AWS Developer Tools Blog
Getting started with the AWS Cloud Development Kit and Python
This post introduces you to the new Python bindings for the AWS Cloud Development Kit (AWS CDK).
What’s the AWS CDK, you might ask? Good question! You are probably familiar with the concept of infrastructure as code (IaC). When you think of IaC, you might think of things like AWS CloudFormation.
AWS CloudFormation allows you to define your AWS infrastructure in JSON or YAML files that can be managed within your source code repository, just like any other code. You can do pull requests and code reviews. When everything looks good, you can use these files as input into an automated process (CI/CD) that deploys your infrastructure changes.
The CDK actually builds on AWS CloudFormation and uses it as the engine for provisioning AWS resources. Rather than using a declarative language like JSON or YAML to define your infrastructure, the CDK lets you do that in your favorite imperative programming language. This includes languages such as TypeScript, Java, C#, and now Python.
About this post | |
Time to read | 19 minutes |
Time to complete (estimated) | 30 minutes |
Cost to complete | $0 free tier (tiny fraction of a penny if you aren’t free tier) |
Learning level | Intermediate (200) |
Services used |
Why would an imperative language be better than a declarative language? Well, it may not always be but there are some real advantages: IDE integration and composition.
IDE integration
You probably have your favorite IDE for your favorite programming language. It provides all kinds of useful features that make you a more productive developer (for example, code completion, integrated documentation, or refactoring tools).
With CDK, you automatically get all of those same advantages when defining your AWS infrastructure. That’s because you’re doing it in the same language that you use for your application code.
Composition
One of the things that modern programming languages do well is composition. By that, I mean the creation of new, higher-level abstractions that hide the details of what is happening underneath and expose a much simpler API. This is one of the main things that we do as developers, creating higher levels of abstraction to simplify code.
It turns out that this is also useful when defining your infrastructure. The existing APIs to AWS services are, by design, fairly low level because they are trying to expose as much functionality as possible to a broad audience of developers. IaC tools like AWS CloudFormation expose a declarative interface, but that interface is at the same level of the API, so it’s equally complex.
In contrast, CDK allows you to compose new abstractions that hide details and simplify common use cases. Then, it packages that code up as a library in your language of choice so that others can easily take advantage.
One of the other neat things about the CDK is that it is designed to support multiple programming languages. The core of the system is written in TypeScript, but bindings for other languages can be added.
That brings me back to the topic of this post, the Python bindings for CDK.
Sample Python application
First, there is some installation that must happen. Rather than describe all of that here, see Getting Started with the AWS CDK.
Create the application
Now, create a sample application.
$ mkdir my_python_sample
$ cd my_python_sample
$ cdk init
Available templates:
* app: Template for a CDK Application
└─ cdk init app --language=[csharp|fsharp|java|python|typescript]
* lib: Template for a CDK Construct Library
└─ cdk init lib --language=typescript
sample-app: Example CDK Application with some constructs
└─ cdk init sample-app —language=[python|typescript]
The first thing you do is create a directory that contains your Python CDK sample. The CDK provides a CLI tool to make it easy to perform many CDK-related operations. You can see that you are running the init
command with no parameters.
The CLI is responding with information about all the things that the init
command can do. There are different types of apps that you can initialize and there are a number of different programming languages available. Choose sample-app
and python
, of course.
$ cdk init --language python sample-app
Applying project template sample-app for python
Initializing a new git repository...
Executing python -m venv .env
Welcome to your CDK Python project!
You should explore the contents of this template. It demonstrates a CDK app with two instances of a stack (`HelloStack`) which also uses a user-defined construct (`HelloConstruct`).
The `cdk.json` file tells the CDK Toolkit how to execute your app.
This project is set up like a standard Python project. The initialization process also creates a virtualenv within this project, stored under the .env directory.
After the init process completes, you can use the following steps to get your project set up.
'''
$ source .env/bin/activate
$ pip install -r requirements.txt
'''
At this point you can now synthesize the CloudFormation template for this code.
'''
$ cdk synth
'''
You can now begin exploring the source code, contained in the hello directory. There is also a very trivial test included that can be run like this:
'''
$ pytest
'''
To add additional dependencies, for example other CDK libraries, just add to your requirements.txt file and rerun the pip install -r requirements.txt command.
