Day 5 – 執行 AWS CDK sample-app

2020 12th 鐵人賽

昨天分析完了整個 sample-app 程式,今天就直接來執行它吧!

https://i0.wp.com/ithelp.ithome.com.tw/upload/images/20201024/20117701l2JAbJK5oH.jpg?w=640&ssl=1

今日的主題除了教大家怎麼把 sample-app 部署到 AWS 上面之外還會教大家怎麼簡單的修改 CDK 程式先體驗 CDK 的方便之處,那就來看看今天的內容吧!

執行 CDK sample-app

cdk bootstrap

第一次使用 CDK 先執行 bootstrap

如果之前有做過了就不需要再做了呦!

$ cdk bootstrap
 ⏳  Bootstrapping environment aws://888888888888/us-west-2...
 ✅  Environment aws://888888888888/us-west-2 bootstrapped (no changes).

cdk synth

看一下部署腳本 一開始使用 CDK 還是可以先看一下如果使用 CloudFormation 會怎麼寫的,看完就會這樣寫真的滿辛苦的

$ cdk synth
Resources:
  HelloCdkQueueB56C77B9:
    Type: AWS::SQS::Queue
    Properties:
      VisibilityTimeout: 300
    Metadata:
      aws:cdk:path: HelloCdkStack/HelloCdkQueue/Resource
  HelloCdkQueuePolicy027FC30A:
    Type: AWS::SQS::QueuePolicy
    Properties:
      PolicyDocument:
        Statement:
          - Action: sqs:SendMessage
            Condition:
              ArnEquals:
                aws:SourceArn:
                  Ref: HelloCdkTopic1F583424
            Effect: Allow
            Principal:
              Service: sns.amazonaws.com
            Resource:
              Fn::GetAtt:
                - HelloCdkQueueB56C77B9
                - Arn
        Version: "2012-10-17"
      Queues:
        - Ref: HelloCdkQueueB56C77B9
    Metadata:
      aws:cdk:path: HelloCdkStack/HelloCdkQueue/Policy/Resource
  HelloCdkQueueHelloCdkStackHelloCdkTopic850E0FBD36A066B9:
    Type: AWS::SNS::Subscription
    Properties:
      Protocol: sqs
      TopicArn:
        Ref: HelloCdkTopic1F583424
      Endpoint:
        Fn::GetAtt:
          - HelloCdkQueueB56C77B9
          - Arn
    Metadata:
      aws:cdk:path: HelloCdkStack/HelloCdkQueue/HelloCdkStackHelloCdkTopic850E0FBD/Resource
  HelloCdkTopic1F583424:
    Type: AWS::SNS::Topic
    Metadata:
      aws:cdk:path: HelloCdkStack/HelloCdkTopic/Resource
  CDKMetadata:
    Type: AWS::CDK::Metadata
    Properties:
      Modules: aws-cdk=1.63.0,@aws-cdk/aws-cloudwatch=1.63.0,@aws-cdk/aws-iam=1.63.0,@aws-cdk/aws-kms=1.63.0,@aws-cdk/aws-sns=1.63.0,@aws-cdk/aws-sns-subscriptions=1.63.0,@aws-cdk/aws-sqs=1.63.0,@aws-cdk/cloud-assembly-schema=1.63.0,@aws-cdk/core=1.63.0,@aws-cdk/cx-api=1.63.0,@aws-cdk/region-info=1.63.0,jsii-runtime=node.js/v12.16.3
    Condition: CDKMetadataAvailable
Conditions:
  CDKMetadataAvailable:
    Fn::Or:
      - Fn::Or:
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-east-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-northeast-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-northeast-2
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-southeast-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-southeast-2
          - Fn::Equals:
              - Ref: AWS::Region
              - ca-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - cn-north-1
          - Fn::Equals:
              - Ref: AWS::Region
              - cn-northwest-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-central-1
      - Fn::Or:
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-north-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-2
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-3
          - Fn::Equals:
              - Ref: AWS::Region
              - me-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - sa-east-1
          - Fn::Equals:
              - Ref: AWS::Region
              - us-east-1
          - Fn::Equals:
              - Ref: AWS::Region
              - us-east-2
          - Fn::Equals:
              - Ref: AWS::Region
              - us-west-1
          - Fn::Equals:
              - Ref: AWS::Region
              - us-west-2

cdk deploy

開始執行部屬,執行此指令如果有修改權限都會再一次跟使用者確定修改的內容,確定請按 y

$ cdk deploy
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:

IAM Statement Changes
┌───┬───────────────────┬────────┬───────────────────┬───────────────────┬─────────────────────┐
│   │ Resource          │ Effect │ Action            │ Principal         │ Condition           │
├───┼───────────────────┼────────┼───────────────────┼───────────────────┼─────────────────────┤
│ + │ ${HelloCdkQueue.A │ Allow  │ sqs:SendMessage   │ Service:sns.amazo │ "ArnEquals": {      │
│   │ rn}               │        │                   │ naws.com          │   "aws:SourceArn":  │
│   │                   │        │                   │                   │ "${HelloCdkTopic}"  │
│   │                   │        │                   │                   │ }                   │
└───┴───────────────────┴────────┴───────────────────┴───────────────────┴─────────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Do you wish to deploy these changes (y/n)?  y
HelloCdkStack: deploying...
[██████████████████████████████████████████████████████████] (6/6)




 ✅  HelloCdkStack

Stack ARN:
arn:aws:cloudformation:us-west-2:888888888888:stack/HelloCdkStack/cbb80510-f9d0-11ea-b44e-0a8a148431ae

文字版

https://i0.wp.com/ithelp.ithome.com.tw/upload/images/20200921/20117701cfOJDLEjrf.png?w=640&ssl=1

