@aws-cdk/assets

AWS CDK Assets

Assets are local files or directories which are needed by a CDK app. A common example is a directory which contains the handler code for a Lambda function, but assets can represent any artifact that is needed for the app's operation.

When deploying a CDK app that includes constructs with assets, the CDK toolkit will first upload all the assets to S3, and only then deploy the stacks. The S3 locations of the uploaded assets will be passed in as CloudFormation Parameters to the relevant stacks.

The following JavaScript example defines an directory asset which is archived as a .zip file and uploaded to S3 during deployment.

Example of a ZipDirectoryAsset

The following JavaScript example defines a file asset, which is uploaded as-is to an S3 bucket during deployment.

Example of a FileAsset

Attributes

Asset constructs expose the following deploy-time attributes:

• s3BucketName - the name of the assets S3 bucket.
• s3ObjectKey - the S3 object key of the asset file (whether it's a file or a zip archive)
• s3Url - the S3 URL of the asset (i.e. https://s3.us-east-1.amazonaws.com/mybucket/mykey.zip)

In the following example, the various asset attributes are exported as stack outputs:

Example of referencing an asset

Permissions

IAM roles, users or groups which need to be able to read assets in runtime will should be granted IAM permissions. To do that use the asset.grantRead(principal) method:

The following examples grants an IAM group read permissions on an asset:

Example of granting read access to an asset

How does it work?

When an asset is defined in a construct, a construct metadata entry aws:cdk:asset is emitted with instructions on where to find the asset and what type of packaging to perform (zip or file). Furthermore, the synthesized CloudFormation template will also include two CloudFormation parameters: one for the asset's bucket and one for the asset S3 key. Those parameters are used to reference the deploy-time values of the asset (using { Ref: "Param" }).

Then, when the stack is deployed, the toolkit will package the asset (i.e. zip the directory), calculate an MD5 hash of the contents and will render an S3 key for this asset within the toolkit's asset store. If the file doesn't exist in the asset store, it is uploaded during deployment.

The toolkit's asset store is an S3 bucket created by the toolkit for each environment the toolkit operates in (environment = account + region).

Now, when the toolkit deploys the stack, it will set the relevant CloudFormation Parameters to point to the actual bucket and key for each asset.

Changelog

0.12.0 (2018-10-12)

IMPORTANT NOTE: This release includes a fix for a bug that would make the toolkit unusable for multi-stack applications. In order to benefit from this fix, a globally installed CDK toolkit must also be updated:

$ npm i -g aws-cdk
$ cdk --version
0.12.0 (build ...)

Like always, you will also need to update your project's library versions:

Language | Update? --------------------------- | ------------------------------------------------------------------------------------------------------------------ JavaScript/TypeScript (npm) | npx npm-check-updates -u Java (maven) | mvn versions:use-latest-versions .NET (NuGet) | nuget update

Bug Fixes

• aws-codebuild: allow passing oauth token to GitHubEnterpriseSource (#908) (c23da91)
• toolkit: multi-stack apps cannot be synthesized or deployed (#911) (5511076), closes #868 #294 #910

Features

• aws-cloudformation: add permission management to CreateUpdate and Delete Stack CodePipeline Actions. (#880) (8b3ae43)
• aws-codepipeline: make input and output artifact names optional when creating Actions. (#845) (3d91c93)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

• aws-codepipeline: this commit contains the following breaking changes:

  • Rename 'artifactName' in Action construction properties to 'outputArtifactName'
  • Rename the 'artifact' property of Actions to 'outputArtifact'
  • No longer allow adding output artifacts to Actions by instantiating the Artifact class
  • Rename Action#input/outputArtifacts properties to _input/_outputArtifacts

Previously, we always required customers to explicitly name the output artifacts the Actions used in the Pipeline, and to explicitly "wire together" the outputs of one Action as inputs to another. With this change, the CodePipeline Construct generates artifact names, if the customer didn't provide one explicitly, and tries to find the first available output artifact to use as input to a newly created Action that needs it, thus turning both the input and output artifacts from required to optional properties.