├── Acknowledgments.md ├── Foreword.md ├── LICENSE ├── ListOfFreeRecipes.md ├── README.md ├── RequirementAndSetup.md ├── TechniquesAndApproachesUsedinThisBook.md └── cloudshell-setup.sh /Acknowledgments.md: -------------------------------------------------------------------------------- 1 | # Acknowledgments 2 | Thank you to Jeff Armstrong, author of [Migrating to AWS, A Manager’s Guide](https://www.amazon.com/Migrating-AWS-Managers-Competitive-Business/dp/1492074241/) for introducing us to O’Reilly. 3 | 4 | We want to recognize the tech reviewers who helped get this book to where it is today. Their keen eyes, opinions, and technical prowess are greatly appreciated. Jess Males, Gaurav Raje, Jeff Barr, Paul Bayer, Neil Stewart, David Kheyman, Justin Domingus, Justin Garrison, Julian Pittas, Mark Wilkins, and Virginia Chu—thank you. 5 | 6 | Thanks to the knowledgeable community at [r/aws](https://www.reddit.com/r/aws) for always providing great insights and opinions. 7 | 8 | Thank you to our production editor, Christopher Faucher, for getting the book in tip-top shape for release. Thanks also to our editor, Virginia Wilson, for taking the time to work with first-time authors during a pandemic. Your patience, suggestions, and guidance allowed us to complete this book and remain (somewhat) sane :-) 9 | -------------------------------------------------------------------------------- /Foreword.md: -------------------------------------------------------------------------------- 1 | # Foreword 2 | 3 | As part of the Amazon Web Services (AWS) team since the beginning, I have been able to watch it grow in scale, richness, and complexity from a unique vantage point. Even after writing thousands of blog posts and millions of words, I learn something new and useful about AWS just about every day. 4 | 5 | With well over two hundred services in production and more launching regularly, AWS could easily leave you feeling overwhelmed. In addition to tens of thousands of pages of official AWS documentation, bloggers, AWS Heroes, AWS Partners, and others have created innumerable pieces of content—including blog posts, videos, webinars, overviews, and code samples. 6 | 7 | While there’s no substitute for having a full and complete understanding of a particular AWS service, the reality is that you often simply need to solve a “point” problem. Even after you understand a service, remembering how to use it to solve that problem can be a challenge—at least it is for me. 8 | 9 | And that is where this cookbook comes in. Because of its broad selection of topics and carefully chosen recipes, I am confident that you will be able to quickly find one that addresses your immediate need and to put it into practice in short order. You can solve your problem, refresh your knowledge of that aspect of AWS, and move forward to create value for your customers! 10 | 11 | My favorite aspect of this book is that it does not hand-wave past any of the details. Each recipe assumes that you start fresh and then helps you to cook up a perfectly seasoned solution. Nothing is left to chance, and you can use the recipes as is in most cases. The recipes also cover the all-important cleanup phase and ensure that you leave your AWS environment as you found it. 12 | 13 | Where appropriate, the recipes use the AWS Cloud Development Kit (CDK) and include all of the necessary “moving parts.” The CDK provides a double benefit; in addition to helping you to move forward more quickly, these CDK elements can help you learn more about how to put infrastructure as code (IaC) into practice. 14 | 15 | Most cookbooks are designed to be browsed and savored, and this one is no exception. Flip through it, read an entire chapter, or use just a recipe or two, as you wish. I also recommend that you go through all of [Chapter 1](https://github.com/AWSCookbook/Security), just to make sure that your environment is set up and ready to go. Then, when you are presented with a problem to solve, find the appropriate recipe, put it into practice, and reap the benefits. 