AWS re:Invent 2023
Advanced Aws Cdk Lessons Learned from 4 Years of Use Com302

Title

AWS re:Invent 2023 - Advanced AWS CDK: Lessons learned from 4 years of use (COM302)

Summary

  • Speaker: Matthew Bonnig, Chief Cloud Architect at Defiance Digital.
  • Topic: Best practices and lessons learned from using AWS CDK for four years.
  • Key Points:
    • Discussed building a multi-region ECS-based website with serverless media transcoder and Route 53 latency-based routing.
    • Explained CDK basics: apps, stacks, stages, constructs, and CloudFormation synthesis.
    • Introduced Progen for project initialization and repository file generation.
    • Emphasized the importance of CI/CD pipelines using AWS CodePipeline and GitHub Actions.
    • Covered code organization patterns and when to refactor for better navigation.
    • Discussed single vs. multi-stack approaches and handling cross-stack dependencies.
    • Highlighted the use of assets and the importance of building once and deploying multiple times.
    • Advised against using long-lived keys for GitHub Actions and suggested OIDC providers and roles.
    • Stressed the need for creating your own constructs to encapsulate business logic.
    • Warned against using generateSecretString in Secrets Manager construct.
    • Discussed handling external data and maintaining determinism in CDK code.
    • Introduced Aspects for applying wide-reaching changes and checks.
    • Shared tips for sharing constants between IAC and runtime code.
    • Provided best practices for working with stacks and constructs.
    • Emphasized the importance of testing: unit tests, integration tests, and end-to-end tests.
    • Demonstrated how to replace the stack synthesizer for custom behavior.

Insights

  • CDK Adoption: The speaker's experience indicates that not many people use Progen, despite its value, suggesting a potential gap in adoption that could be addressed through community engagement and education.
  • CI/CD Importance: The emphasis on CI/CD pipelines reflects the industry's move towards DevOps practices and the importance of automation in cloud infrastructure management.
  • Code Organization: The speaker's approach to code organization and refactoring highlights the need for maintainable and scalable codebases, especially as applications grow in complexity.
  • Asset Management: The discussion on asset management and the build-once-deploy-multiple-times philosophy underscores the challenges of managing immutable infrastructure and the importance of consistency across environments.
  • Constructs Usage: The advice to create your own constructs and encapsulate business logic within them suggests a best practice for using CDK that promotes reusability and modularity.
  • Secrets Management: The caution against using generateSecretString indicates a common pitfall in secrets management and the need for secure practices when handling sensitive information.
  • External Data Handling: The approach to handling external data and maintaining determinism in CDK code provides insight into managing dependencies and ensuring predictable infrastructure deployments.
  • Testing: The detailed coverage of testing strategies, from unit to end-to-end tests, reflects the speaker's thorough understanding of the importance of testing in infrastructure as code (IAC) and the need for robust validation mechanisms.
  • Custom Synthesizer: The ability to replace the stack synthesizer for custom behavior is an advanced use case that showcases the flexibility of CDK and the potential for innovation in cloud infrastructure provisioning.
Adding Aws Backbone to Your Network Net319Advanced Data Modeling with Amazon Dynamodb Dat410