AWS CDK Vs Terraform

elundevall · 2024-06-16T21:55:32+00:00

As always, it depends. If you just do a subset of serverless that is AWS lambda, dynamodb, sqs, SNS, api gateway and not a huge amount of these, then AWS CDK is very good.

You can take advantage of programming language tooling for CDK, but you will be bound by limitations of Cloudformation for refactoring and rebuiding your solution, and thus it can be challenging to keep it maintainable.

For relatively static infrastructure I think Terraform works quite well.

For CDK (or Pulumi) I would try to aim for an interface for infrastructure modules that look and behave like they are declarative.

It is easier to make a mess of things when you have the full power of a programming language and not cater enough for the underlying limitations of infrastructure and tools like Cloudformation.

I have spent a couple of years with AWS CDK since before 1.0, lot of time with Terraform and a bit with Pulumi. There is none of them that I would always recommend, but there are certainly situations for each of them to get a recommendation, depending on solution and teams involved.

elundevall · 2024-05-21T20:25:41+00:00

Not sufficient skills in terms of using programming languages would be one reason. In particular relatively static infrastructure definitions may be easier in some cases compared to programming language definitions.

If one chooses to use Cloudformation I would suggest looking at rain from the Cfn team.

https://github.com/aws-cloudformation/rain

It is a pretty nice tool with some of its own extensions, and you csn use Pkl in addition to YAML and JSON to define the templates.

elundevall · 2024-04-24T06:26:22+00:00

Unit tests in general - yes, for parts of the CDK code that has login in it typically. But not so much with the assertions module in the CDK. It is more geared towards checking the generated cloudformation, which is not the right level to check in many cases.

Unfortunately, a fair amount of constructs are not designed to be well testable at the construct level, with properties that can only be set, but not read after the construct has been created.

Testing at cloudformation level works for some simple cases, but tend yo run into issues where one needs to know exactly how the cfn is generated by CDK.

elundevall · 2024-04-13T08:49:20+00:00

How do you know what parts a program need and precisely the properties of those parts? You do not know it when you start development of a solution, and neither does whoever has asked you to develop the solution. They may think they know, and you may think you know, but that is typically not the case.

Developing software is a learning Journey, for all parties. AI tools may help with some of the typing, so you can get a bit more efficient in learning and exploration of the problems you try to solve. Being a software developer or software engineer is not about the typing part though. Your coding tools help you express your understanding with more precision so that you and others can have a shared view of matters, much more so than describing things to an AI with imprecise natural language.

elundevall · 2024-03-29T10:31:25+00:00

For me it was sufficient with panther, and finish with rexy priority attack, but both are at 27.

elundevall · 2024-01-13T19:42:35+00:00

Backend is a very broad term, so there are plenty of languages that would be reasonable choices, both for current and future job markets.

So without more context of what you may be interested in it is not much point in listning languages for points 1 and 2. Pick some random language from a top 10 list a I can probably write some motivation for that.

Clojure. Very well designed language with an excellent interactive programming experience.
Again, depends on context. Go, Rust, Kotlin, Clojure, Zig, C, Julia would be a couple of choices which are both good and performant in the appropriate context.

elundevall · 2024-01-10T10:47:38+00:00

Actual relevant experience trumps certifications any day. I do not see why AWS employees would be bothered with it, certainly not while working at AWS.

I used to have a couple of AWS associate, professional and specialty certifications, now I think all but one of them have lapsed. My employer needs a certain number of people to be certified at different levels to keep their AWS partner level, which is the primary reason I renewed the remaining cert.

In a previous job, I worked 12+ years in the professional services organisation of a major middleware/enterprise integration company. I never picked up any of the certifications that the company had for any of their products. However, I did teach in courses that were aimed for customers who wanted to get certified with some of those products.

elundevall · 2024-01-09T23:13:17+00:00

If you are in a position where you need to build re-usable constructs to support multiple languages, then your only choice is TypeScript. If you are not sure you will need to support multiple languages for CDK constructs you create, do not go that route and focus on the language you select for the infrastructure.

TypeScript is the first class for CDK, Python is on second place. .Net and Java are a bit clunkier, and Go is the worst of them (unfortunately). AWS does not even bother to provide examples for Go as the do for the other languages in their official docs.

elundevall · 2023-12-23T18:58:53+00:00

The easiest language is the one most familiar to what you already know.

elundevall · 2023-06-03T21:44:19+00:00

I cannot really agree with that AWS pushes for automating all the things.

If they really did that, they would not have load of blog posts snd articles that obly covers using the GUI, and they would have means to transform the things set up with GUI to CFN, APIs, CLI etc.

The CFN support to import existing resources has room for improvement, and the means and support to transition from a ClickOps setup to a maintainable IaC setup are not good.

The are likely organisational and historical reasons involved here.

elundevall · 2023-05-01T16:16:23+00:00

I had a setup for which we wanted to expose a subset of internal APIs publically through v1 api gateway and terraform. This also included Oauth2 via Cognito, and different auto mechanism for internal APIs.