16 | 17 | Jeff Barr 18 | 19 | VP and Chief Evangelist at AWS 20 | 21 | Seattle, WA 22 | 23 | November 2021 24 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 AWS Cookbook 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /ListOfFreeRecipes.md: -------------------------------------------------------------------------------- 1 | * Chapter 1 Security 2 | * [1.4 Testing IAM Policies with the IAM Policy Simulator](https://github.com/AWSCookbook/Security/blob/main/104-Testing-IAM-Policies-with-the-IAM-Policy-Simulator/README.md) 3 | * [1.6 Connecting to EC2 Instances Using AWS SSM Session Manager](https://github.com/AWSCookbook/Security/tree/main/106-Connecting-to-EC2-Instances-Using-Session-Manager) 4 | * Chapter 2 Networking 5 | * [2.6 Using VPC Reachability Analyzer to Verify and Troubleshoot Network Paths](https://github.com/AWSCookbook/Networking/tree/main/206-VPC-Reachability-Analyzer) 6 | * Chapter 3 Security 7 | * Chapter 4 Databases 8 | * Chapter 5 Serverless 9 | * Chapter 6 Containers 10 | * [6.2 Automatically Scanning Images in ECR for Security](https://github.com/AWSCookbook/Containers/tree/main/602-Image-Scanning-In-ECR) 11 | * [6.7 Launching a Fargate container task in response to an event](https://github.com/AWSCookbook/Containers/tree/main/607-Fargate-Task-With-Event) 12 | * Chapter 7 Big Data 13 | * [7.2 Streaming Data to Amazon S3 Using Amazon Kinesis Data Firehose](https://github.com/AWSCookbook/BigData/tree/main/702-Streaming-Data-to-S3-Using-Kinesis-Firehose) 14 | * Chapter 8 Artificial Intelligence 15 | * [8.4 Redacting PII from text using Amazon Comprehend](https://github.com/AWSCookbook/ArtificialIntelligence/tree/main/804-Redacting-PII-from-text-using-Comprehend) 16 | * Chapter 9 Account Management 17 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [Requirements and Setup](RequirementAndSetup.md) 2 | 3 | [Techniques and Approaches Used in This Book](TechniquesAndApproachesUsedinThisBook.md) 4 | 5 | [Foreword](Foreword.md) 6 | 7 | [Acknowledgments](Acknowledgments.md) 8 | 9 | [List of FREE recipes!](https://github.com/AWSCookbook/Getting-Started/blob/main/ListOfFreeRecipes.md) 10 | 11 | # Preface 12 | 13 | > The vast majority of workloads will go to the cloud. We’re just at the beginning—there’s so much more to happen. -- [Andy Jassy](https://www.forbes.com/sites/siliconangle/2015/01/28/andy-jassy-aws-trillion-dollar-cloud-ambition/?sh=120bdcdb321e) 14 | 15 | 16 | Cloud usage has been gaining traction with enterprises and small businesses over the last decade and continues to accelerate. Gartner said the worldwide infrastructure as a service (IaaS) public cloud services market [grew 40.7% in 2020](https://www.gartner.com/en/newsroom/press-releases/2021-06-28-gartner-says-worldwide-iaas-public-cloud-services-market-grew-40-7-percent-in-2020). The rapid growth of the cloud has led to a [huge demand](https://www.gartner.com/en/newsroom/press-releases/2019-01-17-gartner-survey-shows-global-talent-shortage-is-now-the-top-emerging-risk-facing-organizations) for cloud skills by many organizations. Many IT professionals understand the basic concepts of the cloud but want to become more comfortable working in the cloud. This gap between the supply and demand of cloud skills presents a significant opportunity for individuals to level up their career. 17 | 18 | Through our combined 20+ years of cloud experience, we have had the benefit of working on Amazon Web Services (AWS) projects in many different roles. We have provided guidance to hundreds of developers on how and when to use AWS services. This has allowed us to understand the common challenges and easy wins of the cloud. We would like to share these lessons with you and give you a leg up for your own advancement. We wrote this book to share some of our knowledge and enable you to quickly acquire useful skills for working in the cloud. We hope that you will find yourself using this book as reference material for many years to come. 19 | 20 | ## Who This Book Is For 21 | This book is for developers, engineers, and architects of all levels, from beginner to expert. Beginners will learn cloud concepts and become comfortable working with cloud services. Experts will be able to examine code used to stand up recipe foundations, explore new services, and gain additional perspectives. If the plethora of cloud services and combinations seem overwhelming to you, then this book is for you. The recipes in this book aim to provide “Hello, World” proofs of concept and components of enterprise-grade applications. This will be accomplished using common use cases with guided walk-throughs of scenarios that you can directly apply to your current or future work. These curated and experience-building recipes are meant to demystify services and will immediately deliver value, regardless of your AWS experience level. 22 | 23 | ## What You Will Learn 24 | In addition to opening up new career opportunities, being able to harness the power of AWS will give you the ability to create powerful systems and applications that solve many interesting and demanding problems in our world today. Would you like to handle 60,000 cyber threats per second using AWS machine learning like [Siemens](https://aws.amazon.com/solutions/case-studies/siemens/) does? Or reduce your organization’s on-premises footprint and expand its use of microservices like [Capital One](https://aws.amazon.com/solutions/case-studies/capital-one/) has? If so, the practical examples in this book will help expedite your learning by providing tangible examples showing how you can put the building blocks of AWS together to form practical solutions that address common scenarios. The on-demand consumption model, vast capacity, advanced capabilities, and global footprint of the cloud create new possibilities that need to be explored. 