deployment. May be used to perform some manual validation etc

Bootstrapping gets confused if multiple stacks are in the same environment

(Rico Huijbers/Isengard) cdk-ci-cd$ cdk -c default-account=993655754359 bootstrap cdk-dev-huijbers
No environments were found when selecting across ["cdk-dev-huijbers"] (available: 993655754359/us-east-1, 993655754359/us-east-1, 993655754359/us-east-1, 993655754359/us-east-1, 993655754359/us-east-1, 993655754359/us-east-1, 993655754359/us-east-1, 993655754359/us-east-1, 993655754359/us-east-1, 993655754359/us-east-1)
(Rico Huijbers/Isengard) cdk-ci-cd$ cdk -c default-account=993655754359 bootstrap 993655754359/us-east-1
 ⏳  Bootstrapping environment 993655754359/us-east-1...
 ⏳  Bootstrapping environment 993655754359/us-east-1...
 ⏳  Bootstrapping environment 993655754359/us-east-1...
 ⏳  Bootstrapping environment 993655754359/us-east-1...
 ⏳  Bootstrapping environment 993655754359/us-east-1...
 ⏳  Bootstrapping environment 993655754359/us-east-1...
 ⏳  Bootstrapping environment 993655754359/us-east-1...
 ⏳  Bootstrapping environment 993655754359/us-east-1...
 ⏳  Bootstrapping environment 993655754359/us-east-1...
 ⏳  Bootstrapping environment 993655754359/us-east-1...
 ❌  Environment 993655754359/us-east-1 failed bootstrapping: AlreadyExistsException: Stack [CDKToolkit] already exists
Stack [CDKToolkit] already exists

Regardless of the fact that my stack was already bootstrapped, it shouldn't start bootstrapping the same stack 8 times just because I happen to have 8 stacks in the same environment.

Project README doesn’t convey what CDK is

Currently the README in this project seems to be very geared towards how to build and contribute to the CDK. This feels like a mistake; the readme will probably be seen more by people unfamiliar with CDK, and those wishing to contribute will be a much smaller percentage. People shouldn’t have to download the project and run ‘cdk docs’ to find out what it does.

Split off details on how to build and develop CDK to a separate CONTRIBUTING.md file, and fill the main project README with much richer information on what CDK is, the problems it solves, and rich usage examples.

Reduce boilerplate for single stack apps

It is a very common case to have CDK apps with a single stack, in which case there's currently too much boilerplate:

import { App, Stack } from 'aws-cdk'; // boilerplate
import { Topic } from '@aws-cdk/sns';
import { Table } from '@aws-cdk/dynamodb';

// boilerplate
const app = new App(process.argv);
const stack = new Stack(app, 'my-stack');

// actual interesting code
new Topic(stack, 'MyTopic');
new Table(stack, 'MyTable');

// boilerplate
process.stdout.write(app.run());

The vision is something like:

import { stack } from 'aws-cdk'; // wish we could get rid of this too, but that's ok
import { Topic } from '@aws-cdk/sns';
import { Table } from '@aws-cdk/dynamodb';

new Topic(stack, 'MyTopic');
new Table(stack, 'MyTable');

Then, don't even need to run tsc:

cdk -a my-app.ts --name my-stack synth
Resources:
  MyTopic:
    Type: AWS::SNS::Topic
  MyTable:
    Type: AWS::DynamoDB::Table
    # ...

Naturally, we need a solution that works for all supported languages.

Add metadata for AWS constructs are defined with a physical name

When an AWS construct is defined with an explicit physical name, we'd like to annotate the construct with metadata that contains that physical name, so that tools and aspects will be able to reason about it. We have a few examples throughout the library which add the aws:cdk:hasPhysicalName metadata entry for physical names, but we should normalize this though a common library.

Reorganize packages/

The current flat structure of our monorepo makes it hard to work with it as it's hard to scope down lerna operations only to certain parts of it. Eventually, once we start publishing to NPM, we will want to manage various module (or module groups) in separate repos, but for now, let's try to organize it in a way that will make it more practical to use.

