AWS DevOps & Developer Productivity Blog
CDK Corner – April 2021
Social – Community Engagement
We’re getting closer and closer to CDK Day, with the event receiving 75 CFP submissions. The cdkday schedule is now available to plan out your conference day.
Updates to the CDK
Constructs promoted to General Availability
Promoting a module to stable/General Availability is always a cause for celebration. Great job to all the folks involved who helped move aws-acmpca
from Experimental to Stable. PR#13778 gives a peak into the work involved. If you’re interested in helping promote a module to G.A., or would like to learn more about the process, read the AWS Construct Library Module Lifecycle document. A big thanks to the CDK Community and team for their work!
Dead Letter Queues
Dead Letter Queues (“DLQs”) are a service implementation pattern that can queue messages when a service cannot process them. For example, if an email message can’t be delivered to a client, an email server could implement a DLQ holding onto that undeliverable message until the client can process the message. DLQs are supported by many AWS services, the community and CDK team have been working to support DLQs with CDK in various modules: aws-codebuild
in PR#11228, aws-stepfunctions
in PR#13450, and aws-lambda-targets
in PR#11617.
Amazon API Gateway
Amazon API Gateway is a fully managed service to deploy APIs at scale. Here are the modules that have received updates to their support for API Gateway:
-
stepfunctions-tasks
now supports API Gateway with PR#13033. -
You can now specify regions when integrating Amazon API Gateway with other AWS services in PR#13251.
-
Support for websockets api in PR#13031 is now available in
aws-apigatewayv2
as a Level 2 construct. To differentiate configuration between HTTP and websockets APIs, several of the HTTP API properties were renamed. More information about these changes can be found in the conversation section of PR#13031. -
You can now set default authorizers in PR#13172. This lets you use an API Gateway HTTP, REST, or Websocket APIs with an authorizer and authorization scopes that cover all routes for a given API resource.
Notable new L2 constructs
AWS Global Accelerator is a networking service that lets users of your infrastructure hosted on AWS use the AWS global network infrastructure for traffic routing, improving speed and performance. Amazon Route 53 supports Global Accelerator and, thanks to PR#13407, you can now take advantage of this functionality in the aws-route-53-targets
module as an L2 construct.
Amazon CloudWatch is an important part of monitoring AWS workloads. With PR#13281, the aws-cloudwatch-actions
module now includes an Ec2Action
construct, letting you programmatically set up observability of EC2-based workloads with CDK.
The aws-cognito
module now supports Apple ID User Pools in PR#13160 allowing Developers to define workloads that use Apple IDs for identity management.
aws-iam
received a new L2 construct with PR#13393, bringing SAML implementation support to CDK. SAML has become a preferred framework when implementing Single Sign On, and has been supported with IAM for sometime. Now, set it up with even more efficiency with the SamlProvider construct.
Amazon Neptune is a managed graph database service available as a construct in the aws-neptune
module. PR#12763 adds L2 constructs to support Database Clusters and Database Instances.
Level ups to existing CDK constructs
Service discovery in AWS is provided by AWS CloudMap. With PR#13192, users of aws-ecs
can now register an ECS Service with CloudMap.
aws-lambda
has received two notable additions related to Docker: PR#13318, and PR#12258 add functionality to package Lambda function code with the output of a Docker build, or from a Docker build asset, respectively.
The aws-ecr
module now supports Tag Mutability. Tags can denote a specific release for a piece of software. Setting the enum in the construct to IMMUTABLE
will prevent tags from being overwritten by a later image, if that image uses a tag already present in the container repository.
Last year, AWS announced support for deployment circuit breakers in Amazon Elastic Container Service, enabling customers to perform auto-rollbacks on unhealthy service deployments without manual intervention. PR#12719 includes this functionality as part of the aws-ecs-patterns
module, via the DeploymentCircuitBreaker interface. This interface is now available and can be used in constructs such as ApplicationLoadBalancedFargateService.
The aws-ec2
module received some nice quality of life upgrades to it: Support for multi-part user-data in PR#11843, client vpn endpoints in PR#12234, and non-numeric security protocols for security groups in PR#13593 all help improve the experience of using EC2 with CDK.
Learning – Finds from across the internet
On the AWS DevOps Blog, Eric Beard and Rico Huijbers penned a post detailing Best Practices for Developing Cloud Applications with AWS CDK.
Users of AWS Elastic Beanstalk wanting to deploy with AWS CDK can read about deploying Elastic Beanstalk applications with the AWS CDK and the aws-elasticbeanstalk
module.
Deploying Infrastructure that is HIPAA and HiTrust compliant with AWS CDK can help customers move faster. This best practices guide for Hipaa and HiTrust environments goes into detail on deploying compliant architecture with the AWS CDK.
Community Acknowledgements
And finally, congratulations and rounds of applause for these folks who had their first Pull Request merged to the CDK Repository!*
- niklaswallerstedt
- diegotry
- Yunchao
- umutc
- cornerwings
- nelsonjchen
- stefanodesjo
- alastair-watts-avrios
- nicolaifsf
- rli1994hi
- leimd
- piotrmoszkowicz
- sneharathod
- cornerwings
- proxy-hatch
*These users’ Pull Requests were merged between 2021-03-01 and 2021-03-31.
Thanks for reading this update of the CDK Corner. See you next time!