25 | 26 | ## The Recipes 27 | We break the book into chapters that focus on general areas of technology (e.g., security, networking, artificial intelligence, etc.). The recipes contained within the chapters are bite-sized, self-contained, and easily consumable. Recipes vary in length and complexity. Each recipe has a problem statement, solution (with diagram), and discussion. Problem statements are tightly defined to avoid confusion. Solutions contain required preparation and steps to walk you through the work needed to accomplish the goal. When appropriate, explicit validation checks will be provided. We’ve also added extra challenges to the recipes to help you advance your learning if you wish to do so. Finally, we end each recipe with a short discussion to help you understand the solution and why it matters, suggestions to extend the solution, and ways to utilize it for real impact. 28 | 29 | > Note: To keep your AWS bill low and keep your account tidy, each recipe has cleanup steps provided in the repositories associated with the book. 30 | 31 | Each chapter has its own repository at https://github.com/awscookbook. The repository contains preparation steps for easy copying and pasting, required files, and infrastructure as code. We have also created GitHub templates for reporting bugs and suggesting new recipes. We encourage you to leverage GitHub to submit issues, create requests for new recipes, and submit your own pull requests. We will actively maintain the chapter repositories with updates for recipe steps and code in the README files of each recipe. Be sure to check these for any new or alternative approaches. We look forward to interacting with you on GitHub with new fun challenges and hints to assist you. 32 | 33 | Some recipes are “built from scratch,” and others include preparation steps to allow you to interact with common scenarios seen in the real world. We have provided code to enable you to easily deploy the prerequisites. For example, Recipe 6.5, assumes that you are a container developer creating an application deployment that requires an existing network stack. When prerequisites exist, they can be “pre-baked” with preparation steps using code provided in the repositories. When substantial preparation for a recipe is needed, you will use the AWS Cloud Development Kit (CDK), which is a fantastic tool for intelligently defining and declaring infrastructure. The majority of the recipes are CLI based; when appropriate, we use console walk-throughs including screenshots or descriptive text. 34 | 35 | > Note: There are many ways to achieve similar outcomes on AWS; this book will not be an exhaustive list. Many factors will dictate the best overall solution for your use case. We have selected recipe topics to help you learn about AWS and make the best choices for your specific needs. 36 | 37 | You’ll find recipes for things like the following: 38 | * Redacting personally identifiable information (PII) from text by using Amazon Comprehend 39 | * Automating password rotation for Amazon Relational Database Service (RDS) databases 40 | * Using VPC Reachability Analyzer to verify and troubleshoot network paths 41 | 42 | Along with the recipes, we also provide short lines of code in the [Appendix](https://github.com/AWSCookbook/HerbsAndSpices/) that will quickly accomplish valuable and routine tasks. We feel that these are great tidbits to add to your cloud toolbox. 43 | 44 | > Warning: AWS has a [free tier](https://aws.amazon.com/free/), but implementing recipes in this book could incur costs. We provide cleanup instructions, but you are responsible for any costs in your account. We recommend checking out the [Well-Architected Labs](https://www.wellarchitectedlabs.com/) developed by AWS on expenditure awareness and leveraging [AWS Budgets actions](https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-controls.html) to control costs. 