Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
    Austin Vance
    Upgrading CDK to 1.42.0 causes the removal of a bunch of tags - is that normal?
    I don't see anything mentioned in the Release notes - but the name tag is removed everywhere
    Darryl Hughes
    Hey all, Has anyone used CDK with Amazon Deployment Framework (ADF) which is written in CDK.
    I have a new project that we are about to start and want to get the team to use CDK instead of creating CFN manually .
    We deploy through four accounts "Dev/Test/UAT/Prod so we have to set up account related environment variable ,this is currently handled by ADF
    6 replies
    Omer Tarik Koc
    Anybody used servicediscovery to communicate between separate cdk projects?
    Juan Carlos Ledesma
    Hello. Anybody could help me to "translate" this CloudFormation to CDK, please? I was trying to do, but this is the first time that i work with CDK and I not sure how to do it
        Type: AWS::IAM::Role
            - Effect: Allow
                - sts:AssumeRole
            - PolicyName: AmazonECSTaskExecutionRolePolicy
                Version: "2012-10-17"
                - Effect: Allow
                    - 'ecr:GetAuthorizationToken'
                    - 'ecr:BatchCheckLayerAvailability'
                    - 'ecr:GetDownloadUrlForLayer'
                    - 'ecr:BatchGetImage'
                    - 'logs:CreateLogStream'
                    - 'logs:PutLogEvents'
                  Resource: '*'
    This is one of many other that I need to migrate
    3 replies

    Hello fellows,
    Is there something wrong in this code :

    this.paramCloudformationCapabilities = new CfnParameter(scope, id + '-Cloudformation-capabilities', {
    type: 'CommaDelimitedList',
    description: 'See'

    It compiles ok, but fails on deploy

    message: 'Template format error: Unrecognized parameter type: commaDelimitedList', code: 'ValidationError',

    Any clues welcomed

    10 replies
    Hammad Raza
    Hi Fellas, I'm new to CDK and having a hard time in importing an existing VPC. Would appreciate any pointers.
    Can confirm following:
    • account and region for stack are being setup by using env
    • vpc exists in the specified region
      However, cdk synth still returns vpc as vpc-12345 with other dummy values -> I'm printing out my Vpc.
    import * as cdk from '@aws-cdk/core';
    import * as ec2 from "@aws-cdk/aws-ec2";
    import * as sqs from "@aws-cdk/aws-sqs";
    const myconfig = require('../params/config');
    var stack = new cdk.Stack(new cdk.App(), 'test1', {
      env: {
        region: myconfig.myService.Infra.region,
        account: myconfig.myService.Infra.awsAccount
    const vpc = ec2.Vpc.fromLookup(stack, 'ExternalVpc', { vpcId: myconfig.myService.Infra.vpcId });
    console.log(vpc);  /// returns vpc with id as vpc-12345
     export class CdkWorkshopStack extends cdk.Stack {
      public constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
      super(scope, id, props);
       const queue = new sqs.Queue(this, 'CdkWorkshopQueue', {
          visibilityTimeout: cdk.Duration.seconds(300)
    1 reply
    Darryl Hughes
    Hi All,
    How is everyone handling multi AWS accounts? I'm just looking to move our team to use CDK for an upcoming project. We will be deploying an APIGatway base project to 4 AWS accounts,
    so I'm looking to the recommended way handle each accounts customDomain , , ... We will be deploying using Amazon Deployment Framework ( which used Codebuild , so I will be calling cdk synth > template.yml in each account
    Ramesh Kumar

    Hi All,
    How is everyone handling multi AWS accounts? I'm just looking to move our team to use CDK for an upcoming project. We will be deploying an APIGatway base project to 4 AWS accounts,
    so I'm looking to the recommended way handle each accounts customDomain , , ... We will be deploying using Amazon Deployment Framework ( which used Codebuild , so I will be calling cdk synth > template.yml in each account

    I don't see any CDK docs related to ADF, I guess you might have to develop your own construct..

