Setting Up our AWS Account and CDK Environment

miguelacallesmba

Miguel A. Calles

Posted on September 23, 2023

Setting Up our AWS Account and CDK Environment

This is chapter 1 of the AWS CDK Serverless Cookbook.

We will focus on setting up our AWS account and development environment to create our first CDK environment. We assume you already have access to an AWS account or can create one. We will use Docker[1] Desktop to help eliminate differences in Windows, Linux, and MacOS computing environments. We will also use GitHub as a git hosting provider for source control.

Creating a New Directory

We will create a new directory named cookbook where we put all our code. Create the cookbook directory in any location you prefer. We will reference files starting with the directory name. For example, we will reference a readme file inside that directory as the cookbook/README.md path.

Using GitHub and GitHub Desktop

Setting up an account with GitHub is not necessary. We will use GitHub to allow the reader to download the code used in this book.

The GitHub repository that will host the code from this book may be found at https://github.com/miguel-a-calles-mba/aws-cdk-serverless-cookbook.

The cookbook directory is the top-level directory in our repository. For example, cookbook/README.md will be README.md inside the repository. When you clone the repository onto your machine, the directory will likely be called aws-cdk-serverless-cookbook. If it makes it easier, rename the directory to cookbook so there is a one-to-one match.

Feel free to install GitHub Desktop to help with cloning the git repository and managing your own git respository.

Setting up Docker Desktop

We will use Docker Desktop to create a Linux container. A container is like a mini-computer that runs on our computers. The container runs an operating system with minimal dependencies and no graphical user interface. Running the same container configuration on a Windows, Mac, and Linux computer should provide the same environment. I have noticed differences in containers running 32-bit, 64-bit, and ARM architectures for some containers, but I have yet to find issues for the containers I used for CDK development.

To install Docker Desktop, visit https://www.docker.com/, download the version of Docker Desktop that will work on your computer, and follow the installation instructions. You will be able to run the docker command in your terminal application after successfully installing Docker Desktop.

We will use the docker command to control our containers. Specifically, we will use the Docker Compose feature in Docker Desktop to make it easier to work with containers. We will use the docker compose command.

Creating Our Container

Let’s create a file named cookbook/docker-compose.yml and add the following code.

version: "3"
services:
  nodejs:
    image: "cimg/node:18.15"
    user: "circleci"
    working_dir: "/home/circleci"
    volumes:
      - "./:/home/circleci"
    command: "bash"
Enter fullscreen mode Exit fullscreen mode

This configuration file lets us download a container image and run a Docker container.

We will run the following command to enter our container in our terminal application.

docker compose run --rm nodejs bash
# or
docker compose run --rm nodejs
Enter fullscreen mode Exit fullscreen mode

We will see our terminal change to something like the prompt below.

circleci@a1b2c3d4e5f6:/home/nodejs$
Enter fullscreen mode Exit fullscreen mode

We now have a Linux terminal we will use for the rest of the book.

(Note: The --rm option in the docker compose command will delete the container after exiting it. This will help keep our computer clean.) Learn more about this development approach from the post below.

User Docker container to run Node.js and global npm packages | Better Programming

Protect your system from vulnerabilities

favicon betterprogramming.pub

Setting Up the AWS Account

AWS accounts are free, but it requires a credit card to register. AWS also offers free tiers for many services. Most services we will use in this book are eligible for the free tier. Some services are only eligible for the free tier for the first 12 months after creating an AWS account. It is up to the reader to determine whether to use an existing or new AWS account.

Setting Up Identity and Access Management (IAM)

We will need IAM permissions to deploy our CDK app. We can create a user using the AWS IAM service or AWS Identity Center. The AWS Identity Center provides a more secure way to manage users and their IAM permission. For simplicity, we will create an IAM user and IAM policy it will use.

