Deploy CDK project

Save changes and compile the project.

Run cdk diff to take a look at the changes that are going to be deployed.

cdk diff

The CDK CLI requires you to be in the same directory as your cdk.json file.

The output should look like this:

Resources
[+] AWS::RDS::DBSubnetGroup NorthwindPostgreSQL/Subnets NorthwindPostgreSQLSubnets51B70158
[+] AWS::RDS::DBCluster NorthwindPostgreSQL NorthwindPostgreSQL34332C72
[+] AWS::RDS::DBInstance NorthwindPostgreSQL/Instance1 NorthwindPostgreSQLInstance15E57D78E
[~] AWS::EC2::SecurityGroup NorthwindDatabaseSecurityGroup NorthwindDatabaseSecurityGroup0267A879
 └─ [~] SecurityGroupIngress
     └─ @@ -5,5 +5,12 @@
        [ ]     "FromPort": 1433,
        [ ]     "IpProtocol": "tcp",
        [ ]     "ToPort": 1433
        [+]   },
        [+]   {
        [+]     "CidrIp": "54.240.197.232/32",
        [+]     "Description": "from 54.240.197.232/32:5432",
        [+]     "FromPort": 5432,
        [+]     "IpProtocol": "tcp",
        [+]     "ToPort": 5432
        [ ]   }
        [ ] ]

Outputs
[+] Output PostgreSQLEndpointAddress PostgreSQLEndpointAddress: {"Value":{"Fn::GetAtt":["NorthwindPostgreSQL34332C72","Endpoint.Address"]}}

As you can see, the following changes are going to happen:

  • New rule will be added to the database security group to allow traffic on port 5432 from your IP address
  • New Amazon Aurora PostgreSQL cluster and database instance will be created

Now it’s time to deploy the updates using cdk deploy command.

cdk deploy

As you will add new ingress rule for database security group, CDK will ask you to confirm these modifications.

This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:

Security Group Changes
┌───┬───────────────────────────────────────────┬─────┬──────────┬───────────────────┐
│   │ Group                                     │ Dir │ Protocol │ Peer              │
├───┼───────────────────────────────────────────┼─────┼──────────┼───────────────────┤
│ + │ ${NorthwindDatabaseSecurityGroup.GroupId} │ In  │ TCP 5432 │ 54.240.197.232/32 │
└───┴───────────────────────────────────────────┴─────┴──────────┴───────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Do you wish to deploy these changes (y/n)? y

It takes about 10 minutes to setup new Amazon Aurora PostgreSQL database cluster.

Once deployment is complete, you will se the following output:

NorthwindCdkStack: deploying...
NorthwindCdkStack: creating CloudFormation changeset...
 0/6 | 3:43:44 PM | UPDATE_IN_PROGRESS   | AWS::CloudFormation::Stack            | NorthwindCdkStack User Initiated
 0/6 | 3:43:49 PM | CREATE_IN_PROGRESS   | AWS::RDS::DBSubnetGroup               | NorthwindPostgreSQL/Subnets (NorthwindPostgreSQLSubnets51B70158)
 0/6 | 3:43:49 PM | UPDATE_IN_PROGRESS   | AWS::EC2::SecurityGroup               | NorthwindDatabaseSecurityGroup (NorthwindDatabaseSecurityGroup0267A879)
 0/6 | 3:43:49 PM | CREATE_IN_PROGRESS   | AWS::RDS::DBSubnetGroup               | NorthwindPostgreSQL/Subnets (NorthwindPostgreSQLSubnets51B70158) Resource creation Initiated
 1/6 | 3:43:50 PM | CREATE_COMPLETE      | AWS::RDS::DBSubnetGroup               | NorthwindPostgreSQL/Subnets (NorthwindPostgreSQLSubnets51B70158)
 2/6 | 3:44:05 PM | UPDATE_COMPLETE      | AWS::EC2::SecurityGroup               | NorthwindDatabaseSecurityGroup (NorthwindDatabaseSecurityGroup0267A879)
 2/6 | 3:44:06 PM | UPDATE_IN_PROGRESS   | AWS::RDS::DBInstance                  | NorthwindSQLServer (NorthwindSQLServerB034B5AC)
 2/6 | 3:44:06 PM | CREATE_IN_PROGRESS   | AWS::RDS::DBCluster                   | NorthwindPostgreSQL (NorthwindPostgreSQL34332C72)
 3/6 | 3:44:07 PM | UPDATE_COMPLETE      | AWS::RDS::DBInstance                  | NorthwindSQLServer (NorthwindSQLServerB034B5AC)
 3/6 | 3:44:08 PM | CREATE_IN_PROGRESS   | AWS::RDS::DBCluster                   | NorthwindPostgreSQL (NorthwindPostgreSQL34332C72) Resource creation Initiated
 3/6 Currently in progress: NorthwindCdkStack, NorthwindPostgreSQL34332C72
 4/6 | 3:45:10 PM | CREATE_COMPLETE      | AWS::RDS::DBCluster                   | NorthwindPostgreSQL (NorthwindPostgreSQL34332C72)
 4/6 | 3:45:11 PM | CREATE_IN_PROGRESS   | AWS::RDS::DBInstance                  | NorthwindPostgreSQL/Instance1 (NorthwindPostgreSQLInstance15E57D78E)
 4/6 | 3:45:13 PM | CREATE_IN_PROGRESS   | AWS::RDS::DBInstance                  | NorthwindPostgreSQL/Instance1 (NorthwindPostgreSQLInstance15E57D78E) Resource creation Initiated
 4/6 Currently in progress: NorthwindCdkStack, NorthwindPostgreSQLInstance15E57D78E
 5/6 | 3:49:18 PM | CREATE_COMPLETE      | AWS::RDS::DBInstance                  | NorthwindPostgreSQL/Instance1 (NorthwindPostgreSQLInstance15E57D78E)
 5/6 | 3:49:20 PM | UPDATE_COMPLETE_CLEA | AWS::CloudFormation::Stack            | NorthwindCdkStack
 6/6 | 3:49:21 PM | UPDATE_COMPLETE      | AWS::CloudFormation::Stack            | NorthwindCdkStack

 ✅✅  NorthwindCdkStack

Outputs:
NorthwindCdkStack.SQLServerEndpointAddress = northwind-sqlserver.co2fenrrdwhy.eu-west-1.rds.amazonaws.com
NorthwindCdkStack.PostgreSQLEndpointAddress = northwind-postgresql.cluster-co2fenrrdwhy.eu-west-1.rds.amazonaws.com

Stack ARN:
arn:aws:cloudformation:eu-west-1:123456789012:stack/NorthwindCdkStack/b0b3b510-62c8-11ea-a0c9-060e4e394d84

Please note the Amazon Aurora PostgreSQL endpoint address northwind-postgresql.cluster-co2fenrrdwhy.eu-west-1.rds.amazonaws.com.