    Martin Muller
    @slipdexic I made some good experiences using multi stacks where you can specify the account number
    new AlfInstancesStack(app, "AlfInstancesStackEuWest2", {
      environment: 'dev',
      env: {
        region: 'eu-west-2',
        account: '609841182532'
    1 reply
    Erik Müller
    Hi all, is there a way to import the ARN of a verified SES email address? I need it for Cognito to send emails from my own domain
    5 replies
    Does anyone know if the CDK offers support for Amazon RDS Proxy?
    Ramesh Kumar

    Getting the below error while running any cdk cli command:

    Maximum call stack size exceeded
    (node:46265) MaxListenersExceededWarning: Possible EventEmitter memory leak detected. 11 beforeExit listeners added to [process]. Use emitter.setMaxListeners() to increase limit
    (Use `node --trace-warnings ...` to show where the warning was created)
    Subprocess exited with error 1

    sample code using cdk cli against:

    import { Stack, Construct, StackProps } from '@aws-cdk/core';
    import * as s3 from '@aws-cdk/aws-s3'
    export class MyFirstS3Stack extends Stack {
        constructor(scope: Construct, id: string, props?: StackProps) {
            new s3.Bucket(this,'MyFirstBucket');
    Jeffrey Cox
    Hi all, I been trying to implement an API Gateway. I specifically followed this:
    I tried including into my existing stack... but keep getting a error. So I implemented the exact example above, still get the same error
      Error: '@aws-cdk/core.Stack@10001'
          at KernelHost.completeCallback (/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7353:27)
          at KernelHost.callbackHandler (/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7342:33)
          at Stack.value (/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8027:41)
          at Stack.getLogicalId (/private/var/folders/jp/605b6h9x25lcw_wfgzfl6qx00000gn/T/jsii-kernel-BoLCPR/node_modules/@aws-cdk/core/lib/stack.js:178:32)
          at new LatestDeploymentResource (/private/var/folders/jp/605b6h9x25lcw_wfgzfl6qx00000gn/T/jsii-kernel-BoLCPR/node_modules/@aws-cdk/aws-apigateway/lib/deployment.js:92:56)
          at new Deployment (/private/var/folders/jp/605b6h9x25lcw_wfgzfl6qx00000gn/T/jsii-kernel-BoLCPR/node_modules/@aws-cdk/aws-apigateway/lib/deployment.js:40:25)
          at RestApi.configureDeployment (/private/var/folders/jp/605b6h9x25lcw_wfgzfl6qx00000gn/T/jsii-kernel-BoLCPR/node_modules/@aws-cdk/aws-apigateway/lib/restapi.js:113:38)
          at new RestApi (/private/var/folders/jp/605b6h9x25lcw_wfgzfl6qx00000gn/T/jsii-kernel-BoLCPR/node_modules/@aws-cdk/aws-apigateway/lib/restapi.js:207:14)
          at /Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7853:49
          at Kernel._wrapSandboxCode (/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8316:19)
          at Kernel._create (/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7853:26)
          at Kernel.create (/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7600:21)
          at KernelHost.processRequest (/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7388:28)
          at (/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7328:14)
          at Immediate._onImmediate (/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7331:37)
          at processImmediate (internal/timers.js:456:21)
    The above exception was the direct cause of the following exception:
    Traceback (most recent call last):
      File "", line 10, in <module>
        RPPCICDStack(app, "rpp-cicd")
      File "/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/", line 66, in __call__
        inst = super().__call__(*args, **kwargs)
      File "/Users/jefcox/workspace/coxauto/rpp-cicd/rpp_cicd/", line 35, in __init__
        self, id="test-resource", rest_api_name="test_resource"
      File "/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/", line 66, in __call__
        inst = super().__call__(*args, **kwargs)
      File "/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/aws_cdk/aws_apigateway/", line 16542, in __init__
        jsii.create(RestApi, self, [scope, id, props])
      File "/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/_kernel/", line 233, in create
        obj.__jsii_ref__ =  _callback_till_result(self, response, CreateResponse)
      File "/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/_kernel/", line 179, in _callback_till_result
