@aws-cdk/assets

AWS CDK Assets

Assets are local files or directories which are needed by a CDK app. A common example is a directory which contains the handler code for a Lambda function, but assets can represent any artifact that is needed for the app's operation.

When deploying a CDK app that includes constructs with assets, the CDK toolkit will first upload all the assets to S3, and only then deploy the stacks. The S3 locations of the uploaded assets will be passed in as CloudFormation Parameters to the relevant stacks.

The following JavaScript example defines an directory asset which is archived as a .zip file and uploaded to S3 during deployment.

Example of a ZipDirectoryAsset

The following JavaScript example defines a file asset, which is uploaded as-is to an S3 bucket during deployment.

Example of a FileAsset

Attributes

Asset constructs expose the following deploy-time attributes:

• s3BucketName - the name of the assets S3 bucket.
• s3ObjectKey - the S3 object key of the asset file (whether it's a file or a zip archive)
• s3Url - the S3 URL of the asset (i.e. https://s3.us-east-1.amazonaws.com/mybucket/mykey.zip)

In the following example, the various asset attributes are exported as stack outputs:

Example of referencing an asset

Permissions

IAM roles, users or groups which need to be able to read assets in runtime will should be granted IAM permissions. To do that use the asset.grantRead(principal) method:

The following examples grants an IAM group read permissions on an asset:

Example of granting read access to an asset

How does it work?

When an asset is defined in a construct, a construct metadata entry aws:cdk:asset is emitted with instructions on where to find the asset and what type of packaging to perform (zip or file). Furthermore, the synthesized CloudFormation template will also include two CloudFormation parameters: one for the asset's bucket and one for the asset S3 key. Those parameters are used to reference the deploy-time values of the asset (using { Ref: "Param" }).

Then, when the stack is deployed, the toolkit will package the asset (i.e. zip the directory), calculate an MD5 hash of the contents and will render an S3 key for this asset within the toolkit's asset store. If the file doesn't exist in the asset store, it is uploaded during deployment.

The toolkit's asset store is an S3 bucket created by the toolkit for each environment the toolkit operates in (environment = account + region).

Now, when the toolkit deploys the stack, it will set the relevant CloudFormation Parameters to point to the actual bucket and key for each asset.

CloudFormation Resource Metadata

NOTE: This section is relevant for authors of AWS Resource Constructs.

In certain situations, it is desirable for tools to be able to know that a certain CloudFormation resource is using a local asset. For example, SAM CLI can be used to invoke AWS Lambda functions locally for debugging purposes.

To enable such use cases, external tools will consult a set of metadata entries on AWS CloudFormation resources:

• aws:asset:path points to the local path of the asset.
• aws:asset:property is the name of the resource property where the asset is used

Using these two metadata entries, tools will be able to identify that assets are used by a certain resource, and enable advanced local experiences.

To add these metadata entries to a resource, use the asset.addResourceMetadata(resource, property) method.

See https://github.com/awslabs/aws-cdk/issues/1432 for more details

Changelog

0.22.0 (2019-01-10)

This is a major release with multiple breaking changes in the core layers. Please consult the breaking changes section below for details.

We are focusing these days on finalizing the common patterns and APIs of the CDK framework and the AWS Construct Library, which is why you are seeing all these breaking changes. Expect a few more releases with changes of that nature as we stabilize these APIs, so you might want to hold off with upgrading. We will communicate when this foundational work is complete.

Bug Fixes

• core: automatic cross-stack refs for CFN resources (#1510) (ca5ee35)
• ecs: correct typo and other minor mistakes in ecs readme (#1448) (9c91b20)
• elbv2: unable to specify load balancer name (#1486) (5b24583), closes #973 #1481
• lambda: use IRole instead of Role to allow imports (#1509) (b909dcd)
• toolkit: fix typo in --rename option description (#1438) (1dd56d4)
• toolkit: support multiple toolkit stacks in the same environment (#1427) (095da14), closes #1416

Features

• apigateway: add tracingEnabled property to APIGW Stage (#1482) (fefa764)
• assets: enable local tooling scenarios such as lambda debugging (#1433) (0d2b633), closes #1432
• aws-cdk: better stack dependency handling (#1511) (b4bbaf0), closes #1508 #1505
• aws-codepipeline: jenkins build and test actions (#1216) (471e8eb)
• aws-codepipeline: support notifications on the ManualApprovalAction (#1368) (068fa46), closes #1222
• aws-ecs: add support Amazon Linux 2 (#1484) (82ec0ff), closes #1483
• aws-kms: allow tagging kms keys (#1485) (f43b4d4)
• aws-lambda: add input and output artifacts to the CodePipeline action (#1390) (fbd7728), closes #1384
• cdk: transparently use constructs from another stack (d7371f0), closes #1324
• cli: allow specifying options using env vars (#1447) (7cd84a0)
• aws resource api linting (breaking changes) (#1434) (8c17ca7), closes #742 #1428
• core: cloudformation condition chaining (#1494) (2169015), closes #1457
• diff: better diff of arbitrary json objects (#1488) (607f997)
• route53: support cname records (#1487) (17eddd1), closes #1420
• step-functions: support parameters option (#1492) (935054a), closes #1480
• core: construct base class changes (breaking) (#1444) (fb22a32), closes #1431 #1441 #189 #1441 #1431
• core: idiomize cloudformation intrinsics functions (#1428) (04217a5), closes #202
• cloudformation: no more generated attribute types in CFN layer (L1) (#1489) (4d6d5ca), closes #1455 #1406
• cloudformation: stop generating legacy cloudformation resources (#1493) (81b4174)

BREAKING CHANGES TO EXPERIMENTAL FEATURES

• Cross-stack references: if you are using export() and import() to share constructs between stacks, you can stop doing that, instead of FooImportProps accept an IFoo directly on the consuming stack, and use that object as usual.
• ArnUtils.fromComponents() and ArnUtils.parse() have been moved onto Stack.
• All CloudFormation pseudo-parameter (such as AWS::AccountId etc) are now also accessible via Stack, as stack.accountId etc.
• All CloudFormation intrinsic functions are now represented as static methods under the Fn class (e.g. Fn.join(...) instead of new FnJoin(...).toString())
• resolve() has been moved to this.node.resolve().
• CloudFormationJSON.stringify() has been moved to this.node.stringifyJson(). validate() now should be protected.
• The deprecated cloudformation.XxxResource classes have been removed. Use the CfnXxx classes instead.
• Any CfnXxx resource attributes that represented a list of strings are now typed as string[]s (via #1144). Attributes that represent strings, are still typed as string (#712) and all other attribute types are represented as cdk.Token.
• route53: The route53.TXTRecord class was renamed to route53.TxtRecord.
• route53: record classes now require a zone when created (not assuming zone is the parent construct).
• lambda: the static "metric" methods moved from lambda.FunctionRef to lambda.Function.
• Many AWS resource classes have been changed to conform to API guidelines:
  • XxxRef abstract classes are now IXxx interfaces
  • XxxRefProps are now XxxImportProps
  • XxxRef.import(...) are now Xxx.import(...) accept XxxImportProps and return IXxx
  • export(): XxxImportProps is now defined in IXxx and implemented by imported resources