This tutorial will explain what is needed to create an Amazon S3 bucket using the AWS CDK Python. The source code provided here comes with all the steps needed to run and deploy the AWS CDK code on AWS Cloud.
First, you need [install the AWS CDK] and the IAM profile to be able to deploy the system using the AWS CLI. After learning how to aggregate code from the AWS CDK to create an Amazon S3 bucket construct, you can deploy it to the AWS Cloud and clean up resources using the AWS CDK destroy statement.
Here are the specific steps to install and deploy an Amazon S3 bucket using the AWS CDK:
Before building the Amazon S3 bucket construct, you need to complete the following steps to be able to run the AWS CDK with Python
- Install AWS CDK and Python
- Install AWS CLI and AWS profiles
- Create an AWS CDK project with Python
If you have completed these steps, you can start from step 4
1. Install AWS CDK
Install AWS CDK using npm package manager with below command
1 2 3 | <span class="token function">npm</span> <span class="token function">install</span> -g aws-cdk typescript cdk version |
You can also refer to the detailed article on installing AWS CDK
2. Install AWS CLI and install AWS profile
AWS CLI is a command line tool that allows you to interact with AWS services through your terminal. Depending on the operating system you are using, the installation method may be different
1 2 3 4 5 6 7 8 9 10 | <span class="token comment"># macOS</span> brew <span class="token function">install</span> awscli <span class="token comment"># Windows</span> <span class="token function">wget</span> https://awscli.amazonaws.com/AWSCLIV2.msi msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi <span class="token comment"># Linux (Ubuntu)</span> <span class="token function">sudo</span> <span class="token function">apt</span> <span class="token function">install</span> awscli |
To be able to access your AWS account from the AWS CLI, you need to set up an AWS Profile. There are 2 ways you can do that:
- Access and secret key from IAM User
- AWS Single Sign-on (SSO) user
In this article, to be able to quickly set up AWS Profile, we will choose method 1.
- AWS Console Login
- Go to IAM > Users
- Select IAM user, click Security credentials and create a new credential
- Save the access key and secret key (because this is the only and last time you will see it)
- Install AWS profiles for AWS CLI
1 2 3 4 5 6 | aws configure AWS Access Key ID <span class="token punctuation">[</span> None <span class="token punctuation">]</span> : <span class="token operator"><</span> insert_access_key <span class="token operator">></span> AWS Secret Access Key <span class="token punctuation">[</span> None <span class="token punctuation">]</span> : <span class="token operator"><</span> insert_secret_key <span class="token operator">></span> Default region name <span class="token punctuation">[</span> None <span class="token punctuation">]</span> : <span class="token operator"><</span> insert_aws_region <span class="token operator">></span> Default output <span class="token function">format</span> <span class="token punctuation">[</span> json <span class="token punctuation">]</span> : json |
- Your credential information will be saved at
~/.aws/credentials
under the profile name [default], which you can confirm with the following command
1 2 3 4 5 6 7 | aws sts get-caller-identity <span class="token punctuation">{</span> <span class="token string">"UserId"</span> <span class="token builtin class-name">:</span> <span class="token string">"xxx"</span> , <span class="token string">"Account"</span> <span class="token builtin class-name">:</span> <span class="token string">"012345678901"</span> , <span class="token string">"Arn"</span> <span class="token builtin class-name">:</span> <span class="token string">"arn:aws:iam::012345678901:user/vntechies"</span> <span class="token punctuation">}</span> |
3. Create an AWS CDK Python project
After installing the profile and packages, you start creating the AWS CDK python project to build the Amazon S3 bucket construct.
