Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
@aws-cdk/assets
Advanced tools
Assets are local files or directories which are needed by a CDK app. A common example is a directory which contains the handler code for a Lambda function, but assets can represent any artifact that is needed for the app's operation.
When deploying a CDK app that includes constructs with assets, the CDK toolkit will first upload all the assets to S3, and only then deploy the stacks. The S3 locations of the uploaded assets will be passed in as CloudFormation Parameters to the relevant stacks.
The following JavaScript example defines an directory asset which is archived as a .zip file and uploaded to S3 during deployment.
Example of a ZipDirectoryAsset
The following JavaScript example defines a file asset, which is uploaded as-is to an S3 bucket during deployment.
Asset
constructs expose the following deploy-time attributes:
s3BucketName
- the name of the assets S3 bucket.s3ObjectKey
- the S3 object key of the asset file (whether it's a file or a zip archive)s3Url
- the S3 URL of the asset (i.e. https://s3.us-east-1.amazonaws.com/mybucket/mykey.zip)In the following example, the various asset attributes are exported as stack outputs:
Example of referencing an asset
IAM roles, users or groups which need to be able to read assets in runtime will should be
granted IAM permissions. To do that use the asset.grantRead(principal)
method:
The following examples grants an IAM group read permissions on an asset:
Example of granting read access to an asset
When an asset is defined in a construct, a construct metadata entry
aws:cdk:asset
is emitted with instructions on where to find the asset and what
type of packaging to perform (zip
or file
). Furthermore, the synthesized
CloudFormation template will also include two CloudFormation parameters: one for
the asset's bucket and one for the asset S3 key. Those parameters are used to
reference the deploy-time values of the asset (using { Ref: "Param" }
).
Then, when the stack is deployed, the toolkit will package the asset (i.e. zip the directory), calculate an MD5 hash of the contents and will render an S3 key for this asset within the toolkit's asset store. If the file doesn't exist in the asset store, it is uploaded during deployment.
The toolkit's asset store is an S3 bucket created by the toolkit for each environment the toolkit operates in (environment = account + region).
Now, when the toolkit deploys the stack, it will set the relevant CloudFormation Parameters to point to the actual bucket and key for each asset.
NOTE: This section is relevant for authors of AWS Resource Constructs.
In certain situations, it is desirable for tools to be able to know that a certain CloudFormation resource is using a local asset. For example, SAM CLI can be used to invoke AWS Lambda functions locally for debugging purposes.
To enable such use cases, external tools will consult a set of metadata entries on AWS CloudFormation resources:
aws:asset:path
points to the local path of the asset.aws:asset:property
is the name of the resource property where the asset is usedUsing these two metadata entries, tools will be able to identify that assets are used by a certain resource, and enable advanced local experiences.
To add these metadata entries to a resource, use the
asset.addResourceMetadata(resource, property)
method.
See https://github.com/awslabs/aws-cdk/issues/1432 for more details
0.32.0 (2019-05-24)
@aws-cdk/aws-route53-targets
package.IBucket.arnForObject
method no longer
concatenates path fragments on your behalf. Pass the /
-concatenated
key pattern instead.export
methods from all AWS resources have been removed. CloudFormation Exports are now automatically created when attributes are referenced across stacks within the same app. To export resources manually, you can explicitly define a CfnOutput
.kms.EncryptionKey
renamed to kms.Key
ec2.VpcNetwork
renamed to ec2.Vpc
ec2.VpcSubnet
renamed to ec2.Subnet
cloudtrail.CloudTrail
renamed to
cloudtrail.Trail`XxxAttribute
and XxxImportProps
interfaces which were no longer in used after their corresponding export
method was deleted and there was no use for them in imports.ecs.ClusterAttributes
now accepts IVpc
and ISecurityGroup
instead of attributes. You can use their
corresponding fromXxx
methods to import them as needed.servicediscovery.CnameInstance.instanceCname
renamed to cname
.glue.IDatabase.locationUrl
is now only in glue.Database
(not on the interface)ec2.TcpPortFromAttribute
and UdpPortFromAttribute
removed. Use TcpPort
and UdpPort
with new Token(x).toNumber
instead.ec2.VpcNetwork.importFromContext
renamed to ec2.Vpc.fromLookup
iam.IRole.roleId
has been removed from the interface, but Role.roleId
is still available for owned resources.loadBalancer
property in ServerDeploymentGroupProps has been changed.apigateway.ResourceBase.trackChild
is now internal.cloudfront.S3OriginConfig.originAccessIdentity
is now originAccessIdentityId
codedeploy.LambdaDeploymentGroup.alarms
is now cloudwatch.IAlarm[]
(previously cloudwatch.Alarm[]
)codepipeline.crossRegionScaffoldingStacks
renamed to crossRegionScaffolding
codepipeline.CrossRegionScaffoldingStack
renamed to codepipeline.CrossRegionScaffolding
and cannot be instantiated (abstract)ec2.VpcSubnet.addDefaultRouteToNAT
renamed to addDefaultNatRoute
and made publicec2.VpcSubnet.addDefaultRouteToIGW
renamed to addDefaultInternetRoute
, made public and first argument is the gateway ID (string) and not the CFN L1 classecs.Ec2EventRuleTarget.taskDefinition
is now ITaskDefinition
(previously TaskDefinition
)lambda.IEventSource.bind
now accepts IFunction
instead of FunctionBase
. Use IFunction.addEventSourceMapping
to add an event source mapping under the function.lambda.Layer.grantUsage
renamed to lambda.layer.addPermission
and returns voidstepfunctions.StateMachine.role
is now iam.IRole
(previously iam.Role
)onXxx()
CloudWatch Event methods now have the signature:
resource.onEvent('SomeId', {
target: new SomeTarget(...),
// options
});
onAlarm
was renamed to addAlarmAction
onOk
was renamed to addOkAction
onInsufficientData
was renamed to addInsufficientDataAction
onLifecycleTransition
was renamed to addLifecycleHook
onPreHook
was renamed to addPreHook
onPostHook
was renamed to addPostHook
onXxx
were renamed to addXxxTrigger
onImagePushed
was renamed to onCloudTrailImagePushed
onEvent
was renamed to addEventNotification
onObjectCreated
was renamed to addObjectCreatedNotification
onObjectRemoved
was renamed to addObjectRemovedNotification
onPutObject
was renamed to onCloudTrailPutObject
FAQs
This module is deprecated. All types are now available under the core module
The npm package @aws-cdk/assets receives a total of 83,607 weekly downloads. As such, @aws-cdk/assets popularity was classified as popular.
We found that @aws-cdk/assets demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.