Useful commands:
cdk ls list all stacks in the app
cdk synth emits the synthesized CloudFormation template
cdk deploy deploy this stack to your default AWS account/region
cdk diff compare deployed stack with current state
cdk docs open CDK documentation
Enjoy!
So, what just happened? Quite a bit, actually. The CDK CLI created some Python source code for your sample application. It also created other support files and infrastructure to make it easy to get started with CDK in Python. Here’s what your directory contains now:
(.env) $ tree
.
├── README.md
├── app.py
├── cdk.json
├── hello
│ ├── __init__.py
│ ├── hello_construct.py
│ └── hello_stack.py
├── requirements.txt
├── setup.py
└── tests
├── __init__.py
└── unit
├── __init__.py
└── test_hello_construct.py
Take a closer look at the contents of your directory:
README.md
—The introductory README for this project.app.py
—The “main” for this sample application.cdk.json
—A configuration file for CDK that defines what executable CDK should run to generate the CDK construct tree.hello
—A Python module directory.hello_construct.py
—A custom CDK construct defined for use in your CDK application.hello_stack.py
—A custom CDK stack construct for use in your CDK application.
requirements.txt
—This file is used by pip to install all of the dependencies for your application. In this case, it contains only-e
. This tells pip to install the requirements specified insetup.py
. It also tells pip to runpython setup.py develop
to install the code in thehello
module so that it can be edited in place.setup.py
—Defines how this Python package would be constructed and what the dependencies are.tests
—Contains all tests.unit
—Contains unit tests.test_hello_construct.py—
A trivial test of the custom CDK construct created in thehello
package. This is mainly to demonstrate how tests can be hooked up to the project.
You may have also noticed that as the init
command was running, it mentioned that it had created a virtualenv
for the project as well. I don’t have time to go into virtualenvs
in detail for this post. They are basically a great tool in the Python world for isolating your development environments from your system Python environment and from other development environments.
All dependencies are installed within this virtual environment and have no effect on anything else on your machine. When you are done with this example, you can just delete the entire directory and everything goes away.
You don’t have to use the virtualenv
created here but I highly recommend that you do. Here’s how you would initialize your virtualenv
and then install all of your dependencies.
$ source .env/bin/activate
(.env) $ pip install -r requirements.txt
...
(.env) $ pytest
============================= test session starts ==============================
platform darwin -- Python 3.7.0, pytest-4.4.0, py-1.8.0, pluggy-0.9.0
rootdir: /Users/garnaat/projects/cdkdev/my_sample
collected 1 item
tests/unit/test_hello_construct.py . [100%]
=========================== 1 passed in 0.67 seconds ===========================
As you can see, you even have tests included, although they are admittedly simple at this point. It does give you a way to make sure your sample application and all of its dependencies are installed correctly.
Generate an AWS CloudFormation template
Okay, now that you know what’s here, try to generate an AWS CloudFormation template for the constructs that you are defining in your CDK app. You use the CDK Toolkit (the CLI) to do this.
$ cdk synth
Multiple stacks selected (hello-cdk-1, hello-cdk-2), but output is directed to stdout. Either select one stack, or use --output to send templates to a directory.
$
Hmm, that was unexpected. What does this mean? Well, as you will see in a minute, your CDK app actually defines two stacks, hello-cdk-1 and hello-cdk-2. The synth command can only synthesize one stack at a time. It is telling you about the two that it has found and asking you to choose one of them.
