Structuring non-application specific infrastructure deployment with AWS CDK

Question

Currently setting up CDK from scratch here and looking for justification and best practices from the trenches. I have multiple apps which I will naturally have my CDK code and the app code in one repo (reeping the benefits of synonymous languages for app and infra code).

But I am looking for tips on that generic infra. Think the Sec Hub setup, Config rules, Alerting stacks, etc. Basically anything that does not have the app as a dependant. How would you:

• structure the repo (multiple apps, stacks or stages ?)
• deploy these if you don't want to risk redeploying all when updating one ?
• tie this into CI/CD somehow ? If so, how ?

My thought is: one git repo (aws_infra for example), one CDK app, under which I have multiple stacks. Each stack represents a service. Then just deploying it with cdk deploy $yourstackname (or CI/CD equivalent), I guess if I define stacks with different environments, it can be deployed to multiple... well, environments. Interested to hear how it would be best set up for

Answer 1

You have almost answered you own question. I prefer to use one repository with a single CDK app with multiple stacks which then consist of constructs. We use stacks to separate independent blocks of code, such as a network-stack, a logging-stack, database-stack, application1-stack etc. such that we can deploy the stuff that changes often together. It is a hassle to pass parameters between stacks to be careful to not split two things that should be together.

I recommend to read the documentation page for best practices using CDK. The section Construct best practices will answer many of your questions.

Regading CI/CD, you could set up something that chooses the stack to deploy depending on what folders have changed in a given PR.