本篇文章內有:
為了要使用 AWS CDK 來對 AWS 帳號做更動,我們要先來針對 AWS 帳號做初始化設定。
在上篇文章中我們已經把初始化所需要的手動步驟都設定好了,現在開始我們都會使用 CLI ,不管是 AWS CLI 或 AWS CDK CLI ,做帳號的更動。
AWS Console 還是會用到,但都是在做檢視的部分。
初始化指令只需要這一行就結束了。
npm run cdk -- bootstrap
下面會看到一長串的輸出,只要最後面有個綠色的勾勾,就代表完成囉。
⏳ Bootstrapping environment aws://123456789012/us-east-1...
Trusted accounts for deployment: (none)
Trusted accounts for lookup: (none)
Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize.
CDKToolkit: creating CloudFormation changeset...
CDKToolkit | 0/12 | 12:00:05 AM | REVIEW_IN_PROGRESS | AWS::CloudFormation::Stack | CDKToolkit User Initiated
CDKToolkit | 0/12 | 12:00:13 AM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | CDKToolkit User Initiated
CDKToolkit | 0/12 | 12:00:17 AM | CREATE_IN_PROGRESS | AWS::ECR::Repository | ContainerAssetsRepository
CDKToolkit | 0/12 | 12:00:17 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | LookupRole
CDKToolkit | 0/12 | 12:00:17 AM | CREATE_IN_PROGRESS | AWS::S3::Bucket | StagingBucket
CDKToolkit | 0/12 | 12:00:17 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | FilePublishingRole
CDKToolkit | 0/12 | 12:00:17 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | CloudFormationExecutionRole
CDKToolkit | 0/12 | 12:00:17 AM | CREATE_IN_PROGRESS | AWS::SSM::Parameter | CdkBootstrapVersion
CDKToolkit | 0/12 | 12:00:17 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | ImagePublishingRole
CDKToolkit | 0/12 | 12:00:18 AM | CREATE_IN_PROGRESS | AWS::S3::Bucket | StagingBucket Resource creation Initiated
CDKToolkit | 0/12 | 12:00:18 AM | CREATE_IN_PROGRESS | AWS::ECR::Repository | ContainerAssetsRepository Resource creation Initiated
CDKToolkit | 0/12 | 12:00:18 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | ImagePublishingRole Resource creation Initiated
CDKToolkit | 0/12 | 12:00:18 AM | CREATE_IN_PROGRESS | AWS::SSM::Parameter | CdkBootstrapVersion Resource creation Initiated
CDKToolkit | 0/12 | 12:00:18 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | FilePublishingRole Resource creation Initiated
CDKToolkit | 0/12 | 12:00:18 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | CloudFormationExecutionRole Resource creation Initiated
CDKToolkit | 1/12 | 12:00:18 AM | CREATE_COMPLETE | AWS::ECR::Repository | ContainerAssetsRepository
CDKToolkit | 1/12 | 12:00:18 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | LookupRole Resource creation Initiated
CDKToolkit | 2/12 | 12:00:19 AM | CREATE_COMPLETE | AWS::SSM::Parameter | CdkBootstrapVersion
CDKToolkit | 3/12 | 12:00:29 AM | CREATE_COMPLETE | AWS::IAM::Role | ImagePublishingRole
CDKToolkit | 4/12 | 12:00:29 AM | CREATE_COMPLETE | AWS::IAM::Role | FilePublishingRole
CDKToolkit | 5/12 | 12:00:29 AM | CREATE_COMPLETE | AWS::IAM::Role | CloudFormationExecutionRole
CDKToolkit | 6/12 | 12:00:30 AM | CREATE_COMPLETE | AWS::IAM::Role | LookupRole
CDKToolkit | 6/12 | 12:00:30 AM | CREATE_IN_PROGRESS | AWS::IAM::Policy | ImagePublishingRoleDefaultPolicy