$ cdk synth hello-cdk-1
Resources:
MyFirstQueueFF09316A:
Type: AWS::SQS::Queue
Properties:
VisibilityTimeout: 300
Metadata:
aws:cdk:path: hello-cdk-1/MyFirstQueue/Resource
MyFirstQueueMyFirstTopicSubscription774591B6:
Type: AWS::SNS::Subscription
Properties:
Protocol: sqs
TopicArn:
Ref: MyFirstTopic0ED1F8A4
Endpoint:
Fn::GetAtt:
- MyFirstQueueFF09316A
- Arn
Metadata:
aws:cdk:path: hello-cdk-1/MyFirstQueue/MyFirstTopicSubscription/Resource
MyFirstQueuePolicy596EEC78:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Statement:
- Action: sqs:SendMessage
Condition:
ArnEquals:
aws:SourceArn:
Ref: MyFirstTopic0ED1F8A4
Effect: Allow
Principal:
Service: sns.amazonaws.com
Resource:
Fn::GetAtt:
- MyFirstQueueFF09316A
- Arn
Version: "2012-10-17"
Queues:
- Ref: MyFirstQueueFF09316A
Metadata:
aws:cdk:path: hello-cdk-1/MyFirstQueue/Policy/Resource
MyFirstTopic0ED1F8A4:
Type: AWS::SNS::Topic
Properties:
DisplayName: My First Topic
Metadata:
aws:cdk:path: hello-cdk-1/MyFirstTopic/Resource
MyHelloConstructBucket0DAEC57E1:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
Metadata:
aws:cdk:path: hello-cdk-1/MyHelloConstruct/Bucket-0/Resource
MyHelloConstructBucket18D9883BE:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
Metadata:
aws:cdk:path: hello-cdk-1/MyHelloConstruct/Bucket-1/Resource
MyHelloConstructBucket2C1DA3656:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
Metadata:
aws:cdk:path: hello-cdk-1/MyHelloConstruct/Bucket-2/Resource
MyHelloConstructBucket398A5DE67:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
Metadata:
aws:cdk:path: hello-cdk-1/MyHelloConstruct/Bucket-3/Resource
MyUserDC45028B:
Type: AWS::IAM::User
Metadata:
aws:cdk:path: hello-cdk-1/MyUser/Resource
MyUserDefaultPolicy7B897426:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
Statement:
- Action:
- s3:GetObject*
- s3:GetBucket*
- s3:List*
Effect: Allow
Resource:
- Fn::GetAtt:
- MyHelloConstructBucket0DAEC57E1
- Arn
- Fn::Join:
- ""
- - Fn::GetAtt:
- MyHelloConstructBucket0DAEC57E1
- Arn
- /*
- Action:
- s3:GetObject*
- s3:GetBucket*
- s3:List*
Effect: Allow
Resource:
- Fn::GetAtt:
- MyHelloConstructBucket18D9883BE
- Arn
- Fn::Join:
- ""
- - Fn::GetAtt:
- MyHelloConstructBucket18D9883BE
- Arn
- /*
- Action:
- s3:GetObject*
- s3:GetBucket*
- s3:List*
Effect: Allow
Resource:
- Fn::GetAtt:
- MyHelloConstructBucket2C1DA3656
- Arn
- Fn::Join:
- ""
- - Fn::GetAtt:
- MyHelloConstructBucket2C1DA3656
- Arn
- /*
- Action:
- s3:GetObject*
- s3:GetBucket*
- s3:List*
Effect: Allow
Resource:
- Fn::GetAtt:
- MyHelloConstructBucket398A5DE67
- Arn
- Fn::Join:
- ""
- - Fn::GetAtt:
- MyHelloConstructBucket398A5DE67
- Arn
- /*
Version: "2012-10-17"
PolicyName: MyUserDefaultPolicy7B897426
Users:
- Ref: MyUserDC45028B
Metadata:
aws:cdk:path: hello-cdk-1/MyUser/DefaultPolicy/Resource
CDKMetadata:
Type: AWS::CDK::Metadata
Properties:
Modules: aws-cdk=0.27.0,@aws-cdk/assets=0.27.0,@aws-cdk/aws-autoscaling-api=0.27.0,@aws-cdk/aws-cloudwatch=0.27.0,@aws-cdk/aws-codepipeline-api=0.27.0,@aws-cdk/aws-ec2=0.27.0,@aws-cdk/aws-events=0.27.0,@aws-cdk/aws-iam=0.27.0,@aws-cdk/aws-kms=0.27.0,@aws-cdk/aws-lambda=0.27.0,@aws-cdk/aws-logs=0.27.0,@aws-cdk/aws-s3=0.27.0,@aws-cdk/aws-s3-notifications=0.27.0,@aws-cdk/aws-sns=0.27.0,@aws-cdk/aws-sqs=0.27.0,@aws-cdk/aws-stepfunctions=0.27.0,@aws-cdk/cdk=0.27.0,@aws-cdk/cx-api=0.27.0,@aws-cdk/region-info=0.27.0,jsii-runtime=Python/3.7.0
That’s a lot of YAML. 147 lines to be exact. If you take some time to study this, you can probably understand all of the AWS resources that are being created. You could probably even understand why they are being created. Rather than go through that in detail right now, instead focus on the Python code that makes up your CDK app. It’s a lot shorter and a lot easier to understand.