Here's an initial proposal:

packages/framework
    aws-cdk
    aws-cdk-applet-js
    aws-cdk-assert
    aws-cdk-cloudformation-diff
    aws-cdk-custom-resources
    aws-cdk-cx-api
    aws-cdk-resources
    aws-cdk-toolkit
    aws-cdk-util
packages/awslibs
    aws-cdk-acm
    aws-cdk-cloudtrail
    aws-cdk-codebuild
    aws-cdk-codecommit
    aws-cdk-codepipeline
    aws-cdk-dynamodb
    aws-cdk-ec2
    aws-cdk-events
    aws-cdk-iam
    aws-cdk-kms
    aws-cdk-lambda
    aws-cdk-neptune
    aws-cdk-quickstarts
    aws-cdk-rds
    aws-cdk-route53
    aws-cdk-rtv
    aws-cdk-s3
    aws-cdk-sns
    aws-cdk-sqs
packages/build-tools
    cfn2ts
    pkglint
    pkgtools
    simple-resource-bundler
packages/bundles
    cdk-bundle-all
    cdk-bundle-docs
    cdk-bundle-java
packages/examples

Simple Resource Bundler

Howdy!

I'm using SRB in a custom resource - and from there I'm using it in a Java app.

I'm getting an obscure error when using from java land:

HALP

Exception in thread "main" org.jsii.JsiiException: Buffer is not defined
ReferenceError: Buffer is not defined
    at Object.defineProperty.value (jsii$cdk_bones$/local/home/brelandm/workplace/genera
ted/src/BONESConstructs/src/lib/resources.js:1:0)
    at __webpack_require__ (jsii$cdk_bones$/webpack/bootstrap 65af42835526a686d18a:19:0)
    at new ACMDNSCert (jsii$cdk_bones$/local/home/brelandm/workplace/generated/src/BONES
Constructs/src/lib/acm_dns_cert.ts:17:26)
    at new ServerlessWebapp (jsii$cdk_bones$/local/home/brelandm/workplace/generated/src
/BONESConstructs/src/lib/serverless_webapp.ts:27:27)
    at obj._wrapSandboxCode (/local/home/brelandm/brazil-pkg-cache/packages/BrazilCDK/Br
azilCDK-0.6.321.0/RHEL5_64/DEV.STD.PTHREAD/build/node_modules/jsii-kernel/lib/kernel.ts:
332:49)
    at Kernel._wrapSandboxCode (/local/home/brelandm/brazil-pkg-cache/packages/BrazilCDK
/BrazilCDK-0.6.321.0/RHEL5_64/DEV.STD.PTHREAD/build/node_modules/jsii-kernel/lib/kernel.
ts:900:19)
    at Kernel._create (/local/home/brelandm/brazil-pkg-cache/packages/BrazilCDK/BrazilCD
K-0.6.321.0/RHEL5_64/DEV.STD.PTHREAD/build/node_modules/jsii-kernel/lib/kernel.ts:332:26
)
    at Kernel.create (/local/home/brelandm/brazil-pkg-cache/packages/BrazilCDK/BrazilCDK
-0.6.321.0/RHEL5_64/DEV.STD.PTHREAD/build/node_modules/jsii-kernel/lib/kernel.ts:97:21)
    at KernelHost.processRequest (/local/home/brelandm/brazil-pkg-cache/packages/BrazilC
DK/BrazilCDK-0.6.321.0/RHEL5_64/DEV.STD.PTHREAD/build/node_modules/jsii-runtime/lib/host
.ts:84:28)

Serverless Code Version - required

Howdy!

According to the serverless docs : https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#s3-location-object

The version of a code thing isn't required

Data Types
S3 Location Object
Specifies the location of an S3 object as a dictionary containing Bucket, Key, and optional Version properties.

