あめがえるのITブログ

頑張りすぎない。ほどほどに頑張るブログ。

AWS CDK環境を作成し、S3バケットを作ってみた


やること

AWS CDKを利用するために必要なnode.jsとcdkコマンドのインストールを行う。

前提

Windows11 Powershellで実施
サンプルでTypeScriptを使用し、S3バケットを作成

実践!

1.node.jsインストール
1-1.下記へアクセスし、Node.jsをダウンロード
1-2.ダウンロードしたファイルを実行
1-3.PowerShellを開き、下記を実行

> node --version
v18.16.0


2.cdkインストール
2-1.PowerShellを開き、下記を実行

> npm install -g aws-cdk
added 1 package in 12s

2-2.下記を実行し、cdkがインストールされていることを確認

> cdk --version
2.146.0 (build b368c78)


3.AWS CDKでS3バケットを作成
3-1.下記を実行し、CDKプロジェクト用フォルダを作成

> mkdir cdk-workshop

    ディレクトリ: C:\
Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d-----        2024/06/15     18:03                cdk-worksh
                                          
> cd cdk-workshop

3-2.下記を実行し、サンプルプロジェクトを初期化

> cdk init sample-app --language typescript

Applying project template sample-app for typescript
# Welcome to your CDK TypeScript project

You should explore the contents of this project. It demonstrates a CDK app with an instance of a stack (`CdkWorkshopStack`)
which contains an Amazon SQS queue that is subscribed to an Amazon SNS topic.

The `cdk.json` file tells the CDK Toolkit how to execute your app.

## Useful commands

* `npm run build`   compile typescript to js
* `npm run watch`   watch for changes and compile
* `npm run test`    perform the jest unit tests
* `cdk deploy`      deploy this stack to your default AWS account/region
* `cdk diff`        compare deployed stack with current state
* `cdk synth`       emits the synthesized CloudFormation template

Initializing a new git repository...
Executing npm install...
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
✅ All done!

3-3.下記を実行し、S3バケット作成に必要な依存関係をインストール

> npm install @aws-cdk/aws-s3
npm WARN deprecated @aws-cdk/cx-api@1.204.0: AWS CDK v1 has reached End-of-Support on 2023-06-01.
npm WARN deprecated This package is no longer being updated, and users should migrate to AWS CDK v2.
npm WARN deprecated
npm WARN deprecated For more information on how to migrate, see https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html
npm WARN deprecated @aws-cdk/cloud-assembly-schema@1.204.0: AWS CDK v1 has reached End-of-Support on 2023-06-01.
npm WARN deprecated This package is no longer being updated, and users should migrate to AWS CDK v2.
npm WARN deprecated
npm WARN deprecated For more information on how to migrate, see https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html
npm WARN deprecated @aws-cdk/core@1.204.0: AWS CDK v1 has reached End-of-Support on 2023-06-01.
npm WARN deprecated This package is no longer being updated, and users should migrate to AWS CDK v2.
npm WARN deprecated
npm WARN deprecated For more information on how to migrate, see https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html
npm WARN deprecated @aws-cdk/region-info@1.204.0: AWS CDK v1 has reached End-of-Support on 2023-06-01.
npm WARN deprecated This package is no longer being updated, and users should migrate to AWS CDK v2.
npm WARN deprecated
npm WARN deprecated For more information on how to migrate, see https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html
npm WARN deprecated @aws-cdk/aws-kms@1.204.0: AWS CDK v1 has reached End-of-Support on 2023-06-01.
npm WARN deprecated This package is no longer being updated, and users should migrate to AWS CDK v2.
npm WARN deprecated
npm WARN deprecated For more information on how to migrate, see https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html
npm WARN deprecated @aws-cdk/aws-events@1.204.0: AWS CDK v1 has reached End-of-Support on 2023-06-01.
npm WARN deprecated This package is no longer being updated, and users should migrate to AWS CDK v2.
npm WARN deprecated
npm WARN deprecated For more information on how to migrate, see https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html
npm WARN deprecated @aws-cdk/aws-s3@1.204.0: AWS CDK v1 has reached End-of-Support on 2023-06-01.
npm WARN deprecated This package is no longer being updated, and users should migrate to AWS CDK v2.
npm WARN deprecated
npm WARN deprecated For more information on how to migrate, see https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html
npm WARN deprecated @aws-cdk/aws-iam@1.204.0: AWS CDK v1 has reached End-of-Support on 2023-06-01.
npm WARN deprecated This package is no longer being updated, and users should migrate to AWS CDK v2.
npm WARN deprecated
npm WARN deprecated For more information on how to migrate, see https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html