First, look at your “main,” app.py
.
#!/usr/bin/env python3
from aws_cdk import cdk
from hello.hello_stack import MyStack
app = cdk.App()
MyStack(app, "hello-cdk-1", env={'region': 'us-east-2'})
MyStack(app, "hello-cdk-2", env={'region': 'us-west-2'})
app.run()
Well, that’s short and sweet. You are creating an App
, adding two instances of some class called MyStack
to the app, and then calling the run
method of the App
object.
Now find out what’s going on in the MyStack
class.
from aws_cdk import (
aws_iam as iam,
aws_sqs as sqs,
aws_sns as sns,
cdk
)
from hello_construct import HelloConstruct
class MyStack(cdk.Stack):
def __init__(self, app: cdk.App, id: str, **kwargs) -> None:
super().__init__(app, id, **kwargs)
queue = sqs.Queue(
self, "MyFirstQueue",
visibility_timeout_sec=300,
)
topic = sns.Topic(
self, "MyFirstTopic",
display_name="My First Topic"
)
topic.subscribe_queue(queue)
hello = HelloConstruct(self, "MyHelloConstruct", num_buckets=4)
user = iam.User(self, "MyUser")
hello.grant_read(user)
This is a bit more interesting. This code is importing some CDK packages and then using those to create a few AWS resources.
First, you create an SQS queue called MyFirstQueue
and set the visibility_timeout
value for the queue. Then you create an SNS topic called MyFirstTopic
.
The next line of code is interesting. You subscribe the SNS topic to the SQS queue and it’s all happening in one simple and easy to understand line of code.
If you have ever done this with the SDKs or with the CLI, you know that there are several steps to this process. You have to create an IAM policy that grants the topic permission to send messages to the queue, you have to create a topic subscription, etc. You can see the details in the AWS CloudFormation stack generated earlier.
All of that gets simplified into a single, readable line of code. That’s an example of what CDK constructs can do to hide complexity in your infrastructure.
The final thing happening here is that you are creating an instance of a HelloConstruct
class. Look at the code behind this.
from aws_cdk import (
aws_iam as iam,
aws_s3 as s3,
cdk,
)
class HelloConstruct(cdk.Construct):
@property
def buckets(self):
return tuple(self._buckets)
def __init__(self, scope: cdk.Construct, id: str, num_buckets: int) ->
None:
super().__init__(scope, id)
self._buckets = []
for i in range(0, num_buckets):
self._buckets.append(s3.Bucket(self, f"Bucket-{i}"))
def grant_read(self, principal: iam.IPrincipal):
for b in self.buckets:
b.grant_read(principal, "*")
This code shows an example of creating your own custom constructs in CDK that define arbitrary AWS resources under the hood while exposing a simple API.
Here, your construct accepts an integer parameter num_buckets
in the constructor and then creates that number of buckets inside the scope passed in. It also exposes a grant_read
method that automatically grants the IAM principal passed in read permissions to all buckets associated with your construct.
Deploy the AWS CloudFormation templates
The whole point of CDK is to create AWS infrastructure and so far you haven’t done any of that. So now use your CDK program to generate the AWS CloudFormation templates. Then, deploy those templates to your AWS account and validate that the right resources got created.