圖片版

查看 CloudFormation 結果

在這邊可以很清楚的看到上面的 Stack ARN 與我們的 Stack ID 一樣,並且有部署成功 https://i1.wp.com/ithelp.ithome.com.tw/upload/images/20200919/20117701QYoa1USu1T.png?w=640&ssl=1

再來檢查一下 Resources 的部分 https://i1.wp.com/ithelp.ithome.com.tw/upload/images/20200919/20117701pvf2lZyz2S.png?w=640&ssl=1

到 SNS 看看新建的 Topic https://i2.wp.com/ithelp.ithome.com.tw/upload/images/20200919/20117701GU15q1SGFC.png?w=640&ssl=1

到 SQS 檢查 timeout 為 300 秒也就是 5 分鐘,並且訂閱了 SNS https://i2.wp.com/ithelp.ithome.com.tw/upload/images/20200919/20117701gvEhDKgfgJ.png?w=640&ssl=1

修改一下 hello-cdk-stack.ts

體驗一下如果把某些程式註解是否會真的幫我們移除對應的服務,把 13 ~ 16 行註解

import * as sns from "@aws-cdk/aws-sns";
import * as subs from "@aws-cdk/aws-sns-subscriptions";
import * as sqs from "@aws-cdk/aws-sqs";
import * as cdk from "@aws-cdk/core";

export class HelloCdkStack extends cdk.Stack {
  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const queue = new sqs.Queue(this, "HelloCdkQueue", {
      visibilityTimeout: cdk.Duration.seconds(300),
    });

    // const topic = new sns.Topic(this, 'HelloCdkTopic');

    // topic.addSubscription(new subs.SqsSubscription(queue));
  }
}

跑一下 cdk diff

執行一下 cdk diff 可以很清楚的看到什麼 Resources 被移除了

  • [-] AWS::SQS::QueuePolicy HelloCdkQueuePolicy027FC30A destroy
  • [-] AWS::SNS::Subscription HelloCdkQueueHelloCdkStackHelloCdkTopic850E0FBD36A066B9 destroy
  • [-] AWS::SNS::Topic HelloCdkTopic1F583424 destroy
$ cdk diff
Stack HelloCdkStack
IAM Statement Changes
┌───┬───────────────────┬────────┬───────────────────┬───────────────────┬─────────────────────┐
│   │ Resource          │ Effect │ Action            │ Principal         │ Condition           │
├───┼───────────────────┼────────┼───────────────────┼───────────────────┼─────────────────────┤
│ - │ ${HelloCdkQueue.A │ Allow  │ sqs:SendMessage   │ Service:sns.amazo │ "ArnEquals": {      │
│   │ rn}               │        │                   │ naws.com          │   "aws:SourceArn":  │
│   │                   │        │                   │                   │ "${HelloCdkTopic1F5 │
│   │                   │        │                   │                   │ 83424}"             │
│   │                   │        │                   │                   │ }                   │
└───┴───────────────────┴────────┴───────────────────┴───────────────────┴─────────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Resources
[-] AWS::SQS::QueuePolicy HelloCdkQueuePolicy027FC30A destroy
[-] AWS::SNS::Subscription HelloCdkQueueHelloCdkStackHelloCdkTopic850E0FBD36A066B9 destroy
[-] AWS::SNS::Topic HelloCdkTopic1F583424 destroy

文字版

https://i0.wp.com/ithelp.ithome.com.tw/upload/images/20200921/20117701F4ML0Q8SMv.png?w=640&ssl=1

圖片版

再跑一次 cdk deploy

看完之後我們來執行一次 cdk deploy,等執行成功就來檢查一下

$ cdk deploy
HelloCdkStack: deploying...
HelloCdkStack: creating CloudFormation changeset...
[██████████████████████████████████████████████████████████] (5/5)



 ✅  HelloCdkStack

Stack ARN:
arn:aws:cloudformation:us-west-2:888888888888:stack/HelloCdkStack/cbb80510-f9d0-11ea-b44e-0a8a148431ae

檢查一下 CloudFormation

可以發現剩下一個 SQS,代表有執行成功! https://i1.wp.com/ithelp.ithome.com.tw/upload/images/20200919/20117701Ekpmvfqodm.png?w=640&ssl=1

重新整理一下 SNS

剛剛的 SNS 也已經被移除掉了 https://i0.wp.com/ithelp.ithome.com.tw/upload/images/20200919/20117701ILg8dPhzct.png?w=640&ssl=1

檢查一下 SQS

確定沒有 SNS 的訂閱資料 https://i0.wp.com/ithelp.ithome.com.tw/upload/images/20200919/20117701hNWhnENec3.png?w=640&ssl=1

最後我們把整個環境移除掉吧!

今天的講解差不多結束了,我們來把整個 cdk destroy 掉 執行會出現警告直接按下 y 即可

$ cdk destroy
Are you sure you want to delete: HelloCdkStack (y/n)? y
HelloCdkStack: destroying...
9:20:24 AM | DELETE_IN_PROGRESS   | AWS::CloudFormation::Stack | HelloCdkStack
9:20:26 AM | DELETE_IN_PROGRESS   | AWS::SQS::Queue    | HelloCdkQueue

 ✅  HelloCdkStack: destroyed

文字版

https://i1.wp.com/ithelp.ithome.com.tw/upload/images/20200921/20117701uJnbCaDfrt.png?w=640&ssl=1

圖片版

搜尋一下剛剛的 CloudFormation

可以發現已經沒有任何東西拉! https://i1.wp.com/ithelp.ithome.com.tw/upload/images/20200919/201177016h9RkzmIau.png?w=640&ssl=1

以上是 AWS CDK sample-app 的執行與測試