Example:

CodeUri:
  Bucket: mybucket-name
  Key: code.zip
  Version: 121212

But we've got it marked non optional in our code
( i think it's sourced from : https://github.com/awslabs/aws-cdk/blob/4a7eaa6846d54c383022266809e3c3d3100992b6/packages/aws-cdk-resources/cloudformation-specs/000_sam.spec.json#L197 )

And putting a dummy value (like 0 is super not valid)

Proposal: Token.toString()

References to runtime attributes of resources (the name of the bucket, the ARN of a topic, etc). At the moment, these are represented a Token objects. Tokens are objects that have a resolve method. When a stack is synthesized, every toke node in the JSON document is resolved and the result is plugged into the document.

One of the usability issues we are experiencing with tokens is that it is very common to need to format strings that reference them. For example:

const bucket = new s3.Bucket(this, 'MyBucket');
const rule = new cloudwatch.EventRule(this, 'Schedule', { scheduleExpression: 'rate(1 minute)' });
rule.addTarget(topic, {
  textTemplate: `Hello, bucket ${bucket.bucketName}`
});

Sadly, this code will not behave as expected. bucket.bucketName is an object of type BucketName, which extends Token, and not a string. The resulting string would be "Hello, bucket [Object]".

If we had a toString method for tokens, which would have been meaningful and substitutable during synthesis, the above code would behave as expected.

Pull Requests - Attempt to build them

The internet is a ✨magical✨ place.

It's even more magical when you submit pull requests and know if you broke the build pre-merge!

Since we're fans of the internet (and ✨magic✨) we should do some work to enable CodeBuild to validate pull requests!

https://docs.aws.amazon.com/codebuild/latest/userguide/sample-github-pull-request.html

If no one has any objections - I'm happy to wire this up.

cdk-integ assertions

Define a way to write assertions against a stack deployed for integration tests.
Naturally assertions will need to be able to interact with deployed resources somehow.
Bare in mind that there are numerous cases (such are ElastiCache, etc) where resources can only be accessed from within a VPC, so ideally assertions should run from code executed on a compute resource deployed with/alongside the tested stack.

Partitions

If there's one thing I love about AWS - it's how everywhere we are 🌐 🌏 🌍 🌎!

Downside, there's a lot of fun that goes into making templates not tied to a region/partition.

I don't think it's in many places, but I happened to find one spot (addressed in #16 ) where we had hardcoded partition in a string arn construction.

We should avoid those types of bugs :)

This just serves as a high level tracking item to remove any references to partitions/regions.

Some places to check:

ARN construction with region or partition info (of resources or policies)
Service Principals (they can, though, should not often) vary per partition
S3 "domain endpoints" ( mybucket.s3.amazonaws.com, mybucket.s3.amazonaws.com.cn)

Dependencies between constructs and resources

We have an interface called IDependable, but It's not a nice API and very explicit. I wonder if it will be sufficient to automatically just add all resources that are children of a dependency target instead, so when you do source.addDependency(target), the tree under target is inspected and any construct that has a logicalId under that tree will be automatically added.

cdk init for java

Create cdk init templates for java library/app

Repo build and dev env doesn’t work on Windows 10

pkglint doesn't work on Windows it seems - or something is running chmod which obviously does not exist.

C:\Users\lpack\Documents\Code\aws-cdk>node --version
v8.11.2

lerna info lifecycle prepare
lerna sill runScript prepare pkglint
lerna sill runScriptInDir prepare [] pkglint
lerna sill getExecOpts { cwd: 'C:\\Users\\lpack\\Documents\\Code\\aws-cdk\\packages\\pkglint' }
lerna sill pkglint
lerna ERR! execute Error occured with 'pkglint' while running 'npm run prepare'
lerna ERR! npm run prepare [pkglint] Output from stdout:

