In the last post I covered off how to create a REGIONAL WAF in CDK. In this post I’m going to create a CLOUDFRONT WAF. This is a little bit more involved. I’m going to assume that your application stack is not in us-east-1 and thus we’ll need to create another stack in us-east-1. This is going to use several of the tricks we discussed in an earlier post. Existing Let’s say you have an existing stack that has a CloudFront distribution in it. Read more

AWS CDK Doesn’t yet have a highlevel WAFv2 construct. Using the learnings I’ve recently discussed, I’ve created two constructs. One you can use for REGIONAL WAFs and one for CLOUDFRONT WAFs. AWS CDK seems to be moving towards an approach of having cross regional resources created via custom resources, but this doesn’t exist for WAF yet, and I’ve had mixed results. In this post we will first start with the REGIONAL solution. Read more

There are a few tricks I’ve learnt recently that I thought I would share with you, as I’ve found them really useful. Constructs Constructs are objects that can contain a set of other objects to define a standard set of components. You can use constructs inside of constructs or you can user lower level Cfn primitives. You can find the AWS Documentation here: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html https://cdkworkshop.com/30-python/40-hit-counter.html To get started you inherit the Construct class, creating your new class. Read more

Infrastructure as Code or IaC is becoming a staple for configuring, deploying and maintaining infrastructure and service configuration in the cloud. Both of the large Hyperscalers, AWS and Azure support their own version of IaC. AWS has CloudFormation, and Azure has ARM (Azure Resource Manager). Then there is the ever popular open source Terraform from Hashicorp. AWS released CloudFormation on 25th February 2011, Azure released Azure Resource Manager in April 2014 around the same time that Hashicorp started hacking on Terraform. Read more

Following on from the second installment of our experiment to try and find which processor in the EC2 family of instances has the best price/performance we need to have a way to reliably build our WordPress stack for testing. CDK I’ve been using CloudFormation for many years now and have used a number of methods to orchestrate this. (Yes I wrote CloudFormation in JSON…). Reasonably early on I picked up and started to use CFNDSL to help construct CloudFormation and even wrote some an Ansible role and some very dodgy Ruby Rakefiles (sorry no public examples) to help orchestrate the CFNDSL code into CloudFormation and then manage validation (when cfn-lint became a thing) and ultimately build ChangeSets and deploy it. Read more