condensetech.cdk-constructs 0.3.1

Condense's opinionated constructs and stacks for AWS CDK

Condense's CDK Constructs

This library contains constructs and stacks we use across our projects.

Setup

Node.js

Install the package:

npm install @condensetech/cdk-constructs # or
yarn add @condensetech/cdk-constructs # or
pnpm add @condensetech/cdk-constructs

Import it:

import * as condense from '@condensetech/cdk-constructs';

Python

Install the package:

pip install condensetech.cdk-constructs

Import it:

from condensetech import cdk_constructs

.NET

Install the package:

dotnet add package CondenseTech.CdkConstructs

Import it:

using CondenseTech.CdkConstructs;

Go

Install the package:

go get github.com/condensetech/cdk-constructs

Import it:

import "github.com/condensetech/cdk-constructs"

Usage

All API docs can be found in the API.md.

Composable Infrastructure Constructs and Stacks

Readability and maintainability are key factors when writing IaC. By defining some high level interfaces, we can easily write constructs which don't need to be tied to the specific implementation of a resource.

For example, the INetworking, defines some high level methods to interact with a VPC. Often a VPC contains a bastion host, which should be whitelisted to databases, so the interface has a bastionHost property which can return the bastion host. This allows to write code like the following:

interface MyDatabaseStackProps extends cdk.StackProps {
  networking: INetworking;
}
class MyDatabaseStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props: MyDatabaseStackProps) {
    super(scope, id, props);

    const db = new rds.DatabaseInstance(this, 'Database', {
      vpc: props.networking.vpc,
      ...
    });
    if (props.networking.bastionHost) {
      db.connections.allowDefaultPortFrom(props.networking.bastionHost);
    }
  }
}

If a certain point we want to add a bastion host, we just need to flip one single switch in the networking props, to have the bastion host able to connect to all the resources in the VPC.

Constructs and Stacks in this area:

• Networking and NetworkingStack
• Aurora Cluster and AuroraClusterStack
• RDS Instance and DatabaseInstanceStack

Entrypoint

A typical scenario is to have one single Application Load Balancer in a VPC, which routes traffic to different services. The Entrypoint Construct and the Entrypoint Stack allow to easily define this entrypoint load balancer.

The Entrypoint#allocateListenerRule method tracks in a DynamoDB table the priority of the listener rules that are being created and generates a unique priority if one is not provided. This allows to operate in scenarios where different stacks are creating listener rules for the same load balancer.

Cloudwatch Alarms Topic

The CloudwatchAlarmsTopicStack creates an SNS Topic which can be used as a target for Cloudwatch Alarms. In addition to link the topic to HTTPS endpoints, it can also create a Lambda function which can be used to send messages to Discord.

Naive BasicAuth Cloudfront Function

NaiveBasicAuthCloudfrontFunction is useful when a basic protection layer must be added to Cloudfront (for SPAs or static sites) and you just need to avoid crawlers and unwanted visitors.

Monitoring

By instantiating a MonitoringFacade in your stack, you can easily add monitoring to your resources. The facade will create a Cloudwatch Dashboard, and will add alarms to the resources you want to monitor.