の続きでDenoでCDKを動かしていきます
要約
- CDKコードがDenoだったとしてもちゃんとAWSにデプロイできる(CDK CLIがnodeだけど)
synth以外はどうなんだ?
これまでcdk synthは試していましたが実際のAWS環境に対する変更はしていませんでした。
cdk.outがキチンと出力されている上、CDK CLIは依然nodeで動作しているので動くかと予想していますが念のため確認します。
前提としてaws configureを済ませておきます。
デプロイするコードはこちら
cdk bootstrap
$ cdk bootstrap
⏳ Bootstrapping environment aws://XXXXXXXXXXXX/ap-northeast-1...
Trusted accounts for deployment: (none)
Trusted accounts for lookup: (none)
Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize.
CDKToolkit: creating CloudFormation changeset...
✅ Environment aws://XXXXXXXXXXXX/ap-northeast-1 bootstrapped.
動きましたね
cdk diff
$ cdk diff
Stack MyStack
IAM Statement Changes
┌───┬─────────────────────────────────────────────────────────┬────────┬─────────────────────────────────────────────────────────┬───────────────────────────────────────────────────────────┬───────────┐
│ │ Resource │ Effect │ Action │ Principal │ Condition │
├───┼─────────────────────────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┼───────────┤
│ + │ ${FirehoseDestBucket.Arn} │ Allow │ s3:Abort* │ AWS:${FirehoseStream/S3 Destination Role} │ │
│ │ ${FirehoseDestBucket.Arn}/* │ │ s3:DeleteObject* │ │ │
│ │ │ │ s3:GetBucket* │ │ │
│ │ │ │ s3:GetObject* │ │ │
│ │ │ │ s3:List* │ │ │
│ │ │ │ s3:PutObject │ │ │
│ │ │ │ s3:PutObjectLegalHold │ │ │
│ │ │ │ s3:PutObjectRetention │ │ │
│ │ │ │ s3:PutObjectTagging │ │ │
│ │ │ │ s3:PutObjectVersionTagging │ │ │
├───┼─────────────────────────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┼───────────┤
│ + │ ${FirehoseStream/LogGroup.Arn} │ Allow │ logs:CreateLogStream │ AWS:${FirehoseStream/S3 Destination Role} │ │
│ │ │ │ logs:PutLogEvents │ │ │
├───┼─────────────────────────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┼───────────┤
│ + │ ${FirehoseStream/S3 Destination Role.Arn} │ Allow │ sts:AssumeRole │ Service:firehose.amazonaws.com │ │
├───┼─────────────────────────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┼───────────┤
│ + │ ${FirehoseStream/Service Role.Arn} │ Allow │ sts:AssumeRole │ Service:firehose.amazonaws.com │ │
└───┴─────────────────────────────────────────────────────────┴────────┴─────────────────────────────────────────────────────────┴───────────────────────────────────────────────────────────┴───────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
Parameters
[+] Parameter BootstrapVersion BootstrapVersion: {"Type":"AWS::SSM::Parameter::Value<String>","Default":"/cdk-bootstrap/hnb659fds/version","Description":"Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"}
Mappings
[+] Mapping @aws-cdk--aws-kinesisfirehose.CidrBlocks awscdkawskinesisfirehoseCidrBlocks: {"af-south-1":{"FirehoseCidrBlock":"13.244.121.224/27"},"ap-east-1":{"FirehoseCidrBlock":"18.162.221.32/27"},"ap-northeast-1":{"FirehoseCidrBlock":"13.113.196.224/27"},"ap-northeast-2":{"FirehoseCidrBlock":"13.209.1.64/27"},"ap-northeast-3":{"FirehoseCidrBlock":"13.208.177.192/27"},"ap-south-1":{"FirehoseCidrBlock":"13.232.67.32/27"},"ap-southeast-1":{"FirehoseCidrBlock":"13.228.64.192/27"},"ap-southeast-2":{"FirehoseCidrBlock":"13.210.67.224/27"},"ca-central-1":{"FirehoseCidrBlock":"35.183.92.128/27"},"cn-north-1":{"FirehoseCidrBlock":"52.81.151.32/27"},"cn-northwest-1":{"FirehoseCidrBlock":"161.189.23.64/27"},"eu-central-1":{"FirehoseCidrBlock":"35.158.127.160/27"},"eu-north-1":{"FirehoseCidrBlock":"13.53.63.224/27"},"eu-south-1":{"FirehoseCidrBlock":"15.161.135.128/27"},"eu-west-1":{"FirehoseCidrBlock":"52.19.239.192/27"},"eu-west-2":{"FirehoseCidrBlock":"18.130.1.96/27"},"eu-west-3":{"FirehoseCidrBlock":"35.180.1.96/27"},"me-south-1":{"FirehoseCidrBlock":"15.185.91.0/27"},"sa-east-1":{"FirehoseCidrBlock":"18.228.1.128/27"},"us-east-1":{"FirehoseCidrBlock":"52.70.63.192/27"},"us-east-2":{"FirehoseCidrBlock":"13.58.135.96/27"},"us-gov-east-1":{"FirehoseCidrBlock":"18.253.138.96/27"},"us-gov-west-1":{"FirehoseCidrBlock":"52.61.204.160/27"},"us-west-1":{"FirehoseCidrBlock":"13.57.135.192/27"},"us-west-2":{"FirehoseCidrBlock":"52.89.255.224/27"}}
Conditions
