AWS CDK Infrastructure TypeScript DevOps

AWS CDK: Infrastructure as Code for Modern Deployments

Learn how to leverage AWS CDK with TypeScript to build scalable, maintainable cloud infrastructure that grows with your applications

The evolution from manual AWS console clicking to Infrastructure as Code represents one of the most significant improvements in cloud development practices. AWS CDK (Cloud Development Kit) takes this further by allowing us to define cloud infrastructure using familiar programming languages, bringing the power of software engineering to cloud architecture.

Why CDK Over CloudFormation?

While CloudFormation provides Infrastructure as Code, CDK offers Infrastructure as Software:

// CloudFormation YAML - static and verbose
Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-app-bucket-prod
      PublicReadPolicy: false
      VersioningConfiguration:
        Status: Enabled

// CDK TypeScript - dynamic and programmatic
const bucket = new s3.Bucket(this, 'MyBucket', {
  bucketName: `my-app-bucket-${stage}`,
  versioned: true,
  publicReadAccess: false,
  // Conditional logic, loops, and functions work naturally
  ...isProd ? { lifecycleRules: [retentionPolicy] } : {},
});

Architecture Patterns for Scale

1. Multi-Stage Pipeline Design

Structure your CDK app for multiple environments from day one:

#!/usr/bin/env node
import { App, Environment } from 'aws-cdk-lib';
import { PipelineStack } from '../lib/pipeline-stack';

const app = new App();

// Centralized environment configuration
const environments: Record<string, Environment> = {
  dev: { account: '111111111111', region: 'us-east-1' },
  staging: { account: '222222222222', region: 'us-east-1' },
  prod: { account: '333333333333', region: 'us-east-1' },
};

// Deploy pipeline stack that manages other stacks
Object.entries(environments).forEach(([stage, env]) => {
  new PipelineStack(app, `Pipeline-${stage}`, {
    env,
    stage,
    // Cross-stage dependencies
    crossRegionReplication: stage === 'prod',
  });
});

2. Construct-Driven Architecture

Create reusable constructs that encapsulate best practices:

// lib/constructs/secure-api.ts
export class SecureApiConstruct extends Construct {
  public readonly api: RestApi;
  public readonly domainName: DomainName;

  constructor(scope: Construct, id: string, props: SecureApiProps) {
    super(scope, id);

    // WAF protection
    const webAcl = new wafv2.WebAcl(this, 'WebAcl', {
      scope: wafv2.Scope.REGIONAL,
      defaultAction: wafv2.WafAction.allow(),
      rules: [
        // Rate limiting
        {
          name: 'RateLimitRule',
          priority: 1,
          statement: new wafv2.RateLimitStatement(2000),
          action: wafv2.WafAction.block(),
        },
      ],
    });

    // API Gateway with security headers
    this.api = new RestApi(this, 'Api', {
      restApiName: props.apiName,
      defaultCorsPreflightOptions: {
        allowOrigins: Cors.ALL_ORIGINS,
        allowMethods: Cors.ALL_METHODS,
      },
      deployOptions: {
        stageName: props.stage,
        accessLogDestination: new ApiGatewayLogGroup(
          new LogGroup(this, 'AccessLogs')
        ),
      },
    });

    // Custom domain with SSL
    this.domainName = new DomainName(this, 'Domain', {
      domainName: props.domainName,
      certificate: Certificate.fromCertificateArn(
        this,
        'Certificate',
        props.certificateArn
      ),
    });
  }
}

Advanced CDK Patterns

3. Cross-Stack Resource Sharing

Handle dependencies between stacks elegantly:

// Shared resources stack
export class SharedStack extends Stack {
  public readonly vpc: Vpc;
  public readonly cluster: Cluster;

  constructor(scope: Construct, id: string, props: StackProps) {
    super(scope, id, props);

    this.vpc = new Vpc(this, 'Vpc', {
      maxAzs: 3,
      natGateways: 2,
    });

    this.cluster = new Cluster(this, 'EcsCluster', {
      vpc: this.vpc,
      containerInsights: true,
    });
  }
}

