AWS CDK Continuous Integration and Delivery Using Travis CI

thomaspoignant

Thomas Poignant

Posted on June 3, 2021

AWS CDK Continuous Integration and Delivery Using Travis CI

Ship infrastructure like you ship your code

AWS Cloud Development Kit, better known as CDK, is changing the way we do infrastructure as code by using a proper programming language to build your infra.

Since we are building infra with dev tools, we should have a CI/CD for our CDK stack code that looks like any other project. If you look online, AWS explains how to do CI/CD with code build/code pipeline, but these probably aren’t the tools you are using in your day-to-day.

In this article, I will present to you the deployment pipeline I’m using to deploy my CDK stack based on GitHub and TravisCI.

Full CI/CD


Continuous Integration

Continuous integration looks like any code project CI. We validate our code, run the tests, and try to see if the build failed.

This is run in every commit to ensure that we have the shortest feedback loop possible.
CI process

So in Travis configuration, it will look like something like below (here, we have a CDK Python stack):

This CI is classic. We lint the code, test it, and export the coverage. We run cdk synth for each stage on each commit to be sure that the config does not break one stage in particular.

As you can see, we also use multiple Travis CI stages to run everything in parallel in order to have the shortest feedback loop possible.


Open Pull Requests to Validate Your Deployment

The best strategy I have found to deploy the code to AWS is to have one branch per stage (dev, pre, pro), so every time a new commit reaches one of these branches, we are deploying the actual stack. Yes, it looks like GitOps!

But we don’t want to blindly deploy our CDK stack on an AWS account. So I have an automatic way of opening pull requests when something is merged to the main branch:

Process of opening pull request

Each time something is merged to the main branch, we have a specific job that runs cdk diff -c stage=<STAGE> and opens a pull request to the destination branch.

For that, we use the script below. As you can see, it runs cdk diff and uses the results to open a pull request using the GitHub CLI:

Now we have to call this script inside Travis, so our .travis.yaml file will look like this:

As you can see, we are now using some env variables to specify our AWS Credentials in addition to our GitHub Token. Please make sure to encrypt them before committing them in your repo.

cdk diff in GitHub pull request


Continuous Deployment

Now that you have your pull requests open for all your stages, it’s time to deploy the changes to your stack!

On your PR comment, you are able to see the diff, so you will no longer be blind when it’s time to deploy a specific stage.

CD process

The next step for the CD is to deploy the stack. Each time we have a change in one of the release branches, we want to run cdk deploy -c stage=<STAGE>.

The complete .travis.yaml file will look like this. As you can see, each stage uses a condition for the deployment to be sure to apply it only to a specific AWS stage:


Conclusion

With this GitOps approach, it is easy to understand what you’re deploying in your stack and all your changes are in Git.

It also helps engineers with less knowledge in CDK to feel confident in the deployment of the infrastructure because no manual steps are required to deploy to a “real” AWS stage. The main advantage is that you are using the same tooling that you are using for the rest of your projects.

💖 💪 🙅 🚩
thomaspoignant
Thomas Poignant

Posted on June 3, 2021

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

What was your win this week?
weeklyretro What was your win this week?

November 29, 2024

Where GitOps Meets ClickOps
devops Where GitOps Meets ClickOps

November 29, 2024