CDKToolkit | 6/12 | 12:00:31 AM | CREATE_IN_PROGRESS | AWS::IAM::Policy | ImagePublishingRoleDefaultPolicy Resource creation Initiated
CDKToolkit | 7/12 | 12:00:39 AM | CREATE_COMPLETE | AWS::S3::Bucket | StagingBucket
CDKToolkit | 7/12 | 12:00:40 AM | CREATE_IN_PROGRESS | AWS::IAM::Policy | FilePublishingRoleDefaultPolicy
CDKToolkit | 7/12 | 12:00:40 AM | CREATE_IN_PROGRESS | AWS::S3::BucketPolicy | StagingBucketPolicy
CDKToolkit | 7/12 | 12:00:41 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | DeploymentActionRole
CDKToolkit | 7/12 | 12:00:41 AM | CREATE_IN_PROGRESS | AWS::S3::BucketPolicy | StagingBucketPolicy Resource creation Initiated
CDKToolkit | 8/12 | 12:00:41 AM | CREATE_COMPLETE | AWS::S3::BucketPolicy | StagingBucketPolicy
CDKToolkit | 8/12 | 12:00:42 AM | CREATE_IN_PROGRESS | AWS::IAM::Policy | FilePublishingRoleDefaultPolicy Resource creation Initiated
CDKToolkit | 8/12 | 12:00:43 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | DeploymentActionRole Resource creation Initiated
CDKToolkit | 9/12 | 12:00:47 AM | CREATE_COMPLETE | AWS::IAM::Policy | ImagePublishingRoleDefaultPolicy
CDKToolkit | 10/12 | 12:00:54 AM | CREATE_COMPLETE | AWS::IAM::Role | DeploymentActionRole
CDKToolkit | 11/12 | 12:00:57 AM | CREATE_COMPLETE | AWS::IAM::Policy | FilePublishingRoleDefaultPolicy
CDKToolkit | 12/12 | 12:00:59 AM | CREATE_COMPLETE | AWS::CloudFormation::Stack | CDKToolkit
✅ Environment aws://123456789012/us-east-1 bootstrapped.
在部署也是簡單的一行指令就收工。
npm run cdk -- deploy
才怪,突然間,他問你要不要繼續部署。
Do you wish to deploy these changes (y/n)?
這邊輸入 y 後按下 Enter 讓他繼續跑。
在等他執行的過程中,讓我們從 AWS CDK CLI 輸出的內容看看他做了什麼。
這邊提到了合成 (Synthesis) ,看來是有做了些處理,在後面的文章我們會詳細解釋這邊的細節。
✨ Synthesis time: 2.74s
還看到有做了些檔案的建置跟發佈,我們繼續往下看。
SampleAppStack: start: Building f6daf17c4c4317e81ea73a06160ba349e36aeb8cebf9bb22189c4082e4c1e418:current_account-current_region
SampleAppStack: success: Built f6daf17c4c4317e81ea73a06160ba349e36aeb8cebf9bb22189c4082e4c1e418:current_account-current_region
SampleAppStack: start: Publishing f6daf17c4c4317e81ea73a06160ba349e36aeb8cebf9bb22189c4082e4c1e418:current_account-current_region
SampleAppStack: success: Published f6daf17c4c4317e81ea73a06160ba349e36aeb8cebf9bb22189c4082e4c1e418:current_account-current_region
下面提到了安全性的變更,原來一開始詢問的目的是因為有安全性上的更動。
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:
IAM Statement Changes
┌───┬────────────┬────────┬────────────┬────────────┬──────────────┐
│ │ Resource │ Effect │ Action │ Principal │ Condition │
├───┼────────────┼────────┼────────────┼────────────┼──────────────┤
│ + │ ${SampleAp │ Allow │ sqs:SendMe │ Service:sn │ "ArnEquals": │
│ │ pQueue.Arn │ │ ssage │ s.amazonaw │ { │
│ │ } │ │ │ s.com │ "aws:Sourc │
│ │ │ │ │ │ eArn": "${Sa │
│ │ │ │ │ │ mpleAppTopic │
│ │ │ │ │ │ }" │
│ │ │ │ │ │ } │
└───┴────────────┴────────┴────────────┴────────────┴──────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
綠色勾勾出現了,看來是成功地結束。
SampleAppStack: deploying... [1/1]
SampleAppStack: creating CloudFormation changeset...
