Questions tagged with Infrastructure as Code

Is there a way to add a launch template that defines EC2 instances with multiple ENIs that have different configurations (for each ENI) to an Auto Scaling Group? or is it a limitation in ASGs?lg...

I had created a Redis Elasticache cluster manually and in the details it gives a Primary endpoint, Reader endpoint. Also in the **Nodes** tag I can see **Current role** column which says "primary". I tried to recreate this using CDK v2.33 and it created the Elasticache and also output the endpoint and saved the `attrRedisEndpointAddress` in Parameter Store. However when I go to the Elasticache in AWS console the Primary Endpoint, Reader Endpoint are `"-"` (blank) and also there is no **Current role** column in the **Nodes** section. lg...

I'm using AWS CDK and am trying to enable the associatePublicIpAddress property for an AutoScalingGroup that's using a launch template. My first attempt was to just set `associatePublicIpAddress: true`, but I get this error (https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts#L1526-L1528) ```typescript // first attempt new asg.AutoScalingGroup(this, 'ASG', { associatePublicIpAddress: true, // here minCapacity: 1, maxCapacity: 1, vpc, vpcSubnets: { subnetType: SubnetType.PUBLIC, onePerAz: true, availabilityZones: [availabilityZone], }, mixedInstancesPolicy: { instancesDistribution: { spotMaxPrice: '1.00', onDemandPercentageAboveBaseCapacity: 0, }, launchTemplate: new LaunchTemplate(this, 'LaunchTemplate', { securityGroup: this._securityGroup, role, instanceType machineImage, userData: UserData.forLinux(), }), launchTemplateOverrides: [ { instanceType: InstanceType.of( InstanceClass.T4G, InstanceSize.NANO ), }, ], }, keyName, }) ``` ```typescript // I hit this error from the CDK if (props.associatePublicIpAddress) { throw new Error('Setting \'associatePublicIpAddress\' must not be set when \'launchTemplate\' or \'mixedInstancesPolicy\' is set'); } ``` My second attempt was to not set `associatePublicIpAddress` and see if it gets set automatically because the AutoScalingGroup is in a public availablity zone with an internet gateway. However, it still doesn't provision a public ip address. Has anyone been able to create an autoscaling group with a mix instance policy and an associated public ip?lg...

I'm just using the sample code from: https://docs.aws.amazon.com/cdk/api/v1/python/aws_cdk.aws_healthlake/CfnFHIRDatastore.html#aws_cdk.aws_healthlake.CfnFHIRDatastore.add_deletion_override And I'm adding the import statements not included in that example. ``` #!/usr/bin/env python3 import aws_cdk as cdk import aws_cdk.aws_healthlake as healthlake from constructs import Construct from healthlake.healthlake_stack import HealthlakeStack app = cdk.App() class HealthlakeStack(): def __init__(self, scope: Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) cfn_fHIRDatastore = healthlake.CfnFHIRDatastore(self, "MyCfnFHIRDatastore", datastore_type_version="R4" ) HealthlakeStack(app, "HealthLake") app.synth() ``` When I run `cdk synth` on this, I get back: ``` Traceback (most recent call last): File "app.py", line 13, in <module> class HealthlakeStack(): File "app.py", line 17, in HealthlakeStack cfn_fHIRDatastore = healthlake.CfnFHIRDatastore(self, "MyCfnFHIRDatastore", NameError: name 'self' is not defined ``` And if I remove `self`, I get: ``` Traceback (most recent call last): File "app.py", line 11, in <module> class HealthlakeStack(): File "app.py", line 15, in HealthlakeStack cfn_fHIRDatastore = healthlake.CfnFHIRDatastore("MyCfnFHIRDatastore", File "redacted/python/site-packages/jsii/_runtime.py", line 86, in __call__ inst = super().__call__(*args, **kwargs) TypeError: __init__() missing 1 required positional argument: 'id' ``` And I tried a few other things. I'm guessing I'm just not nesting this correctly or something else basic to Python.lg...

We are looking to enable an AWS region programmatically using either boto3 or terraform.lg...