added 13 packages, and audited 370 packages in 13s

34 packages are looking for funding
  run `npm fund` for details

8 moderate severity vulnerabilities

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

3-4.下記を実行し、サンプル用TypeScriptファイルを編集

> vim lib/cdk-workshop-stack.ts
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as s3 from 'aws-cdk-lib/aws-s3';

export class CdkWorkshopStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    // S3バケットの作成
    new s3.Bucket(this, 'MyBucket', {
      bucketName: 'my-unique-bucket-name-12345618181818181', // 重複しないS3バケット名を指定
      versioned: true,  // バージョニングを有効にする
      removalPolicy: cdk.RemovalPolicy.DESTROY,  // スタックの削除時にバケットを削除する
      autoDeleteObjects: true,  // バケットの削除時にオブジェクトも削除する
    });
  }
}

3-5.下記を実行し、エントリーポイントファイルを編集

> vim bin/cdk-workshop.ts
#!/usr/bin/env node
import * as cdk from 'aws-cdk-lib';
import { CdkWorkshopStack } from '../lib/cdk-workshop-stack';

const app = new cdk.App();
new CdkWorkshopStack(app, 'CdkWorkshopStack');

3-6.下記を実行し、TypeScriptをビルド

> npm run build
cdk-workshop@0.1.0 build
>tsc

3-7.下記を実行し、CDKをデプロイ

> cdk deploy

✨  Synthesis time: 7.16s

CdkWorkshopStack:  start: Building 1d52cf2c4c14563d12ca62e769f1707a994e8ec19decfeba3fa09acc5394cf03:current_account-current_region
CdkWorkshopStack:  success: Built 1d52cf2c4c14563d12ca62e769f1707a994e8ec19decfeba3fa09acc5394cf03:current_account-current_region
CdkWorkshopStack:  start: Publishing 1d52cf2c4c14563d12ca62e769f1707a994e8ec19decfeba3fa09acc5394cf03:current_account-current_region
CdkWorkshopStack:  success: Published 1d52cf2c4c14563d12ca62e769f1707a994e8ec19decfeba3fa09acc5394cf03:current_account-current_region
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:

