-
Notifications
You must be signed in to change notification settings - Fork 16
/
cdk.aws.txt
3372 lines (2661 loc) · 191 KB
/
cdk.aws.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
CDK
TODO:
- check currently documented SERVICEs:
- CDK main code:
- s3 (there are several directories)
- https://github.com/aws/aws-cdk/blob/8ce02838ba5033a6b35123a34e444c4f35350975/packages/aws-cdk-lib/aws-lambda-event-sources/lib/s3.ts
- https://github.com/aws/aws-cdk/tree/8ce02838ba5033a6b35123a34e444c4f35350975/packages/aws-cdk-lib/aws-lambda-event-sources#s3
- api-gateway (there are several directories)
- must also do: CloudFormation
- https://github.com/aws/aws-cdk/blob/8ce02838ba5033a6b35123a34e444c4f35350975/packages/aws-cdk-lib/aws-lambda-event-sources/lib/api.ts
- list of aws_general doc, "CDK" part
- IAM, STS, CloudWatch Metric|Alarm|Dashboard|Logs, CloudTrail, Lambda, Glacier, S3, API Gateway
- https://aws.amazon.com/solutions/
- https://github.com/awslabs/aws-solutions-constructs
TODO:
- AWS CDK
- Powertools for Lambda
- https://github.com/aws-powertools/powertools-lambda-typescript
- https://github.com/aws-powertools/powertools-lambda-layer-cdk
- Application Composer
- Move CloudFormation designer to own doc, and compare it with Application Composer
- also https://github.com/aws-samples/aws-cdk-stack-builder-tool
- https://aws.amazon.com/about-aws/whats-new/2023/11/aws-lambda-view-export-functions-template-aws-application-composer/
- AWS SAM
- AWS::Serverless TRANSFORM:
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html
- AWS::Serverless::* in https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudformation/package.html
- https://github.com/threadheap/serverless-ide-vscode
- https://github.com/sceptre/sceptre-sam-handler
- https://www.prisma.io/docs/guides/deployment/serverless/deploy-to-aws-lambda#loading-required-files
- https://github.com/aws-actions/setup-sam
- https://github.com/aws/aws-cdk/tree/main/packages/aws-cdk-lib/aws-sam
- check difference with `serverless` framework
- Cloud Control API
VERSION ==> #2.114.1
#Monorepo, i.e. same version for all packages
ENVVAR CDK_CLI_VERSION #'X.Y.Z'
ENVVAR CDK_DISABLE_VERSION_CHECK #BOOL (def: !process.stdout.isTTY). If false, prints warning if new version available
CDK_HOME/cache/repo-version-ttl #Caches last version for 1d
UNIT TESTING ASSERTIONS ==> #See cdk assertions doc
INTEGRITY TESTING ASSERTIONS ==> #See integ-tests doc
SUMMARY ==> #CLI: auth, init, bootstrap, synth, deploy, list, destroy, diff
#Bootstrap stack: environment, roles, bucket|kms|ECR, version check
#Deploy: hotswap, deployRole, watch, resource logs, import
#Construct: tree, id|NID|AID|CID|SID|LID|PhysicalResourceId, custom, stage|app
#Context: cache (ContextProvider, lookupRole) vs config
#Errors: notices, annotations
#Environment: account, region (facts), stage|stack|resource, agnostic
#Stack: executionRole, nested, version-reporting, dependencies, set
#Stack elements: parameter, rule, output (file), condition, mapping, macro
#Resource: L1 (generation), L2, override, tags
#Custom resource: core, internal, high-level, action, trigger, extensions, CLI layer
#CloudFormation: include, migrate
#Resolvable: resolve, lazy vs not, tokens (concat), functions
#References: Ref|GetAtt, built-in param, secret, cross-stack, cross-region, cross-account
#Utilities: ARN, duration|expiration, timezone, size
#Synth: auto, aspect, validation, policy
#Assembly: manifest, artifacts, tree, stack (definition, template, metadata), assets, nested assembly
#Assets: manifest, metadata, S3|ECR, command, publish, publishingRole, deployTime, staging, bundling, esbuild
PROS FROM CLOUDFORMATION ==> #Imperative
#Components, including common cross-service resources (policies, roles, metrics, etc.)
#Deploy UX (CLI, hotswap|watch, bootstrap roles)
#Grouping stacks
#Setting parameters
#S3|ECR assets (including Lambda code)
#Lookup cache
#Custom resource helpers
#Cross-stack|region|account references
/=+===============================+=\
/ : : \
)==: GENERAL :==(
\ :_______________________________: /
\=+===============================+=/
aws-cdk #CLI
aws-cdk-lib #Programmatic library to use in programs
#Includes both core and all SERVICEs
aws-cdk-lib/aws-SERVICE #Single SERVICE
aws-cdk-lib/aws-SERVICE-* #Additional packages for some SERVICEs:
# - `patterns`: L3 CONSTRUCTs
# - `actions|targets|destinations|event-sources`: integration to other SERVICEs
# - others: utilities
JSII ==> #Underlying tool allowing cdk codebase to be coded only in TypeScript,
#but built into multiple languages: TypeScript/Python/Java/Go/.NET
#Can be used when writing CONSTRUCT library or validation plugins, to make it available to those languages too
#Not documented yet
DEPENDENCIES ==> #For custom construct, should put as devDependencies + peerDependencies (with ^):
# - constructs
# - aws-cdk-lib
# - used @aws-cdk/*
#Normal applications should instead set those as production dependencies
aws-cdk-action #GitHub action running `cdk ...`
#Uses Docker container with latest `cdk`
#Not very useful, compared to just running as a script, and installing `cdk` through package.json
#Version 1.6.2
INPUTS.args #'ARGS ...' passed to `cdk`
aws-cdk-v2-github-actions #GitHub action running `cdk ...`
#Original repo is archived, and there is a low-key fork
#Runs `npm install` on `typescript` and `aws-cdk`, which is bad since this should be done by user instead
#Create PR comment with `cdk` output, in a slightly hacky way
#Not documented yet
CLASS.isCLASS(VAL)->BOOL #Many CLASSes have this method, like `instanceof` but cross-realm
#Not documented
/=+===============================+=\
/ : : \
)==: BEST PRACTICES :==(
\ :_______________________________: /
\=+===============================+=/
PARAM|COND|MACRO #Happen at deploy-time
#Instead, prefer synth-time logic: imperative language, CONTEXT
SYNC I/O ==> #Due to adding logic inside constructors, logic must almost always be sync
APP ==> #CAPP. Sets of related STACKs, usually for a given repository
# - include same repository as the application non-infrastructure logic
#Single STACK: RESOURCEs always deployed together
# - i.e. multiple STACKs: when RESOURCEs sometimes deployed separately
STAGING ENVIRONMENT ==> #For dev, staging, production, etc.
