由于使用aws-cdk创建和销毁vpc和rds实例需要花费时间,因此我们将它们分成了单独的堆栈。
VpcRds(取决于vpc)应用程序(取决于Rds)
起初,数据库实例命名存在问题。解决此问题后,我便开始在应用程序堆栈的管道上工作。
当我尝试部署我的应用程序堆栈时,它将运行在依赖关系中并进行检查。 Vpc没有更改,因此可以快速运行,而无需更新。应该对Rds堆栈说同样的话,但是它尝试在每次部署时更新堆栈。如果没有任何变化,那么它肯定会像Vpc堆栈一样工作并且不了解任何更改,因此请跳到下一个堆栈。
通过CloudFormation,我们可以通过将策略应用于堆栈来跳过或阻止任何不需要的更新。从我所见,这仍在开发中。
https://github.com/aws/aws-cdk/issues/3414https://github.com/aws/aws-cdk-rfcs/issues/72
[有一个使用setPolicy的示例,但是它正在创建一个新的cloudformation,并且我不太确定我将如何实现它。
const app = new cdk.App();
const vpc = new VpcStack(app, "vpc", { env, appEnvironment: "staging" });
const rds = new RdsStack(app, "rds", {
env,
vpc: vpc.vpc,
appEnvironment: "staging",
masterPassword: dbPassword,
});
rds.addDependency(vpc);
const appStack = new AppStack(app, "app", {
env,
// configure the environments you want to setup. The default is production &
// staging, but for testing we'll just do staging.
appEnvironments: ["staging"],
environmentProps: {
// per environment options go here
staging: {
vpc: vpc.vpc,
db: {
instance: rds.dbInstance,
securityGroup: rds.securityGroup,
username: rds.username,
password: dbPassword,
},
ebOptions: {
ec2KeyName: "App",
},
},
},
});
appStack.addDependency(rds);
const pipeStack = new PipelineStack(app, "pipeline", {
appEnvironment: "staging"
});
pipeStack.addDependency(appStack);
app.synth();
编辑
cdk差异输出
cdk diff
Stack vpcStaging
There were no differences
Stack rdsStaging
Resources
[~] AWS::RDS::DBInstance instance instanceB**** replace
├─ [~] DBName (requires replacement)
│ ├─ [-] rds_staging
│ └─ [+] DBRds
├─ [~] DeletionPolicy
│ ├─ [-] Delete
│ └─ [+] Retain
└─ [~] UpdateReplacePolicy
├─ [-] Delete
└─ [+] Retain
Stack application
Template
[-] Description Description: Elasticbeanstalk setup for application
Security Group Changes
┌───┬─────────────────────────────────────────────┬─────┬─────────────────────────────────────────────┬─────────────────────────────────────────────┐
│ │ Group │ Dir │ Protocol │ Peer │
├───┼─────────────────────────────────────────────┼─────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┤
│ - │ {"Fn::ImportValue":"rdsStaging:ExportsOutput │ In │ TCP {"Fn::ImportValue":"rdsStaging:ExportsOu │ ${prodsecurityGroupD*****.GroupId} │
│ │ FnGetAttsecurityGroup88888GroupId***** │ │ tputFnGetAttinstance*****EndpointPort***** │ │
│ │ 1"} │ │ *****"} │ │
├───┼─────────────────────────────────────────────┼─────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┤
│ + │ ${staging/securityGroup.GroupId} │ Out │ Everything │ Everyone (IPv4) │
├───┼─────────────────────────────────────────────┼─────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┤
│ + │ {"Fn::ImportValue":"rdsStaging:ExportsOutput │ In │ TCP {"Fn::ImportValue":"rdsStaging:ExportsOu │ ${staging/securityGroup.GroupId} │
│ │ FnGetAttsecurityGroup*****GroupId***** │ │ tputFnGetAttinstance*****EndpointPort***** │ │
│ │ 1"} │ │ *****"} │ │
└───┴─────────────────────────────────────────────┴─────┴─────────────────────────────────────────────┴─────────────────────────────────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
Resources
[-] AWS::EC2::SecurityGroup stagingsecurityGroup****** destroy
[-] AWS::EC2::SecurityGroupIngress stagingsecurityGrouprdsStagingsecurityGroup*****IndirectPortto***** destroy
[-] AWS::ElasticBeanstalk::Environment staging***** destroy
[+] AWS::EC2::SecurityGroup staging/securityGroup stagingsecurityGroup*****
[+] AWS::EC2::SecurityGroupIngress staging/securityGroup/rdsStagingsecurityGroup*****:{IndirectPort} to stagingsecurityGrouprdsStagingsecurityGroup*****IndirectPortto*****
[+] AWS::ElasticBeanstalk::Environment staging/staging staging*****
好吧,正如我在评论中提到的那样,当从2个不同堆栈中导入另一个资源时,CDK在后台使用Fn::ImportValue
。
从CDK Git-Hub source code:
/**
* The intrinsic function ``Fn::ImportValue`` returns the value of an output
* exported by another stack. You typically use this function to create
* cross-stack references. In the following example template snippets, Stack A
* exports VPC security group values and Stack B imports them.
* @param sharedValueToImport The stack output value that you want to import.
* @returns a token represented as a string
*/
public static importValue(sharedValueToImport: string): string {
return new FnImportValue(sharedValueToImport).toString();
}
如您所见,此函数返回以字符串表示的令牌。
因此,每次您运行cdk deploy
时,都会生成新的令牌,并且看起来资源已更改。