AWS CDK (Cloud Development Kit)

1. What is CDK?

The AWS Cloud Development Kit (CDK) is an open-source framework that lets you define AWS infrastructure using familiar programming languages. CDK code is compiled ("synthesized") into CloudFormation templates.

Core Concept CDK = write infrastructure in TypeScript, Python, Java, C#, or Go instead of JSON/YAML. CDK synthesizes your code into a CloudFormation template, then deploys it. You get the full power of a programming language: loops, conditions, classes, abstraction, testing, IDE support — while CloudFormation handles the actual provisioning.

2. How CDK Works

CDK Workflow:

1. Write infrastructure code (TypeScript/Python/Java/C#/Go)
2. cdk synth   → Synthesize into CloudFormation template
3. cdk diff    → Preview changes (like Change Set)
4. cdk deploy  → Deploy via CloudFormation
5. cdk destroy → Delete the stack

Under the hood: CDK → CloudFormation template → CloudFormation service → AWS resources
CDK is an ABSTRACTION on top of CloudFormation, not a replacement.

3. Key Concepts

Construct Levels

4. CDK Example (TypeScript)

import * as cdk from 'aws-cdk-lib';
import * as s3 from 'aws-cdk-lib/aws-s3';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as s3n from 'aws-cdk-lib/aws-s3-notifications';

export class MyStack extends cdk.Stack {
  constructor(scope: cdk.App, id: string) {
    super(scope, id);

    // L2 Construct: S3 bucket with defaults
    const bucket = new s3.Bucket(this, 'MyBucket', {
      versioned: true,
      encryption: s3.BucketEncryption.S3_MANAGED,
      removalPolicy: cdk.RemovalPolicy.RETAIN,
    });

    // L2 Construct: Lambda function
    const fn = new lambda.Function(this, 'Processor', {
      runtime: lambda.Runtime.NODEJS_18_X,
      handler: 'index.handler',
      code: lambda.Code.fromAsset('lambda'),
    });

    // CDK handles IAM permissions automatically!
    bucket.grantRead(fn);

    // Event notification
    bucket.addEventNotification(
      s3.EventType.OBJECT_CREATED,
      new s3n.LambdaDestination(fn)
    );
  }
}

CDK Auto-Generated Permissions One of CDK’s biggest advantages: grantRead(), grantWrite(), grantPut(), etc. CDK automatically creates the correct IAM policy with least-privilege permissions. No manual IAM policy writing. This is a game-changer for productivity and security.

5. CDK vs CloudFormation

6. CDK Bootstrapping

1. cdk bootstrap: one-time setup per account/Region
2. Creates a CDKToolkit CloudFormation stack with: S3 bucket (for assets), ECR repo (for Docker), IAM roles
3. Required before first cdk deploy in any account/Region
4. For multi-account: bootstrap each target account with trust policy

Exam Tip CDK: "IaC with programming language" = CDK. "Synthesizes to CloudFormation" = CDK. L1 = raw CF resource. L2 = smart defaults + helper methods (most common). L3 = patterns (multiple resources). "Auto-generate IAM" = CDK grant methods. cdk synth = generate CF template. cdk deploy = deploy via CF. CDK is an abstraction on top of CloudFormation, not a replacement.