Day 3 – AWS CDK 指令介紹

2020 12th 鐵人賽

昨天講解了專案的創建今天來解釋基礎的 AWS CDK 指令,不過在講解之前應該要先跟大家說明怎麼使用 AWS CLI 不然在講解 AWS CDK 指令的時候有的指令可能會卡住

https://i0.wp.com/ithelp.ithome.com.tw/upload/images/20201024/20117701EhRLq1IeOZ.jpg?w=640&ssl=1

AWS CLI 安裝

使用 msi 安裝

首先先說明 Windows 的安裝方法,我個人覺得 Windows 是裡面最好安裝的只要到官方下載安裝檔即可 安裝後測試一下指令

C:\> aws --version
aws-cli/2.0.36 Python/3.7.4 Windows/10 botocore/2.0.0

詳細介紹可以參考官方安裝文件

Mac 安裝 AWS CLI

使用 brew 安裝

我通常在 Mac 上面盡可能指令都交給 brew 管理,所以我首推使用 brew 安裝指令,不過這不是官方推薦的方法,但是我比較喜歡

$ brew install awscli

使用 brew 在舊版 awscli@1 (a.k.a. AWS CLI version 1) 會有一個不太方便的地方是如果有改版內容想要先使用就算發 PR 也沒辦法被 merge 因為有規定 10 版做為一個單位

awscli should only be updated every 10 releases on multiples of 10

homebrew-core/Formula/awscli@1.rb

新版的 awscli 就沒有這項規定了 homebrew-core/Formula/awscli.rb

使用 pkg 安裝

官方推薦的方法是使用 pkg 安裝,基本上安裝方法就是跟著安裝精靈走就好,其實也是滿方便的就看個人喜歡的方法囉

詳細介紹可以參考官方安裝文件

設定 AWS CLI

基礎 AWS configure 設定

安裝完後先來做 configure 設定,通常應該只有一個 AWS 帳號就直接使用如下設定就

$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: 

AWS configure profile 設定

不過有的人可能因為工作關係有很多 AWS Account 總不可能每次都去挖自己的 Access Key,所以指令有提供 profile 的方法,感覺就像是多使用者的概念之後下指令只要把 profile 帶在後面就可以成功使用了

$ aws configure --profile ithome
AWS Access Key ID [None]: AKIAI44QH8DHBEXAMPLE
AWS Secret Access Key [None]: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
Default region name [None]: us-east-1
Default output format [None]: 

今天想要列出所有 ithome 這個 profile 的 S3 bucket 就可以使用

$ aws s3 ls --profile ithome

其他功能等後面需要再介紹給大家

AWS CDK Toolkit command

cdk init

昨天有介紹過 cdk init 指令了,不過還沒提到的是 init 除了 sample-app 的 Template 還有 applib,而如果不想要 Template 其實也可以直接執行 cdk init --language=typescript 就會是一個空專案了

$ cdk init --list
Available templates:
* app: Template for a CDK Application
   └─ cdk init app --language=[csharp|fsharp|java|javascript|python|typescript]
* lib: Template for a CDK Construct Library
   └─ cdk init lib --language=typescript
* sample-app: Example CDK Application with some constructs
   └─ cdk init sample-app --language=[csharp|fsharp|java|javascript|python|typescript]

cdk list

列出所有的 stack list,而為什麼以目前的範例來說會出現 HelloCdkStack 呢? 其實是因為我們的 bin/hello-cdk.ts 定義的,如果覺得指令太長可以改用 cdk ls

$ cdk list
HelloCdkStack

如果想要看更詳細的 stack 資料可以使用

$ cdk list --long
- id: HelloCdkStack
  name: HelloCdkStack
  environment:
    account: unknown-account
    region: unknown-region
    name: aws://unknown-account/unknown-region