SampleAppStack | 0/6 | 12:00:05 AM | REVIEW_IN_PROGRESS | AWS::CloudFormation::Stack | SampleAppStack User Initiated
SampleAppStack | 0/6 | 12:00:14 AM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | SampleAppStack User Initiated
SampleAppStack | 0/6 | 12:00:17 AM | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata)
SampleAppStack | 0/6 | 12:00:17 AM | CREATE_IN_PROGRESS | AWS::SQS::Queue | SampleAppQueue (SampleAppQueueECFF513D)
SampleAppStack | 0/6 | 12:00:17 AM | CREATE_IN_PROGRESS | AWS::SNS::Topic | SampleAppTopic (SampleAppTopicA1D4DBDE)
SampleAppStack | 0/6 | 12:00:18 AM | CREATE_IN_PROGRESS | AWS::SQS::Queue | SampleAppQueue (SampleAppQueueECFF513D) Resource creation Initiated
SampleAppStack | 0/6 | 12:00:18 AM | CREATE_IN_PROGRESS | AWS::SNS::Topic | SampleAppTopic (SampleAppTopicA1D4DBDE) Resource creation Initiated
SampleAppStack | 0/6 | 12:00:18 AM | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata) Resource creation Initiated
SampleAppStack | 1/6 | 12:00:18 AM | CREATE_COMPLETE | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata)
SampleAppStack | 2/6 | 12:00:18 AM | CREATE_COMPLETE | AWS::SNS::Topic | SampleAppTopic (SampleAppTopicA1D4DBDE)
SampleAppStack | 3/6 | 12:00:19 AM | CREATE_COMPLETE | AWS::SQS::Queue | SampleAppQueue (SampleAppQueueECFF513D)
SampleAppStack | 3/6 | 12:00:20 AM | CREATE_IN_PROGRESS | AWS::SQS::QueuePolicy | SampleAppQueue/Policy (SampleAppQueuePolicyC68AAFE2)
SampleAppStack | 3/6 | 12:00:21 AM | CREATE_IN_PROGRESS | AWS::SQS::QueuePolicy | SampleAppQueue/Policy (SampleAppQueuePolicyC68AAFE2) Resource creation Initiated
SampleAppStack | 4/6 | 12:00:22 AM | CREATE_COMPLETE | AWS::SQS::QueuePolicy | SampleAppQueue/Policy (SampleAppQueuePolicyC68AAFE2)
SampleAppStack | 4/6 | 12:00:22 AM | CREATE_IN_PROGRESS | AWS::SNS::Subscription | SampleAppQueue/SampleAppStackSampleAppTopic1FB495E2 (SampleAppQueueSampleAppStackSampleAppTopic1FB495E2F636FD34)
SampleAppStack | 4/6 | 12:00:23 AM | CREATE_IN_PROGRESS | AWS::SNS::Subscription | SampleAppQueue/SampleAppStackSampleAppTopic1FB495E2 (SampleAppQueueSampleAppStackSampleAppTopic1FB495E2F636FD34) Resource creation Initiated
SampleAppStack | 5/6 | 12:00:23 AM | CREATE_COMPLETE | AWS::SNS::Subscription | SampleAppQueue/SampleAppStackSampleAppTopic1FB495E2 (SampleAppQueueSampleAppStackSampleAppTopic1FB495E2F636FD34)
SampleAppStack | 6/6 | 12:00:24 AM | CREATE_COMPLETE | AWS::CloudFormation::Stack | SampleAppStack
✅ SampleAppStack
這些事件可以看到有分為六個欄位,我們來拿最後一行作為範例來拆解一下。
SampleAppStack | 6/6 | 12:00:24 AM | CREATE_COMPLETE | AWS::CloudFormation::Stack | SampleAppStack
SampleAppStack:現在的事件是屬於誰的。6/6:有幾個資源被建立成功以及總共有幾個資源需要被建立。12:00:24 AM:事件的時間。CREATE_COMPLETE:事件的狀態。AWS::CloudFormation::Stack:事件的資源類型。SampleAppStack:事件的資源。原來還會計時花了多久部署。
✨ Deployment time: 26.61s
部署上去的資源也會列出來,可是, AWS CloudFormation ?怎麼又提到他了?
