Read parameters across AWS Regions with AWS CloudFormation custom resources
A challenge in deploying multistack AWS Cloud Development Kit (AWS CDK) applications is sharing parameters among resources across AWS Regions. While you can use AWS CloudFormation outputs to read parameters across stacks in the same Region, you can’t do this across Regions. For example, you might want to serve a static website with Amazon CloudFront from one Region that reads an SSL certificate in another Region. The answer lies in using AWS CloudFormation custom resources.
In this post, we show how to deploy a CloudFront distribution that’s linked to a web application firewall and an SSL certificate in another Region. We store the Amazon Resource Numbers (ARNs) of the SSL certificate and web application firewall in Parameter Store, a capability of AWS Systems Manager. We create a custom resource so that CloudFront can read the ARNs stored in a different Region. We deploy the entire solution with a construct comprising three AWS CDK stacks.
|About this blog post|
|Time to read||~10 min.|
|Time to complete||~30 min.|
|Cost to complete||~$1|
|Learning level||Advanced (300)|
|AWS services||AWS Cloud Development Kit (AWS CDK)
AWS Systems Manager Parameter Store
AWS Certificate Manager
Amazon Simple Storage Service (Amazon S3)
Figure 1 shows the resources that you deploy in the walkthrough.
The solution deploys the following resources:
- In the US East (N. Virginia) (
- In the Europe (Frankfurt) (
- CloudFront to deliver static website content.
- Parameter Store to store the ARNs of the SSL certificate and web application firewall.
- An Amazon Simple Storage Service (Amazon S3) bucket to store static website content.
Before getting started, ensure that you have the following:
- An AWS account. If you don’t have one, sign up at https://aws.amazon.com.
- An Amazon Route 53 public hosted zone in your AWS account for the custom domain name you create in the walkthrough.
- AWS CDK.
- Version 2 of the AWS Command Line Interface (AWS CLI).
- Node.js version 16.19.x or 16.x and the npm command line interface.
In the walkthrough, you perform the following steps:
- Step 1: Initialize the AWS CDK app.
- Step 2: Create a custom resource.
- Step 3: Create the SSL certificate stack.
- Step 4: Create the AWS WAF stack.
- Step 5: Create the S3 stack.
- Step 6: Create an S3 folder for site contents.
- Step 7: Verify and test the solution.
Step 1: Initialize the AWS CDK app
Initialize the AWS CDK app using the AWS CDK app template and TypeScript.
cdk init app --language typescript
Step 2: Create a custom resource
To reference parameters from Parameter Store, create a custom resource using the
AwsCustomResource construct. In the project’s
lib folder, create and save a file named
ssm-parameter-reader.ts containing the following code:
The code in
waf-stack.ts contains the following components: