How do I utilize CDK escape hatches to retrieve lower-level construct objects from L3 and L2 constructs?

Short description

There are three AWS CDK abstraction layers:

• L1 constructs have 1:1 relationships that map to the related AWS CloudFormation resource types. This is the most fundamental construct layer for AWS CDK.
• L2 constructs can wrap a number of L1 constructs and its default child object is the relevant resource type's L1 construct. Other L1 construct child objects are synthesized into AWS CloudFormation templates based on the L2 child object's specified properties.
• L3 constructs are the highest level of AWS CDK abstraction layers and can wrap a number of L2 and L1 constructs.

For more information, see abstractions and escape hatches.

Resolution

Use AWS CDK escape hatches to retrieve child objects from an Amazon Elastic Kubernetes Service (Amazon EKS) cluster with an L3 construct.

Note: These steps use the Python programming language. The steps are similar for any other programming languages. Make sure to adjust code syntax for the programming language you're using.

An example Amazon EKS cluster with a L3 construct in Python:

vpc = ec2.Vpc(self, "Vpc",
            ip_addresses=ec2.IpAddresses.cidr("192.168.0.0/25")
        )
        
eks_object = eks.Cluster(self, "HelloEKS",
            version=eks.KubernetesVersion.V1_25,
            vpc=vpc,
            vpc_subnets=[ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS)]
        )

1.    Retrieve all the child objects of a L3 construct in an Amazon EKS cluster by using the node.find_all() attribute:

for child in eks_object.node.find_all():
            print(child.node.id)

After using the preceding command, all child IDs of the L3 construct print.

Example printout:

HelloEKS

...
NodegroupDefaultCapacity
NodeGroupRole
...

2.    After printing the child IDs of the L3 construct, retrieve the desired child ID by using the node.find_child() attribute:

Important: Make sure to check all AWS Command Line Interface (AWS CLI) commands and replace all instances of example strings with your values. For example, replace example_child_id with your target child ID.

l2_nodeGroup = eks_object.node.find_child(example_child_id)

After using this command, the L2 construct of the desired child ID prints.

Example printout:

<aws_cdk.aws_eks.Nodegroup object at 0x7ffa9c7b2910>

Note: You can use variables l2_nodeGroup to invoke the Nodegroup properties, attributes, and methods to modify the associated resources.

3.    Retrieve all the child objects of the L2 construct by using the node.find_all() attribute:

for child in l2_nodeGroup.node.find_all():
         print(child.node.id)

After using the preceding command, all child IDs of the L2 construct will print.

Example printout:

NodegroupDefaultCapacity
NodeGroupRole
ImportNodeGroupRole

4.    After the child IDs of the L2 construct print, retrieve the desired child ID by using the node.find_child() attribute:

l2_nodeGroup_role = l2_nodeGroup.node.find_child(example_child_id)
     print(l2_nodeGroup_role)

After using the preceding command, an object at the L2 layer will return at the aws_iam.Role level.

5.    When you are at the aws_iam.Role level, use the following node.default_child attribute to reach the L1 CfnRole construct object:

l1_nodeGroup_role = l2_nodeGroup_role.node.default_child
        print(l1_nodeGroup_role)

After using the preceding command, the default child at the L1 layer will return.

Note: When you use node.find_all() or node.default_child to retrieve child objects, you can use that construct's functionalities for increased controls over a CloudFormation template.

If you still can't retrieve child objects, contact AWS Support or create a new issue at the GitHub website for AWS CDK issues.

Related information

How do I customize a resource property value when there is a gap between CDK higher level constructs and a CloudFormation resource?