IAM Statement Changes
┌───┬────────────────────────┬────────┬────────────────────────┬──────────────────────────┬───────────┐
│   │ Resource               │ Effect │ Action                 │ Principal                │ Condition │
├───┼────────────────────────┼────────┼────────────────────────┼──────────────────────────┼───────────┤
│ + │ ${Custom::S3AutoDelete │ Allow  │ sts:AssumeRole         │ Service:lambda.amazonaws │           │
│   │ ObjectsCustomResourceP │        │                        │ .com                     │           │
│   │ rovider/Role.Arn}      │        │                        │                          │           │
├───┼────────────────────────┼────────┼────────────────────────┼──────────────────────────┼───────────┤
│ + │ ${MyBucket.Arn}        │ Allow  │ s3:DeleteObject*       │ AWS:${Custom::S3AutoDele │           │
│   │ ${MyBucket.Arn}/*      │        │ s3:GetBucket*          │ teObjectsCustomResourceP │           │
│   │                        │        │ s3:List*               │ rovider/Role.Arn}        │           │
│   │                        │        │ s3:PutBucketPolicy     │                          │           │
└───┴────────────────────────┴────────┴────────────────────────┴──────────────────────────┴───────────┘
IAM Policy Changes
┌───┬────────────────────────────────────────────────┬────────────────────────────────────────────────┐
│   │ Resource                                       │ Managed Policy ARN                             │
├───┼────────────────────────────────────────────────┼────────────────────────────────────────────────┤
│ + │ ${Custom::S3AutoDeleteObjectsCustomResourcePro │ {"Fn::Sub":"arn:${AWS::Partition}:iam::aws:pol │
│   │ vider/Role}                                    │ icy/service-role/AWSLambdaBasicExecutionRole"} │
└───┴────────────────────────────────────────────────┴────────────────────────────────────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Do you wish to deploy these changes (y/n)? y
CdkWorkshopStack: deploying... [1/1]
CdkWorkshopStack: creating CloudFormation changeset...
CdkWorkshopStack | 0/7 | 15:50:57 | REVIEW_IN_PROGRESS   | AWS::CloudFormation::Stack  | CdkWorkshopStack User Initiated
CdkWorkshopStack | 0/7 | 15:51:04 | CREATE_IN_PROGRESS   | AWS::CloudFormation::Stack  | CdkWorkshopStack User Initiated
CdkWorkshopStack | 0/7 | 15:51:07 | CREATE_IN_PROGRESS   | AWS::IAM::Role              | Custom::S3AutoDeleteObjectsCustomResourceProvider/Role (CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092)
CdkWorkshopStack | 0/7 | 15:51:07 | CREATE_IN_PROGRESS   | AWS::CDK::Metadata          | CDKMetadata/Default (CDKMetadata)
CdkWorkshopStack | 0/7 | 15:51:07 | CREATE_IN_PROGRESS   | AWS::S3::Bucket             | MyBucket (MyBucketF68F3FF0)
CdkWorkshopStack | 0/7 | 15:51:08 | CREATE_IN_PROGRESS   | AWS::CDK::Metadata          | CDKMetadata/Default (CDKMetadata) Resource creation Initiated
CdkWorkshopStack | 1/7 | 15:51:08 | CREATE_COMPLETE      | AWS::CDK::Metadata          | CDKMetadata/Default (CDKMetadata)
CdkWorkshopStack | 1/7 | 15:51:08 | CREATE_IN_PROGRESS   | AWS::IAM::Role              | Custom::S3AutoDeleteObjectsCustomResourceProvider/Role (CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092) Resource creation Initiated
CdkWorkshopStack | 1/7 | 15:51:09 | CREATE_IN_PROGRESS   | AWS::S3::Bucket             | MyBucket (MyBucketF68F3FF0) Resource creation Initiated
CdkWorkshopStack | 2/7 | 15:51:25 | CREATE_COMPLETE      | AWS::IAM::Role              | Custom::S3AutoDeleteObjectsCustomResourceProvider/Role (CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092)
CdkWorkshopStack | 3/7 | 15:51:33 | CREATE_COMPLETE      | AWS::S3::Bucket             | MyBucket (MyBucketF68F3FF0)
CdkWorkshopStack | 3/7 | 15:51:34 | CREATE_IN_PROGRESS   | AWS::Lambda::Function       | Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler (CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F)
CdkWorkshopStack | 3/7 | 15:51:35 | CREATE_IN_PROGRESS   | AWS::S3::BucketPolicy       | MyBucket/Policy (MyBucketPolicyE7FBAC7B)
CdkWorkshopStack | 3/7 | 15:51:36 | CREATE_IN_PROGRESS   | AWS::Lambda::Function       | Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler (CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F) Resource creation Initiated
CdkWorkshopStack | 3/7 | 15:51:36 | CREATE_IN_PROGRESS   | AWS::S3::BucketPolicy       | MyBucket/Policy (MyBucketPolicyE7FBAC7B) Resource creation Initiated
CdkWorkshopStack | 4/7 | 15:51:37 | CREATE_COMPLETE      | AWS::S3::BucketPolicy       | MyBucket/Policy (MyBucketPolicyE7FBAC7B)
CdkWorkshopStack | 4/7 | 15:51:37 | CREATE_IN_PROGRESS   | AWS::Lambda::Function       | Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler (CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F) Eventual consistency check initiated
CdkWorkshopStack | 5/7 | 15:51:42 | CREATE_COMPLETE      | AWS::Lambda::Function       | Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler (CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F)
CdkWorkshopStack | 5/7 | 15:51:43 | CREATE_IN_PROGRESS   | Custom::S3AutoDeleteObjects | MyBucket/AutoDeleteObjectsCustomResource/Default (MyBucketAutoDeleteObjectsCustomResource2C28D565)
CdkWorkshopStack | 5/7 | 15:51:45 | CREATE_IN_PROGRESS   | Custom::S3AutoDeleteObjects | MyBucket/AutoDeleteObjectsCustomResource/Default (MyBucketAutoDeleteObjectsCustomResource2C28D565) Resource creation Initiated
CdkWorkshopStack | 6/7 | 15:51:45 | CREATE_COMPLETE      | Custom::S3AutoDeleteObjects | MyBucket/AutoDeleteObjectsCustomResource/Default (MyBucketAutoDeleteObjectsCustomResource2C28D565)
CdkWorkshopStack | 7/7 | 15:51:46 | CREATE_COMPLETE      | AWS::CloudFormation::Stack  | CdkWorkshopStack