#Can:
# - one CAPP per staging environment
# - one CSTACK instance per staging environment
# - pass staging environment name as CVAR:
# - preferred because more dynamic and less boilerplate
# - prefix CSTACK name, either:
# - directly
# - by instantiating child APP (preferred)
#Those all result in different 'STACK' names
# - CDK automatically uses it in PhysicalResourceIds
#If possible, should have one ACCOUNT per staging environment
INPUT ==> #Instead of PARAM|COND, should use either:
# - ENVVARs
# - CVARs (preferred), with values set either:
# - only for current staging environment, i.e. as CONTEXT.*
# - preferred because more dynamic, and allows `cdk --context`, not only `cdk.json`
# - for each staging environment, i.e. as CONTEXT.STAGING_ENV.*
CUSTOM CONSTRUCT ==> #Library extending from `Construct`, directly or not
#Recommended to be its own library|repository
#CDK is optimized for sharing re-usable components, bundling|wrapping resources
# - e.g. through automatic ID suffixing (CID|SID)
@aws-cdk/example-construct-library#Example custom construct library, for scaffolding
CONSTRUCT HUB ==> #Registry of custom constructs
#Includes cdk8s and cdktf
#All use jsii
#Automatically shows API docs, thanks to jsii + TypeScript JSDoc
#Publishing:
# - automatic, providing published on npm
# - npm keyword `awscdk|cdk8s|cdktf` + any of the known categories (see list online)
# - must use jsii (`.jsii` in root DIR)
/=+===============================+=\
/ : : \
)==: EXPERIMENTAL :==(
\ :_______________________________: /
\=+===============================+=/
CVAR FFLAG #BOOL. Flag for an experimental feature
#Def:
# - true if not experimental anymore
# - false otherwise
#Set to true in cdk.context.json by `cdk init` if "recommended" FFLAG
FeatureFlags.of(CONSTRUCT)->FFLAGS#
FFLAGS.isEnabled('FFLAG')->BOOL #
EXPORTED_VARBetaNUM #Beta features in aws-cdk-lib have variable suffix *BetaNUM
#Mostly not documented
@aws-cdk-lib/aws-SERVICE-alpha #Library for alpha features not integrated yet to aws-cdk-lib/aws-SERVICE
#Not documented
/=+===============================+=\
/ : : \
)==: CLI MAIN :==(
\ :_______________________________: /
\=+===============================+=/
cdk #CLI. Package `aws-cdk`
--no-color #BOOL (def: false)
ENVVAR CI=true
--ci #BOOL (def: false). Redirect stderr to stdout instead
--verbose|-v #NUM (def: 0). Debug logs
#Can be repeated (i.e. 2) to also log any AWS API call
cdk --plugin|-p #'PATH|MODULE'_ARR exporting PLUGIN
PLUGIN.version #'1'
PLUGIN.init(PHOST) #Called on load
cdk doc[s] #Open CDK docs
--browser|-b #'COMMAND' to open the browser
#Can use %u for the file to open
#Def: xdg-open %u (Linux), open %u (macOS), start %u (Windows)
STACKS #Select STACKs by their NID
#Can contain GLOB
#Only for the STACKs in the current CAPP
/=+===============================+=\
/ : : \
)==: CLI CONFIG :==(
\ :_______________________________: /
\=+===============================+=/
CONFIG #Either (in priority order):
# - ./cdk.json
# - ~/.cdk.json
#Same options as CLI flags, but:
# - camelCase
# - paths are relative to file itself
# - repeatable -> ARR
# - VAR=VAL, repeatable -> OBJ
# - --FLAG=BOOL or --[no-]FLAG -> BOOL
# - no: --verbose|ci
#Can also use ENVVAR CDK__VARR
ENVVAR CDK_HOME #Def: ~/.cdk
cdk doctor #Print CDK version, ENVVAR AWS_*|CDK_*
/=+===============================+=\
/ : : \
)==: CLI AUTH :==(
\ :_______________________________: /
\=+===============================+=/
ENVVAR AWS_[DEFAULT_]PROFILE
--profile #'PROFILE' (def: 'default') (see AWS config doc)
ENVVAR HTTPS_PROXY
--proxy #'URL'
ENVVAR AWS_CA_BUNDLE
--ca-bundle-path #'PATH' to CA certificates for HTTPS, in PEM format
--ec2creds|-i #BOOL (def: false). Fetch credentials from EC2 instance
PHOST
.registerCredentialProviderSource#Custom AWS credentials
(...) #Not documented yet
CDK_HOME/cache
/accounts_partitions.json #Caches ACCOUNT_ID|PARTITION of current ACCESS_KEY_ID
/=+===============================+=\
/ : : \
)==: CLI INIT :==(
\ :_______________________________: /
\=+===============================+=/
cdk init [SCAFFOLDER] #Scaffold files in cwd
#Uses cwd 'DIR' name as project name
#SCAFFOLDER can be:
# - app (def): empty app
# - sample-app: same but with an example SNS TOPIC subscribed to an SQS QUEUE
# - lib: CONSTRUCT library (only 'typescript')
--language|-l #Among: 'typescript', 'javascript', 'csharp', 'fsharp', 'go', 'java', 'python'
--generate-only #BOOL. If false (def), also:
# - git init + first commit (unless git already initialized)
# - install dependencies
--list #BOOL (def: false). List available SCAFFOLDERs