Hi aws re:Post! I used the AWS Timestream Web App Query Editor while developing my CDK IaC to test certain queries - specifically, I run the following and receive 1000 rows in response: ``` SELECT measure_value::varchar FROM DATABASE.TABLE ORDER BY time LIMIT 1000 ``` However the same exact query sent in NodeJS via `aws-sdk/TimestreamQuery` returns 0 rows in response. If I remove `ORDER BY time` such that my query is: ``` SELECT measure_value::varchar FROM DATABASE.TABLE LIMIT 1000 ``` the NodeJS Query client receives the same data as in the AWS Timestream Web App Query Editor. This is very bizarre behavior- I have not found any mention of it whatsoever in the context of AWS Timestream, and the only contextual results I found on the internet was [MySQL Bug Report #70466](https://bugs.mysql.com/bug.php?id=70466) ([accompanying stack overflow post](https://stackoverflow.com/questions/19086553/query-returns-no-results-only-when-order-by-added)). This really does not seem like a software configuration issue - to reiterate, if I omit `ORDER BY time` my NodeJS client behaves the same as my Web App client. Any insight on how to resolve this would be greatly appreciated!lg...

I have a few team members want to work on different parts of a solution architecture. They should be able to create the following resources in their accounts, consume any updates from other team members updates to the whole solution architecture and test. These are the resources: 1. EventBridge (1 ESB) 2. C# Lambdas (6 Lambdas) 3. Cron Jobs (4 Cron Jobs) 4. On-Prem client applications (1 JavaScript applicaiton) This is our SDLC process: 1. We will use the AWS C# CDK to create the resources and roles. 2. On-Prem Jenkins to create a CI/CD To accomplish smooth development and deployment of the projects, what is the recommended way to split the projects into GitHub repositories? 1. Should the CDK (Infrastructure as Code) to create all the resources be a separate repository? Can this help the developer to deploy the resources in a single execution? 2. Should the CDK (Infrastructure as Code) to create the resource be part of the lambda or cron job itself? Any suggestions appreciated.lg...

I'm looking for sample C# code to create EventBridge Bus, Rules, a few Lambdas and IM Security Roles to access them. I prefer infrastructure as code versus cloud formation script.lg...

I am trying to create Data Stream -> Firehose -> OpenSearch infrastructure using the AWS CDK v2. In my CDK Stack I have created an [OpenSearch `Domain`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.Domain.html), and am trying to create a Kinesis Firehose [`DeliveryStream`](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-kinesisfirehose-alpha.DeliveryStream.html) with that domain as the destination. However, kinesisfirehose-destinations package seems to only have a ready-to-use [construct for S3 buckets](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-kinesisfirehose-destinations-alpha.S3BucketProps.html), so there is no obvious way to do this easily. I have tried implementing my own [`IDestination`](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-kinesisfirehose-alpha.IDestination.html), but I am at a complete loss since I have no idea how to implement `bind`. So, my questions are: 1. How are you supposed to implement `bind` in `IDestination`? 2. Are there any complete working examples of creating a Firehose to OpenSearch using the non-alpha L1 constructs?lg...

Hi, we are trying to configure phased deployments in CDK for our EMR Cluster stack. Currently, we have set termination protection to false so that during a deployment, all the new clusters will be launched and then, at the end of the successful deployment, all the old clusters will be terminated. This is not very efficient because our accounts will need to have a larger service quota to support 2x our projected fleet size during deployments, as the fleet will effectively be duplicated during the first half of the deployment before the existing clusters are terminated in favor of the new clusters. Are there any phased deployment options available in CDK where we can tear down and create one cluster at a time? This would allow us to avoid a spot increase in service quota usage during deployments. Termination protection reference: https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-emr.CfnCluster.JobFlowInstancesConfigProperty.html#terminationprotectedlg...

I am using aws cdk using typescript. The aws-cdk version is being used with 1.134.0 fixed. To explain the problem, I made an apigateway using RestApi in aws cdk. In the option value, deploy was set to true, and the meaning of this was explained as follows in the aws cdk document. `Indicates if a Deployment should be automatically created for this API, and recreated when the API model (resources, methods) changes.` It doesn't seem to work properly. The addition and modification of resources, methods seem to work well. However, even if RestApi's method is deleted, it is not deleted from the stage. In addition, my cdk is a simple structure with only the creation of RestApi and the addition of methods through the resource.add method. Did I miss anything?lg...

Hi all, I'm using CloudFormation to manage AWS Firewall Policy. Following the document here: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html I have defined `SecurityServicePolicyData` with type `WAFV2`. Example Code ``` "ManagedServiceData": "{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesCommonRuleSet\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}" ``` Now I want to exclude one of the rules within `AWSManagedRulesCommonRuleSet` but I don't see any guidelines or examples to do that. My question is how to exclude one of the rules within `AWSManagedRulesCommonRuleSet` for example with CloudFormation. ? Regards,lg...