Blog

Abuse CDK functionality in CloudFormation

18 Sep, 2024
Xebia Background Header Wave

Each “Infrastructure as Code” framework has pros and cons. My go-to framework is CloudFormation, but I like CDK’s tree view, so I started thinking about borrowing this.

What is the tree view?

AWS announced this functionality on September the 14th, 2022.

Customers using CDK want a simple way to map the resources synthesized in a CloudFormation template back to the source CDK Construct.

Normally, the Resources tab looks something like this:

Example of a normal CloudFormation template

But when you deploy a CDK stack, you get a new option, the Tree view! When you navigate to the stack in the console, you will see the following:

Example of the new option showing in the console

How is CDK using it?

When you write your constructs, each resource will be nested in the construct. You can use a construct inside of a construct. This will result in a nested tree structure like this:

Example of a CDK Stack

As you might have noticed, there is some unneeded nesting here. At the root level, we have only one entry, the environment name from the pipeline. Then, we have the name of the stack that we use. Going back to the intention of this feature, it makes sense, but we are looking at a stack deployment in CloudFormation. So yes, this will be in the development account we already knew because we logged into it. Next, the stack name, we needed to click the stack name to get to this view. From that point of view, it has no value in showing it here.

The third level becomes more interesting. Here are the constructs that we use inside the stack itself. On this level, CDK does a pretty good job of organizing the resources into logical nested groups. A bucket policy applies to a bucket, so it’s nested under the bucket itself, for example.

How can we abuse it?

When you look at the resource definitions in the synthesized version, you can see how it is done. The bucket will contain some additional metadata like this:

ApplicationBucketPolicy:
 Type: AWS::S3::BucketPolicy
 Metadata:
   aws:cdk:path: Development/AppStack/StaticWebsiteConstruct/Bucket/BucketPolicy/Resource
 Properties:

You can play around with this and organize the resources any way you want. Here is an example that I did to experiment with:

Example on how to organize your CloudFormation resources using this functionality

As you can see, this is organized more logically. We have the following major components:

  • Database
  • DNS
  • Authentication
  • API

Going into the Authentication, you can see that I have some triggers. Diving deeper, you can see what kind of triggers. From there, you will have the resources needed for the operation, like permissions, log groups, and the function itself.

Known requirements

While playing around with the organization of this tree view, I discovered the following requirements:

  • The value in the aws:cdk:path must be unique across the processed template!
  • When you use the AWS Serverless Application Model, you need to ensure that the resource definition does not result in multiple resources. (This will lead to multiple values being the same, which will break the rendering of the tree view.)
  • When you omit the /Resource at the end, the LogicalId in the template is used. This could lead to uglier names in the tree view.

Conclusion

If you like organizing your CloudFormation templates, check out the tree view. It might have been built for CDK, but you can use it directly in your CloudFormation templates too.

Photo by Pixabay

Joris Conijn
Joris has been working with the AWS cloud since 2009 and focussing on building event driven architectures. While working with the cloud from (almost) the start he has seen most of the services being launched. Joris strongly believes in automation and infrastructure as code and is open to learn new things and experiment with them, because that is the way to learn and grow. In his spare time he enjoys running and runs a small micro brewery from his home.
Questions?

Get in touch with us to learn more about the subject and related solutions

Explore related posts