/=+===============================+=\
/ : : \
)==: CLI BOOTSTRAP :==(
\ :_______________________________: /
\=+===============================+=/
cdk bootstrap ['ENVIRONMENT'...] #Deploy BOOTSTRAP_STACK, one per ENVIRONMENT
#Can also update existing one
#ENVIRONMENT can be 'GLOB': matched against current CAPP's CSTACK's ENVIRONMENTs
#Def 'ENVIRONMENT': '**'
--execute #BOOL (def: true). Whether to call ExecuteChangeSet()
--tags|-t #OBJ_ARR. BOOTSTRAP_STACK.Tags
#In CONFIG file, OBJ_ARR: Key 'TAG', Value 'VAL'
--trust #'ACCOUNT_ID'_ARR to allow to assume any BOOTSTRAP_ROLE
#Current ACCOUNT always included
BOOTSTRAP_STACK #STACK used by `cdk` CLI. Also called "toolkit"
#Includes ROLEs, S3 BUCKET and KMS KEY|ALIAS (for FASSET), ECR REPO (for IASSET), SSM parameter (for BootstrapVersion)
cdk bootstrap|deploy|import
--toolkit-stack-name #BOOTSTRAP 'STACK' name (def: 'CDKToolkit')
cdk bootstrap --qualifier
CVAR
@aws-cdk/core:bootstrapQualifier
DOPTS.qualifier #'BOOTSTRAP_MID'. Used as namespace to BOOTSTRAP_STACK's resources
CSYNTH.bootstrapQualifier #Def: 'hnb659fds'
MANIFEST_APROPS|STACK_APROPS #STR. SSM parameter with BOOSTRAP_STACK format version
|STACK_CARTIFACT|ASSETS_CARTIFACT#Incremented each time a new release of `cdk` changes BOOTSTRAP_STACK, even if not breaking
|LOOKUP_ROLE|DOPTS #Is BOOTSTRAP_STACK.Resources.CdkBootstrapVersion, exported as STACK OUTPUT 'BootstrapVersion'
.bootstrapStackVersionSsmParameter#Def: '/cdk-bootstrap/${Qualifier}/version'. Can be BSTR
#Current version: 19
MANIFEST_APROPS|STACK_APROPS
|STACK_CARTIFACT|ASSETS_CARTIFACT#NUM. Minimum BootstrapVersion supported by `cdk`, i.e. last one with breaking change
|LOOKUP_ROLE #Makes `cdk deploy|import` fail if BootstrapVersion is lower
.requiresBootstrapStackVersion #Currently: 6
TEMPLATE #PARAM of type 'AWS::SSM::Parameter::Value<String>'
.Parameters.BootstrapVersion #Value is bootstrapStackVersionSsmParameter
#Only meant to be checked by following RULE
#Created by `cdk synth`
TEMPLATE #RULE that ensure that ensure that BootstrapVersion PARAM >= requiresBootstrapStackVersion NUM
.Rules.CheckBootstrapVersion #Created by `cdk synth`
DOPTS.generateBootstrapVersionRule#BOOL (def: true). If false, do not generate TEMPLATE.*.*BootstrapVersion
BOOTSTRAP_TEMPLATE #BOOTSTRAP_STACK's PARAM only meant as a change ID, with default value 'AWS CDK: Default Resources'
.Parameters.BootstrapVariant #I.e. must be changed each time BOOTSTRAP_STACK is customized (including the first time)
# - this prevents customization from being overwritten when there is a new BootstrapVersion
#I.e. BootstrapVersion is for changes done by `cdk` itself, BootstrapVariant by user
cdk bootstrap
--force|-f #BOOL. If false (def), fails if:
# - customizing BOOTSTRAP_STACK but either:
# - downgrading BootstrapVersion
# - not changing BootstrapVariant
# - TEMPLATE and STACK.* did not change
--show-template #BOOL (def: false). Dry run. Print BOOTSTRAP STACK 'TEMPLATE'
--json|-j #BOOL (def: false). With --show-template, output as JSON instead of YAML
--template #'TEMPLATE'. Use previous output produced by --show-template (without --json), after possible customization
/=+===============================+=\
/ : : \
)==: CLI SYNTH :==(
\ :_______________________________: /
\=+===============================+=/
cdk synth[esize] [STACKS...] #Produce ASSEMBLY using CAPP.synth()
#Def: all STACKs
#Automatically called by `cdk diff|deploy|import|destroy|list|metadata`, which are the commands using ASSEMBLY
--quiet|-q #BOOL. If false (def), print TEMPLATE to stdout too, if only one STACK
cdk diff|deploy|import|destroy
|list|metadata #
--build #'SHELL_COMMAND' run before `cdk synth` to build the CAPP
--app|-a #'SHELL_COMMAND' run during `cdk synth` to execute the CAPP
#CAPP.synth() is run using AOPTS.autoSynth true
#E.g. with TypeScript: `ts-node PATH.ts`
#I.e. this also decide on the CAPP being used
#Can also be:
# - 'PATH.js' (not PATH.ts)
# - 'ASSEMBLY_DIR': avoid `cdk synth`
/=+===============================+=\
/ : : \
)==: CLI DEPLOY :==(
\ :_______________________________: /
\=+===============================+=/
cdk deploy [STACKS...] #Deploy STACKS to CloudFormation
#Def: current STACK, if only one
--all #BOOL (def: false). Deploy all STACKs
--method|-m #Deploy using:
# - 'direct': UpdateStack() (no progress info)
# - 'prepare-change-set': CreateChangeSet()
# - 'change-set' (def): CreateChangeSet() + ExecuteChangeSet()
#Automatically delete empty CHANGESETs
--change-set-name #'CHANGESET' (def: 'cdk-deploy-change-set')
--no-rollback|-R #BOOL. STACK.DisableRollback BOOL (def: false)
#Must not be true if some RESOURCEs are replaced