cdk synthesize

看看目前程式產生的 CloudFormation 腳本可以直接使用這個指令,它的短指令是 cdk synth

$ cdk synth HelloCdkStack
Resources:
  HelloCdkQueueB56C77B9:
    Type: AWS::SQS::Queue
    Properties:
      VisibilityTimeout: 300
    Metadata:
      aws:cdk:path: HelloCdkStack/HelloCdkQueue/Resource
  HelloCdkQueuePolicy027FC30A:
    Type: AWS::SQS::QueuePolicy
    Properties:
      PolicyDocument:
        Statement:
          - Action: sqs:SendMessage
            Condition:
              ArnEquals:
                aws:SourceArn:
                  Ref: HelloCdkTopic1F583424
            Effect: Allow
            Principal:
              Service: sns.amazonaws.com
            Resource:
              Fn::GetAtt:
                - HelloCdkQueueB56C77B9
                - Arn
        Version: "2012-10-17"
      Queues:
        - Ref: HelloCdkQueueB56C77B9
    Metadata:
      aws:cdk:path: HelloCdkStack/HelloCdkQueue/Policy/Resource
  HelloCdkQueueHelloCdkStackHelloCdkTopic850E0FBD36A066B9:
    Type: AWS::SNS::Subscription
    Properties:
      Protocol: sqs
      TopicArn:
        Ref: HelloCdkTopic1F583424
      Endpoint:
        Fn::GetAtt:
          - HelloCdkQueueB56C77B9
          - Arn
    Metadata:
      aws:cdk:path: HelloCdkStack/HelloCdkQueue/HelloCdkStackHelloCdkTopic850E0FBD/Resource
  HelloCdkTopic1F583424:
    Type: AWS::SNS::Topic
    Metadata:
      aws:cdk:path: HelloCdkStack/HelloCdkTopic/Resource
  CDKMetadata:
    Type: AWS::CDK::Metadata
    Properties:
      Modules: aws-cdk=1.63.0,@aws-cdk/aws-cloudwatch=1.63.0,@aws-cdk/aws-iam=1.63.0,@aws-cdk/aws-kms=1.63.0,@aws-cdk/aws-sns=1.63.0,@aws-cdk/aws-sns-subscriptions=1.63.0,@aws-cdk/aws-sqs=1.63.0,@aws-cdk/cloud-assembly-schema=1.63.0,@aws-cdk/core=1.63.0,@aws-cdk/cx-api=1.63.0,@aws-cdk/region-info=1.63.0,jsii-runtime=node.js/v12.16.3
    Condition: CDKMetadataAvailable
Conditions:
  CDKMetadataAvailable:
    Fn::Or:
      - Fn::Or:
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-east-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-northeast-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-northeast-2
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-southeast-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-southeast-2
          - Fn::Equals:
              - Ref: AWS::Region
              - ca-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - cn-north-1
          - Fn::Equals:
              - Ref: AWS::Region
              - cn-northwest-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-central-1
      - Fn::Or:
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-north-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-2
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-3
          - Fn::Equals:
              - Ref: AWS::Region
              - me-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - sa-east-1
          - Fn::Equals:
              - Ref: AWS::Region
              - us-east-1
          - Fn::Equals:
              - Ref: AWS::Region
              - us-east-2
          - Fn::Equals:
              - Ref: AWS::Region
              - us-west-1
          - Fn::Equals:
              - Ref: AWS::Region
              - us-west-2

如果想要把目前的 CloudFormation templates 輸出成 yaml 也可以直接使用 cdk synth > output.yaml 或是以前是寫 JSON 的朋友也可以讓它輸出 JSON cdk synth --json > output.json 是不是很方便啊,不過我們現在使用 CDK 就是為了不想直接跟 CloudFormation 打交道就看看壞念一下吧 ~

cdk bootstrap

此指令是第一次要執行 cdk 部署前要執行的指令,它會在 S3 開啟一個 bucket 裡面會放有需要執行 CloudFormation 必要的東西

$ cdk bootstrap
 ⏳  Bootstrapping environment aws://888888888888/us-west-2...
 ✅  Environment aws://888888888888/us-west-2 bootstrapped (no changes).

cdk deploy

部署 CDK 腳本指令未來會常常用到它,詳細的使用方法等下一章再來說明

$ cdk deploy
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:

IAM Statement Changes
┌───┬───────────────────┬────────┬───────────────────┬───────────────────┬─────────────────────┐
│   │ Resource          │ Effect │ Action            │ Principal         │ Condition           │
├───┼───────────────────┼────────┼───────────────────┼───────────────────┼─────────────────────┤
│ + │ ${HelloCdkQueue.A │ Allow  │ sqs:SendMessage   │ Service:sns.amazo │ "ArnEquals": {      │
│   │ rn}               │        │                   │ naws.com          │   "aws:SourceArn":  │
│   │                   │        │                   │                   │ "${HelloCdkTopic}"  │
│   │                   │        │                   │                   │ }                   │
└───┴───────────────────┴────────┴───────────────────┴───────────────────┴─────────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Do you wish to deploy these changes (y/n)?

