Setting Up our AWS Account and CDK Environment
Miguel A. Calles
Posted on September 23, 2023
This is chapter 1 of the AWS CDK Serverless Cookbook.
We will focus on setting up our AWS account and development environment to create our first CDK environment. We assume you already have access to an AWS account or can create one. We will use Docker[1] Desktop to help eliminate differences in Windows, Linux, and MacOS computing environments. We will also use GitHub as a git hosting provider for source control.
Creating a New Directory
We will create a new directory named cookbook
where we put all our code. Create the cookbook
directory in any location you prefer. We will reference files starting with the directory name. For example, we will reference a readme file inside that directory as the cookbook/README.md
path.
Using GitHub and GitHub Desktop
Setting up an account with GitHub is not necessary. We will use GitHub to allow the reader to download the code used in this book.
The GitHub repository that will host the code from this book may be found at https://github.com/miguel-a-calles-mba/aws-cdk-serverless-cookbook.
The cookbook
directory is the top-level directory in our repository. For example, cookbook/README.md
will be README.md
inside the repository. When you clone the repository onto your machine, the directory will likely be called aws-cdk-serverless-cookbook
. If it makes it easier, rename the directory to cookbook
so there is a one-to-one match.
Feel free to install GitHub Desktop to help with cloning the git repository and managing your own git respository.
Setting up Docker Desktop
We will use Docker Desktop to create a Linux container. A container is like a mini-computer that runs on our computers. The container runs an operating system with minimal dependencies and no graphical user interface. Running the same container configuration on a Windows, Mac, and Linux computer should provide the same environment. I have noticed differences in containers running 32-bit, 64-bit, and ARM architectures for some containers, but I have yet to find issues for the containers I used for CDK development.
To install Docker Desktop, visit https://www.docker.com/, download the version of Docker Desktop that will work on your computer, and follow the installation instructions. You will be able to run the docker
command in your terminal application after successfully installing Docker Desktop.
We will use the docker
command to control our containers. Specifically, we will use the Docker Compose feature in Docker Desktop to make it easier to work with containers. We will use the docker compose
command.
Creating Our Container
Let’s create a file named cookbook/docker-compose.yml
and add the following code.
version: "3"
services:
nodejs:
image: "cimg/node:18.15"
user: "circleci"
working_dir: "/home/circleci"
volumes:
- "./:/home/circleci"
command: "bash"
This configuration file lets us download a container image and run a Docker container.
We will run the following command to enter our container in our terminal application.
docker compose run --rm nodejs bash
# or
docker compose run --rm nodejs
We will see our terminal change to something like the prompt below.
circleci@a1b2c3d4e5f6:/home/nodejs$
We now have a Linux terminal we will use for the rest of the book.
(Note: The --rm
option in the docker compose
command will delete the container after exiting it. This will help keep our computer clean.) Learn more about this development approach from the post below.
Setting Up the AWS Account
AWS accounts are free, but it requires a credit card to register. AWS also offers free tiers for many services. Most services we will use in this book are eligible for the free tier. Some services are only eligible for the free tier for the first 12 months after creating an AWS account. It is up to the reader to determine whether to use an existing or new AWS account.
Setting Up Identity and Access Management (IAM)
We will need IAM permissions to deploy our CDK app. We can create a user using the AWS IAM service or AWS Identity Center. The AWS Identity Center provides a more secure way to manage users and their IAM permission. For simplicity, we will create an IAM user and IAM policy it will use.
To go to the AWS IAM service:
- Log into the AWS console
- Search for the IAM service and select it
To create an IAM policy:
- Go to Access management > Policies
- Click the “Create policy” button
- Click the “JSON” tab
- Paste the JSON code below into the policy editor
- Click the “Next” button
- Click the “Create policy” button
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "cdk",
"Effect": "Allow",
"Action": [
"acm:*",
"apigateway:*",
"cloudformation:*",
"cloudwatch:*",
"dynamodb:*",
"ecr:*",
"events:*",
"iam:*",
"lambda:*",
"logs:*",
"s3:*",
"s3-object-lambda:*",
"ssm:*",
"route53:*"
],
"Resource": "*"
}
]
}
The IAM policy above gives us full permission to create and update the services used in our serverless application. (Note: The CDK bootstrap command needs “ecr” permission.) We will update the IAM policy as needed in the following chapters.
To create an IAM user:
- Go to Access management > Users
- Click the “Add users” button
- Set the username to “cookbook”
- Click the “Next” button
- Check “Attach policies directly”
- Check the “cookbook” policy name in the “Permissions policies” section
- Click the “Next” button
- Click the “Create user” button
To create the IAM access key:
- Click on the “cookbook” IAM user
- Click the “Security credentials” tab
- Click the “Create access key” button in the “Access keys” section
- Check “Command Line Interface (CLI)”
- Click the “Next” button
- Check the “I understand the above recommendation and want to proceed to create an access key.”
- Click the “Next” button
- Click the “Create access key” button
- Click the “Download .csv file” button
- Click the “Done” button
We will paste the access key values into our container’s terminal similar to the example below.
export AWS_ACCESS_KEY_ID="A...Y"
export AWS_SECRET_ACCESS_KEY="7...B"
The CDK app will use the access key to deploy the app with the permissions from the IAM policy.
As a good security practice, deactivate the access key when not using it and activate it when you need to use it.
To activate/deactivate the IAM access key:
- Go to the IAM user
- Click on the “Security credentials” tab
- Go to the “Access keys” section
- Click the “Actions” dropdown
- Select “Activate” or “Deactivate”
Feel free to learn about the AWS Identity Center and create a user with the IAM policy above. This would be far more secure than using an IAM access key. Try experimenting with the AWS Cloud Shell available in the AWS console.
Creating Our CDK app
CDK supports JavaScript, TypeScript, Python, Java, C#, and Go. TypeScript provides the ease of JavaScript coding with the power of data types like Java. Also, the CDK framework is written in TypeScript. We will use TypeScript to create our CDK app for these two reasons.
Creating the CDK app
In the container’s terminal, run the following commands to create CDK app:
# paste the AWS access key information
mkdir ~/cdk-app
cd ~/cdk-app
npx cdk init --language typescript
# follow any on screen prompts
We now have our CDK app.
Bootstrapping the AWS account
We must bootstrap the AWS account to allow CDK to deploy the app. Bootstrapping creates a CloudFormation stack that CDK will use.
In the container’s terminal, run the following command to run the CDK bootstrap command to prepare the AWS account:
# paste the AWS access key information
npm run cdk bootstrap
Our AWS account now has the “CDKToolkit” CloudFormation stack, and we can deploy our CDK app in the next chapter; see Figure 1–1.
Figure 1–1. The CDKToolkit stack exists in the CloudFormation service.
Chapter Review
We created the directory to store all our code and shared the location of this book's GitHub source code repository. We downloaded and set up Docker Desktop to use a container when deploying our CDK app. We set up our AWS account to have an IAM user and access key that our CDK app will use. We used the access key to set up our AWS account to deploy CDK apps.
Next, we will describe the CDK app and prepare it to start building our application. The next section is coming soon.
Before you go
Subscribe to my mailing list to get new chapters delivered to your email.
Go to the “AWS CDK Serverless Cookbook” table of contents.
AWS CDK Serverless Cookbook: A Step-by-step Guide to Building a Serverless App in the Cloud
Miguel A. Calles ・ May 28
Endnotes
[1] Docker is a registered trademark of Docker, Inc.
Posted on September 23, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.