 ✅  CdkWorkshopStack

✨  Deployment time: 51.79s

Stack ARN:
arn:aws:cloudformation:ap-northeast-1:xxxxxxxxxxxx:stack/CdkWorkshopStack/c8e47780-2bac-11ef-8ea6-06e695c8199b

✨  Total time: 58.95s

3-8.下記を実行し、S3バケットが作成されていることを確認

> aws s3 ls
2024-06-16 15:51:37 my-unique-bucket-name-1234561818181818181


4.後片付け
4-1.下記を実行し、スタックとS3バケットを削除

> cdk destroy
Are you sure you want to delete: CdkWorkshopStack (y/n)? y
CdkWorkshopStack: destroying... [1/1]
CdkWorkshopStack |   0 | 15:54:28 | DELETE_IN_PROGRESS   | AWS::CloudFormation::Stack  | CdkWorkshopStack User Initiated
CdkWorkshopStack |   0 | 15:54:30 | DELETE_IN_PROGRESS   | AWS::CDK::Metadata          | CDKMetadata/Default (CDKMetadata)
CdkWorkshopStack |   0 | 15:54:30 | DELETE_IN_PROGRESS   | Custom::S3AutoDeleteObjects | MyBucket/AutoDeleteObjectsCustomResource/Default (MyBucketAutoDeleteObjectsCustomResource2C28D565)
CdkWorkshopStack |   1 | 15:54:31 | DELETE_COMPLETE      | AWS::CDK::Metadata          | CDKMetadata/Default (CDKMetadata)
CdkWorkshopStack |   2 | 15:54:33 | DELETE_COMPLETE      | Custom::S3AutoDeleteObjects | MyBucket/AutoDeleteObjectsCustomResource/Default (MyBucketAutoDeleteObjectsCustomResource2C28D565)
CdkWorkshopStack |   2 | 15:54:34 | DELETE_IN_PROGRESS   | AWS::Lambda::Function       | Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler (CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F)
CdkWorkshopStack |   2 | 15:54:34 | DELETE_IN_PROGRESS   | AWS::S3::BucketPolicy       | MyBucket/Policy (MyBucketPolicyE7FBAC7B)
CdkWorkshopStack |   3 | 15:54:35 | DELETE_COMPLETE      | AWS::S3::BucketPolicy       | MyBucket/Policy (MyBucketPolicyE7FBAC7B)
CdkWorkshopStack |   4 | 15:54:37 | DELETE_COMPLETE      | AWS::Lambda::Function       | Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler (CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F)
CdkWorkshopStack |   4 | 15:54:37 | DELETE_IN_PROGRESS   | AWS::S3::Bucket             | MyBucket (MyBucketF68F3FF0)
CdkWorkshopStack |   4 | 15:54:37 | DELETE_IN_PROGRESS   | AWS::IAM::Role              | Custom::S3AutoDeleteObjectsCustomResourceProvider/Role (CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092)
CdkWorkshopStack |   5 | 15:54:39 | DELETE_COMPLETE      | AWS::S3::Bucket             | MyBucket (MyBucketF68F3FF0)

 ✅  CdkWorkshopStack: destroyed

4-2.下記を実行し、S3バケットが削除されていることを確認

> aws s3 ls
 



感想

テンプレートをS3にアップロードしなくてもいいのでCloudFormationより楽な気がする。TypeScript勉強しないと。。。