45 | -------------------------------------------------------------------------------- /RequirementAndSetup.md: -------------------------------------------------------------------------------- 1 | # Requirements 2 | 3 | Here are the requirements to get started and some tips on where to find assistance: 4 | 5 | * AWS account 6 | * [Setup instructions](https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/) 7 | * An IAM user with console and programmatic access 8 | * Administrator privileges for your IAM user 9 | * Personal computer/laptop 10 | * Software 11 | * Terminal with bash or Z shell (Zsh) 12 | * Git 13 | * [Install instructions](https://github.com/git-guides/install-git) 14 | * Homebrew (optional but recommended to install other requirements) 15 | * [Install instructions](https://docs.brew.sh/Installation) 16 | * Code editor (e.g., VSCodium or AWS Cloud9) 17 | * Recommended install: `brew install --cask vscodium` 18 | * AWS CLI version 2 (2.1.26 or later) 19 | * [Install guide](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) 20 | * Recommended install: brew install awscli@2 21 | * Python 3.7.9 (and pip) or later 22 | * Example install: `brew install python3` 23 | * AWS Cloud Development Kit version 2.0 or later 24 | * [Getting started guide](https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html) 25 | * Recommended install: `brew install npm && npm i -g aws-cdk` 26 | * Web browser (e.g., Microsoft Edge, Google Chrome, or Mozilla Firefox) when AWS Console access is needed 27 | 28 | Recommended: Create a folder in your home directory called AWSCookbook. This will allow you to clone each chapter’s repository in one place: 29 | ``` 30 | AWSCookbook:$ tree -L 1 31 | . 32 | ├── ArtificialIntelligence 33 | ├── BigData 34 | ``` 35 | 36 | > NOTE: The code we have provided is written for version 2. You can find out more information about how to migrate to and install CDK version 2 in this [AWS CDK v2 article](https://aws.amazon.com/blogs/developer/announcing-aws-cloud-development-kit-v2-developer-preview/). 37 | 38 | # Setup 39 | In addition to the installation of the prerequisites listed previously, you will need the following access. 40 | 41 | ### AWS account setup 42 | You will need a user with administrative permissions. Some of the recipes require the ability to create AWS Identity and Access Management (IAM) resources. You can follow the AWS guide for creating your first IAM admin user and user group. 43 | 44 | ### General workstation setup steps for CLI recipes 45 | We have created a group of code repositories available at https://github.com/awscookbook. Create a folder called AWSCookbook in your home directory (or any place of your choosing) and cd there: 46 | ``` 47 | mkdir ~/AWSCookbook && cd ~/AWSCookbook 48 | ``` 49 | This will give you a place to check out chapter repositories (e.g., Security): 50 | ``` 51 | git clone https://github.com/AWSCookbook/Security 52 | ``` 53 | Set and export your default Region in your terminal: 54 | ``` 55 | export AWS_REGION=us-east-1 56 | ``` 57 | 58 | > TIP: AWS offers many Regions across the world for cloud deployments. We’ll be using the us-east-1 Region for simplicity. As long as the services are available, there is no reason these recipes won’t work in other Regions. AWS has a list of [Regions and services](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/). 59 | 60 | Set your AWS ACCOUNT_ID by parsing output from the `aws sts get-caller-identity` operation: 61 | ``` 62 | AWS_ACCOUNT_ID=$(aws sts get-caller-identity \ 63 | --query Account --output text) 64 | ``` 65 | 66 | > NOTE: The `aws sts get-caller-identity` operation “returns details about the IAM user or role whose credentials are used to call the operation.” 67 | 68 | Validate AWS Command Line Interface (AWS CLI) setup and access: 69 | ``` 70 | aws ec2 describe-instances 71 | ``` 72 | 73 | If you don’t have any EC2 instances deployed, you should see output similar to the following: 74 | ``` 75 | { 76 | "Reservations": [] 77 | } 78 | ``` 79 | > NOTE: AWS CLI version 2 will by default send command output with multiple lines to less in your terminal. You can type q to exit. If you want to override this behavior, you can modify your ~/.aws/config file to remove this default functionality. 80 | 81 | > TIP: AWS CloudShell is a browser-based terminal that you can use to quickly create a terminal environment in your authenticated AWS Console session to run AWS CLI commands from. By default, it uses the identity of your browser session to interact with the AWS APIs. Many of the recipes can be run using CloudShell. You can use CloudShell to run recipe steps, clean up commands, and other AWS CLI commands as your authenticated user, if you do not want to create a session that you use in your own local terminal environment on your workstation. 82 | -------------------------------------------------------------------------------- /TechniquesAndApproachesUsedinThisBook.md: -------------------------------------------------------------------------------- 1 | # Techniques and Approaches Used in This Book 2 | 3 | This section provides examples of techniques and approaches we perform throughout the book to make the recipe steps easier to follow. You can skip over these topics if you feel comfortable with them. You can always come back and reference this section. 