> [email protected] prepare C:\Users\lpack\Documents\Code\aws-cdk\packages\pkglint
> tsc && tslint -p . && chmod +x bin/pkglint


lerna ERR! npm run prepare [pkglint] Output from stderr:
'chmod' is not recognized as an internal or external command,
operable program or batch file.
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] prepare: `tsc && tslint -p . && chmod +x bin/pkglint`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] prepare script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\lpack\AppData\Roaming\npm-cache\_logs\2018-06-06T21_16_29_706Z-debug.log

lerna ERR! execute Error occured with 'pkglint' while running 'npm run prepare'
{ Error: Command failed: npm run prepare
'chmod' is not recognized as an internal or external command,
operable program or batch file.
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] prepare: `tsc && tslint -p . && chmod +x bin/pkglint`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] prepare script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\lpack\AppData\Roaming\npm-cache\_logs\2018-06-06T21_16_29_706Z-debug.log

> [email protected] prepare C:\Users\lpack\Documents\Code\aws-cdk\packages\pkglint
> tsc && tslint -p . && chmod +x bin/pkglint


    at Promise.all.then.arr (C:\Users\lpack\Documents\Code\aws-cdk\node_modules\lerna\node_modules\execa\index.js:236:11)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:188:7)
  code: 1,
  killed: false,
  stdout: '\n> [email protected] prepare C:\\Users\\lpack\\Documents\\Code\\aws-cdk\\packages\\pkglint\n> tsc && tslint -p . && chmod +x bin/pkglint\n\n',
  stderr: '\'chmod\' is not recognized as an internal or external command,\r\noperable program or batch file.\r\nnpm ERR! code ELIFECYCLE\nnpm ERR! errno 1\nnpm ERR! [email protected] prepare: `tsc && tslint -p . && chmod +x bin/pkglint`\nnpm ERR! Exit status 1\nnpm ERR! \nnpm ERR! Failed at the [email protected] prepare script.\nnpm ERR! This is probably not a problem with npm. There is likely additional logging output above.\n\nnpm ERR! A complete log of this run can be found in:\nnpm ERR!     C:\\Users\\lpack\\AppData\\Roaming\\npm-cache\\_logs\\2018-06-06T21_16_29_706Z-debug.log\n',
  failed: true,
  signal: null,
  cmd: 'npm run prepare',
  timedOut: false,
  pkg:
   Package {
     _package:
      { name: 'pkglint',
        version: '0.6.0',
        private: true,
        description: 'Validate and fix package.json files',
        main: 'lib/index.js',
        types: 'lib/index.d.ts',
        repository: [Object],
        pkglint: [Object],
        bin: [Object],
        scripts: [Object],
        keywords: [Array],
        author: [Object],
        license: 'Apache-2.0',
        devDependencies: [Object],
        dependencies: [Object] },
     _location: 'C:\\Users\\lpack\\Documents\\Code\\aws-cdk\\packages\\pkglint' },
  exitCode: 1 }

C:\Users\lpack\Documents\Code\aws-cdk>node --version
v8.11.2

C:\Users\lpack\Documents\Code\aws-cdk>

Find a strategy to fix the leakage of aws-cdk-resources through higher level libraries

The ergonomics of writing a Construct Library that exposes some attributes are not ideal. For example, writing a construct that uses a Bucket from aws-cdk-s3 and exposes the BucketArn attribute:

import { Construct } from 'aws-cdk';
import { s3 } from 'aws-cdk-resources'; // <-- HERE
import { Bucket } from 'aws-cdk-s3';

export class Foo extends Construct {
    public readonly bucketArn: s3.BucketArn; // <-- THERE

    constructor(parent: Construct, name: string) {
        this.bucketArn = new Bucket(this, 'Bar').bucketArn;
    }
}

One way is to re-export the classes from aws-cdk-resources that are used in the signatures of the classes in higher level libraries, but this requires lots of boilerplate on the construct library authors, so it's not ideal either...

Generated IDs + Swagger (APIG Land)

So we generate these super fun logical IDs.

Which is dope.

But most folks will use imported swagger (failry common) .

Problem being swagger needs to have the ref's to the Lambda (and sometimes the APIG role) - and that's not very easy to do right now. I think I'll have to bascially search the import JSON for kind of a placeholder value, and replace it :/

We should make this super clean and intuitive for customers

Runtime code packaging & deployment

Vision

When I consume a library in my CDK project which contains runtime code, my workflow looks exactly like it looks today. This means that when cdk deploy my application, the runtime code will be automatically and transparently bundled and deployed.