- You can create an AWS CDK python project by running the following command in an empty directory
1 2 | cdk init --language python |
- Run the following command to create a virtual environment and install the necessary packages for python
1 2 3 4 | python3 -m venv .venv <span class="token builtin class-name">source</span> .venv/bin/activate pip <span class="token function">install</span> -r requirements.txt |
4. Create an Amazon S3 Bucket construct with the AWS CDK
After init project, the files will be generated as follows
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | ./ ├── README.md ├── app.py ├── aws_cdk_python_s3 │ ├── __init__.py │ └── aws_cdk_python_s3_stack.py ├── cdk.json ├── requirements-dev.txt ├── requirements.txt ├── source.bat └── tests ├── __init__.py └── unit ├── __init__.py └── test_aws_cdk_python_s3_stack.py |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | <span class="token keyword">from</span> constructs <span class="token keyword">import</span> Construct <span class="token keyword">from</span> aws_cdk <span class="token keyword">import</span> <span class="token punctuation">(</span> Stack <span class="token punctuation">,</span> aws_iam <span class="token keyword">as</span> iam <span class="token punctuation">,</span> aws_s3 <span class="token keyword">as</span> s3 <span class="token punctuation">,</span> aws_kms <span class="token keyword">as</span> kms <span class="token punctuation">,</span> <span class="token punctuation">)</span> <span class="token keyword">class</span> <span class="token class-name">AwsCdkPythonS3Stack</span> <span class="token punctuation">(</span> Stack <span class="token punctuation">)</span> <span class="token punctuation">:</span> <span class="token keyword">def</span> <span class="token function">__init__</span> <span class="token punctuation">(</span> self <span class="token punctuation">,</span> scope <span class="token punctuation">:</span> Construct <span class="token punctuation">,</span> construct_id <span class="token punctuation">:</span> <span class="token builtin">str</span> <span class="token punctuation">,</span> <span class="token operator">**</span> kwargs <span class="token punctuation">)</span> <span class="token operator">-</span> <span class="token operator">></span> <span class="token boolean">None</span> <span class="token punctuation">:</span> <span class="token builtin">super</span> <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">.</span> __init__ <span class="token punctuation">(</span> scope <span class="token punctuation">,</span> construct_id <span class="token punctuation">,</span> <span class="token operator">**</span> kwargs <span class="token punctuation">)</span> bucket <span class="token operator">=</span> s3 <span class="token punctuation">.</span> Bucket <span class="token punctuation">(</span> self <span class="token punctuation">,</span> <span class="token string">"VNTechies-AWS-CDK-S3-demo-bucket"</span> <span class="token punctuation">,</span> object_ownership <span class="token operator">=</span> s3 <span class="token punctuation">.</span> ObjectOwnership <span class="token punctuation">.</span> BUCKET_OWNER_ENFORCED <span class="token punctuation">,</span> block_public_access <span class="token operator">=</span> s3 <span class="token punctuation">.</span> BlockPublicAccess <span class="token punctuation">.</span> BLOCK_ALL <span class="token punctuation">,</span> encryption_key <span class="token operator">=</span> kms <span class="token punctuation">.</span> Key <span class="token punctuation">(</span> self <span class="token punctuation">,</span> <span class="token string">'VNTechies-AWS-CDK-S3-demo-bucket-key'</span> <span class="token punctuation">)</span> <span class="token punctuation">,</span> <span class="token punctuation">)</span> bucket <span class="token punctuation">.</span> grant_read <span class="token punctuation">(</span> iam <span class="token punctuation">.</span> AccountRootPrincipal <span class="token punctuation">(</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> |
kms_key
is the newly created AWS Key Management Service to encrypt data on s3object_ownership
helps you disable access control lists (ACLs) and the bucket owner will have all rights to all objects in this bucket. ACLs will no longer affect permission management, but the bucket will use policies to manage access. This simplifies the way you manage and access the objects stored in your bucket.block_public_access
new objects will default to private mode and will not allow public accessencryption_key
allows the use of a Customer managed keys to encrypt objects stored in the s3 bucket.bucket.grant_read()
allows a user with root privileges of the AWS account to access the created bucket