$ cdk deploy
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:
IAM Statement Changes
┌───┬───────────────┬────────┬───────────────┬───────────────┬────────────────┐
│ │ Resource │ Effect │ Action │ Principal │ Condition │
├───┼───────────────┼────────┼───────────────┼───────────────┼────────────────┤
│ + │ ${MyFirstQueu │ Allow │ sqs:SendMessa │ Service:sns.a │ "ArnEquals": { │
│ │ e.Arn} │ │ ge │ mazonaws.com │ "aws:SourceA │
│ │ │ │ │ │ rn": "${MyFirs │
│ │ │ │ │ │ tTopic}" │
│ │ │ │ │ │ } │
├───┼───────────────┼────────┼───────────────┼───────────────┼────────────────┤
│ + │ ${MyHelloCons │ Allow │ s3:GetBucket* │ AWS:${MyUser} │ │
│ │ truct/Bucket- │ │ s3:GetObject* │ │ │
│ │ 0.Arn} │ │ s3:List* │ │ │
│ │ ${MyHelloCons │ │ │ │ │
│ │ truct/Bucket- │ │ │ │ │
│ │ 0.Arn}/* │ │ │ │ │
├───┼───────────────┼────────┼───────────────┼───────────────┼────────────────┤
│ + │ ${MyHelloCons │ Allow │ s3:GetBucket* │ AWS:${MyUser} │ │
│ │ truct/Bucket- │ │ s3:GetObject* │ │ │
│ │ 1.Arn} │ │ s3:List* │ │ │
│ │ ${MyHelloCons │ │ │ │ │
│ │ truct/Bucket- │ │ │ │ │
│ │ 1.Arn}/* │ │ │ │ │
├───┼───────────────┼────────┼───────────────┼───────────────┼────────────────┤
│ + │ ${MyHelloCons │ Allow │ s3:GetBucket* │ AWS:${MyUser} │ │
│ │ truct/Bucket- │ │ s3:GetObject* │ │ │
│ │ 2.Arn} │ │ s3:List* │ │ │
│ │ ${MyHelloCons │ │ │ │ │
│ │ truct/Bucket- │ │ │ │ │
│ │ 2.Arn}/* │ │ │ │ │
├───┼───────────────┼────────┼───────────────┼───────────────┼────────────────┤
│ + │ ${MyHelloCons │ Allow │ s3:GetBucket* │ AWS:${MyUser} │ │
│ │ truct/Bucket- │ │ s3:GetObject* │ │ │
│ │ 3.Arn} │ │ s3:List* │ │ │
│ │ ${MyHelloCons │ │ │ │ │
│ │ truct/Bucket- │ │ │ │ │
│ │ 3.Arn}/* │ │ │ │ │
└───┴───────────────┴────────┴───────────────┴───────────────┴────────────────┘
(NOTE: There may be security-related changes not in this list. See http://bit.ly/cdk-2EhF7Np)
Do you wish to deploy these changes (y/n)?
Here, the CDK is telling you about the security-related changes that this deployment includes. It shows you the resources or ARN patterns involved, the actions being granted, and the IAM principals to which the grants apply. You can review these and press y when ready. You then see status reported about the resources being created.
hello-cdk-1: deploying...
hello-cdk-1: creating CloudFormation changeset...
0/12 | 8:41:14 AM | CREATE_IN_PROGRESS | AWS::S3::Bucket | MyHelloConstruct/Bucket-0 (MyHelloConstructBucket0DAEC57E1)
0/12 | 8:41:14 AM | CREATE_IN_PROGRESS | AWS::IAM::User | MyUser (MyUserDC45028B)
0/12 | 8:41:14 AM | CREATE_IN_PROGRESS | AWS::IAM::User | MyUser (MyUserDC45028B) Resource creation Initiated
0/12 | 8:41:15 AM | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata
0/12 | 8:41:15 AM | CREATE_IN_PROGRESS | AWS::S3::Bucket | MyHelloConstruct/Bucket-3 (MyHelloConstructBucket398A5DE67)
0/12 | 8:41:15 AM | CREATE_IN_PROGRESS | AWS::S3::Bucket | MyHelloConstruct/Bucket-1 (MyHelloConstructBucket18D9883BE)
0/12 | 8:41:15 AM | CREATE_IN_PROGRESS | AWS::S3::Bucket | MyHelloConstruct/Bucket-0 (MyHelloConstructBucket0DAEC57E1) Resource creation Initiated
0/12 | 8:41:15 AM | CREATE_IN_PROGRESS | AWS::SQS::Queue | MyFirstQueue (MyFirstQueueFF09316A)
0/12 | 8:41:15 AM | CREATE_IN_PROGRESS | AWS::S3::Bucket | MyHelloConstruct/Bucket-2 (MyHelloConstructBucket2C1DA3656)