#Only with --method 'direct'
--notification-arns #SNS TOPIC_ARN_ARR. STACK|CHANGESET.NotificationARNs
--progress #How to display STACK EVENTs among:
# - 'events' (def if Windows, or not TTY, or --verbose, or --concurrency >1): 1 per line, no progress bar, 5s poll
# - 'bar' (def otherwise): single line being updated, with progress bar, 2s poll
--hotswap #BOOL (def: false). Update RESOURCEs by making direct calls to SERVICEs instead of using CloudFormation
#If some properties are not hotswappable, ignore them
#Only supports !Ref|GetAtt|ImportValue|Join|Select|Split|Sub
#Does not support TEMPLATE.Outputs
#Only for updated RESOURCEs, not created|deleted ones
#Only for:
# - Lambda: FUNC[_VERSION].Code|Environment|Description, ALIAS.FunctionVersion
# - AppSync, CodeBuild, StepFunctions, ECS: some of it
#Meant for speed, for development only (since it introduces drift)
--hotswap-fallback #BOOL (def: false). Same but if some properties are not hotswappable, do a normal deploy instead
STACK_APROPS|STACK_CARTIFACT #'ROLE_ARN' used to call CloudFormation API during `cdk deploy|import` for this STACK. Can be BSTR
.assumeRoleArn #Can be '': using CLI's credentials
DOPTS|CSYNTH.deployRoleArn #Def: BOOTSTRAP_ROLE 'deploy', which is BOOTSTRAP_STACK.Resources.DeploymentActionRole:
# - allowed cloudformation:CreateChangeSet|DeleteChangeSet|ExecuteChangeSet|DescribeChangeSet
# cloudformation:CreateStack|UpdateStack|DeleteStack|DescribeStacks,
# cloudformation:DescribeStackEvents|GetTemplate[Summary], cloudformation:UpdateTerminationProtection
# - allowed s3:GetObject*|GetBucket*|List* on FASSET 'BUCKET'
# - allowed s3:GetObject*|GetBucket*|List*, s3:Abort*|DeleteObject*|PutObject*
# - only if cross-account, for CodePipeline
# - allowed iam:PassRole to BOOTSTRAP_ROLE 'cfn-exec'
# - allowed ssm:GetParameter on BootstrapVersion
STACK_APROPS|STACK_CARTIFACT
.assumeRoleExternalId
DOPTS.deployRoleExternalId #STR (def: none). ASSUMED_ROLE_REQ.ExternalId with assumeRoleArn
/=+===============================+=\
/ : : \
)==: CLI WATCH :==(
\ :_______________________________: /
\=+===============================+=/
cdk --watch #BOOL (def: false). Deploy on file change
#Implies --hotswap-fallback by default
cdk watch ... #Same as deploy --watch ...
#Cannot use --all --method --*parameters --outputs-file --notification-arns --asset-* --require-approval
CONF.watch.include #'GLOB'. Def: **
CONF.watch.exclude #'GLOB'. Always exclude .*, node_modules, ASSEMBLY_DIR
--logs #BOOL (def: true). Print CloudWatch Logs LLEVENTs from all RESOURCEs (using FilterLogEvents())
#Uses all LOG_GROUPs defined in TEMPLATE.Resources.*
# - including one implicitly created by Lambda FUNC
# - excluding ones related to CloudTrail, CodeBuild or EC2 FlowLog
#Requires --watch
/=+===============================+=\
/ : : \
)==: CLI IMPORT :==(
\ :_______________________________: /
\=+===============================+=/
cdk import [STACKS] #Do a CHANGESET import
#Imported RESOURCEs use DeletionPolicy 'RETAIN' by default
#Does not work with nested STACKs
#Def: current STACK, if only one
--change-set-name
--no-rollback|-R
--progress #Like cdk deploy
--execute #BOOL (def: true). Whether to call ExecuteChangeSet()
--resource-mapping|-m #'PATH.json' of RESOURCEs to import, as { 'RESOURCE': IMPORTED_RESPROP, ... }
#Def: interactive prompt based on STACK_TEMPLATE.ResourceIdentifierSummaries
--record-resource-mapping|-r #'PATH.json'. Same but as output, instead of performing the import
--force|-f #BOOL. If false (def), only allow adding RESOURCEs, not updating|deleting them
/=+===============================+=\
/ : : \
)==: CLI STACKS :==(
\ :_______________________________: /
\=+===============================+=/
cdk list|ls [STACKS...] #List STACKs
#Def: all STACKs
--long|-l #BOOL (def: false). Print 'STACK', ACCOUNT_ID and REGION
cdk destroy [STACKS...] #Delete STACKs
#Def: current STACK, if only one
--all #BOOL (def: false). All STACKs
--force|-f #BOOL. If false (def), confirm first
cdk diff
cdk deploy --require-approval #See cdk-diff doc
/=+===============================+=\
/ : : \
)==: CONSTRUCT TREE :==(
\ :_______________________________: /
\=+===============================+=/
constructs #npm package (version 10.3.0)
#Peer dependency of `aws-cdk-lib`
new Construct #CONSTRUCT. Base class for most classes
(PARENT_CONSTRUCT, 'CONSTRUCT') #Relationship with PARENT_CONSTRUCT form a "CONSTRUCT|scope tree"
# - different from "dependencies tree", which expresses execution order
#Usually initialized within constructor of PARENT_CONSTRUCT