When I write CDK libraries/apps, I can naturally add runtime code to it and CDK constructs can be used to reference it for execution on various compute platforms. Also, referencing CDK values from runtime code should be as strongly-typed and compile-time enforced as possible. This might mean that CDK will generate code.

Thoughts on Design and Staging

There's probably some plugin architecture behind this that allows us to build adapters for various compute platforms and various programming languages (when it comes to bundling). We should look into how existing solutions (e.g. SAM, Serverless, Terraform, Pulumi) approach this problem.
A number of resources require build & upload of source local to the CDK repo.

cdk init: fix and expand for private beta

cdk init is currently broken since we moved from internal packaging to external. See #6 for details on how we want cdk init to work during beta.

`cdk --version` should include commit sha

To make it easier to reproduce issues, it will be useful to include the commit sha cdk --version

Make it easier to extract [common?] fields from events

The input transformation supported by eventRule.addTarget(target, inputTransformation) requires deep knowledge of how source events look.

For example, to trigger an SNS topic every time an EC2 instance changes its state, users currently need to write:

const instance = new ec2.Instance(this, 'MyInstance');
instance.onStateChange().addTarget(topic, {
  textTemplate: 'Instance <instance> changed state to <state>',
  pathsMap: {
    state: '$.detail.state', 
    instance : '$.detail.instance-id'
  }
});

This means that users must know exactly how an "EC2 Instance State-change Notification" looks like. Ideally that should be an implementation detail of the ec2.Instance class.

See #27 for context

Convert `Token` to an interface

There is no reason why Token shouldn't be an interface now that interfaces are supported in jsii

cdk docs: open bundled cdk documentation website

At least for private beta, since we are not publishing our docs, we want cdk docs to open the browser window with the bundled documentation website (the docs website is under docs/).

@aws-cdk/util doesn't need to be a bundled dependency

It should be a normal jsii package.

Java: split to a maven package per CDK package

At the moment, we produce one big maven module com.amazon.aws/aws-cdk which contains the entire CDK (all public modules in this repository). We would like to vend multiple maven packages so that each CDK module can evolve independently. This is especially important to not require major version bumps of everything if only one module had a breaking change.

AWS CDK user-agent

The AWS CDK CLI should follow AWS standards for user-agent format by prepending the following to the JS SDK's user-agent:
aws-cdk/

Template Transform ignored/lost?

Hello friends!
One thing that came up in the workshop today - we're setting a template transform, but it's seemingly dropped from the resulting artifact. I probably did something wrong, but here's the code

public class BrelandmEuDevConDemoLambdaWebsiteStack extends Stack {

    public BrelandmEuDevConDemoLambdaWebsiteStack(App parent, String name) throws IOException{
        super(parent, name);
        String swaggerPath = System.getenv("SWAGGER_PATH");

        String swagger = new String(Files.readAllBytes(Paths.get(swaggerPath)), StandardCharsets.UTF_8);
        ServerlessWebappProps serverlessProps = ServerlessWebappProps
            .builder()
            .withHostedZoneName("brelandm.not-used-for-prod.workshops.bones.a2z.com")
            .withStage("personal")
            .withHandler("com.amazon.brelandmeudevcondemolambda.activity.BrelandmEuDevConDemoLambdaEntryPoint::handleRequest")
            .withSwagger(swagger)
            .build();

        // We rename these becuase the Swagger that Coral2Swagger generates does not know the generated CDK Name.
        // In the future, the CDK Constructs will have better first class support for imported swagger :)
        // The CDK generates names - these were pre-computed. If you change where the serverless function is attached, this will break :/
        // Keep an eye out for an announcement for a huge imprvement to this soon
        this.renameLogical("TheAppLambda981F0DA4", "LambdaFunction");
        this.renameLogical("TheAppAPIGatewayExecutionRoleCB4E23C4", "APIGatewayExecutionRole");
        
        ServerlessWebapp serverless = new ServerlessWebapp(this, "TheApp", serverlessProps);
        this.getTemplateOptions().setTransform("AWS::Serverless-2016-10-31");

    }
}

The line being the last one - It just doesn't seem to take.