0/12 | 8:41:15 AM | CREATE_IN_PROGRESS | AWS::SNS::Topic | MyFirstTopic (MyFirstTopic0ED1F8A4)
0/12 | 8:41:15 AM | CREATE_IN_PROGRESS | AWS::S3::Bucket | MyHelloConstruct/Bucket-3 (MyHelloConstructBucket398A5DE67) Resource creation Initiated
0/12 | 8:41:15 AM | CREATE_IN_PROGRESS | AWS::S3::Bucket | MyHelloConstruct/Bucket-1 (MyHelloConstructBucket18D9883BE) Resource creation Initiated
0/12 | 8:41:15 AM | CREATE_IN_PROGRESS | AWS::SQS::Queue | MyFirstQueue (MyFirstQueueFF09316A) Resource creation Initiated
0/12 | 8:41:16 AM | CREATE_IN_PROGRESS | AWS::SNS::Topic | MyFirstTopic (MyFirstTopic0ED1F8A4) Resource creation Initiated
0/12 | 8:41:16 AM | CREATE_IN_PROGRESS | AWS::S3::Bucket | MyHelloConstruct/Bucket-2 (MyHelloConstructBucket2C1DA3656) Resource creation Initiated
1/12 | 8:41:16 AM | CREATE_COMPLETE | AWS::SQS::Queue | MyFirstQueue (MyFirstQueueFF09316A)
1/12 | 8:41:17 AM | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata Resource creation Initiated
2/12 | 8:41:17 AM | CREATE_COMPLETE | AWS::CDK::Metadata | CDKMetadata
3/12 | 8:41:26 AM | CREATE_COMPLETE | AWS::SNS::Topic | MyFirstTopic (MyFirstTopic0ED1F8A4)
3/12 | 8:41:28 AM | CREATE_IN_PROGRESS | AWS::SNS::Subscription | MyFirstQueue/MyFirstTopicSubscription (MyFirstQueueMyFirstTopicSubscription774591B6)
3/12 | 8:41:29 AM | CREATE_IN_PROGRESS | AWS::SQS::QueuePolicy | MyFirstQueue/Policy (MyFirstQueuePolicy596EEC78)
3/12 | 8:41:29 AM | CREATE_IN_PROGRESS | AWS::SNS::Subscription | MyFirstQueue/MyFirstTopicSubscription (MyFirstQueueMyFirstTopicSubscription774591B6) Resource creation Initiated
4/12 | 8:41:30 AM | CREATE_COMPLETE | AWS::SNS::Subscription | MyFirstQueue/MyFirstTopicSubscription (MyFirstQueueMyFirstTopicSubscription774591B6)
4/12 | 8:41:30 AM | CREATE_IN_PROGRESS | AWS::SQS::QueuePolicy | MyFirstQueue/Policy (MyFirstQueuePolicy596EEC78) Resource creation Initiated
5/12 | 8:41:30 AM | CREATE_COMPLETE | AWS::SQS::QueuePolicy | MyFirstQueue/Policy (MyFirstQueuePolicy596EEC78)
6/12 | 8:41:35 AM | CREATE_COMPLETE | AWS::S3::Bucket | MyHelloConstruct/Bucket-0 (MyHelloConstructBucket0DAEC57E1)
7/12 | 8:41:36 AM | CREATE_COMPLETE | AWS::S3::Bucket | MyHelloConstruct/Bucket-3 (MyHelloConstructBucket398A5DE67)
8/12 | 8:41:36 AM | CREATE_COMPLETE | AWS::S3::Bucket | MyHelloConstruct/Bucket-1 (MyHelloConstructBucket18D9883BE)
9/12 | 8:41:36 AM | CREATE_COMPLETE | AWS::S3::Bucket | MyHelloConstruct/Bucket-2 (MyHelloConstructBucket2C1DA3656)
10/12 | 8:41:50 AM | CREATE_COMPLETE | AWS::IAM::User | MyUser (MyUserDC45028B)
10/12 | 8:41:53 AM | CREATE_IN_PROGRESS | AWS::IAM::Policy | MyUser/DefaultPolicy (MyUserDefaultPolicy7B897426)
10/12 | 8:41:53 AM | CREATE_IN_PROGRESS | AWS::IAM::Policy | MyUser/DefaultPolicy (MyUserDefaultPolicy7B897426) Resource creation Initiated
11/12 | 8:42:02 AM | CREATE_COMPLETE | AWS::IAM::Policy | MyUser/DefaultPolicy (MyUserDefaultPolicy7B897426)
12/12 | 8:42:03 AM | CREATE_COMPLETE | AWS::CloudFormation::Stack | hello-cdk-1
✅ hello-cdk-1
Stack ARN:
arn:aws:cloudformation:us-east-2:433781611764:stack/hello-cdk-1/87482f50-6c27-11e9-87d0-026465bb0bfc
At this point, the CLI presents you with another summary of IAM changes and asks you to confirm. This is because your CDK sample application creates two stacks in two different AWS Regions. Approve the changes for the second stack and you see similar status output.