4 | 5 | ## Querying outputs, environment variables, and command substitution 6 | Sometimes when subsequent commands depend on outputs from the command you are currently running. The AWS CLI provides the ability for [client-side filtering](https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html#cli-usage-filter-client-side) of output. At times, we will set [environment variables](https://en.wikipedia.org/wiki/Environment_variable) that contain these outputs by leveraging [command substitution](https://www.gnu.org/software/bash/manual/html_node/Command-Substitution.html). 7 | 8 | We’ll combine these three techniques to make things easier for you as you proceed through steps in the book. Here is an example: 9 | 10 | Use the AWS Security Token Service (AWS STS) to retrieve your IAM user (or role) Amazon Resource Name (ARN) with the AWS CLI: 11 | ``` 12 | aws sts get-caller-identity 13 | ``` 14 | You should see output similar to the following: 15 | ``` 16 | { 17 | "UserId": "EXAMPLE", 18 | "Account": "111111111111", 19 | "Arn": "arn:aws:iam::111111111111:user/UserName" 20 | } 21 | ``` 22 | An example of querying for the ARN value and outputting it to the terminal follows: 23 | ``` 24 | aws sts get-caller-identity --query Arn --output text 25 | ``` 26 | You should see output similar to the following: 27 | ``` 28 | arn:aws:iam::111111111111:user/UserName 29 | ``` 30 | Query for the ARN value and set it as an environment variable using command substitution: 31 | ``` 32 | PRINCIPAL_ARN=$(aws sts get-caller-identity --query Arn --output text) 33 | ``` 34 | To check the value of an environment variable, for example, you can echo it to the terminal: 35 | ``` 36 | echo $PRINCIPAL_ARN 37 | ``` 38 | You should see output similar to the following: 39 | ``` 40 | arn:aws:iam::111111111111:user/UserName 41 | ``` 42 | > TIP: Using the --dry-run flag is always a good idea when performing an operation that makes changes—for example, aws ec2 create-vpc --dry-run --cidr-block 10.10.0.0/16. 43 | 44 | ## Replacing values in provided template files 45 | Where possible, to simplify the learning experience for you, we have provided template files in the chapter code repositories that you can use as a starting point as input to some of the commands you will run in recipe steps. For example, when you create an AWS CodeDeploy configuration in [Recipe 6.5](https://github.com/AWSCookbook/Containers/tree/main/605-Updating-Containers-With-BlueGreen), we provide codedeploy-template.json with `AWS_ACCOUNT_ID`, `PROD_LISTENER_ARN`, and `TEST_LISTENER_ARN` placeholders in the JSON file. We expect you to replace these placeholder values and save the file as codedeploy.json. 46 | 47 | To further simplify your experience, if you follow the steps exactly and save these to environment variables, you can use the `sed` command to replace the values. Where possible, we provide you a command to do this, such as this example from [Chapter 6](https://github.com/AWSCookbook/Containers): 48 | 49 | Use the `sed` command to replace the values with the environment variables you exported with the helper.py script: 50 | ``` 51 | sed -e "s/AWS_ACCOUNT_ID/${AWS_ACCOUNT_ID}/g" \ 52 | -e "s|PROD_LISTENER_ARN|${PROD_LISTENER_ARN}|g" \ 53 | -e "s|TEST_LISTENER_ARN|${TEST_LISTENER_ARN}|g" \ 54 | codedeploy-template.json > codedeploy.json 55 | ``` 56 | ## Passwords 57 | During some of the steps in the recipes, you will create passwords and temporarily save them as environment variables to use in subsequent steps. Make sure you unset the environment variables by following the cleanup steps when you complete the recipe. We use this approach for simplicity of understanding. A more secure method (such as the method in [Recipe 1.8](https://github.com/AWSCookbook/Security/tree/main/108-Storing-Encrypting-Accessing-Passwords)) should be used in production environments by leveraging AWS Secrets Manager. 58 | 59 | ### Generation 60 | You can use AWS Secrets Manager via the AWS CLI to [generate passwords](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/secretsmanager/get-random-password.html) with specific requirements. An example from [Chapter 4](https://github.com/AWSCookbook/Databases) looks like this: 61 | ``` 62 | ADMIN_PASSWORD=$(aws secretsmanager get-random-password \ 63 | --exclude-punctuation \ 64 | --password-length 41 --require-each-included-type \ 65 | --output text \ 66 | --query RandomPassword) 67 | ``` 68 | ### Usage and storage 69 | In production environments, you should use [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) or [AWS Systems Manager Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) (using secure strings) with IAM policies to control who and what can access the secrets. For simplicity, some of the policies of passwords and secrets used in the recipes might not be as locked down from a policy perspective as you would want in a production environment. Be sure to always write your own IAM policies to control this behavior in practice. 