Converting CloudFormation into CDK?

[awhillas]

Hi!
I'm trying to deploy a side project cheaply and found this post by Aidan Steele on his blog called Cheap serverless containers using API Gateway in which he outlines how to deploy an ECS service/task without using an ALB, which are pricy. He provides 2 complete Cloudformation templates which I'm trying to convert into CDK. Here is what I have so far

from aws_cdk import Stack
from aws_cdk import aws_apigatewayv2 as apigatewayv2
from aws_cdk import aws_certificatemanager as acm
from aws_cdk import aws_ec2 as ec2
from aws_cdk import aws_route53 as route53
from aws_cdk import aws_servicediscovery as servicediscovery
from constructs import Construct
from stacks import HOSTED_ZONE_ID, VPC_ID, DOMAIN_NAME


class MetaCheapInfraStack(Stack):

    def __init__(self, scope: Construct, id: str, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        # Create a VPC
        self.vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=VPC_ID)

        # Create subnets
        self.subnet_a = ec2.Subnet(
            self,
            "SubnetA",
            vpc_id=self.vpc.vpc_id,
            cidr_block="10.1.1.0/24",
            availability_zone=f"{self.region}a",
        )

        self.subnet_b = ec2.Subnet(
            self,
            "SubnetB",
            vpc_id=self.vpc.vpc_id,
            cidr_block="10.1.2.0/24",
            availability_zone=f"{self.region}b",
        )

        # Create a Route 53 hosted zone
        self.hosted_zone = route53.HostedZone.from_hosted_zone_attributes(
            self,
            "HostedZone",
            hosted_zone_id=HOSTED_ZONE_ID,
            zone_name=DOMAIN_NAME,
        )

        # Create an ACM-managed TLS certificate
        self.certificate = acm.Certificate(
            self,
            "Certificate",
            domain_name="dev."+DOMAIN_NAME,
            validation=acm.CertificateValidation.from_dns(hosted_zone=self.hosted_zone),
        )

        # Create a security group for the VPC link
        self.vpc_link_security_group = ec2.SecurityGroup(
            self,
            "VpcLinkSecurityGroup",
            vpc=self.vpc,
            description="VPC link security group",
        )

        # Create an API Gateway VPC Link
        self.vpc_link = apigatewayv2.VpcLink(
            self,
            "VpcLink",
            vpc=self.vpc,
            security_groups=[self.vpc_link_security_group],
            subnets=ec2.SubnetSelection(subnets=[self.subnet_a, self.subnet_b]),
        )

        # Create a Cloud Map namespace
        self.cloud_map_namespace = servicediscovery.PrivateDnsNamespace(
            self, "CloudMapNamespace", vpc=self.vpc, name=DOMAIN_NAME
        )

        # Create a route table
        self.route_table = ec2.CfnRouteTable(self, "RouteTable", vpc_id=self.vpc.vpc_id)

        # Create a route
        ec2.CfnRoute(
            self,
            "InternetRoute",
            route_table_id=self.route_table.attr_route_table_id,
            destination_cidr_block="0.0.0.0/0",
            gateway_id=ec2.CfnInternetGateway(self, "InternetGateway"),
        )

        # Associate the subnets with the route table
        ec2.SubnetRouteTableAssociation(
            self,
            "RouteTableAssociationSubnetA",
            subnet_id=self.subnet_a,
            route_table_id=self.route_table.attr_route_table_id,
        )

        ec2.SubnetRouteTableAssociation(
            self,
            "RouteTableAssociationSubnetB",
            subnet_id=self.subnet_b,
            route_table_id=self.route_table.attr_route_table_id,
        )

But i get unsure of myself when we get into the ec2.CfnRouteTable and Cfn* in general as this is sort of stuff I usually rely on CDK for (and permissions). This is failing because the CfnRoute wants a gateway_id not an actual CfnInternetGateway... but I get the feeling I should be using something from aws_apigatewayv2 here?

Anyway, if anyone has some tips as to how to make this more high level, its be much appreciated,
Thanks!

[Flupinochan]

Hello,
In summary, you need to use Ref to reference the Internet Gateway ID as follows:

self.internet_gateway = ec2.CfnInternetGateway(self, "InternetGateway")

ec2.CfnRoute(
    self,
    "InternetRoute",
    route_table_id=self.route_table.attr_route_table_id,
    destination_cidr_block="0.0.0.0/0",
    gateway_id=self.internet_gateway.ref,
)

or

self.internet_gateway = ec2.CfnInternetGateway(self, "InternetGateway")

ec2.CfnRoute(
    self,
    "InternetRoute",
    route_table_id=self.route_table.attr_route_table_id,
    destination_cidr_block="0.0.0.0/0",
    gateway_id=self.internet_gateway.attr_internet_gateway_id,
)

In CDK, there are construct levels. You are using Level 1, so you need to use it similarly to raw CloudFormation. To pass attributes like resource IDs that you've created, you need to use Ref or GetAtt. Your current usage seems like the Level 2 usage, where objects are directly assigned.

[Flupinochan]

The manual is available here