5. Synthesize Amazon S3 Bucket with AWS CDK
Amazon S3 bucket construct has already been created in the stack of the AWS CDK app, the next step will be to aggregate it into a CloudFormation template by running the statement for AWS CDK Synthesize
1 2 | cdk synth |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 | <span class="token key atrule">Resources</span> <span class="token punctuation">:</span> <span class="token key atrule">VNTechiesAWSCDKS3demobucketkey2DF32451</span> <span class="token punctuation">:</span> <span class="token key atrule">Type</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> KMS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Key <span class="token key atrule">Properties</span> <span class="token punctuation">:</span> <span class="token key atrule">KeyPolicy</span> <span class="token punctuation">:</span> <span class="token key atrule">Statement</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Action</span> <span class="token punctuation">:</span> kms <span class="token punctuation">:</span> * <span class="token key atrule">Effect</span> <span class="token punctuation">:</span> Allow <span class="token key atrule">Principal</span> <span class="token punctuation">:</span> <span class="token key atrule">AWS</span> <span class="token punctuation">:</span> <span class="token key atrule">Fn::Join</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token string">""</span> <span class="token punctuation">-</span> <span class="token punctuation">-</span> <span class="token string">"arn:"</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Partition <span class="token punctuation">-</span> <span class="token string">":iam::"</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> AccountId <span class="token punctuation">-</span> <span class="token punctuation">:</span> root <span class="token key atrule">Resource</span> <span class="token punctuation">:</span> <span class="token string">"*"</span> <span class="token punctuation">-</span> <span class="token key atrule">Action</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> kms <span class="token punctuation">:</span> Decrypt <span class="token punctuation">-</span> kms <span class="token punctuation">:</span> DescribeKey <span class="token key atrule">Effect</span> <span class="token punctuation">:</span> Allow <span class="token key atrule">Principal</span> <span class="token punctuation">:</span> <span class="token key atrule">AWS</span> <span class="token punctuation">:</span> <span class="token key atrule">Fn::Join</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token string">""</span> <span class="token punctuation">-</span> <span class="token punctuation">-</span> <span class="token string">"arn:"</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Partition <span class="token punctuation">-</span> <span class="token string">":iam::"</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> AccountId <span class="token punctuation">-</span> <span class="token punctuation">:</span> root <span class="token key atrule">Resource</span> <span class="token punctuation">:</span> <span class="token string">"*"</span> <span class="token key atrule">Version</span> <span class="token punctuation">:</span> <span class="token string">"2012-10-17"</span> <span class="token key atrule">UpdateReplacePolicy</span> <span class="token punctuation">:</span> Retain <span class="token key atrule">DeletionPolicy</span> <span class="token punctuation">:</span> Retain <span class="token key atrule">Metadata</span> <span class="token punctuation">:</span> <span class="token key atrule">aws:cdk:path</span> <span class="token punctuation">:</span> aws <span class="token punctuation">-</span> cdk <span class="token punctuation">-</span> python <span class="token punctuation">-</span> s3/VNTechies <span class="token punctuation">-</span> AWS <span class="token punctuation">-</span> CDK <span class="token punctuation">-</span> S3 <span class="token punctuation">-</span> demo <span class="token punctuation">-</span> bucket <span class="token punctuation">-</span> key/Resource <span class="token key atrule">VNTechiesAWSCDKS3demobucketB20DE88B</span> <span class="token punctuation">:</span> <span class="token key atrule">Type</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> S3 <span class="token punctuation">:</span> <span class="token punctuation">:</span> Bucket <span class="token key atrule">Properties</span> <span class="token punctuation">:</span> <span class="token key atrule">BucketEncryption</span> <span class="token punctuation">:</span> <span class="token key atrule">ServerSideEncryptionConfiguration</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">ServerSideEncryptionByDefault</span> <span class="token punctuation">:</span> <span