# - i.e. passes `this` and parent is extending from its base class
#Constructor has side-effect:
# - add to PARENT_CONSTRUCT, in CONSTRUCT tree
# - i.e. not always assigned to a variable
#Root has PARENT_CONSTRUCT undefined and 'CONSTRUCT' empty STR
# - usually CAPP|CSTAGE
new Construct(...CARGS) #Shortcut notation for (PARENT_CONSTRUCT, 'CONSTRUCT')
CONSTRUCT.node #NODE
NODE.scope #Current CONSTRUCT
#If root: undefined
NODE.scopes #Ancestors CONSTRUCT_ARR, starting with root, ending with PARENT_CONSTRUCT
NODE.root #Root CONSTRUCT
NODE.children #Direct children CONSTRUCT_ARR
NODE.defaultChild #Direct child CONSTRUCT that is most important
#Def: one with id 'Resource' or 'Default'
NODE.findChild('CONSTRUCT') #Among direct children
->CONSTRUCT #Exception if not found
NODE.tryFindChild('CONSTRUCT')
[->CONSTRUCT] #Same but undefined if not found
NODE.findAll([ENUM]) #Traverse descendants, depth-first
->CONSTRUCT_ARR #ENUM is PREORDER (def) or POSTORDER
NODE.tryRemoveChild('CONSTRUCT')
->BOOL #false if not found
NODE.lock() #Do not allow other NODEs to become new children
#Inherited by current children
#Set by `cdk synth`
NODE.locked #BOOL (def: false)
/=+===============================+=\
/ : : \
)==: CONSTRUCT ID :==(
\ :_______________________________: /
\=+===============================+=/
NODE.id #'CONSTRUCT' passed to constructor
#No / (converted to --)
#undefined if root
#NID|AID|CID|SID|LID are used as actual identifiers instead
# - this allows re-using NODE.id in different parts of the CONSTRUCT tree
# - i.e. allows encapsulation and components composition
NODE.path #'NID'. NODE.id of ancestors + current NODE, joined with / separator
#If root: ''
#Goal: ID that shows the construct tree path, e.g. when printing or on input
CONSTRUCT.toString()->STR #Like NODE.path except '<root>' if root
NODE.addr #'AID'. Like NID but SHA1 hash'd, prefixed with 'c8'
#Also excludes any NODE.id 'Default'
# - this allows refactoring NODE hierarchy without changing AID
#Goal: short machine-friendly ID
Names.nodeUniqueId(NODE)->'CID' #NODE.id of ancestors + current NODE, joined without separators
Names.uniqueId(CONSTRUCT)->'CID' # - excluding 'Default' or 'Resource'
# - excluding parents with name being a prefix of child
# - e.g. parent 'This' -> child 'ThisThat'
# - mostly meant to make CID prettier
# - without any non-[:alnum:]
# - truncated 255 chars
#Also appends hash of NODE.id of ancestors + current NODE
# - without any of above transformations, i.e. to prevent collisions
# - unless only one ancestor
#I.e. both unique and human-friendly
#Goal: cross-STACK IDs, unique per CAPP
Names.uniqueResourceName #Like CID except only ancestors until CSTACK (which uses its stackName)
(CONSTRUCT, OPTS)->'SID' #Goal: cross-STACK IDs, shorter but potential duplicates per CAPP when using nested STACKs
#Can also customize with following OPTS
OPTS.prefix #STR (def: '')
OPTS.separator #STR (def: '')
OPTS.maxLength #NUM (def: 255)
OPTS.allowedSpecialCharacters #STR (def: ''). Additional allowed characters, inserted in new RegExp('[STR]')
/=+===============================+=\
/ : : \
)==: LOGICAL ID :==(
\ :_______________________________: /
\=+===============================+=/
CSTACK.getLogicalId(CELEM)->'LID' #Like SID but excluding CSTACK
#Goal: STACK-specific ID
#Used as 'RESOURCE|PARAM|...' LogicalResourceId, e.g. name in TEMPLATEs
# - CloudFormation uses it to generate the PhysicalResourceId (ARN|MID|name), with additional suffix
CELEM.logicalId #Same but as STR_RV
CMETADATA 'aws:cdk:logicalId' #CELEM.logicalId
#Not set if CVAR aws:cdk:disable-logicalId-metadata true
#Used by `cdk diff`
CELEM.overrideLogicalId(STR) #Manually set CELEM.logicalId
CSTACK.renameLogicalId(STR, STR2) #If logicalId is STR, set to STR2 instead
/=+===============================+=\
/ : : \
)==: PHYSICAL ID :==(
\ :_______________________________: /
\=+===============================+=/
'NAME' #In this section, refers to PhysicalResourceId (see CloudFormation)
# - not LogicalResourceId
# - e.g. CloudWatch 'LOG_GROUP' name
#I.e. does not apply to RESOURCEs where PhysicalResourceId is MID|ARN instead
CROSS-ACCOUNT|REGION NAME ==> #When referring to a RESOURCE 'NAME', if:
# - static and known in advance: can pass it as is
# - same STACK: can use { Ref }
# - different STACK but same ACCOUNT|REGION: can use { Ref } with CDK,
# which automatically uses PARAMs|OUTPUTs (see below)
# - different STACK, ACCOUNT and REGION: problem
#To target the RESOURCE, AWS will most likely need the ACCOUNT|REGION too
