© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Getting started with the AWS Cloud Development Kit (CDK) Marek Kuczynski Senior Serverless Solutions Architect Amazon Web Services

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. We are witnessing a paradigm shift Level of abstraction Focus on business logic Serverless Physical machines Virtual machines Containerization AWS Lambda AWS Fargate • Continuous scaling • Fault tolerance built in • Pay for value • Zero maintenance • Focus on business value

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Amazon EC2 Instances, containers and functions Boots up in minutes Runs for days or much longer Full OS access AWS Fargate Starts in seconds Runs for minutes/hours Limited OS access AWS Lambda Starts in milliseconds Runs up to 15 minutes No OS access

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Lambda AWS Fargate Amazon API Gateway Amazon SNS Amazon SQS AWS Step Functions COMPUTE DATA STORES INTEGRATION AWS AppSync Amazon Aurora Serverless Amazon S3 Amazon DynamoDB Amazon EventBridge

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark A modern three-tier application architecture Presentation Business logic Data Queues/messages Events Events APIs

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Modern, serverless infrastructures A Lambda function in retrieves data from an on-premise system every 5 minutes Amazon CloudWatch Schedule AWS Lambda Ping function Instance or VM Alarm Archive output Update database AWS Cloud Corporate data center

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 0: Creating infrastructure by hand Your organization’s infrastructure

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 1: Imperative infrastructure as code Your organization’s infrastructure deploy.script AWS SDK

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 1: Imperative infrastructure as code • Lots of boilerplate • What if something fails and we need to retry? • What if two people try to run the script at once? • Race conditions? resource = getResource(xyz) if (resource == desiredResource) { return } else if (!resource) { createResource(desiredResource) } else { updateResource(desiredResource) } deploy.script

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 2: Declarative infrastructure as code Your organization’s infrastructure infrastructure.txt AWS CloudFormation HashiCorp Terraform AWS SDK

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 2: Declarative infrastructure as code infrastructure.txt • Just a list of each resource to create and its properties, in this case YAML format • Some minor helper functions may be built in to aid in fetching values dynamically Resources: # VPC in which containers will be networked. # It has two public subnets # We distribute the subnets across the first two available subnets # for the region, for high availability. VPC: Type: AWS::EC2::VPC Properties: EnableDnsSupport: true EnableDnsHostnames: true CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR'] # Two public subnets, where containers can have public IP addresses PublicSubnetOne: Type: AWS::EC2::Subnet Properties: AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: {Ref: 'AWS::Region'} VpcId: !Ref 'VPC' CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR'] MapPublicIpOnLaunch: true PublicSubnetTwo: Type: AWS::EC2::Subnet Properties: AvailabilityZone: Fn::Select: - 1 - Fn::GetAZs: {Ref: 'AWS::Region'} VpcId: !Ref 'VPC' CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR'] MapPublicIpOnLaunch: true

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Serverless Application Model (SAM) CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything CloudFormation supports Open specification (Apache 2.0) https://github.com/awslabs/serverless-application-model

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Declarative SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: ./todo_list_lambda Handler: index.gethtml Runtime: nodejs12.x Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable Tells CloudFormation this is a SAM template it needs to “transform” Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary Creates a DynamoDB table with 5 Read & Write units

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 3: AWS Cloud Development Kit (AWS CDK) Your organization’s infrastructure app.js AWS CloudFormation AWS SDK AWS CDK

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 3: AWS CDK • Write in a familiar programming language • Create many underlying AWS resources at once with a single construct • Each stack is made up of “constructs,” which are simple classes in the code • Still declarative, no need to handle create vs update cdk_app.js lambda_function.py

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Public Subnet in Availability Zone Public Subnet in Availability Zone 2 Private Subnet in Availability Zone Private Subnet in Availability Zone 2 Internet gateway NAT gateway NAT gateway One CDK construct expands to many underlying resources cdk deploy // Network for all the resources const vpc = new ec2.Vpc(stack, 'MyVpc', { maxAzs: 2 });

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. One CDK construct expands to many underlying resources 270 lines of AWS CloudFormation YAML I don’t have to write! cdk synth // Network for all the resources const vpc = new ec2.Vpc(stack, 'MyVpc', { maxAzs: 2 });

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. CDK constructs are available in multiple languages

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Two levels of container abstraction in AWS CDK • Basic patterns for building Docker images, creating a cluster, task definition, task, or service • Stable release • Common architecture patterns built on top of the basic patterns: a load balanced service, a queue consumer, task scheduled to run at a particular time • Experimental release, we are still working on this!