class="token key atrule">KMSMasterKeyID</span> <span class="token punctuation">:</span> <span class="token key atrule">Fn::GetAtt</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> VNTechiesAWSCDKS3demobucketkey2DF32451 <span class="token punctuation">-</span> Arn <span class="token key atrule">SSEAlgorithm</span> <span class="token punctuation">:</span> aws <span class="token punctuation">:</span> kms <span class="token key atrule">OwnershipControls</span> <span class="token punctuation">:</span> <span class="token key atrule">Rules</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">ObjectOwnership</span> <span class="token punctuation">:</span> BucketOwnerEnforced <span class="token key atrule">PublicAccessBlockConfiguration</span> <span class="token punctuation">:</span> <span class="token key atrule">BlockPublicAcls</span> <span class="token punctuation">:</span> <span class="token boolean important">true</span> <span class="token key atrule">BlockPublicPolicy</span> <span class="token punctuation">:</span> <span class="token boolean important">true</span> <span class="token key atrule">IgnorePublicAcls</span> <span class="token punctuation">:</span> <span class="token boolean important">true</span> <span class="token key atrule">RestrictPublicBuckets</span> <span class="token punctuation">:</span> <span class="token boolean important">true</span> <span class="token key atrule">UpdateReplacePolicy</span> <span class="token punctuation">:</span> Retain <span class="token key atrule">DeletionPolicy</span> <span class="token punctuation">:</span> Retain <span class="token key atrule">Metadata</span> <span class="token punctuation">:</span> <span class="token key atrule">aws:cdk:path</span> <span class="token punctuation">:</span> aws <span class="token punctuation">-</span> cdk <span class="token punctuation">-</span> python <span class="token punctuation">-</span> s3/VNTechies <span class="token punctuation">-</span> AWS <span class="token punctuation">-</span> CDK <span class="token punctuation">-</span> S3 <span class="token punctuation">-</span> demo <span class="token punctuation">-</span> bucket/Resource <span class="token key atrule">VNTechiesAWSCDKS3demobucketPolicy2584B1E9</span> <span class="token punctuation">:</span> <span class="token key atrule">Type</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> S3 <span class="token punctuation">:</span> <span class="token punctuation">:</span> BucketPolicy <span class="token key atrule">Properties</span> <span class="token punctuation">:</span> <span class="token key atrule">Bucket</span> <span class="token punctuation">:</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> VNTechiesAWSCDKS3demobucketB20DE88B <span class="token key atrule">PolicyDocument</span> <span class="token punctuation">:</span> <span class="token key atrule">Statement</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Action</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> s3 <span class="token punctuation">:</span> GetBucket* <span class="token punctuation">-</span> s3 <span class="token punctuation">:</span> GetObject* <span class="token punctuation">-</span> s3 <span class="token punctuation">:</span> List* <span class="token key atrule">Effect</span> <span class="token punctuation">:</span> Allow <span class="token key atrule">Principal</span> <span class="token punctuation">:</span> <span class="token key atrule">AWS</span> <span class="token punctuation">:</span> <span class="token key atrule">Fn::Join</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token string">""</span> <span class="token punctuation">-</span> <span class="token punctuation">-</span> <span class="token string">"arn:"</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Partition <span class="token punctuation">-</span> <span class="token string">":iam::"</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> AccountId <span class="token punctuation">-</span> <span class="token punctuation">:</span> root <span class="token key atrule">Resource</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::GetAtt</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> VNTechiesAWSCDKS3demobucketB20DE88B <span class="token punctuation">-</span> Arn <span class="token punctuation">-</span> <span class="token key atrule">Fn::Join</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token string">""</span> <span class="token punctuation">-</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::GetAtt</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> VNTechiesAWSCDKS3demobucketB20DE88B <span class="token punctuation">-</span> Arn <span class="token punctuation">-</span> /* <span class="token key atrule">Version</span> <span class="token punctuation">:</span> <span