// Application stack that uses shared resources
export class AppStack extends Stack {
  constructor(
    scope: Construct,
    id: string,
    props: StackProps & { sharedStack: SharedStack }
  ) {
    super(scope, id, props);

    const service = new FargateService(this, 'Service', {
      cluster: props.sharedStack.cluster,
      // Service configuration...
    });
  }
}

4. Custom Resource Patterns

Extend CDK capabilities with custom resources:

export class DatabaseMigrationResource extends Construct {
  constructor(scope: Construct, id: string, props: MigrationProps) {
    super(scope, id);

    // Lambda function for migrations
    const migrationFunction = new Function(this, 'MigrationFunction', {
      runtime: Runtime.NODEJS_18_X,
      handler: 'index.handler',
      code: Code.fromAsset('lambda/migrations'),
      environment: {
        DATABASE_URL: props.databaseUrl,
      },
    });

    // Custom resource that runs migrations
    new CustomResource(this, 'Migration', {
      serviceToken: migrationFunction.functionArn,
      properties: {
        version: props.migrationVersion,
        // Trigger re-run when version changes
        timestamp: Date.now(),
      },
    });
  }
}

Testing Your Infrastructure

CDK makes infrastructure testing straightforward:

// test/app.test.ts
import { Template } from 'aws-cdk-lib/assertions';
import { App } from 'aws-cdk-lib';
import { MyStack } from '../lib/my-stack';

test('S3 bucket created with encryption', () => {
  const app = new App();
  const stack = new MyStack(app, 'TestStack');

  const template = Template.fromStack(stack);

  template.hasResourceProperties('AWS::S3::Bucket', {
    BucketEncryption: {
      ServerSideEncryptionConfiguration: [
        {
          ServerSideEncryptionByDefault: {
            SSEAlgorithm: 'AES256'
          }
        }
      ]
    }
  });
});

Deployment Best Practices

GitOps Pipeline Integration

// Integrate with CI/CD
const pipeline = new CodePipeline(this, 'Pipeline', {
  pipelineName: 'MyAppPipeline',
  synth: new CodeBuildStep('Synth', {
    input: CodePipelineSource.gitHub('user/repo', 'main'),
    commands: [
      'npm ci',
      'npm run build',
      'npx cdk synth',
    ],
  }),
});

// Add stages for different environments
pipeline.addStage(new MyStage(this, 'Dev', { env: devEnv }));
pipeline.addStage(new MyStage(this, 'Prod', {
  env: prodEnv,
  // Manual approval for production
  pre: [new ManualApprovalStep('ApproveProduction')]
}));

Monitoring and Observability

CDK makes it easy to bake in observability from the start:

const dashboard = new Dashboard(this, 'Dashboard', {
  dashboardName: 'MyApp-Dashboard',
});

// Add metrics for your API
dashboard.addWidgets(
  new GraphWidget({
    title: 'API Request Count',
    left: [api.metricRequestCount()],
  }),
  new GraphWidget({
    title: 'API Latency',
    left: [api.metricLatency()],
  }),
);

// Set up alarms
new Alarm(this, 'HighErrorRate', {
  metric: api.metricClientError(),
  threshold: 10,
  evaluationPeriods: 2,
});

Real-World Benefits

Organizations using CDK report:

  • 60% reduction in deployment time compared to manual processes
  • 90% fewer configuration errors due to type safety
  • Improved compliance through automated policy enforcement
  • Better collaboration between dev and ops teams

Conclusion

AWS CDK transforms infrastructure management from a manual, error-prone process into a software engineering discipline. By leveraging TypeScript’s type system, object-oriented patterns, and testing frameworks, we can build cloud infrastructure that’s both robust and maintainable.

The key to CDK success lies in treating your infrastructure code with the same rigor as your application code - version control, testing, code review, and continuous integration all apply.

Start small with a single stack, then gradually adopt more advanced patterns as your team gains confidence. The investment in learning CDK pays dividends in reduced operational overhead and increased deployment confidence.