# - i.e. this problem usually happens when 'NAME' is part of either:
# - an ARN being built
# - a request where ACCOUNT|REGION are specified in different properties
CROSS-ACCOUNT|REGION ARN ==> #When referring to a RESOURCE ARN:
# - if available as RESATTR and same ACCOUNT|REGION: can use { GetAtt }
# - otherwise: can build it using the 'NAME'
# - i.e. inherits the same problem as above
CROSS-ACCOUNT|REGION SOLUTION ==> #CDK generates 'NAME' as a unique EID, instead of letting CloudFormation do it
#Only works when referring to a RESOURCE 'NAME'|ARN, not MID, since MID are always generated by AWS
CKRESOURCE.CSRESOURCEName #STR_TK resolving to 'NAME'|ARN but using above solution (generated EID) providing both:
CKRESOURCE.CSRESOURCEArn # - cross-ACCOUNT|REGION (and not agnostic)
# - i.e. CKRESOURCE's STACK and consuming CONSTRUCT's STACK2 are in a different ACCOUNT or REGION
# - CKOPTS.physicalName PhysicalName.GENERATE_IF_NEEDED was used
CROSS-ACCOUNT|REGION #This relies on using CKRESOURCEs implementing the following pattern:
IMPLEMENTATION ==> # - pass CKRESOURCE.physicalName to CSRESOURCE's 'NAME'_RESPROP
# - CKRESOURCE.CSRESOURCEName = CKRESOURCE.getResourceNameAttribute(CSRESOURCE.ref)
# - CKRESOURCE.CSRESOURCEArn = CKRESOURCE.getResourceArnAttribute(CSRESOURCE.ARN_RESATTR, { resourceName: CKRESOURCE.physicalName, ... })
#CSRESOURCE is underlying one, usually named 'Resource'
#This is done by most core CKRESOURCEs, when PhysicalResourceId is 'NAME' (not MID|ARN)
#The rest of this section assumes above pattern is being done
EID #'NAME' generated by GENERATE_IF_NEEDED
#Similar to CID, but includes ACCOUNT_ID|REGION
#Is STR (61 chars, lowercase'd) concatenation of:
# - CSTACK.stackName (first 25 chars)
# - NODE's 'CID' (last 24 chars)
# - SHA256 hash (12 chars) of:
# - CSTACK.account
# - CSTACK.region
# - CSTACK.stackName (full)
# - NODE's 'CID' (full)
CKOPTS.physicalName #'NAME' of underlying CSRESOURCE, among:
# - undefined (def): generated by CloudFormation based on the RESOURCE's LID
# - 'NAME'[_TK]: as is
# - PhysicalName.GENERATE_IF_NEEDED
# - if any cross-ACCOUNT|REGION reference: generated by CDK as a new EID
# - otherwise: same as undefined
#Whether there is any cross-ACCOUNT|REGION reference:
# - is decided based on whether CKRESOURCE.CSRESOURCEName|Arn is used
# - which itself is based on internal logic at CKRESOURCE.getResource*Attribute()
CKRESOURCE.physicalName #Depending on CKOPTS.physicalName:
# - undefined: STR_TK resolving to undefined
# - 'NAME'[_TK]: as is
# - PhysicalName.GENERATE_IF_NEEDED: STR_TK resolving to:
# - if any cross-ACCOUNT|REGION reference: 'NAME' (which is EID)
# - otherwise: undefined
#Readonly. Protected, i.e. only in subclasses
CKRESOURCE.generatePhysicalName() #Protected method to override in subclasses, to customize the 'NAME' generated by PhysicalName.GENERATE_IF_NEEDED
->STR #E.g. can call super.generatePhysicalName() and prepend a prefix
/=+===============================+=\
/ : : \
)==: CONTEXT MAIN :==(
\ :_______________________________: /
\=+===============================+=/
CONTEXT #Data associated with NODEs
#Inherited by descendant NODEs, which can override it
./cdk.context.json #{ CVAR: VAL, ... } to use as CONTEXT
#Saved on new CVAR value
#CVAR must be namespaced, lowercase dasherized, :-separated
#Meant for values cached by ContextProvider
# - i.e. should not be manually edited, except through `cdk context --clear|--reset`
cdk --context|-c #'[STACK:]CVAR=VAL'_ARR (def: all STACKs) to use as CONTEXT
#CLI flag, i.e. can be set in cdk.json context.[STACK:]CVAR VAL too
#Meant for values not cached by ContextProvider
AOPTS.context #Same for CAPP
AOPTS.postCliContext #Like AOPTS.context, but has higher priority than all above
cdk context #Print CONTEXT
--json|-j #BOOL (def: false). Output as JSON instead of YAML
--clear #BOOL (def: false). Save cdk.context.json as empty OBJ
--reset|-e #Delete 'CVAR' from cdk.context.json
#Can be a 'GLOB'
--force|-f #BOOL (def: false). Do not fail if 'CVAR' missing, with --reset
NODE.setContext('CVAR', VAL) #Should be set before adding child NODEs, since their constructor might check it
NODE.getContext('CVAR')->VAL #Throw if not found
NODE.tryGetContext('CVAR')->VAL #undefined if not found
NODE.getAllContext([OBJ2])->OBJ #OBJ2 (def: {}) is shallow merged
/=+===============================+=\
/ : : \
)==: CONTEXT PROVIDER :==(
\ :_______________________________: /
\=+===============================+=/
ContextProvider.getValue #Used by SERVICEs to compute a value then cache it on filesystem using CONTEXT
(CONSTRUCT, OPTS)->{ value: VAL }#Value is computed on first call, using PCONTEXT_PLUGIN.getValue()
#Value is cached on CONTEXT:
