Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
    Todd Johnson

    Issues solved. No need to archive deps when using cdk. Original issue was psycopg2 build not being compatible with the lambda env.

    Installed dependancies here


    const layer = new LayerVersion(this, 'FunctionLayer',{
                code: Code.fromAsset(path.join(__dirname, '../../../layers')),
                compatibleRuntimes: [Runtime.PYTHON_3_7]

    basic bash script to install deps for python runtime version

    rm -rf .venv
    rm -rf ../layers/python/lib/python3.7/site-packages
    mkdir -p ../layers/python/lib/python3.7/site-packages
    pipenv install
    cp -a .venv/lib/python3.7/site-packages/. ../layers/python/lib/python3.7/site-packages/
    rm -rf .venv

    (.venv needs to be removed from functions dir or will cause cdk stack deployment to fail)

    I'm trying to do something that might be against cdk design
    I have aws sam apps creating their own resources
    And in my cdk I want to discover those resources somehow (specifically, lambda functions, ddb tables, apigs etc)
    So I can created some cw alarms for them
    Can't find a way to do it using cdk resources. There are some "fromxxx" methods, but it requires to know what you're looking for. What I want to do is filter resources by type from given deployed CF, and use those resource ARNs in other constructs
    Any ideas how I can get the ARN of all parameters from SSM on a specific path. For example I want to pull in everything in ssm under /namespace/parameter_name
    Looks like I can do something using CLI aws ssm get-parameters-by-path . Any ideas if this could be accomplished in CDK?
    Vincent Voyer
    Hey there, I have a lambda which will only be called via a rule, as a target (cron every 5 minutes). How can I express that this lambda should not be accessible on the internet (no external invocation) while still having access to the internet (calling slack api)? How to express that in CDK using JavaScript? Thanks!
    Vincent Voyer
    (Maybe by default lambdas are not accessible via HTTP calls? I am just starting out :))
    Amit Prakash Ambasta
    @vvo lambdas are not publicly accessible anyways. You can expose them indirectly via apigw integrations
    Vincent Voyer
    Ales Kozina

    hi guys :) i did some research but didnt find anything in the docs. my question is if ResultSelector (in stepfunctions, task) is also able to return only a value instead a key/value pair. to show an example:

    "ResultSelector": {
            "Payload.$": "$.Payload"

    this generates always a new object with property "Payload" but i would actualy like to have all children from "$.Payload" into a new object (without declaring all children-key one by one)

    1 reply
    How do I deploy a construct conditionally? E.g. I only want to deploy a bastion host on staging accounts? I tried it via process.env, but doesn't seem to work.
    1 reply
    if you use Typescript for CDK, can you still use JavaScript in some libraries?
    for example, if I wanted to use Gatsby in JS, but deploy with CDK in TS
    A. G├╝itian
    I want to integrate greedy path variable to a route in Apigatwayv2, someone knows how to?

    I want to integrate greedy path variable to a route in Apigatwayv2, someone knows how to?

    Like is show here: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-routes.html

    anyone knows how to implement it using cdk?
    are the typescript docs kept up to date? I'm looking at Appsync GraphqlApi and it has "modes" as a prop, but this is throwing an error.
    2 replies
    Elad Ben-Israel
    @/all Please join the #aws-cdk channel in the https://cdk.dev Slack workspace. The CDK team no longer monitors this room.
    @eladb Do you know how to retrieve CodeCommit repo tags in CDK?
    1 reply
    Greg Cook

    why is it when I GrantReadWrite to a Lambda for a DynamoDB table when I attempt to add a new item I get:

    postBlog is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-xx-x:xxx:table/MyBlogPosts

    1 reply
    the only way was to GrantFullAccess which goes against least-priveledged principals..
    Marwan Hilmi

    Hello - is it possible to have a resource wait for a specific status / condition of another resource before deploying?
    For instance the code below fails:

    export class GameliftBuildStack extends cdk.Stack {
        public readonly build: gamelift.CfnBuild
        public readonly fleet: gamelift.CfnFleet
        constructor(scope: cdk.App, id: string, props: BuildProps) {
            super(scope, id, props)
            this.build = new gamelift.CfnBuild(this, `build`, {
                name: 'abuild',
                            version: '1.0'
                operatingSystem: 'AMAZON_LINUX_2' 
            this.fleet = new gamelift.CfnFleet(this, `fleet`, {
                buildId: build.ref,
                ec2InstanceType: 'c5.large'