        response = kernel.sync_complete(response.cbid, str(exc), None, response_type)
      File "/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/site-packages/jsii/_kernel/", line 335, in sync_complete
      File "/Users/jefcox/workspace/coxauto/rpp-cicd/.env/lib/python3.7/
    Jeffrey Cox
    anyone had any success creating an API Gateway with python? I was able to get around the error if I set deploy=False and cloud_watch_role=False, but then I get some new errors regarding missing stage.
    1 reply
    Gabriel West
    Does the cdk custom-resource framework do anything weird with aws client regions? I am trying to create an s3 bucket in 'us-east-1' while my stack is in 'us-west-2' and I'm finding that regardless of how I configure the region, buckets are created by default in us-west-2
    Gabriel West
    Nevermind, I think I was doing something silly.
    I am using Pycharm and I am writting CDK in python. Is there something special I have to do to get pycharm to complete/suggest parameters for the objects? It worked fine with Typescript
    14 replies
    1.- I see with Amplify CLI we can use Graphql Transform Library
    2.- Can we use Amplify CLI - GraphQL transform library with CDK or what would be the way using CDK?
    3.- I don´t see anything related
    Simon Toft Jakobsen
    Is it possible to enable Insights on a CloudTrail with cdk?
    I haven't found a good example of a python based state machine chained definitionString. Anybody have a decent example so I can understand the synthax?
    Andrew Hammond
    Where can I find guidance on best practices for developing CDK stacks? I’m thinking things like balancing the tradoff of granularity etc.
    3 replies
    Shiv Lakshminarayan
    @/all Just released v1.42.1 of the AWS CDK
    Amit Prakash Ambasta
    Are there any exanmples of apigw + sfn integration in ts?
    Per Arneng
    im trying to look up subnets but i get a dummy vpc all the time vpc-12345 aws/aws-cdk#7382
    Per Arneng
    Is it possible to disable the context cache
    2 replies
    Rudá Porto Filgueiras
    Hi, I'm reading the documentation about the custom-resources cdk module.
    1 reply
    And this sentence says: "The @aws-cdk/custom-resources.Provider construct is a "mini-framework" for implementing providers for AWS CloudFormation custom resources."
    How can I get more details about how the "mini-framework" works?
    I found out that it creates another lambda callerd framework-onEvent.
    By using the provider I end up with two lambdas, one explicit created for the @aws-cdk/custom-resources.Provider and another one created by CDK.
    Darragh Buffini
    Hey guys, I'm having trouble wrapping my head around something - I'm trying to use AWS_DEFAULT_REGION in the userData commands passed to an EC2 instance but they don't seem to be set/available. Anyone got any ideas? I'm almost definitely doing something stupid...
    Amit Prakash Ambasta
    How do I get cdk to respect the outdir for my sources?
    Amit Prakash Ambasta
    cdk.synth still retains assetCode as typescript, and specifying an outdir in root package.json will not be respected since lambda.Function uses src as assetCode
    What is the recommended approach here, I am looking at the gh issues, but I don't see a solution as yet
    So not sure what to do with this, Pipeline doesn't expose a region prop:
    Pipeline stack which uses cross-environment actions must have an explicitly set region
    2 replies
    Noob question - I can set context variables via cli and then read in lib/myStack.ts file as this.node.tryGetContext("env");. Will the same work for bin/main.ts? How do you pass context variables to the main class...
    1 reply
    Daniel Schroeder
    New CDK package for helping with creating IAM policy statements:
    1 reply
    Manuel Schmidt
    So, i'm diggin into cdk using python. All the code i've seen so far writes a Stack which does everythin in the init function and then has a three line which instantiates the Stack and calls synth(). Now, i want to split things up a little bit more but was wondering is it common practice to then split things up into constructs that all basically only have an init()? I mean i was thinking of using the Class a little more to seperate things (at least on a code level) and have functions that built different parts of the stack. Hm, while writing.... i'll propably would seperate these things on the appllication level then i assume.
    8 replies