class="token string">"2012-10-17"</span> <span class="token key atrule">Metadata</span> <span class="token punctuation">:</span> <span class="token key atrule">aws:cdk:path</span> <span class="token punctuation">:</span> aws <span class="token punctuation">-</span> cdk <span class="token punctuation">-</span> python <span class="token punctuation">-</span> s3/VNTechies <span class="token punctuation">-</span> AWS <span class="token punctuation">-</span> CDK <span class="token punctuation">-</span> S3 <span class="token punctuation">-</span> demo <span class="token punctuation">-</span> bucket/Policy/Resource <span class="token key atrule">CDKMetadata</span> <span class="token punctuation">:</span> <span class="token key atrule">Type</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> CDK <span class="token punctuation">:</span> <span class="token punctuation">:</span> Metadata <span class="token key atrule">Properties</span> <span class="token punctuation">:</span> <span class="token key atrule">Analytics</span> <span class="token punctuation">:</span> v2 <span class="token punctuation">:</span> deflate64 <span class="token punctuation">:</span> H4sIAAAAAAAA/0XIQQrCMBCF4bN0n4zWgLi2SzelPYDUacQxbQKdBAkhd7chgqv/ve8E6gJtM31Y4mzkQg9Io5/QiJ3uyawM6aaj6J52TxasIF0DGu0L/VZN7xbC+Of6cy4yaHZhQ1125+xMnpzNoo/+5exBQXuEc/NmIrkF62nVMNR+AXbnt16gAAAA <span class="token key atrule">Metadata</span> <span class="token punctuation">:</span> <span class="token key atrule">aws:cdk:path</span> <span class="token punctuation">:</span> aws <span class="token punctuation">-</span> cdk <span class="token punctuation">-</span> python <span class="token punctuation">-</span> s3/CDKMetadata/Default <span class="token key atrule">Condition</span> <span class="token punctuation">:</span> CDKMetadataAvailable <span class="token key atrule">Conditions</span> <span class="token punctuation">:</span> <span class="token key atrule">CDKMetadataAvailable</span> <span class="token punctuation">:</span> <span class="token key atrule">Fn::Or</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Or</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> af <span class="token punctuation">-</span> south <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> ap <span class="token punctuation">-</span> east <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> ap <span class="token punctuation">-</span> northeast <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> ap <span class="token punctuation">-</span> northeast <span class="token punctuation">-</span> <span class="token number">2</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> ap <span class="token punctuation">-</span> south <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> ap <span class="token punctuation">-</span> southeast <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> ap <span class="token punctuation">-</span> southeast <span class="token punctuation">-</span> <span class="token number">2</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> ca <span class="token punctuation">-</span> central <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> cn <span class="token punctuation">-</span> north <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> cn <span class="token punctuation">-</span> northwest <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Or</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> eu <span class="token punctuation">-</span> central <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> eu <span class="token punctuation">-</span> north <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> eu <span class="token punctuation">-</span> south <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> eu <span class="token punctuation">-</span> west <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> eu <span class="token punctuation">-</span> west <span class="token punctuation">-</span> <span class="token number">2</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> eu <span class="token punctuation">-</span> west <span class="token punctuation">-</span> <span class="token number">3</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> me <span class="token punctuation">-</span> south <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> sa <span class="token punctuation">-</span> east <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> us <span class="token punctuation">-</span> east <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> us <span class="token punctuation">-</span> east <span class="token punctuation">-</span> <span class="token number">2</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Or</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> us <span class="token