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. @aws-cdk/aws-ecs Build a container image import ecs = require('@aws-cdk/aws-ecs’); const image = ecs.ContainerImage.fromAsset("apps/myapp") apps/myapp my- code.js Dockerfile Docker build Amazon EC2 Container Registry myapp registry Container image for your application

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Do you want to stay serverless or do you want to add EC2 instances and run on Amazon EC2? import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); const vpc = new ec2.Vpc(stack, 'MyVpc', { maxAzs: 2 }); const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); cluster.addCapacity('cluster-capacity', { instanceType: new ec2.InstanceType("t2.xlarge"), desiredCapacity: 3 }); @aws-cdk/aws-ecs Create cluster to run application

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs’); import ecs_patterns = require('@aws-cdk/aws-ecs-patterns'); const vpc = new ec2.Vpc(stack, 'MyVpc', { maxAzs: 2 }); const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); const myService = new ecs_patterns.LoadBalancedFargateService(stack, "my-service", { cluster, desiredCount: 3, image: ecs.ContainerImage.fromAsset("apps/myapp") }); With a few lines we are automatically building a Docker container locally, pushing it up to the cloud in an Amazon Elastic Container Registry (Amazon ECR), then launching running three copies of it in AWS Fargate, behind a load balancer that distributes traffic across all three. @aws-cdk/aws-ecs-patterns Launch load balanced service

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. @aws-cdk/aws-ecs-patterns Queue consumer const queue = new sqs.Queue(stack); const consumer = new ecs_patterns.QueueProcessingFargateService(stack, "consumer", { cluster, queue, desiredTaskCount: 3, image: ecs.ContainerImage.fromAsset("apps/consumer") }); Amazon Simple Queue Service (Amazon SQS) Create an Amazon SQS queue, plus a service that autoscales according to how many items are waiting in the queue. If the queue backs up, more containers are launched to grab items off the queue.

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. @aws-cdk/aws-ecs-patterns Time scheduled container Execute the container based on a scheduled time or rate. High-availability, low-cost distributed cron jobs! Amazon CloudWatch Every day at 5:00 const ecsScheduledTask = new ScheduledFargateTask(stack, 'ScheduledTask', { cluster, image: ecs.ContainerImage.fromRegistry("apps/my-cron-job"), scheduleExpression: 'rate(1 day)', environment: [{ name: 'TRIGGER', value: 'CloudWatch Events' }], memoryLimitMiB: 256 });

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Comparison of operational responsibility AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container-management as a service Amazon EC2 Infrastructure-as-a-Service More opinionated Less opinionated AWS manages Customer manages • Data source integrations • Physical hardware, software, networking, and facilities • Provisioning • Application code • Container orchestration, provisioning • Cluster scaling • Physical hardware, host OS/kernel, networking, and facilities • Application code • Data source integrations • Security config and updates, network config, management tasks • Container orchestration control plane • Physical hardware software, networking, and facilities • Application code • Data source integrations • Work clusters • Security config and updates, network config, firewall, management tasks • Physical hardware software, networking, and facilities • Application code • Data source integrations • Scaling • Security config and updates, network config, management tasks • Provisioning, managing scaling and patching of servers

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Key considerations when selecting Lambda or Fargate • Is there a trigger or event I can use to launch a function? • Events can be scheduled, API calls or AWS service integrations • Can I easily modify the application code to run on Lambda? • Several runtimes are natively supported, others can be added • Do the cost economics work out (containers vs invocations)? • Calculate the expected cost per day, including maintenance

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. With CDK, you can combine Fargate with Lambda https://github.com/marekq/sqs-fargate-poller

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. • AWS Amplify Console and CLI The fastest way to build mobile and web applications • Serverless Application Model (SAM) CLI Build serverless apps using a declarative YAML template • Cloud Development Kit (CDK) Define cloud resources in your favourite programming language Three serverless framework options from AWS

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. The CDK can automate your infrastructure Security group IAM Role • AWS CDK automatically creates security groups and minimal security group rules that allow the load balancer to talk to your tasks • AWS CDK automatically creates an IAM role for your task. You can then easily add minimal access to other resources on your account Application Load Balancer • AWS CDK can automatically create a load balancer and attach it to your service for you Amazon ECR • AWS CDK can automatically build your container image and automatically push it to an automatically created ECR registry

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. @aws-cdk/aws-ecs-patterns @aws-cdk/aws-ecs Look for reusable CDK constructs

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. NEW! AWS Solutions Constructs for CDK https://aws.amazon.com/blogs/aws/aws-solutions-constructs-a-library-of-architecture-patterns-for-the-aws-cdk/

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Solutions Constructs for CDK

Thank you! © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Marek Kuczynski Senior Serverless Solutions Architect Twitter: @marekq Email: [email protected]