AWS CDK pattern for external dependencies

2
votes

We're looking for a suggested design pattern to manage external dependencies in our CDK stack. Specifically, we utilize Atlas (mongodb) with our AWS stack. Our AWS stack is fully deployed using CDK/CF. We would like to use a VPC peering connection between our AWS account and Atlas instance. In a nutshell, the procedure to provision this peering connection is:

  1. Create VPC in AWS account (currently done as part of our CDK stack).
  2. Request VPC peering connection in Atlas account, referencing the VPC id from step 1.
  3. Wait a few minutes, approve the VPC peering request in the AWS account.
  4. In the AWS account, add a route table entry directing traffic to the Atlas CIDR to the VPC peering ID from step 3.

Has anyone found a good devops pattern to follow for this scenario? We can't perform step 4 until after the manual actions taken in steps 2 & 3. If we just do steps 2-4 manually after deploying our stack in AWS, what kind of drift issues are we going to experience in CloudFormation?

1
amazon-cloudformationaws-cdk

1 Answers

1
votes

With some effort, you should be able to get the whole process automated. the benefit is that the VPC peering's lifecycle will be fully managed by cloudformation.

The key here is to use Cloudformation custom resources and dependencies.

Unfortunately, I can't find a ready-made CDK example for the whole process. I guess you'll have to build it๐Ÿš€.

  • Atlas MongoDB already did most of the work with their CFN resources project. Specifically interesting for your use-case is the network peering resource.
  • AWS-CDK has a great custom resource framework. You will have to migrate the above atlas cloudformation templates to CDK (or, you might include it). There are quite a few good examples out there (google :).
  • If Cloudformation fails to automatically figure out the required dependency tree/flow you can hint it using CDK's dependson method.