70 | 71 | ## Random suffixes 72 | We generate a lot of random suffixes when we deal with global services like Amazon S3. These are needed because S3 bucket names need to be globally unique across the entire AWS customer base. Secrets Manager can be used via the CLI to generate a string that satisfies the naming convention and adds this random element to ensure all book readers can create resources and follow along using the same commands: 73 | ``` 74 | RANDOM_STRING=$(aws secretsmanager get-random-password \ 75 | --exclude-punctuation --exclude-uppercase \ 76 | --password-length 6 --require-each-included-type \ 77 | --output text \ 78 | --query RandomPassword) 79 | ``` 80 | You can also use any other utilities to generate random strings. Some local tools may be preferred. 81 | 82 | The resource (example S3 bucket) can then be created with a command like this: 83 | ``` 84 | aws s3api create-bucket --bucket awscookbook801-$RANDOM_STRING 85 | ``` 86 | 87 | 88 | ## AWS Cloud Development Kit and helper.py 89 | A good place to start is the [“Getting started with the AWS CDK” guide](https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html). After you have CDK 2.0 installed, if this is the first time you are using the AWS CDK, you’ll need to bootstrap with the Region you are working on with the AWS CDK toolkit: 90 | ``` 91 | cdk bootstrap aws://$AWS_ACCOUNT_ID/$AWS_REGION 92 | ``` 93 | We use the AWS CDK when needed throughout the book to give you the ability to deploy a consistent scenario that aligns with the problem statement you see in the recipe. You can also choose to execute the recipe steps in your own existing environments, as long as you have the input variables required for the recipe steps. If things don’t work in your environment, you can stand up the provided environment and compare. 94 | 95 | The CDK code we included in the repositories deploys resources using the AWS CloudFormation service, and we wrote output variables that you use in recipe steps. We created a Python script called helper.py which you can run in your terminal to take the CloudFormation output and set local variables to make the recipe steps easier to follow—in most cases, even copy and paste. 96 | 97 | An example set of commands for deploying CDK code for a recipe after checking out the chapter repository for [Chapter 4](https://github.com/AWSCookbook/Databases), looks like the following: 98 | ``` 99 | cd 401-Creating-an-Aurora-Serverless-DB/cdk-AWS-Cookbook-401/ 100 | test -d .venv || python3 -m venv .venv 101 | source .venv/bin/activate 102 | pip install --upgrade pip setuptools wheel 103 | pip install -r requirements.txt 104 | cdk deploy 105 | ``` 106 | You can easily copy and paste the preceding code from the root of the chapter repository (assuming you have Python, pip, and CDK installed as prerequisites) to deploy the scenario that the solution will address in the solution steps of the recipe. 107 | 108 | The helper.py tool we created can then be run in your terminal after the `cdk deploy` is complete: 109 | ``` 110 | python helper.py 111 | ``` 112 | You should see output that you can copy and paste into your terminal to set environment variables from the CDK CloudFormation stack outputs: 113 | ``` 114 | $ python helper.py 115 | Copy and paste the commands below into your terminal 116 | ROLE_NAME='cdk-aws-cookbook-108-InstanceSS1PK7LB631QYEF' 117 | INSTANCE_ID='random string here' 118 | ``` 119 | > NOTE: Finally, a reminder that although we work for AWS, the opinions expressed in this book are our own. 120 | 121 | Put on your apron, and let’s get cooking with AWS! 122 | 123 | -------------------------------------------------------------------------------- /cloudshell-setup.sh: -------------------------------------------------------------------------------- 1 | #Set your AWS ACCOUNT ID by parsing output from the aws sts get-caller-identity operation. 2 | AWS_ACCOUNT_ID=$(aws sts get-caller-identity \ 3 | --query Account --output text) 4 | 5 | #Create a folder called AWSCookbook abd cd into it 6 | test -d AWSCookbook || mkdir AWSCookbook 7 | cd AWSCookbook 8 | 9 | #Example: Checkout Chapter repos 10 | test -d Security || git clone https://github.com/AWSCookbook/Security 11 | --------------------------------------------------------------------------------