Cloud-IT

More Examples of Using AWS CDK Aspects

RobertoTorino's photo
RobertoTorino
·

3 min read

Table of contents

Updated on 2024-01-28; check out the repo again, latest AWS CDK version and some minor improvements.

Aspects remain integral for applying an operation to all constructs within a designated scope. The application of an aspect may involve modifying constructs, such as the addition of tags, or verifying specific conditions about the state of the constructs, such as ensuring the encryption of all buckets.

To incorporate an aspect into a construct and all related constructs within the same scope, initiate the process by calling Aspects.of(SCOPE).add() with the specified aspect, as illustrated in the following example.

The AWS CDK relies on aspects for tagging resources, yet the framework extends its utility beyond this use case. For instance, it can be employed to validate or modify the AWS CloudFormation resources that are automatically defined by higher-level constructs.

The utilisation of aspects follows the visitor pattern. An aspect is represented by a class that implements a designated interface.

Upon invoking Aspects.of(SCOPE).add(...), the construct appends the aspect to an internal list of aspects, which can subsequently be retrieved using Aspects.of(SCOPE).

Throughout the prepare phase, the AWS CDK invokes the visit method for the object associated with the construct and each of its children in a top-down sequence.

The visit method has the flexibility to make alterations to the construct. In strongly typed languages, it is advisable to cast the received construct to a more specific type before accessing construct-specific properties or methods.

It's important to note that aspects do not propagate across Stage construct boundaries, as Stages are self-contained and immutable after definition. To have aspects visit constructs within the Stage, apply them directly on the Stage construct itself or at a lower level.

Take a look at this repository where you can see what you can do with aspects.

cdk-aspects-examples and more

AWS CDK Aspects Examples

This repository contains examples of using CDK Aspects. It is referenced in this blog post: [https://blog.jannikwempe.com/mastering-aws-cdk-aspects](https://blog.jannikwempe.com/mastering-aws-cdk-aspects)

The fork discussed here is an extended version of the original repository.

Additions:

Updated to latest AWS CDK version January 2024: "aws-cdk": "2.122.0".

The AWS environment where the deployment will take place depends on the CLI's current credential settings:

export const env = {
region: process.env.CDK_DEFAULT_REGION,
account: process.env.CDK_DEFAULT_ACCOUNT,
};

CDK-NAG Package

cdk-nag on GitHub and AWS Blog Post

Un-comment the next line in bin/cdk-aspects-examples.ts for checks. appAspects.add(new AwsSolutionsChecks());.

Added 2 functions to check and update the AWS-CDK and AWS-CDK-LIB packages: cdk-check.ts lib-check.ts

Example output:

==================================================================
=== The latest version of the AWS-CDK package is:  [ 2.122.0 ] ===
=== You have the latest AWS-CDK version installed: [ 2.122.0 ] ===
=== Release info: https://github.com/aws/aws-cdk/releases      ===
==================================================================

======================================================================
=== The latest version of the AWS-CDK-LIB package is:  [ 2.122.0 ] ===
=== You have the latest AWS-CDK-LIB version installed: [ 2.122.0 ] ===
=== Release info: https://github.com/aws/aws-cdk/releases          ===
======================================================================

Added more examples of using AWS CDK Aspects in the Bucket stack. Check the stack:enable-bucket-versioning.ts.

Also added these variations:

- Enforce the Lambda NodeJS Runtime to the latest LTS version.
- Added check for publicAccessBlockConfiguration.
- Added another method of checking for missing tags.
- Added check for deletionPolicy and use addOverride to change the value in the cloudformation template.
- Added check for versioningConfiguration and lifecycleConfiguration.
- Added check for the Security Group ingress rule if it allows unrestricted ingress (inbound traffic) from the public internet.

Most of the compliance checks are also covered by cdk-nag.

CDK-DIA Package

https://github.com/pistazie/cdk-dia)
Added the cdk-dia package for an example to quickly create a diagram from your CloudFormation templates. Check the scripts in package.json or run this command in your terminal:

npx cdk ls -q && npx cdk-dia --collapse=false && rm -rvf diagram.dot && mv -v diagram.png ./images/extended_diagram.png.

AWSCloud