Am I missing something? Is it legal to attach this at the Stack (I thought so...)

Speed up build

The complete build of aws-cdk is now taking 15m-20m for me, which is quite ludicrous for the work it has to do. I could build a 500k LoC C++ project in that time!

Figure out why this is and fix it. It might have something to do with the fact that .d.ts support doesn't quite work as expected.

diff: Improve diff of IAM policies

This doesn't really help out, especially when column-wrapped in the console:

[~] 🛠 Updating ReleaseReleaseProjectRoleDefaultPolicy84BD3DD4 (type: AWS::IAM::Policy)
 └─ [~] .PolicyDocument:
     └─ [~] .Statement:
         ├─ [-] Old value: [{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":
[{"Fn::Join":["",["arn",":",{"Ref":"AWS::Partition"},":","logs",":",{"Ref":"AWS::Region"},":",
{"Ref":"AWS::AccountId"},":","log-group",":",{"Fn::Join":["",["/aws/codebuild/",
{"Ref":"ReleaseReleaseProject7FF55BD1"}]]}]]},{"Fn::Join":["",[{"Fn::Join":["",["arn",":",
{"Ref":"AWS::Partition"},":","logs",":",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":","log-
group",":",{"Fn::Join":["",["/aws/codebuild/",{"Ref":"ReleaseReleaseProject7FF55BD1"}]]}]]},":*"]]}]},
{"Action":
["s3:GetObject*","s3:GetBucket*","s3:List*","s3:PutObject*","s3:DeleteObject*","s3:Abort*"],"Effect":"A
llow","Resource":[{"Fn::GetAtt":["BuildPipelineArtifactsBucket6007E7FC","Arn"]},{"Fn::Join":["",
[{"Fn::GetAtt":["BuildPipelineArtifactsBucket6007E7FC","Arn"]},"/","*"]]}]},{"Action":
["s3:GetObject*","s3:GetBucket*","s3:List*","s3:PutObject*","s3:DeleteObject*","s3:Abort*"],"Effect":"A
llow","Resource":[{"Fn::GetAtt":["ReleasesCA994599","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":
["ReleasesCA994599","Arn"]},"/","*"]]}]},{"Action":"ses:SendEmail","Effect":"Allow","Resource":
{"Fn::Join":["",["arn",":",{"Ref":"AWS::Partition"},":","ses",":",{"Ref":"AWS::Region"},":",
{"Ref":"AWS::AccountId"},":","identity","/","foo@bar"]]}}]
         └─ [+] New value: [{"Action":
["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":
[{"Fn::Join":["",["arn",":",{"Ref":"AWS::Partition"},":","logs",":",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":","log-group",":",{"Fn::Join":["",["/aws/codebuild/",
{"Ref":"ReleaseReleaseProject7FF55BD1"}]]}]]},{"Fn::Join":["",[{"Fn::Join":["",["arn",":",
{"Ref":"AWS::Partition"},":","logs",":",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":","log-
group",":",{"Fn::Join":["",["/aws/codebuild/",{"Ref":"ReleaseReleaseProject7FF55BD1"}]]}]]},":*"]]}]},
{"Action":
["s3:GetObject*","s3:GetBucket*","s3:List*","s3:PutObject*","s3:DeleteObject*","s3:Abort*"],"Effect":"A
llow","Resource":[{"Fn::GetAtt":["BuildPipelineArtifactsBucket6007E7FC","Arn"]},{"Fn::Join":["",
[{"Fn::GetAtt":["BuildPipelineArtifactsBucket6007E7FC","Arn"]},"/","*"]]}]},{"Action":
["s3:GetObject*","s3:GetBucket*","s3:List*","s3:PutObject*","s3:DeleteObject*","s3:Abort*"],"Effect":"A
llow","Resource":[{"Fn::GetAtt":["ReleasesCA994599","Arn"]},{"Fn::Join":["",[{"Fn::GetAtt":
["ReleasesCA994599","Arn"]},"/","*"]]}]},{"Action":"ses:SendEmail","Effect":"Allow","Resource":
{"Fn::Join":["",["arn",":",{"Ref":"AWS::Partition"},":","ses",":",{"Ref":"AWS::Region"},":",
{"Ref":"AWS::AccountId"},":","identity","/","foo@zar"]]}}]