Stack ARN:
arn:aws:cloudformation:us-east-1:123456789012:stack/SampleAppStack/9e6cf120-53e5-11ee-a21a-12478d77f1b3
最後以總花費時間做結尾。
✨ Total time: 29.35s
現在讓我們進 AWS Console 看一下建立的資源在哪裡。
既然在最後出現了 AWS CloudFormation ,那我們就先去看一下他。
從上面的搜尋列輸入 CloudFormation ,懶人如我可以打 cfn 就好,點選 CloudFormation 。
我們的 AWS CDK 專案名稱竟然出現在這裡,一定要進去看看。
ID 一致,建立時間也一樣,原來 AWS CDK 背後仍然是以 AWS CloudFormation 為基礎在做 IaC 。
進去 Resources 瞧一瞧,原來我們的 AWS CDK 專案建立了 SNS 跟 SQS 這兩種資源。
接著我們來看一下 AWS CloudFormation 模板 (Template) ,竟然有上百行!真的幸好有 AWS CDK 幫忙。
既然 AWS CDK 依然是透過 AWS CloudFormation 在建置資源,那我們當然要來了解一下在 AWS CloudFormation 中的各種狀態,我們將這些狀態拆分成前綴跟後綴的方式來解釋。
CREATE:建立資源或堆疊。ROLLBACK:建立資源或堆疊中途失敗,或是被取消,正在回復變更。UPDATE:更新資源或堆疊。UPDATE_ROLLBACK:更新資源或堆疊中途失敗,或是被取消,正在回復變更。DELETE:刪除資源或堆疊。IMPORT:匯入資源,在 AWS CDK 中通常不會出現。IN_PROGRESS:正在進行中。COMPLETE_CLEANUP_IN_PROGRESS:正在清除舊有資源中,只會跟 UPDATE 或 UPDATE_ROLLBACK 一起出現。COMPLETE:成功了。FAILED:失敗了。SKIPPED:跳過了,只有當資源的刪除策略 (deletion policy) 被標示為保留 (retain) 時才會出現。在透過 AWS CDK CLI 部署完之後,現在要來試著刪除部署上去的資源,同時再來看一下 AWS CDK CLI 的輸出。
一樣是一行指令就可以完成的刪除。
npm run cdk -- destroy
這次一開始就詢問是不是要執行這個動作。
Are you sure you want to delete: SampleAppStack (y/n)?
同樣的,輸入 y 後按下 Enter 。
刪除的輸出簡短很多,綠色勾勾一樣是代表著成功結束。
SampleAppStack: destroying... [1/1]
SampleAppStack | 0 | 12:00:05 AM | DELETE_IN_PROGRESS | AWS::CloudFormation::Stack | SampleAppStack User Initiated
SampleAppStack | 0 | 12:00:07 AM | DELETE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata)
SampleAppStack | 0 | 12:00:07 AM | DELETE_IN_PROGRESS | AWS::SNS::Subscription | SampleAppQueue/SampleAppStackSampleAppTopic1FB495E2 (SampleAppQueueSampleAppStackSampleAppTopic1FB495E2F636FD34)
SampleAppStack | 1 | 12:00:08 AM | DELETE_COMPLETE | AWS::SNS::Subscription | SampleAppQueue/SampleAppStackSampleAppTopic1FB495E2 (SampleAppQueueSampleAppStackSampleAppTopic1FB495E2F636FD34)
SampleAppStack | 2 | 12:00:08 AM | DELETE_COMPLETE | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata)
SampleAppStack | 2 | 12:00:08 AM | DELETE_IN_PROGRESS | AWS::SQS::QueuePolicy | SampleAppQueue/Policy (SampleAppQueuePolicyC68AAFE2)
SampleAppStack | 3 | 12:00:09 AM | DELETE_COMPLETE | AWS::SQS::QueuePolicy | SampleAppQueue/Policy (SampleAppQueuePolicyC68AAFE2)
SampleAppStack | 3 | 12:00:10 AM | DELETE_IN_PROGRESS | AWS::SQS::Queue | SampleAppQueue (SampleAppQueueECFF513D)
SampleAppStack | 3 | 12:00:10 AM | DELETE_IN_PROGRESS | AWS::SNS::Topic | SampleAppTopic (SampleAppTopicA1D4DBDE)
3 Currently in progress: SampleAppStack, SampleAppQueueECFF513D, SampleAppTopicA1D4DBDE
SampleAppStack | 4 | 12:00:16 AM | DELETE_COMPLETE | AWS::SNS::Topic | SampleAppTopic (SampleAppTopicA1D4DBDE)
✅ SampleAppStack: destroyed
可以看到,這次第二個欄位有點不一樣,在刪除的過程中,這邊是代表已經有幾個資源被成功刪除了。
在經歷了簡單的部署跟刪除,介紹完 AWS CDK 跟 AWS CloudFormation 的關係,理解 AWS CloudFormation 的狀態後,我們要來開始親自編寫 AWS CDK 的內容了。
iThome鐵人賽
看影片追技術