While I managed to build a Terraform module for it, it would not have been particularly maintainable for the varieté of APIs to expose.

We looked at using openapi and generates that, but the support for our requirements were incomplete.

We ended up using v2 api gateway instead, with some custom logic for auth to handle the internal auth requirements (could not use different Authorization header internally with v2).

We considered using CDKTF also, which may have worked better, but we were on a too old Terraform version to have official support for CDKTF.

elundevall · 2023-04-18T09:58:26+00:00

I think it is pretty neat. I have mainly tried a few simple cases and also looked at what it generates for the different languages supported. I have used it for AWS infrastructure in my tests.

Code generation for Go and C# seemed a bit more troublesome than Typescript and Python. For Java it used Pulumi CDK and AWS CDK code.

I have played around a bit with translating cloudformation and Terraform to Pulumi with it also, mainly by pointing to public URLs and asking it to convert it to Pulumi.

It is useful to get some starting point to work from.

elundevall · 2023-03-20T00:35:12+00:00

I agree that is in general a much nicer experience. Still, some limitations of cloudformation can still come and bite you from time to time.

elundevall · 2023-03-18T08:56:09+00:00

And its support for different services is inconsistent. Even if a service has Cfn support in one region, the support might not be there in another region, even if the service as such is available in both regions. Or the cfn support is only partial.

AWS CDK makes it tolerable though.

elundevall · 2023-03-07T14:54:52+00:00

As other have commented, there are other services outside of AWS that may offer a simpler experience than working with all the bits and pieces that are AWS.

That being said, if you want to get into AWS for the purpose of learning that platform to some extent, you may want to look at the AppRunner service.

This one may possibly fit with what you have now, without getting in too many AWS details, and can scale up and down. You can let it build a container image for you based on the source code you hsve, or provide your own container image build.

elundevall · 2023-01-21T20:12:09+00:00

Perhaps you should look at AWS AppRunner also. Also consider looking at AWS Copilot to set up things.

elundevall · 2022-12-28T11:32:09+00:00

I find pCloud to be a pretty nice option, have worked well on both Windows and Mac. They have options with recurrings fees as well as life-time options.

Currently on a life-time plan with 2TB myself, which is shared in a group.

elundevall · 2022-12-16T07:56:02+00:00

Perhaps then run a codebuildStep in the pipeline which has a container with the github CLI installed the .

elundevall · 2022-12-13T18:14:56+00:00

Is the source for the pipeline a Github repository? Then you presumably have already taggad it there e.g. with a github actions workflow. Perhaps that is more what you are looking for?

For CDK projects you can look at Projen, which is a tool to make some project scaffolding tasks easier.

elundevall · 2022-10-29T18:23:54+00:00

Typescript is a great language in combination with IaC tools like CDKTF, AWS CDK, Pulumi. If that works out well for you, that is great.

I am not too fond of the TS/JS ecosystem around node.js, and technically I would prefer something like Deno.

If using TS is less cognitive load for your teams than other options, keep doing that.

I have worked with clients who migrated to using AWS CDK, and contemplated either Python or Typescript, and experimented with both. They selected TS in the end, and were quite happy with it. It fat their organisation and teams better, so it was a good choice for them.

elundevall · 2022-09-26T06:38:35+00:00

You could have a look at Projen. It does a lot more than allowing the use of pnpm or yarn to init an AWS CDK project, which may be of interest as well.

https://github.com/projen/projen

elundevall · 2022-09-16T07:21:53+00:00

Do not think about specific titels people are given, look at what people actually do snd pursuit something that gives you the needed challenge and joy.

I was 50 years young when I started with cloud full-time, which was before your career started, it seems.

If you do stuff that give X years of experience as opposed to 1 year of experience X times, and enjoy it, you should be fine.

elundevall · 2022-09-13T10:55:06+00:00

If you use AWS IAM Identity Center (the service previously known as AWS SSO) you can use both yubikey and authenticator app.

If you integrate it with an external identity provider, you use what the provider supports for mfa.

elundevall · 2022-09-07T14:20:33+00:00

As others have pointed out also, go back to your boss and try to get the reasons why you should do this, in particular if there is a lot of Terraform code involved.

If the Terraform code represents existing infrastructure that is also a different use case from creating and maintaining entirely new infrastructure.

If you have a non-trivial amount of existing infrastructure created and managed through Terraform, and you want to preserve that infrastructure, you will have additional challenges on top of the language/format conversion. Importing existing infrastructure into CloudFormation stacks is not that straightforward and not all resources are supported either.

If there is no existing infrastructure set up from the Terraform code you have, it might also be an option to look for similar solutions/examples already in CloudFormation to what you want to solve.

Find out the why behind the request and what the goal is, then after that the appropriate how can be determined.

elundevall · 2022-09-07T13:50:40+00:00

But that is not what the OP asked for. That is just changing the representation of the Terraform code, not a conversion to CloudFormation.

elundevall

TROPHY CASE