    Because the build takes some indefinite period of time to move into READY status. Error message:

    CREATE_FAILED        | AWS::GameLift::Fleet | fleet (fleet) Invalid Build status 'INITIALIZED' for build-id build-fc47d982-0ee8-4fd5-b15b-d798652ec5be. Must be : READY (Service: AmazonGameLift; Status Code: 400; Error Code: InvalidRequestException; Request ID: 1090b109-6a30-47be-89dd-32fd1000fde9; Proxy: null)

    Does this need to be run as a 1-2 step process or can we add some sort of conditional wait step ie if build.status === 'READY' else wait?

    1 reply
    Is there any better way to use local template in cloudformation stack.
    I am using @aws-cdk/aws-cloudformation to create custom stack
    For now I am uploading local-templets as assets to S3 and using httpUrl of the asset as templateUrl inside the stack.
    2 replies
    Kevin Baynes
    I have a UserPool with a Function assigned to a Trigger, but I'm getting this error on the front end: "PostConfirmation invocation failed due to error AccessDeniedException". This leads me to believe that the UserPool does not have permission to invoke the Function. Does that sound reasonable? So, I'm trying to use Function.grantInvoke(IGrantable) to grant UserPool to invoke. I can't see how to get an IGrantable off the UserPool.
    1 reply

    I'm trying to test a construct that creates stack outputs. Once I synthesize the stack, how do I find the list of stack outputs?

      const mockCloudAssembly = mockApp.synth({ force: true});

    Is there some way to examine a Cloud Assembly and verify that stack outputs were created?

    @DaWyz After our thread I am creating a Construct that exports/imports a VPC from one stack to another. In a week it should be available for general use (I have to write integration tests first) https://github.com/pszabop/cdk-vpc-export-import
    Lachlan Vass

    Does anyone know if it is possible to use CDK to attach a CloudWatch metric to an existing resource (one which was already provisioned manually in AWS). I want to define a bunch of metrics and alarms for resources which already exist.

    I can imagine running a separate SDK script on the account to attach the metrics to the resources, after running the CDK deploy. However if possible I would rather keep this all in CDK, to avoid having to write a bunch of resource lookups in SDK and then deploy across accounts.

    As an example this code runs fine:

        `let testMetric = new cloudwatch.Metric({
            metricName: "CPU Test",
            namespace: "Example namespace",
            period: cdk.Duration.minutes(1) // duration of one minute. 
        let instance = new ec2.Instance(this, "Example", {
            instanceType: new ec2.InstanceType("t2.micro"),
            machineImage: ec2.MachineImage.latestAmazonLinux(),
            vpc: new ec2.Vpc(this, "vpc")
        testMetric.attachTo(instance); `

    However, when I attempt to attempt to replace instance with the result of a from... call (such as fromFargateServiceAttributes, which returns an IBaseService, it fails because an IBaseService is not a Construct

    Gm, how do i obtain the domain name of a cloudfront instance i just created ? If i console.log the value for "distribution.distributionDomainName" I get something like ${Token[Token.140]} but I need the real value to tie this into oktaAPI code to configure okta automatically. Thanks
    Simon Adameit
    Hi there :wave: , I want to setup a pipeline for a monorepo. Is it a sane approach (and possible), to compile the whole code in the pipelines synth action and then refer to the generated artifacts and upload as assets in the application stacks? The compile would also require a custom docker build image, as it's not just JS/TS.
    1 reply
    Is there an API version of the CDK CLI yet? It seems archaic in 2020 to be running multiple commands to integration test something. I googled for an NPM package to wrap the existing CLI but didn't find one. It seems like this would be really easy to write.
    hi is there a way to get the name of a region (e.g. Paris) instead of eu-west-3?
    @lachlanvass-srg I've had similar problems with I<someClass> vs. <someClass>. Often if you cast the I<someClass> to <someClass> it'll fix your problem. Sometimes it won't, but most of the time it works. Example:
        const ddbArn = StackValueShare.getOtherStackOutput(this, mangledStackName + userDbStackSuffix, 'userDevicesTableArn');
        const userTable = dynamodb.Table.fromTableArn(this, 'importedUserTable', ddbArn.toString()) as dynamodb.Table;
    1 reply
    @lachlanvass-srg I've really gotten hip deep into the whole stack export / import thing and all the problems with fromXXX issues. In fact I am now creating some Constructs that do it for you. You'll note in the code example that I have a naming convention for stack exports, because stack exports are in a global namespace. You can see a working example that exports/imports a VPC at https://github.com/pszabop/cdk-vpc-export-import

    Hey folks, I was playing around with the python cdk library for EC2 image builder. I'm working off an example provided by a tutorial from the AWS youtube channel (code src: https://github.com/kreuzhofer/CDKImagebuilderWindowsPipeline/blob/master/cdk/cdk/cdk_stack.py).