Simple Resource Bundler issue

Howdy!
I'm doing fun things with embedded things - tl;dr I'm having issues with Simple resource bundler

I added a dev-dependencies on it, here's my package.json

"devDependencies": {
    "aws-cdk-assert": "^0.6.0",
    "aws-cdk-toolkit": "^0.6.0",
    "aws-sdk": "^2.135.0",
    "pkglint": "^0.6.0",
    "simple-resource-bundler": "^0.6.0"
  },
  "dependencies": {
    "aws-cdk": "^0.6.0",
    "aws-cdk-iam": "^0.6.0",
    "aws-cdk-s3": "^0.6.0",
    "aws-cdk-resources": "^0.6.0",
    "aws-cdk-ec2":"^0.6.0",
    "aws-cdk-custom-resources":"^0.6.0",
    "aws-cdk-lambda":"^0.6.0",
    "aws-cdk-route53":"^0.6.0",
    "aws-cdk-acm":"^0.6.0",
    "aws-cdk-cloudfront": "^0.6.0"
  }

And changed my scripts to

"scripts": {
    "prepare": "simple-resource-bundler -o lib && jsii && tslint -p .",
    "watch": "tsc -w",
    "lint": "tsc && tslint -p . --force",
    "test": "nodeunit test/test.*.js"
  },

but that gets angry with:

module.js:559
    throw err;
    ^

Error: Cannot find module 'source-map-support/register'
    at Function.Module._resolveFilename (module.js:557:15)
    at Function.Module._load (module.js:484:25)
    at Module.require (module.js:606:17)
    at require (internal/module.js:11:18)
    at Object.<anonymous> (/Users/brelandm/workplace/bones_constructs/src/BONESConstructs/node_modules/simple-resource-bundler/bundler.js:41:1)
    at Module._compile (module.js:662:30)
    at Object.Module._extensions..js (module.js:673:10)
    at Module.load (module.js:575:32)
    at tryModuleLoad (module.js:515:12)
    at Function.Module._load (module.js:507:3)

Which seems to indicate it needs https://www.npmjs.com/package/@types/source-map-support maybe?

I'm not sure - but I think we can also remove it?

(I commented it out in my node_modules and it at least pretends to execute)

Circular dependency introduced by `cdk docs`

The introduction of the dependency aws-cdk-toolkit depends-on aws-cdk-docs created a cycle through aws-cdk-all, due to the presence of integration tests in most L2 construct libraries (they use aws-cdk-toolkit).

We need to break the cycle:

Short term: take an un-modeled dependency on aws-cdk-docs and gracefully handle inability to load it (rendering an error message inviting the user to install the missing dependency).
Long term: Break aws-cdk-toolkit into several sub-packages that would allow integration tests to depend only on the subset of features they use.

"import" is a reserved word in Java

All AWS constructs have a static import method to allow bringing-in resources defined externally. However, import is reserved in Java (and possibly in other languages).

In the interim the jsii compiler will simply add an _ at the end of the method name, but we need to find a new name for the method and rename across the codebase.

aws / aws-cdk Goto Github PK

aws-cdk's Introduction

AWS Cloud Development Kit (AWS CDK)

Getting Started

At a glance

Getting Help

Roadmap

Contributing

Metrics collection

More Resources

aws-cdk's People

Stargazers

Watchers

Forkers

aws-cdk's Issues

Installation

Creating Projects

TypeScript

Java

Vision

Thoughts on Design and Staging

Recommend Projects

Recommend Topics

Recommend Org