[+] Condition CDKMetadata/Condition CDKMetadataAvailable: {"Fn::Or":[{"Fn::Or":[{"Fn::Equals":[{"Ref":"AWS::Region"},"af-south-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-east-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-northeast-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-northeast-2"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-south-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-southeast-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ap-southeast-2"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"ca-central-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"cn-north-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"cn-northwest-1"]}]},{"Fn::Or":[{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-central-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-north-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-south-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-west-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-west-2"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"eu-west-3"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"me-south-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"sa-east-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"us-east-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"us-east-2"]}]},{"Fn::Or":[{"Fn::Equals":[{"Ref":"AWS::Region"},"us-west-1"]},{"Fn::Equals":[{"Ref":"AWS::Region"},"us-west-2"]}]}]}
Resources
[+] AWS::Logs::LogGroup MyLogGroup MyLogGroup5C0DAD85
[+] AWS::S3::Bucket FirehoseDestBucket FirehoseDestBucket5161CA67
[+] AWS::IAM::Role FirehoseStream/Service Role FirehoseStreamServiceRole98797615
[+] AWS::IAM::Role FirehoseStream/S3 Destination Role FirehoseStreamS3DestinationRole5FDC3E58
[+] AWS::IAM::Policy FirehoseStream/S3 Destination Role/DefaultPolicy FirehoseStreamS3DestinationRoleDefaultPolicyD12DE613
[+] AWS::Logs::LogGroup FirehoseStream/LogGroup FirehoseStreamLogGroup9325AD6F
[+] AWS::Logs::LogStream FirehoseStream/LogGroup/S3Destination FirehoseStreamLogGroupS3Destination159E9820
[+] AWS::KinesisFirehose::DeliveryStream FirehoseStream FirehoseStream85DFF016
Other Changes
[+] Unknown Rules: {"CheckBootstrapVersion":{"Assertions":[{"Assert":{"Fn::Not":[{"Fn::Contains":[["1","2","3","4","5"],{"Ref":"BootstrapVersion"}]}]},"AssertDescription":"CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."}]}}
いい感じです。
cdk deploy
$ cdk deploy
✨ Synthesis time: 14.08s
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:
IAM Statement Changes
┌───┬─────────────────────────────────────────────────────────┬────────┬─────────────────────────────────────────────────────────┬───────────────────────────────────────────────────────────┬───────────┐
│ │ Resource │ Effect │ Action │ Principal │ Condition │
├───┼─────────────────────────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┼───────────┤
│ + │ ${FirehoseDestBucket.Arn} │ Allow │ s3:Abort* │ AWS:${FirehoseStream/S3 Destination Role} │ │
│ │ ${FirehoseDestBucket.Arn}/* │ │ s3:DeleteObject* │ │ │
│ │ │ │ s3:GetBucket* │ │ │
│ │ │ │ s3:GetObject* │ │ │
│ │ │ │ s3:List* │ │ │
│ │ │ │ s3:PutObject │ │ │
│ │ │ │ s3:PutObjectLegalHold │ │ │
│ │ │ │ s3:PutObjectRetention │ │ │
│ │ │ │ s3:PutObjectTagging │ │ │
│ │ │ │ s3:PutObjectVersionTagging │ │ │
├───┼─────────────────────────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┼───────────┤
│ + │ ${FirehoseStream/LogGroup.Arn} │ Allow │ logs:CreateLogStream │ AWS:${FirehoseStream/S3 Destination Role} │ │
│ │ │ │ logs:PutLogEvents │ │ │
├───┼─────────────────────────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┼───────────┤
│ + │ ${FirehoseStream/S3 Destination Role.Arn} │ Allow │ sts:AssumeRole │ Service:firehose.amazonaws.com │ │
├───┼─────────────────────────────────────────────────────────┼────────┼─────────────────────────────────────────────────────────┼───────────────────────────────────────────────────────────┼───────────┤
│ + │ ${FirehoseStream/Service Role.Arn} │ Allow │ sts:AssumeRole │ Service:firehose.amazonaws.com │ │
└───┴─────────────────────────────────────────────────────────┴────────┴─────────────────────────────────────────────────────────┴───────────────────────────────────────────────────────────┴───────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
Do you wish to deploy these changes (y/n)? y
MyStack: deploying...
[0%] start: Publishing d4c4556406f14baf40059f3228e2a8a6790cac3d71938a8272793e1931b72dc1:current_account-current_region
[100%] success: Published d4c4556406f14baf40059f3228e2a8a6790cac3d71938a8272793e1931b72dc1:current_account-current_region
MyStack: creating CloudFormation changeset...
✅ MyStack
✨ Deployment time: 134.17s
Stack ARN:
arn:aws:cloudformation:ap-northeast-1:XXXXXXXXXXXX:stack/MyStack/69b89fa0-e1ff-11ec-a054-0ea6ffb8681b
✨ Total time: 148.25s
ここまでくればもう心配していませんでしたが、デプロイもできました。
cdk destroy
$ cdk destroy
Are you sure you want to delete: MyStack (y/n)? y
MyStack: destroying...
✅ MyStack: destroyed
お掃除もできました。
(Deletion Policyの関係でS3 Bucketが残りますが…)
感想
予想通りちゃんと動きました。
個人的にはCDK CLIもDenoで動くに越したことはないけど
CDKコードのDeno化するだけで面倒くさいところがほぼカバーできているから
そんなに必須とも思っていないです。
(試したことないけどCDKの他の言語でもCLIはNodeですよね。)
そのうち試してみたいと思います
続き