DEV Community

Cover image for Synth CDK app to Custom Bucket
Ivan Bliskavka
Ivan Bliskavka

Posted on • Updated on • Originally published at bliskavka.com

Synth CDK app to Custom Bucket

#aws #cloudformation #cdk #devops

Some AWS customers don't use the CLI, and will not grant an external contractor CLI access. Trying to get access is a waste of time and resources. Do not fear, there is a solution!

Summary

  1. Create a client specific staging bucket
  2. Share the bucket with the client account via Bucket Policy
  3. Synth the stack to the staging bucket
  4. Share template URL with client
  5. Client can install using the URL in CloudFormation web console with their own user credentials

App Staging Bucket Policy 

{
  "Sid": "MyClient",
  "Effect": "Allow",
  "Principal": {
      "AWS": [
          "arn:aws:iam::DEV_ACCOUNT_ID:root",
          "arn:aws:iam::PROD_ACCOUNT_ID:root"
      ]
  },
  "Action": [
      "s3:GetObject",
      "s3:GetObjectVersion"
  ],
  "Resource": "arn:aws:s3:::app-staging-bucket/*"
}
Enter fullscreen mode Exit fullscreen mode

Usage

  1. Install CDK Assets npm i -D cdk-assets

  2. Customize the stack synthesizer to use your custom staging bucket

    const app = new cdk.App();

new MyApp(app, 'template', {
  someParam: 'someValue',
  synthesizer: new DefaultStackSynthesizer({
    fileAssetsBucketName: 'app-staging-bucket',

    // Use a custom role which has access to the asset bucket
    fileAssetPublishingRoleArn: 'my-client-staging-role',

    // Consider using a build date or version
    bucketPrefix: '2.4.1',

    // The client account does not need to be bootstrapped
    generateBootstrapVersionRule: false,
  }),
});

app.synth();

  3. Run cdk synth to generate your assets.

  4. Modify cdk.out/template.assets.json to make the template file name more predictable

    • find entry with sourcePath=template.template.json
    • modify its objectKey to something like 2.4.1/template.json
    • (you should probably write some code to automate this)

  5. Run cdk-assets -v -p ./cdk.out/template.assets.json publish

  6. Share your template URL with the client. It will look something like:

    https://app-staging-bucket.s3.amazonaws.com/2.4.1/template.json

  7. Client can install the app using the CloudFormation web console.

Simpler Template Output

Not sure what the side-effects of these are, but this produces a simpler template with less CDK metadata.

cdk synth --path-metadata false --version-reporting false

cdk.json 

{
  "context": {
    "@aws-cdk/core:newStyleStackSynthesis": false,
  }
}
Enter fullscreen mode Exit fullscreen mode

Conclusion

This has been very helpful for creating installers that are accessible to non-developers and usable in beginner AWS environments. I hope it save you some head-scratching!

Originally posted on my blog

Top comments (0)

Read next

wimadev profile image

5 costly mistakes when deploying Docker containers (and how to dodge them like a pro 😎)

Lukas Mauser -

pipscript profile image

From Localhost to Production: Problem-First SRE Journey with One2N Bootcamp

Barigbue Nbira -

s3cloudhub profile image

How To Deploy a Node.js Web App on Azure DevOps: A Step-by-Step Guide

S3CloudHub -

sf_fc profile image

Use KEDA Scaling Modifiers to Manage AI Infrastructure

Sam Farid -