Create an Amazon S3 bucket using AWS CDK

Tram Ho


This tutorial will explain what is needed to create an Amazon S3 bucket using the AWS CDK Python. The source code provided here comes with all the steps needed to run and deploy the AWS CDK code on AWS Cloud.

First, you need [install the AWS CDK] and the IAM profile to be able to deploy the system using the AWS CLI. After learning how to aggregate code from the AWS CDK to create an Amazon S3 bucket construct, you can deploy it to the AWS Cloud and clean up resources using the AWS CDK destroy statement.

Here are the specific steps to install and deploy an Amazon S3 bucket using the AWS CDK:

Before building the Amazon S3 bucket construct, you need to complete the following steps to be able to run the AWS CDK with Python

  1. Install AWS CDK and Python
  2. Install AWS CLI and AWS profiles
  3. Create an AWS CDK project with Python

If you have completed these steps, you can start from step 4

1. Install AWS CDK

Install AWS CDK using npm package manager with below command

You can also refer to the detailed article on installing AWS CDK

2. Install AWS CLI and install AWS profile

AWS CLI is a command line tool that allows you to interact with AWS services through your terminal. Depending on the operating system you are using, the installation method may be different

To be able to access your AWS account from the AWS CLI, you need to set up an AWS Profile. There are 2 ways you can do that:

  1. Access and secret key from IAM User
  2. AWS Single Sign-on (SSO) user

In this article, to be able to quickly set up AWS Profile, we will choose method 1.

Go to IAM Users

  • Select IAM user, click Security credentials and create a new credential

Select IAM user, click Security credentials and create a new credential

  • Save the access key and secret key (because this is the only and last time you will see it)
  • Install AWS profiles for AWS CLI

  • Your credential information will be saved at ~/.aws/credentials under the profile name [default], which you can confirm with the following command

3. Create an AWS CDK Python project

After installing the profile and packages, you start creating the AWS CDK python project to build the Amazon S3 bucket construct.

  • You can create an AWS CDK python project by running the following command in an empty directory

  • Run the following command to create a virtual environment and install the necessary packages for python

4. Create an Amazon S3 Bucket construct with the AWS CDK

After init project, the files will be generated as follows

  • kms_key is the newly created AWS Key Management Service to encrypt data on s3
  • object_ownership helps you disable access control lists (ACLs) and the bucket owner will have all rights to all objects in this bucket. ACLs will no longer affect permission management, but the bucket will use policies to manage access. This simplifies the way you manage and access the objects stored in your bucket.
  • block_public_access new objects will default to private mode and will not allow public access
  • encryption_key allows the use of a Customer managed keys to encrypt objects stored in the s3 bucket.
  • bucket.grant_read() allows a user with root privileges of the AWS account to access the created bucket

5. Synthesize Amazon S3 Bucket with AWS CDK

Amazon S3 bucket construct has already been created in the stack of the AWS CDK app, the next step will be to aggregate it into a CloudFormation template by running the statement for AWS CDK Synthesize

After running the above command, a CloudFormation in YAML format will be printed to stdout. In addition, the directory cdk.out is also created with template files in JSON format so that it can be deployed on AWS Cloud through CloudFormation.

6. Deploy Amazon S3 Bucket to AWS Cloud Using AWS CDK

If this is your first time running the deploy command, you will need to bootstrap your AWS CDK application before it can be deployed to AWS[^1], which will help create the resources needed for the CDK toolkit to deploy your application. friends, they include: S3 bucket, IAM roles, SSM Parameter,…

To deploy the S3 bucket on AWS, we run the following command

You can check the generated KMS key and S3 on the AWS console

You can check the generated KMS key and S3 on the AWS console

7. Clean up resources

To clean up the created resource, use destroy command


We have successfully created an Amazon S3 Bucket using the AWS CDK with Python with some attributes that increase the security of the bucket. You can refer to the articles and tutorials about AWS CDK in this series

Original article on VNTechies Dev Blog



Share the news now

Source : Viblo