    Hi. I have 1 stack containing an SQS queue. 1 stack containing a Fargate service. I pass an instance of the SQS stack to the Fargate stack, so I can access the queue. Inside of the Fargate stack, I want to do:

    queueName.addToResourcePolicy(new PolicyStatement({
      effect: Effect.ALLOW,
      principals: [new ArnPrincipal(myFargateService.taskRole.roleArn)],
      actions: ['sqs:DeleteQueue', 'sqs:SendMessage', 'sqs:ReceiveMessage'],
      resources: [queueName.queueArn]

    However I get a cyclic dependency.
    Adding this dependency (SqsStack -> FargateServiceA/FargateServiceA-Task/TaskRole/Resource.Arn) would create a cyclic reference.

    How can I solve this?

    Matthew Bonig
    Instead of handing the sqs queue to the fargate stack and having the fargate stack modify the resource policy, pass the fargate service to the sqs stack and have it add the policy.
    4 replies
    Hello all! I'm trying to deploy my stack to eu-north-1 -- the problem is that it my CloudFront distribution contains Lambda@Edge functions, that can only be deployed in us-east-1. Is there something I should write in my code to give this instruction?
    8 replies
    Hello, I'm trying to use shared stacks and facing issues permissions overriding. I have a stack which creates a S3 bucket for access logs. There are different ALB stacks which depends on this shared S3 bucket stack. When I deploy 1st ALB stack it add appropriate permission in access logs bucket policy, but when I'm deploying 2nd ALB stack its overriding the access logs s3 bucket policy to add details 2nd ALB' s details. Any suggestions on how to fix it?
    Hi, I am wondering if CDK network ACL rules addition/removal is atomic or not? My main goal is I want to update network acl rules for production account on which I am service production traffic and there will be no/less effect on traffic on new rules creation. (I would prefer one one change instead of applying all ACL rules at once and avoid situation where for longer time cloud-formation is in "in-process" state because of many acl rules)
    Pratik Shivarkar

    Hello, I'm facing an issue with CDK not picking up VPC subnets correctly.
    If I import the existing VPC using ec2.Vpc.from_lookup then I'm getting jsii.errors.JSIIError: Cannot read property 'subnetId' of undefined
    If I import the VPC with ec2.Vpc.from_vpc_attributes, I'm getting jsii.errors.JSIIError: There are no subnet groups with name 'Private' in this VPC. Available names:

    Similar issue here: aws/aws-cdk#7062 but with no solution. My VPC is created with Subnet Configuration and assign_public IP is enabled on Public Subnets

    4 replies
    Donald Pistole
    is there a way to have cdk not rollback after a deploy fails? id like to be able to look at the error messages on things like EBS environments
    2 replies
    Hi, diff in cdk shows destroy and create but during deploy it start creating first and lead to errors that subnet exists. Is there anything I am missing.
    [-] AWS::EC2::Subnet VpcpublicSubnet1Subnet2BB74ED7 destroy
    [-] AWS::EC2::RouteTable VpcpublicSubnet1RouteTable15C15F8E destroy
    [-] AWS::EC2::SubnetRouteTableAssociation VpcpublicSubnet1RouteTableAssociation4E83B6E4 destroy
    [-] AWS::EC2::Route VpcpublicSubnet1DefaultRouteB88F9E93 destroy
    [-] AWS::EC2::EIP VpcpublicSubnet1EIP411541E6 destroy
    [-] AWS::EC2::NatGateway VpcpublicSubnet1NATGatewayA036E8A6 destroy
    [-] AWS::EC2::Subnet VpcpublicSubnet2SubnetE34B022A destroy
    [-] AWS::EC2::RouteTable VpcpublicSubnet2RouteTableC5A6DF77 destroy
    [-] AWS::EC2::SubnetRouteTableAssociation VpcpublicSubnet2RouteTableAssociationCCE257FF destroy
    [-] AWS::EC2::Route VpcpublicSubnet2DefaultRoute732F0BEB destroy
    [+] AWS::EC2::Subnet Vpc/PublicSubnet1/Subnet VpcPublicSubnet1Subnet5C2D37C4
    [+] AWS::EC2::RouteTable Vpc/PublicSubnet1/RouteTable VpcPublicSubnet1RouteTable6C95E38E
    [+] AWS::EC2::SubnetRouteTableAssociation Vpc/PublicSubnet1/RouteTableAssociation VpcPublicSubnet1RouteTableAssociation97140677
    [+] AWS::EC2::Route Vpc/PublicSubnet1/DefaultRoute VpcPublicSubnet1DefaultRoute3DA9E72A
    [+] AWS::EC2::EIP Vpc/PublicSubnet1/EIP VpcPublicSubnet1EIPD7E02669
    [+] AWS::EC2::NatGateway Vpc/PublicSubnet1/NATGateway VpcPublicSubnet1NATGateway4D7517AA
    [+] AWS::EC2::Subnet Vpc/PublicSubnet2/Subnet VpcPublicSubnet2Subnet691E08A3
    [+] AWS::EC2::RouteTable Vpc/PublicSubnet2/RouteTable VpcPublicSubnet2RouteTable94F7E489
    [+] AWS::EC2::SubnetRouteTableAssociation Vpc/PublicSubnet2/RouteTableAssociation VpcPublicSubnet2RouteTableAssociationDD5762D8
    [+] AWS::EC2::Route Vpc/PublicSubnet2/DefaultRoute VpcPublicSubnet2DefaultRoute97F91067