This guide provides a concise overview of the AWS CDK infrastructure for the project. It is intended for software and DevOps engineers deploying and maintaining the project on AWS.
The infrastructure is organized into two main AWS CDK stacks:
| Stack Name Pattern | Purpose |
|---|---|
{app-name}-data-{env} |
Manages DynamoDB tables and data resources |
{app-name}-sns-{env} |
Manages SNS topics for messaging |
{app-name}-lambda-{env} |
Manages Lambda functions and API Gateway |
Purpose: Manages DynamoDB tables and data-related resources.
Key Resources:
| Resource | Name Pattern | Key Properties |
|---|---|---|
| DynamoDB Table | {app-name}-task-{env} |
Partition Key: pk (String), On-demand billing, SSE encryption, PITR (prd only), Removal Policy: RETAIN (prd), DESTROY (dev/qat) |
Outputs:
| Output Name | Export Name Pattern | Description |
|---|---|---|
TaskTableName |
{app-name}-task-table-name-{env} |
Table name (exported as stack output) |
TaskTableArn |
{app-name}-task-table-arn-{env} |
Table ARN (exported as stack output) |
Purpose: Manages SNS topics for messaging and event publishing.
Key Resources:
| Resource | Name Pattern | Key Properties |
|---|---|---|
| SNS Topic | {app-name}-task-event-{env} |
Standard (non-FIFO) topic, AWS-managed encryption |
Outputs:
| Output Name | Export Name Pattern | Description |
|---|---|---|
TaskEventTopicArn |
{app-name}-task-event-topic-arn-{env} |
Task Event Topic ARN (exported) |
Purpose: Manages Lambda functions, API Gateway, and application runtime resources.
Key Resources:
| Resource | Name Pattern | Purpose/Notes |
|---|---|---|
| Lambda Function | {app-name}-list-tasks-{env} |
List all tasks (DynamoDB Scan) |
| Lambda Function | {app-name}-get-task-{env} |
Get a task by ID (DynamoDB GetItem) |
| Lambda Function | {app-name}-create-task-{env} |
Create a new task (DynamoDB PutItem) |
| Lambda Function | {app-name}-update-task-{env} |
Update a task (DynamoDB UpdateItem) |
| Lambda Function | {app-name}-delete-task-{env} |
Delete a task (DynamoDB DeleteItem) |
| API Gateway | {app-name}-api-{env} |
REST API for Lambda functions |
Environment Variables Passed to Lambda Functions:
All Lambda functions receive the following environment variables from the CDK configuration:
| Variable | Source | Purpose |
|---|---|---|
TASKS_TABLE |
Data Stack output | DynamoDB table name for tasks |
TASK_EVENT_TOPIC_ARN |
SNS Stack output | SNS topic ARN for publishing task events |
LOGGING_ENABLED |
CDK_APP_LOGGING_ENABLED |
Enable/disable application logging |
LOGGING_LEVEL |
CDK_APP_LOGGING_LEVEL |
Application logging level |
LOGGING_FORMAT |
CDK_APP_LOGGING_FORMAT |
Application logging format |
CORS_ALLOW_ORIGIN |
CDK_CORS_ALLOW_ORIGIN |
CORS allow origin header value |
Outputs:
| Output Name | Export Name Pattern | Description |
|---|---|---|
ApiUrl |
{app-name}-api-url-{env} |
API Gateway endpoint URL |
ApiId |
{app-name}-api-id-{env} |
API Gateway ID |
ListTasksFunctionArn |
{app-name}-list-tasks-arn-{env} |
List Tasks Lambda function ARN |
GetTaskFunctionArn |
{app-name}-get-task-arn-{env} |
Get Task Lambda function ARN |
CreateTaskFunctionArn |
{app-name}-create-task-arn-{env} |
Create Task Lambda function ARN |
UpdateTaskFunctionArn |
{app-name}-update-task-arn-{env} |
Update Task Lambda function ARN |
DeleteTaskFunctionArn |
{app-name}-delete-task-arn-{env} |
Delete Task Lambda function ARN |
All resources are tagged for cost allocation and management:
| Tag | Source | Example Value |
|---|---|---|
App |
CDK_APP_NAME |
lambda-starter |
Env |
CDK_ENV |
dev, qat, prd |
OU |
CDK_OU |
software-engineering |
Owner |
CDK_OWNER |
platform-team |
- For environment variables, configuration, and validation, see the Configuration Guide.
- For CI/CD, GitHub Actions, and DevOps automation, see the DevOps Guide.
- Never commit secrets: Use
.envfor local configuration only - Use AWS Secrets Manager: Store sensitive values in AWS Secrets Manager or SSM Parameter Store
- Least privilege: Grant only necessary IAM permissions
- Enable encryption: All data at rest should be encrypted
- Separate accounts: Use different AWS accounts for each environment
- Test before deploying: Always run
npm testbefore deployment - Review diffs: Use
npm run diffto review changes before applying - Use descriptive names: Follow naming conventions for resources
- Document changes: Update README when adding new stacks or resources
- Type safety: Leverage TypeScript for compile-time error detection
- Tag everything: Ensure all resources have proper tags
- Monitor costs: Use cost allocation tags to track spending
- Backup production: Enable point-in-time recovery for critical databases
- Retain production resources: Use
RETAINremoval policy for production - Version control: Commit infrastructure changes to source control
Problem: CDK configuration validation failed
Solutions:
- Verify
.envfile exists in the infrastructure directory - Check that
CDK_ENVis set to a valid value (dev,qat,prd) - Ensure all required variables are set
Problem: Build fails with TypeScript errors
Solutions:
- Ensure dependencies are installed:
npm install - Verify Node.js version:
node --version(should be v24+) - Check for syntax errors in TypeScript files
- Clean and rebuild:
npm run clean && npm run build
Problem: Stack deployment fails
Solutions:
- Verify AWS credentials:
aws sts get-caller-identity - Check account and region: Ensure
CDK_ACCOUNTandCDK_REGIONmatch your AWS profile - Confirm IAM permissions: Verify you have necessary permissions
- Review CloudFormation events in AWS Console for detailed error messages
- Check for resource naming conflicts
Problem: This stack requires bootstrap stack version X
Solution:
cdk bootstrap aws://ACCOUNT-ID/REGION --forceProblem: Warning about untested Node.js version
Solution:
export JSII_SILENCE_WARNING_UNTESTED_NODE_VERSION=1Or use a supported Node.js version (22.x or 20.x).
For more information about this project, see the main README or visit the documentation.