punctuation">-</span> west <span class="token punctuation">-</span> <span class="token number">1</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Equals</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> Region <span class="token punctuation">-</span> us <span class="token punctuation">-</span> west <span class="token punctuation">-</span> <span class="token number">2</span> <span class="token key atrule">Parameters</span> <span class="token punctuation">:</span> <span class="token key atrule">BootstrapVersion</span> <span class="token punctuation">:</span> <span class="token key atrule">Type</span> <span class="token punctuation">:</span> AWS <span class="token punctuation">:</span> <span class="token punctuation">:</span> SSM <span class="token punctuation">:</span> <span class="token punctuation">:</span> Parameter <span class="token punctuation">:</span> <span class="token punctuation">:</span> Value<String <span class="token punctuation">></span> <span class="token key atrule">Default</span> <span class="token punctuation">:</span> /cdk <span class="token punctuation">-</span> bootstrap/hnb659fds/version <span class="token key atrule">Description</span> <span class="token punctuation">:</span> Version of the CDK Bootstrap resources in this environment <span class="token punctuation">,</span> automatically retrieved from SSM Parameter Store. <span class="token punctuation">[</span> cdk <span class="token punctuation">:</span> skip <span class="token punctuation">]</span> <span class="token key atrule">Rules</span> <span class="token punctuation">:</span> <span class="token key atrule">CheckBootstrapVersion</span> <span class="token punctuation">:</span> <span class="token key atrule">Assertions</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Assert</span> <span class="token punctuation">:</span> <span class="token key atrule">Fn::Not</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token key atrule">Fn::Contains</span> <span class="token punctuation">:</span> <span class="token punctuation">-</span> <span class="token punctuation">-</span> <span class="token string">"1"</span> <span class="token punctuation">-</span> <span class="token string">"2"</span> <span class="token punctuation">-</span> <span class="token string">"3"</span> <span class="token punctuation">-</span> <span class="token string">"4"</span> <span class="token punctuation">-</span> <span class="token string">"5"</span> <span class="token punctuation">-</span> <span class="token key atrule">Ref</span> <span class="token punctuation">:</span> BootstrapVersion <span class="token key atrule">AssertDescription</span> <span class="token punctuation">:</span> CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI. |
After running the above command, a CloudFormation in YAML format will be printed to stdout. In addition, the directory cdk.out
is also created with template files in JSON format so that it can be deployed on AWS Cloud through CloudFormation.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | ├── README.md ├── app.py ├── aws_cdk_python_s3 │ ├── __init__.py │ ├── __pycache__ │ │ ├── __init__.cpython-310.pyc │ │ └── aws_cdk_python_s3_stack.cpython-310.pyc │ └── aws_cdk_python_s3_stack.py ├── cdk.json ├── cdk.out │ ├── aws-cdk-python-s3.assets.json │ ├── aws-cdk-python-s3.template.json │ ├── cdk.out │ ├── manifest.json │ └── tree.json ├── requirements-dev.txt ├── requirements.txt ├── source.bat └── tests ├── __init__.py └── unit ├── __init__.py └── test_aws_cdk_python_s3_stack.py |
6. Deploy Amazon S3 Bucket to AWS Cloud Using AWS CDK
If this is your first time running the deploy command, you will need to bootstrap your AWS CDK application before it can be deployed to AWS[^1], which will help create the resources needed for the CDK toolkit to deploy your application. friends, they include: S3 bucket, IAM roles, SSM Parameter,…
1 2 | cdk bootstrap |
To deploy the S3 bucket on AWS, we run the following command
1 2 | cdk deploy |
You can check the generated KMS key and S3 on the AWS console
7. Clean up resources
To clean up the created resource, use destroy
command
1 2 3 4 5 6 7 8 | cdk destroy <span class="token comment"># output</span> Are you sure you want to delete: aws-cdk-python-s3 <span class="token punctuation">(</span> y/n <span class="token punctuation">)</span> ? y aws-cdk-python-s3: destroying <span class="token punctuation">..</span> . ✅ aws-cdk-python-s3: destroyed |
summary
We have successfully created an Amazon S3 Bucket using the AWS CDK with Python with some attributes that increase the security of the bucket. You can refer to the articles and tutorials about AWS CDK in this series
Original article on VNTechies Dev Blog
https://dev.vntechies.com/blog/aws/cdk/tao-s3-bucket-voi-aws-cdk
References