# - CVAR is serialized 'SERVICE:VARR=VAL:...'
# - but documented here as PCONTEXT.* OBJ
#Caching is both for:
# - performance
# - stability, like a lock file
# - e.g. when retrieving last version of an AMI
# - i.e. `cdk context --reset` allows upgrades
OPTS.provider #'SERVICE'
OPTS.props.* #PCONTEXT.* OBJ (def: {})
OPTS.props.account|region #Def: CSTACK.account|region, if OPTS.includeEnvironment true (def)
OPTS.dummyValue #Default VAL to use in next round
#This is due to ContextProvider.getValue() being sync and PCONTEXT_PLUGIN.getValue() async
#The first round of `cdk synth` uses the dummyValue
#Then the actual value is computed, and a new round of `cdk synth` is performed
PHOST.registerContextProviderAlpha#Add custom PCONTEXT_PLUGIN
('NAME', PCONTEXT_PLUGIN) #Defined by each SERVICE using PCONTEXT
PCONTEXT_PLUGIN
.getValue(OPTS)->>VAL #
this.aws #SDK_PROVIDER, used to make API calls
OPTS.* #PCONTEXT.*
OPTS.lookupRoleArn #LOOKUP_ROLE_ARN, used for requests
STACK_APROPS|STACK_CARTIFACT #LOOKUP_ROLE. Used for read-only requests:
.lookupRole # - ContextProvider
# - `cdk diff`, `cdk deploy --require-approval` `cdk watch --logs`, parts of `cdk import`
# - if no BOOTSTRAP, uses CLI's credentials
#Def: BOOTSTRAP_ROLE 'lookup', which is BOOTSTRAP_STACK.Resources.LookupRole
# - has AWS managed policy arn:aws:iam::aws:policy/ReadOnlyAccess', i.e. readonly for all SERVICEs
# - denied kms:Decrypt
DOPTS.lookupRoleArn
LOOKUP_ROLE.arn #ROLE_ARN. Can be BSTR
CSYNTH.lookupRole #Can be '': using CLI's credentials
LOOKUP_ROLE.assumeRoleExternalId
DOPTS.lookupRoleExternalId #STR (def: none). ASSUMED_ROLE_REQ.ExternalId with lookupRoleArn
cdk bootstrap --trust-for-lookup #'ACCOUNT_ID'_ARR to allow to assume BOOTSTRAP_ROLE 'lookup'
cdk diff|deploy|import|destroy
|list|metadata --lookups
DOPTS
.useLookupRoleForStackOperations #BOOL (def: true). Enables ContextProvider
*.fromLookup #Most SERVICEs that use ContextProvider.getValue() do so inside this type of static method
(CONSTRUCT, STR, ...) #STR is a C[K]RESOURCE 'NAME'|MID and ... are additional options
->>C[K]RESOURCE #The method uses AWS API calls to retrieve the resource by id, then cache it on CONTEXT
CBUILDER
.addMissing(MISSING_CONTEXT) #
MANIFEST.missing #MISSING_CONTEXT_ARR. PCONTEXT.* which could not be found (see OPTS.dummyValue)
MISSING_CONTEXT.provider #'SERVICE'
MISSING_CONTEXT.key #PCONTEXT.* 'VAR' name
MISSING_CONTEXT.props #PCONTEXT.* OBJ value
/=+===============================+=\
/ : : \
)==: NOTICES :==(
\ :_______________________________: /
\=+===============================+=/
cdk ... --notices #BOOL (def: false). Print NOTICEs, warning messages on deprecated versions|components (using TNODE.constructInfo)
cdk notices #Print NOTICEs
CDK_HOME/cache/notices.json #Caches NOTICEs, since they are retrieved from https://cli.cdk.dev-tools.aws.dev/notices.json
cdk ack[nowledge] [NOTICE_ID] #Do not print this NOTICE anymore with `cdk --notices` (but still shown with `cdk notices`)
CVAR acknowledged-issue-numbers #'NOTICE_ID'_ARR
/=+===============================+=\
/ : : \
)==: ANNOTATIONS :==(
\ :_______________________________: /
\=+===============================+=/
cdk synth|deploy|import|diff #Print error|warning|info ANNOTATIONs
#ANNOTATIONs are similar to NODE.addValidation()
# - except `cdk synth` still produces ARTIFACTs for the other CSTACKs
# - i.e. those can still be deployed
# - useful for warnings|info
# - for errors, prefer throwing ERRORs
--ignore-errors #BOOL. If false (def), fail if any error ANNOTATION
--strict #BOOL (def: false). Fail if any warning ANNOTATION
SYOPTS.validateOnSynthesis
STACK_APROPS|STACK_CARTIFACT #BOOL (def: false). Print error|warning|info ANNOTATIONs during `cdk synth`
|CSESSION.validateOnSynth #on that CSTACK, even if it is not selected
ENVVAR CDK_VALIDATION=true
cdk synth --validation #BOOL (def: true). If false, `validateOnSynth` is noop
Annotation.of
(CONSTRUCT)->ANNOTATION #Message
ANNOTATION.addError('MESSAGE') #Add CMETADATA 'aws:cdk:error'
ANNOTATION.addWarningV2 #Add CMETADATA 'aws:cdk:warning'
('WNAME', 'MESSAGE') #WNAME is usually 'LIB:CONSTRUCT.WARNING'
ANNOTATION.addDeprecation #Same as addWarningV2() except:
(STR, 'MESSAGE') # - 'WNAME' is 'Deprecated:STR'
# - 'MESSAGE' is:
# - prepended with 'The API STR is deprecated'
# - appended with 'This API will be removed in the next major release'
# - throws if ENVVAR CDK_BLOCK_DEPRECATIONS set
ANNOTATION #Remove CMETADATA 'aws:cdk:warning', in current process
.acknowledgeWarning('WNAME') #Includes CONSTRUCT's descendants
ANNOTATION.addInfo('MESSAGE') #Add CMETADATA 'aws:cdk:info'
#Printed by CLI
ENVVAR CDK_DISABLE_STACK_TRACE
CVAR aws:cdk:disable-stack-trace
AOPTS.stackTraces #BOOL (def: true). Include stack traces in CMETADATA 'aws:cdk:info|warning|error'
cdk synth|deploy|import|diff
--trace #BOOL (def: false). Print stack trace with warnings
CARTIFACT.messages #CANNOTATION_ARR
CANNOTATION.level #'error|warning|info'
CANNOTATION.id #'/NID'
CANNOTATION.entry #CMETADATA
/=+===============================+=\
/ : : \
)==: ENVIRONMENT :==(