Clean up
Now you can use the AWS Management Console to look at the resources that were created and validate that it all makes sense. After you are finished, you can easily destroy all of these resources with a single command.
$ cdk destroy
Are you sure you want to delete: hello-cdk-2, hello-cdk-1 (y/n)? y
hello-cdk-2: destroying...
0 | 8:48:31 AM | DELETE_IN_PROGRESS | AWS::CloudFormation::Stack | hello-cdk-2 User Initiated
0 | 8:48:33 AM | DELETE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata
0 | 8:48:33 AM | DELETE_IN_PROGRESS | AWS::IAM::Policy | MyUser/DefaultPolicy (MyUserDefaultPolicy7B897426)
0 | 8:48:33 AM | DELETE_IN_PROGRESS | AWS::SNS::Subscription | MyFirstQueue/MyFirstTopicSubscription (MyFirstQueueMyFirstTopicSubscription774591B6)
0 | 8:48:33 AM | DELETE_IN_PROGRESS | AWS::SQS::QueuePolicy | MyFirstQueue/Policy (MyFirstQueuePolicy596EEC78)
1 | 8:48:34 AM | DELETE_COMPLETE | AWS::SQS::QueuePolicy | MyFirstQueue/Policy (MyFirstQueuePolicy596EEC78) <br /> 2 | 8:48:34 AM | DELETE_COMPLETE | AWS::SNS::Subscription | MyFirstQueue/MyFirstTopicSubscription (MyFirstQueueMyFirstTopicSubscription774591B6)
3 | 8:48:34 AM | DELETE_COMPLETE | AWS::IAM::Policy | MyUser/DefaultPolicy (MyUserDefaultPolicy7B897426)
4 | 8:48:35 AM | DELETE_COMPLETE | AWS::CDK::Metadata | CDKMetadata
4 | 8:48:35 AM | DELETE_IN_PROGRESS | AWS::IAM::User | MyUser (MyUserDC45028B)
4 | 8:48:36 AM | DELETE_IN_PROGRESS | AWS::SNS::Topic | MyFirstTopic (MyFirstTopic0ED1F8A4)
4 | 8:48:36 AM | DELETE_SKIPPED | AWS::S3::Bucket | MyHelloConstruct/Bucket-0 (MyHelloConstructBucket0DAEC57E1)
4 | 8:48:36 AM | DELETE_SKIPPED | AWS::S3::Bucket | MyHelloConstruct/Bucket-2 (MyHelloConstructBucket2C1DA3656)
4 | 8:48:36 AM | DELETE_SKIPPED | AWS::S3::Bucket | MyHelloConstruct/Bucket-1 (MyHelloConstructBucket18D9883BE)
4 | 8:48:36 AM | DELETE_IN_PROGRESS | AWS::SQS::Queue | MyFirstQueue (MyFirstQueueFF09316A)
4 | 8:48:36 AM | DELETE_SKIPPED | AWS::S3::Bucket | MyHelloConstruct/Bucket-3 (MyHelloConstructBucket398A5DE67)
5 | 8:48:36 AM | DELETE_COMPLETE | AWS::SNS::Topic | MyFirstTopic (MyFirstTopic0ED1F8A4)
6 | 8:48:36 AM | DELETE_COMPLETE | AWS::IAM::User | MyUser (MyUserDC45028B)
6 Currently in progress: hello-cdk-2, MyFirstQueueFF09316A
✅ hello-cdk-2: destroyed
hello-cdk-1: destroying...