文字版

https://i2.wp.com/ithelp.ithome.com.tw/upload/images/20200921/20117701pH38JyvBNI.png?w=640&ssl=1

圖片版

cdk destroy

因為 CDK 底層是 CloudFormation 的關係如果我們想要移除部署好的東西也可以輕易的把它移除的乾乾淨淨,只要使用這個指令即可達成

$ cdk destroy
Are you sure you want to delete: HelloCdkStack (y/n)? y
HelloCdkStack: destroying...

 ✅  HelloCdkStack: destroyed

cdk diff

在 CDK 裡面有一個很好用的功能就是 diff 我們可以輕易的知道現在的版本與已經部署的版本差異是什麼,只要使用 cdk diff 即可清楚的知道,以下面來說我們此範例會在 IAM 新增一個 Action sqs:SendMessage 與新增 4 個 Resources

$ cdk diff
IAM Statement Changes
┌───┬───────────────────┬────────┬───────────────────┬───────────────────┬─────────────────────┐
│   │ Resource          │ Effect │ Action            │ Principal         │ Condition           │
├───┼───────────────────┼────────┼───────────────────┼───────────────────┼─────────────────────┤
│ + │ ${HelloCdkQueue.A │ Allow  │ sqs:SendMessage   │ Service:sns.amazo │ "ArnEquals": {      │
│   │ rn}               │        │                   │ naws.com          │   "aws:SourceArn":  │
│   │                   │        │                   │                   │ "${HelloCdkTopic}"  │
│   │                   │        │                   │                   │ }                   │
└───┴───────────────────┴────────┴───────────────────┴───────────────────┴─────────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Conditions
[+] Condition CDKMetadataAvailable: {"Fn::Or":[{"Fn::Or":[{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-east-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-northeast-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-northeast-2"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-south-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-southeast-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-southeast-2"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ca-central-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"cn-north-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"cn-northwest-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-central-1"]}]},{"Fn::Or":[{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-north-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-west-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-west-2"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-west-3"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"me-south-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"sa-east-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"us-east-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"us-east-2"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"us-west-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"us-west-2"]}]}]}

Resources
[+] AWS::SQS::Queue HelloCdkQueue HelloCdkQueueB56C77B9 
[+] AWS::SQS::QueuePolicy HelloCdkQueue/Policy HelloCdkQueuePolicy027FC30A 
[+] AWS::SNS::Subscription HelloCdkQueue/HelloCdkStackHelloCdkTopic850E0FBD HelloCdkQueueHelloCdkStackHelloCdkTopic850E0FBD36A066B9 
[+] AWS::SNS::Topic HelloCdkTopic HelloCdkTopic1F583424 

文字版

https://i2.wp.com/ithelp.ithome.com.tw/upload/images/20200921/201177010nlP7lYF81.png?w=640&ssl=1

圖片版

cdk docs

如果想要快速的尋找文件就可以使用它,它會幫我們開啟瀏覽器並且帶我們到 https://docs.aws.amazon.com/cdk/api/latest/ 其實很方便 https://i1.wp.com/ithelp.ithome.com.tw/upload/images/20200918/201177012kpXQSWhy6.png?w=640&ssl=1

cdk doctor

如果有 bug 需要 report 的時候會需要指令此指令它會收集目前的 env 與 CDK 版本資訊

$ cdk doctor
ℹ️ CDK Version: 1.63.0 (build 7a68125)
ℹ️ AWS environment variables:
  - AWS_STS_REGIONAL_ENDPOINTS = regional
  - AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
  - AWS_SDK_LOAD_CONFIG = 1
ℹ️ No CDK environment variables

以上是 CDK 指令的介紹如果有錯歡迎跟我說我會盡快修正的,謝謝大家! 今天的內容就到此,明天會來講解