Discover more from Fyle Stories
Creating AWS VPC using CDK with Python
Hello! I’m Jayachandhar, Principal Member of Technical Staff at Fyle. I work on infrastructure projects and also help Fyle stay secure.
Introduction to VPC and CDK
AWS VPC (Virtual Private Cloud) enables you to launch virtual networks logically separated from other virtual networks in the cloud. In addition, it lets you control your network configuration, including IP addressing, subnets, routing, and security.
AWS CDK (Cloud Development Kit) is a software development framework defining cloud infrastructure as code (IaC). CDK simplifies provisioning AWS resources by providing a high-level object-oriented abstraction over the AWS CloudFormation templates. CDK can help you define your infrastructure as code in familiar programming languages like TypeScript, Python, Java, C#, and Go. Then use the CDK CLI to deploy it to your AWS account.
Why is this important?
VPCs are a critical element of cloud infrastructure, allowing businesses to create and maintain their own secure and customised network, isolated from other public networks within the AWS ecosystem. This network isolation provides essential protection for sensitive data and resources against potential cyber attacks, while also helping organisations meet regulatory and security compliance requirements, such as PCI DSS and HIPAA.
Configuring VPC via AWS CDK offers several advantages, including IaC (Infrastructure as Code), automation, flexibility, reusability, and collaboration, leading to more efficient, scalable, and manageable infrastructure deployments compared to manual configuration. In addition, CDK makes it easy to version, manage, peer-review, and track changes to your infrastructure.
Overview of the solution
The solution consists of an AWS VPC spread across two availability zones and the subnets required to run three-tier architecture applications.
In this blog, we will explore how to provide the above setup using AWS CDK with Python.
Lets create a new CDK project in python
# create project directory mkdir vpc-demo cd vpc-demo # initialise a CDK python project cdk init app --language python # install required python packages python3 -m venv .venv source .venv/bin/activate pip install -r requirements.txt
Folder structure after above steps
Lets configure AWS VPC
Modify vpc_demo/vpc_demo_stack.py with following
|import aws_cdk.aws_ec2 as ec2|
|import aws_cdk.aws_s3 as s3|
|from aws_cdk import Stack, Tags|
|from constructs import Construct|
|def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:|
|super().__init__(scope, construct_id, **kwargs)|
|self.vpc_name = 'vpc-demo'|
|self.vpc_cidr = '192.168.0.0/16'|
|vpc_construct_id = 'vpc'|
|audit_bucket_construct_id = 'audit-bucket'|
|audit_bucket_name = 'vpc-demo-audit-bucket'|
|self.audit_bucket = s3.Bucket.from_bucket_name(|
|self, audit_bucket_construct_id, audit_bucket_name|
|self.vpc: ec2.Vpc = ec2.Vpc(|
Here we are creating an AWS VPC named vpc-demo with two availability zones and six subnets.
Two public subnets for running load balancer or any publicly exposed AWS service.
Two private subnets with NAT gateway for running backend applications.
Two isolated subnets for running RDS instances.
We are creating one NAT gateway required for backend applications / host machines to connect to internet. Common use case is to install a package or pull docker images, etc.
Finally, configuring VPC flow logs to an existing s3 bucket named
Know your changes
cdk synth command converts CDK app code and synthesising it into a CloudFormation stack. You can verify generated CloudFormation template before deploying the stack. You can use the following cmd.
cdk diff command helps you identify the changes that will be made when you deploy your app, allowing you to review and validate your infrastructure changes before they are implemented. You can use the following cmd.
Output of the cdk diff should be like the following
Deploying your changes
Once you have reviewed the infrastructure changes using
cdk diff cmd (yes always make sure to review the changes), you can use the following command to deploy your changes to AWS.
Now that we have deployed & tested our demo code, its time for cleanup.
cdk destroy cmd cleans up the resources that are created during the deployment process.
⚠️ Proceed with caution for the
destroy command in production CDK stacks.