If you are working with AWS, you would have started using or at least heard of CDK; which is their infrastructure as code alternative to other players in the market including their own yaml based “CloudFormation”.

Although, my experience with CDK has been pleasant till now there are a few things I would have liked to have known earlier. Some of it were miss on my part on adopting some piece of technology without reading every piece of the documentation; while some are missing elements which are probably not clearly stated.

Working with CDK locally

Like most of the IAC tools out there, AWS CDK also has a command line utility which you can use to perform some operations on AWS including bootstrapping an account, synthesizing a CloudFormation template and so on.

If you are part of an organization which has SSO enabled, you may need to perform a few additional steps to get this going. The issue I am talking about is AWS SSO Named Profiles Support. The community already has multiple workarounds at this point which is in reality not a CDK issue; but an overall issue with JS SDK not supporting SSO till few days back. Hope this one becomes a thing of the past once the changes roll in.

I ended up using one of the solutions here.

Naming conventions for AWS services

Familiarize yourselves with the naming conventions that AWS services use. More or less around “Are uppercase names allowed?”. I had a few issues where the name of a service that I computed with a project prefix had uppercase characters and CDK silently converted them to lower case.

• DB subnet groups can have only lowercase names.
• If you associate a DB cluster with the subnetgroups, the CloudFormation console will keep failing with the message “ doesn’t exist”.

Note: I noticed later on that the AWS console behaves the same way.

AWS / CDK/ Runtime

If you are new to AWS altogether and are trying to get in grips with the CDK and a runtime you are not familiar with; here is my advice:

• Start looking at AWS services you are going to work with.
• Understand the nuances of the service by playing with it in the AWS console.
• You wouldn’t know what knob to turn in CDK till you know it exists.
• The documentation and examples will make much more sense afterwards

Python CDK documentation

The python CDK documentation has some misprints. There were a few examples which were from typescript and some updates which were missing. If you are on an IDE like VSCode or PyCharm, look for the AWS toolkit extensions.

PyCharm VS Code

CDK pipelines: Context lookups

If you plan to use CDK pipelines for your CICD process, you should be aware of this. You wouldn’t come across this limitation till you get into some resource requiring a VPC like Aurora serverless cluster.

Reference : https://docs.aws.amazon.com/cdk/api/latest/docs/pipelines-readme.html#current-limitations

What you can do for the VPC situation :

• As you create your pipeline and draw out the environments you would be interested to deploy to , make a note of the account id and region.
• Perform a cdk synth with all the environment combinations. If needed, specify the vpcId as a context variable as you synth.
• This will create a “context.cdk.json” which will have the networking/vpc related information for your environments.
• Commit them to the code repository and get the vpcid from that.

CDK version

One alarming thing about the AWS CDK I should admit is the rate of change of minor versions. Don’t get me wrong on this , the churn of bringing in big fixes and features is highly appreciated. And, I have not yet been bitten badly by a change. This is similar to the changes I noticed with istio as I was working on using it as a service mesh option.

This deems the necessity of having good tests on the constructs you create for your applications. And if you are creating generic constructs for your organization to be re-used, please have some tests which can verify that the change to a new version didn’t break something on your side.

CDK slack channel

If you have read through this post till now, you seem like you are interested in using or learning about CDK. There is no better place than their slack channel to network with likeminded folks who are/have adopt(ing)ed CDK as their path forward. I have had numerous interactions where someone walked me through challenges and possible solutions for my questions. So join here if you haven’t already.