\ :_______________________________: /
\=+===============================+=/
SSOPTS.env #CENV, at STAGE-level
#Def: parent STAGE (if none, undefined)
CSTAGE|CENV.account|region #Same as above
SOPTS.env #CENV, at STACK-level
#Def: same as STAGE (if none, Aws.ACCOUNT_ID|REGION)
CSTACK|CENV.account|region #Same as above
CKRESOURCE.env #CEVENT, at CKRESOURCE-level
#Def: same as STACK
CKOPTS.account|region #Same as above
CKOPTS.environmentFromArn #Alternative to CKOPTS.account|region, using any 'ARN' instead
CSTACK|STACK_ARTIFACT.environment #'ENVIRONMENT', i.e. 'aws://ACCOUNT/REGION'
STACK_CARTIFACT.environment #ENVIRONMENT_OBJ
EnvironmentUtils.make
('ACCOUNT', 'REGION')
->ENVIRONMENT_OBJ #
EnvironmentUtils.format
('ACCOUNT', 'REGION')
->'ENVIRONMENT' #
EnvironmentUtils.parse
('ENVIRONMENT')->ENVIRONMENT_OBJ #
ENVIRONMENT_OBJ.account|region #'ACCOUNT|REGION'
ENVIRONMENT_OBJ.environment #'ENVIRONMENT'
Aws.ACCOUNT_ID|REGION #STR_TK resolving to built-in PARAM 'AWS::ACCOUNT_ID|REGION' (see above)
#Can be set to SSOPTS|SOPTS|CKRESOURCE.env.account|region
UNKNOWN_ACCOUNT|UNKNOWN_REGION #'unknown-account|unknown-region'
#Used in 'ENVIRONMENT'|ENVIRONMENT_OBJ when === Aws.ACCOUNT_ID|REGION
#Means account|region "agnostic":
# - logic can check ENVIRONMENT_OBJ.account|region === UNKNOWN_ACCOUNT|REGION
# to throw when specific feature requires a specific ACCOUNT|REGION
# - library code should be agnostic, but production code should not
process.env.CDK_DEFAULT_REGION #'REGION' that would be used by CLI
#I.e. specified in ENVVARs (e.g. AWS_[DEFAULT_]REGION) or AWS CONFIG|CREDS (see its doc)
#If not found: 'us-east-1'
#Only used if passed to SSOPTS|SOPTS|CKRESOURCE.env.region
#Takes into account --profile|--ec2-creds
#Cannot be overridden
process.env.CDK_DEFAULT_ACCOUNT #Same but for current 'ACCOUNT_ID'
#Uses STS getCallerIdentity through CLI credentials
#If not found: undefined
#Only used if passed to SSOPTS|SOPTS|CKRESOURCE.env.account
#Takes into account --profile|--ec2-creds|--container-creds|--http-options
#Cannot be overridden
/=+===============================+=\
/ : : \
)==: REGION FACTS :==(
\ :_______________________________: /
\=+===============================+=/
Fact.regions #All 'REGION'_ARR
CSTACK.regionalFact #Like Fact.find(CSTACK.region, RFACT)
(RFACT[, 'RVAL2'])->'RVAL' #'RVAL2' is default value (def: throws)
#If CSTACK.region is agnostic, tries to guess:
# - if 'RVAL' differs only by including 'REGION' or 'AWS_DOMAIN':
# - replace it by Aws.REGION|URL_SUFFIX STR_TK
# - e.g. this is case for FactName.servicePrincipal(...)
# - if TEMPLATE.Mappings.RFACTMap.REGION.RFACT 'RVAL' defined, use it
# - specific name for RFACT is slightly different: see source code
# - for better guess, can restrict to specific CVAR @aws-cdk/core:target-partitions 'PARTITION'_ARR (def|recommended: all)
Fact.find('REGION', RFACT)
->'RVAL'|undefined #
Fact.requireFact('REGION', RFACT)
->'RVAL' #Same but throws if undefined
RegionInfo.regionMap
(RFACT)->{ REGION: 'RVAL', ... } #
RegionInfo.regions #RINFO_ARR for all REGIONs
RegionInfo.get('REGION')->RINFO #
RINFO.region #'REGION'
RINFO.RFACT #'RVAL'|undefined
#'YES|NO' -> BOOL
#FACT is camelCase'd
'RVAL' #Value for a specific REGION + RFACT
FactName.*[(...)] #RFACT. REGION-specific behavior
#Some SERVICE-specific ones are my documentation for that SERVICE instead
FactName.PARTITION #RFACT for 'PARTITION'
FactName.DOMAIN_SUFFIX #RFACT for 'AWS_DOMAIN'
FactName
.servicePrincipal('SERVICE') #RFACT for 'SERVICE_DOMAIN'
FactName.IS_OPT_IN_REGION #RFACT for 'YES|NO': whether REGION must be enabled
SERVICE-SPECIFIC ==> #
FactName.S3_STATIC_WEBSITE_
ZONE_53_HOSTED_ZONE_ID #RFACT for Route53 'ZONE_ID'
FactName
.EBS_ENV_ENDPOINT_HOSTED_ZONE_ID #RFACT for Route53 'ZONE_ID' used in Elastic Beanstalk (if none: '')
FactName.ELBV2_ACCOUNT #RFACT for 'ACCOUNT_ID' to use with IAM POLICY's Principal.Aws with S3 BUCKET for access logs of ELB
#undefined for REGIONs that 'logdelivery.elasticloadbalancing.amazonaws.com' instead
FactName.DLC_REPOSITORY_ACCOUNT #RFACT for 'ACCOUNT_ID' owning the ECR repo with the container images of AWS Deep Learning (if none: undefined)
FactName.APPMESH_ECR_ACCOUNT #RFACT for 'ACCOUNT_ID' owning the ECR repo with the container images of AppMesh Envoy Proxy (if none: undefined)
FactName.FIREHOSE_CIDR_BLOCK #RFACT for Firehose server's 'CIDR'
FactName
.VPC_ENDPOINT_SERVICE_NAME_PREFIX#RFACT for '[cn.]com.amazonaws.vpce' used in VPC
FactName
.appConfigLambdaLayerVersion
('LAYER_VERSION', 'arm64|x86_64')#RFACT for LAYER_ARN of AppConfig Insights
FactName.adotLambdaLayer('TYPE',
'LAYER_VERSION', 'arm64|x86_64') #RFACT for LAYER_ARN of OpenTelemetry Insights
FactName
.paramsAndSecretsLambdaLayer
('LAYER_VERSION', 'arm64|x86_64')#RFACT for LAYER_ARN of SecretsManager Insights
/=+===============================+=\
/ : : \
)==: STAGE :==(
\ :_______________________________: /
\=+===============================+=/
new Stage(...CARGS[, SSOPTS]) #CSTAGE. Group of related CSTACKs
#Inherits CONSTRUCT
#'CSTAGE' must be [[:alnum:]-_.]
#Meant as top-level CONSTRUCT