To go to the AWS IAM service:

  1. Log into the AWS console
  2. Search for the IAM service and select it

To create an IAM policy:

  1. Go to Access management > Policies
  2. Click the “Create policy” button
  3. Click the “JSON” tab
  4. Paste the JSON code below into the policy editor
  5. Click the “Next” button
  6. Click the “Create policy” button
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "cdk",
      "Effect": "Allow",
      "Action": [
        "acm:*",
        "apigateway:*",
        "cloudformation:*",
        "cloudwatch:*",
        "dynamodb:*",
        "ecr:*",
        "events:*",
        "iam:*",
        "lambda:*",
        "logs:*",
        "s3:*",
        "s3-object-lambda:*",
        "ssm:*",
        "route53:*"
      ],
      "Resource": "*"
    }
  ]
}
Enter fullscreen mode Exit fullscreen mode

The IAM policy above gives us full permission to create and update the services used in our serverless application. (Note: The CDK bootstrap command needs “ecr” permission.) We will update the IAM policy as needed in the following chapters.

To create an IAM user:

  1. Go to Access management > Users
  2. Click the “Add users” button
  3. Set the username to “cookbook”
  4. Click the “Next” button
  5. Check “Attach policies directly”
  6. Check the “cookbook” policy name in the “Permissions policies” section
  7. Click the “Next” button
  8. Click the “Create user” button

To create the IAM access key:

  1. Click on the “cookbook” IAM user
  2. Click the “Security credentials” tab
  3. Click the “Create access key” button in the “Access keys” section
  4. Check “Command Line Interface (CLI)”
  5. Click the “Next” button
  6. Check the “I understand the above recommendation and want to proceed to create an access key.”
  7. Click the “Next” button
  8. Click the “Create access key” button
  9. Click the “Download .csv file” button
  10. Click the “Done” button

We will paste the access key values into our container’s terminal similar to the example below.

export AWS_ACCESS_KEY_ID="A...Y"
export AWS_SECRET_ACCESS_KEY="7...B"
Enter fullscreen mode Exit fullscreen mode

The CDK app will use the access key to deploy the app with the permissions from the IAM policy.

As a good security practice, deactivate the access key when not using it and activate it when you need to use it.

To activate/deactivate the IAM access key:

  1. Go to the IAM user
  2. Click on the “Security credentials” tab
  3. Go to the “Access keys” section
  4. Click the “Actions” dropdown
  5. Select “Activate” or “Deactivate”

Feel free to learn about the AWS Identity Center and create a user with the IAM policy above. This would be far more secure than using an IAM access key. Try experimenting with the AWS Cloud Shell available in the AWS console.

Creating Our CDK app

CDK supports JavaScript, TypeScript, Python, Java, C#, and Go. TypeScript provides the ease of JavaScript coding with the power of data types like Java. Also, the CDK framework is written in TypeScript. We will use TypeScript to create our CDK app for these two reasons.

Creating the CDK app

In the container’s terminal, run the following commands to create CDK app:

# paste the AWS access key information
mkdir ~/cdk-app
cd ~/cdk-app
npx cdk init --language typescript
# follow any on screen prompts
Enter fullscreen mode Exit fullscreen mode

We now have our CDK app.

Bootstrapping the AWS account

We must bootstrap the AWS account to allow CDK to deploy the app. Bootstrapping creates a CloudFormation stack that CDK will use.

In the container’s terminal, run the following command to run the CDK bootstrap command to prepare the AWS account:

# paste the AWS access key information
npm run cdk bootstrap
Enter fullscreen mode Exit fullscreen mode

Our AWS account now has the “CDKToolkit” CloudFormation stack, and we can deploy our CDK app in the next chapter; see Figure 1–1.

Image description

Figure 1–1. The CDKToolkit stack exists in the CloudFormation service.

Chapter Review

We created the directory to store all our code and shared the location of this book's GitHub source code repository. We downloaded and set up Docker Desktop to use a container when deploying our CDK app. We set up our AWS account to have an IAM user and access key that our CDK app will use. We used the access key to set up our AWS account to deploy CDK apps.

Next, we will describe the CDK app and prepare it to start building our application. The next section is coming soon.

Before you go

Subscribe to my mailing list to get new chapters delivered to your email.

Go to the “AWS CDK Serverless Cookbook” table of contents.

Endnotes

[1] Docker is a registered trademark of Docker, Inc.

💖 💪 🙅 🚩
miguelacallesmba
Miguel A. Calles

Posted on September 23, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related