0 | 8:49:38 AM | DELETE_IN_PROGRESS | AWS::CloudFormation::Stack | hello-cdk-1 User Initiated
0 | 8:49:40 AM | DELETE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata
0 | 8:49:40 AM | DELETE_IN_PROGRESS | AWS::IAM::Policy | MyUser/DefaultPolicy (MyUserDefaultPolicy7B897426)
0 | 8:49:40 AM | DELETE_IN_PROGRESS | AWS::SQS::QueuePolicy | MyFirstQueue/Policy (MyFirstQueuePolicy596EEC78)
0 | 8:49:40 AM | DELETE_IN_PROGRESS | AWS::SNS::Subscription | MyFirstQueue/MyFirstTopicSubscription (MyFirstQueueMyFirstTopicSubscription774591B6)
1 | 8:49:41 AM | DELETE_COMPLETE | AWS::IAM::Policy | MyUser/DefaultPolicy (MyUserDefaultPolicy7B897426)
2 | 8:49:41 AM | DELETE_COMPLETE | AWS::SQS::QueuePolicy | MyFirstQueue/Policy (MyFirstQueuePolicy596EEC78)
3 | 8:49:41 AM | DELETE_COMPLETE | AWS::SNS::Subscription | MyFirstQueue/MyFirstTopicSubscription (MyFirstQueueMyFirstTopicSubscription774591B6)
4 | 8:49:42 AM | DELETE_COMPLETE | AWS::CDK::Metadata | CDKMetadata
4 | 8:49:42 AM | DELETE_IN_PROGRESS | AWS::IAM::User | MyUser (MyUserDC45028B)
4 | 8:49:42 AM | DELETE_SKIPPED | AWS::S3::Bucket | MyHelloConstruct/Bucket-2 (MyHelloConstructBucket2C1DA3656)
4 | 8:49:42 AM | DELETE_SKIPPED | AWS::S3::Bucket | MyHelloConstruct/Bucket-3 (MyHelloConstructBucket398A5DE67)
4 | 8:49:42 AM | DELETE_SKIPPED | AWS::S3::Bucket | MyHelloConstruct/Bucket-0 (MyHelloConstructBucket0DAEC57E1)
4 | 8:49:42 AM | DELETE_IN_PROGRESS | AWS::SNS::Topic | MyFirstTopic (MyFirstTopic0ED1F8A4)
4 | 8:49:42 AM | DELETE_SKIPPED | AWS::S3::Bucket | MyHelloConstruct/Bucket-1 (MyHelloConstructBucket18D9883BE)
5 | 8:49:42 AM | DELETE_COMPLETE | AWS::IAM::User | MyUser (MyUserDC45028B)
5 | 8:49:42 AM | DELETE_IN_PROGRESS | AWS::SQS::Queue | MyFirstQueue (MyFirstQueueFF09316A)
6 | 8:49:43 AM | DELETE_COMPLETE | AWS::SNS::Topic | MyFirstTopic (MyFirstTopic0ED1F8A4)
6 Currently in progress: hello-cdk-1, MyFirstQueueFF09316A
7 | 8:50:43 AM | DELETE_COMPLETE | AWS::SQS::Queue | MyFirstQueue (MyFirstQueueFF09316A)
✅ hello-cdk-1: destroyed
Conclusion
In this post, I introduced you to the AWS Cloud Development Kit. You saw how it enables you to define your AWS infrastructure in modern programming languages like TypeScript, Java, C#, and now Python. I showed you how to use the CDK CLI to initialize a new sample application in Python, and walked you though the project structure. I taught you how to use the CDK to synthesize your Python code into AWS CloudFormation templates and deploy them through AWS CloudFormation to provision AWS infrastructure. Finally, I showed you how to clean up these resources when you’re done.
Now it’s your turn. Go build something amazing with the AWS CDK for Python! To help get you started, see the following resources:
- AWS CDK Developer Guide
- API reference for the AWS Construct Library
- Python CDK code examples for fully functional applications
The CDK and the Python language binding are currently in developer preview, so I’d love to get feedback on what you like, and where AWS can do better. The team lives on GitHub at https://github.com/awslabs/aws-cdk where it’s easy to get directly in touch with the engineers building the CDK. Raise an issue if you discover a bug or want to make a feature request. Join the conversation on the aws-cdk Gitter channel to ask questions.