#cdk

GitOps для AWS CDK

В какой-то момент в нашей команде стало очевидно: пора тащить всю инфраструктуру в Git — по-взрослому, через GitOps. Kubernetes у нас уже был, ArgoCD тоже. Осталось «дотащить» туда AWS-ресурсы, которые мы описываем с помощью AWS CDK. Идея казалась простой: есть CDK-код в Git, запускается ArgoCD, всё красиво деплоится в облако. Но реальность оказалась совсем не такой. CDK — это не YAML и даже не Terraform. Это исполняемый код. GitOps — это про декларативность и kubectl apply . CDK с этим не дружит. Ожидалось, что наверняка есть готовый Kubernetes-оператор, который запускает cdk deploy при изменении кода. Как это уже сделано для Terraform (через ArgoCD Terraform Controller), Pulumi, или хотя бы через ACK. Но после долгого ресерча выяснилось: нет ничего рабочего и production-ready . Так появилась идея — написать собственный Kubernetes-оператор, который сможет: - раз в какое-то время (или по коммиту в Git) запускать cdk deploy ; - проверять cdk diff и cdk drift для отслеживания изменений и дрифта; - удалять CloudFormation-стэк, если ресурс удалили из Git; - интегрироваться с ArgoCD и Prometheus. Получился полноценный GitOps-воркфлоу для AWS CDK — без пайплайнов, без ручных cdk deploy , без дрейфующих стэков. Под катом — расскажу, как мы подошли к проблеме, как устроен Custom Resource CdkTsStack , какие фишки мы добавили (метрики, хуки, IAM-пользователи), и почему наш подход оказался практичнее, чем существующие альтернативы вроде Terraform Operator или Pulumi.

https://habr.com/ru/articles/933148/

#kubernetes_operator #kubernetes #iaac #cdk #aws

Still futzing with #CDK... the DNS and certs seem to deploy, but I'm having trouble with my dynamic page handlers. Something about how CDK bundles the Lambdas, or maybe how I'm handling 404s?

This shit's hard!

I spoke too soon; #Route53 domain management with #CDK is not as straightforward as I had hoped. Mainly certificate management. My vibecoded CDK was trying to deploy the DNS zones before the certs, and it was deploying new certs every deployment

Decided to add some copilot instructions for CDK best-practices, and now it's using Aspects(?)m Constructs(?), and Tags(?) so... progress? At least it's not recreating the certs anymore.

Mind you, it takes 270 lines of #CDK to accomplish what #Architect could (mostly*) do in about 25.

*you still had to drop down to click-ops to set up the #Route53 zones, ACM certs, and #Cloudfront distributions.

I've been faffing about with #CDK for over a year now, reading books, vibecoding projects, and I only now actually got around to deploying something with it.

It's not that bad--when you've got Q's help

#AWS #cloud #serverless

I built my website using @enhance_dev a couple years ago but I feel like I should use a more popular #IaC framework for deploying to #AWS like #CDK, #SAM, #Terraform or just raw #CloudFormation.

The problem is, I'm spoiled; Enhance makes #serverless so easy. I find myself just reimplementing all it's features; file based routing, html templates, session management, etc.

#webDev

So I've been spending a lot of time lately with the #aws #cdk. I've enjoyed using the #java variant; it beats anything YaML-based and helps minimize the annoyance of dealing with #aws. Someone recently mentioned #Pluomi to me as an alternative. Other than supporting other cloud providers (which is a huge plus), what do people like about it? Does it handle rollbacks better? That would be really nice...

#JChemPaint based on #CDK really is a gem from the 90s. The 2D chemical structure editor got a beta release yesterday after nearly a decade and during the #CDK25UGM hackathon I created a #flatpak at https://flathub.org/apps/io.github.jchempaint.JChemPaint for it.

TIL: #AWS CDKWakeful exists and aims to reduce the undifferentiated heavily lifting in monitoring and alerting. CDKWakeful employs #CDK Aspects to inspect your code and set a foundational level of alarms.
#Typescript and #Python are supported.

Link: https://github.com/aws-samples/cdk-wakeful

#AWS #serverless #cdk

So I'm joining the team because I think I can help them continue and accelerate their good work, and because I'm excited about the project I'll be working on, #CDK. It's a vital tool for many in the #AWS community, and there's a lot of work to do, but I'm excited to collaborate with folks at the #OpenConstructFoundation and in the broader community to build the #CDK we want to see. My doors are always open to anyone with ideas. DM me here or email me at aubryha[@]amazon[.]com!

#AWS released an AWS #CDK CLI update to enhance security, requiring users with CDK v2.148.1 or earlier to update and re-bootstrap or apply an #IAM policy.

https://thehackernews.com/2024/10/aws-cloud-development-kit-vulnerability.html

#security #serverless #iac

#LocalStack 3.7 Released: Local #AWS Emulator

• Emulates 50+ #AWS services locally (#Lambda, #S3, #DynamoDB, #Kinesis, #SQS, #SNS, more)
• Runs in a single #Docker container on your machine or #CI environment
• Enables local #CloudDevelopment without connecting to remote cloud
• Ideal for testing complex #CDK applications or #Terraform configurations
• Supports additional features like #CloudDevelopment workflows
• Open-source version available, with extended Pro version

#LocalStack provides a comprehensive local #AWS environment for developers and testers, simplifying cloud application development and reducing costs. Compatible with various deployment methods including CLI, Docker, and Helm.

#devops

https://github.com/localstack/localstack

@kjhealy #CDK said the same thing to auto retailers here in the US.

CDKプログラミングのパターン
https://qiita.com/Figure_Skate_IT/items/0e70f2d6b10cede6c0db?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #AWS #プログラミング #TypeScript #デザインパターン #CDK

CDK初心者が開発で遭遇したトラブルと解決法
https://qiita.com/Figure_Skate_IT/items/12193f26e8b5799ae58c?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #AWS #トラブルシューティング #CDK

AWSリソースはCDKでの構築にしませんか？
https://qiita.com/odarin/items/4c018bd00c927a356f82?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #AWS #TypeScript #CDK

開発環境を改善するためにチームに提案して実践したこと
https://qiita.com/ryosuke-horie/items/c2d02da4784b785b0911?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #PHP #AWS #開発環境 #TypeScript #CDK

AWS S3「私とデータベース、どっちが大事なの！」（CDKでS3のバージョニングとオブジェクトロックを実装）
https://qiita.com/haruki-lo-shelon/items/255c126e395a8df0c4a7?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #AWS #S3 #CDK

Starting the week with two ugly bugs:
1) Cloudformation allows to update the same TaskDefinition Family from multiple stacks
2) EcsRunTask task in StepFunctions CDK references task definition only by family, w/out revision

#cdk #cloudformation #aws

SAM-IT is reporting that the #CDK systems are still screwed up and they are intending to pay ransom.

There’s a claim that I think is pretty wild - idea that ransomware could be used to facilitate money laundering or fraud. I’m a bit skeptical about that.

What I’m not skeptical about are the statements of how badly this system was set up regarding backups and redundancy. It sounds like an unbelievable level of failure to follow the most basic IT security guidelines.

https://m.youtube.com/watch?v=4ywzQIYBCsA