    In building my stack, when I define pieces like the Infrastructure or Distribution Configuration, I follow the example and give it a name field like so https://github.com/kreuzhofer/CDKImagebuilderWindowsPipeline/blob/master/cdk/cdk/cdk_stack.py#L52.

    When I try to synth my stack; however, it errors out saying

    TypeError: __init__() got an unexpected keyword argument 'name'

    When I remove it, it synthesizes fine but when I deploy, the Cfn run complains at the resource and fails because

    Model validation failed (#: required key [Name] not found)

    looking at the docs, it seems like the name isn't an inputtable parameter, and CDK or the resulting CFN does nothing to automatically generate anything in its stead. Wondering if anybody's had this experience before either with the image builder library specifically or with any other cdk service library?


    1 reply
    Ievgen Garkusha

    Good day!

    Will someone be so kind to explain why 'cfn-init.ts' removes duplicate command keys:

    This makes it hard to run docker container with multiple mounts.
    In the following example the second occurrence of '--mount' is skipped

      'docker', 'run', '-d',
           '--mount', 'type=bind,source=/tmp/1,target=/tmp/1',
           '--mount', 'type=bind,source=/tmp/2,target=/tmp/2',
    After much trouble figuring out how to export/import VPCs esp. around the use of EFS which requires VPC configuration, I developed a Construct to make it easy. here it is: https://www.npmjs.com/package/vpc-export-import
    thanks for all your help in teaching me how to do this
    is there away to call my own custom function only when destroy command is invoked ?
    Jacob Foster
    Hey all, I am trying to set up SMS MFA in my Cognito User Pool and I am struggling with connecting the SNS role. Anyone have any advice?
    I am getting the message: You must provide a role to allow Amazon Cognito to send SMS messages and it gives me a role that it wants me to assign to the group but I want to create/assign that role in my CDK template.
    50 replies
    Nick Lynch
    @/all Just released v1.68.0 of the AWS CDK
    Lachlan Vass
    Now to try to not accidentally upgrade in the middle of my project, so I don't have to worry about mismatched version numbers
    Hi, Does anyone know how to create a cdk stack with the global scope
    I need to get the distribution.DomainName inside a stack where i am also making rest calls to okta. but this information no mater what I do comes over as ${Token[TOKEN.577]} I tried using Fn.importValue same result. Any idea how I can obtain the real String ?? Thanks
    Venkata Santhosh Piduri
    Does the CDK code pipeline support Github Enterprise repositories as a source? If so could some point me in the right direction, if not what are alternatives I can perform?
    Won Cho

    This is sorta working for me. My lambda's log events are sent to a kinesis firehose stream to a S3 bucket.

      new logs.SubscriptionFilter(this, 'SubscriptionFilter', {
        logGroup: this.lambdaFn.logGroup,
        destination: new FirehoseDestination(deliveryStream),
        filterPattern: logs.FilterPattern.literal('appMonitoring'),

    But the file in the S3 bucket seems to contain encrypted data:

    1f8b 0800 0000 0000 0000 e597 df6f e336
    0cc7 ff95 c2d8 63d5 4aa4 444a 795a 76cd
    15b7 dd75 d892 ede1 2ec5 205b 722e 5b62
    67b1 dbde 50f4 7f1f f3e3 b261 5b7a 2f79

    No idea why it's happening. I'm using only server side generated key.

    Albert Shamsiyan
    Looking for best practice to develop and deploy stack which includes lambda function.
    • should the Lambda code stored in different repo ?
    • how to overcome the need of updating ONLY the deployed Lambda ?
    @AlbertShamsiyan I update the code using non-CFT/CDK code, as updating using CFT/CDK is much slower, and nobody automates the NPM build process as of yet. I use bash scripts but you could easily write in typescript, javascript, or python. You do need to be able to publish the Lambda's ARN in the stack outputs and your code updater needs to read that