Upgrade to AWS CDK v2 & AWS SDK v3

bin/rds-init-example.ts

@@ -3,7 +3,7 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: MIT-0
 
-import * as cdk from '@aws-cdk/core'
+import * as cdk from 'aws-cdk-lib'
 import { RdsInitStackExample } from '../demos/rds-init-example'
 
 const app = new cdk.App()

cdk.json

@@ -1,13 +1,4 @@
 {
   "app": "npx ts-node --prefer-ts-exts bin/rds-init-example.ts",
-  "context": {
-    "@aws-cdk/core:enableStackNameDuplicates": "true",
-    "aws-cdk:enableDiffNoFail": "true",
-    "@aws-cdk/core:stackRelativeExports": "true",
-    "@aws-cdk/aws-ecr-assets:dockerIgnoreSupport": true,
-    "@aws-cdk/aws-secretsmanager:parseOwnedSecretName": true,
-    "@aws-cdk/aws-kms:defaultKeyPolicies": true,
-    "@aws-cdk/aws-s3:grantWriteWithoutAcl": true,
-    "@aws-cdk/aws-ecs-patterns:removeDefaultDesiredCount": true
-  }
+  "context": {}
 }

demos/rds-init-example.ts

@@ -1,14 +1,14 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: MIT-0
 
-import * as cdk from '@aws-cdk/core'
-import { CfnOutput, Duration, Stack, Token } from '@aws-cdk/core'
+import * as cdk from 'aws-cdk-lib'
+import { CfnOutput, Duration, Stack, Token } from 'aws-cdk-lib'
 import { CdkResourceInitializer } from '../lib/resource-initializer'
-import { DockerImageCode } from '@aws-cdk/aws-lambda'
-import { InstanceClass, InstanceSize, InstanceType, Port, SubnetType, Vpc } from '@aws-cdk/aws-ec2'
-import { RetentionDays } from '@aws-cdk/aws-logs'
-import { Credentials, DatabaseInstance, DatabaseInstanceEngine, DatabaseSecret, MysqlEngineVersion } from '@aws-cdk/aws-rds'
-import * as lambda from '@aws-cdk/aws-lambda'
+import { DockerImageCode } from 'aws-cdk-lib/aws-lambda'
+import { InstanceClass, InstanceSize, InstanceType, Port, SubnetType, Vpc } from 'aws-cdk-lib/aws-ec2'
+import { RetentionDays } from 'aws-cdk-lib/aws-logs'
+import { Credentials, DatabaseInstance, DatabaseInstanceEngine, DatabaseSecret, MysqlEngineVersion } from 'aws-cdk-lib/aws-rds'
+import * as lambda from 'aws-cdk-lib/aws-lambda'
 
 
 export class RdsInitStackExample extends Stack {
@@ -30,7 +30,7 @@ export class RdsInitStackExample extends Stack {
       },{
         cidrMask: 24,
         name: 'compute',
-        subnetType: SubnetType.PRIVATE_WITH_NAT,
+        subnetType: SubnetType.PRIVATE_WITH_EGRESS,
       },{
         cidrMask: 28,
         name: 'rds',
@@ -67,7 +67,7 @@ export class RdsInitStackExample extends Stack {
       fnSecurityGroups: [],
       vpc,
       subnetsSelection: vpc.selectSubnets({
-        subnetType: SubnetType.PRIVATE_WITH_NAT
+        subnetType: SubnetType.PRIVATE_WITH_EGRESS
       })
     })
     // manage resources dependency
@@ -83,7 +83,7 @@ export class RdsInitStackExample extends Stack {
     const lambdaQuery = new lambda.Function(this, 'MyLambdaRDSQueryHelper', {
       code: new lambda.AssetCode(`${__dirname}/rds-query-fn-code`),
       handler: 'index.handler',
-      runtime: lambda.Runtime.NODEJS_16_X,
+      runtime: lambda.Runtime.NODEJS_22_X,
       memorySize: 1024,
       timeout: cdk.Duration.seconds(300),
       functionName: "my-lambda-rds-query-helper"

demos/rds-query-fn-code/index.js

@@ -1,5 +1,5 @@
 const mysql = require('mysql2')
-const AWS = require('aws-sdk')
+const { SecretsManagerClient, GetSecretValueCommand } = require('@aws-sdk/client-secrets-manager')
 require('dotenv').config();
 
 // the env AWS_ENDPOINT_URL is automatically injected and available
@@ -8,11 +8,13 @@ const url = new URL(endpoint);
 const hostname = url.hostname;
 
 // configure the secretsmanager to connect to the running LocalStack instance
-const secrets = new AWS.SecretsManager({ 
+const secrets = new SecretsManagerClient({ 
   endpoint: endpoint,
-  accessKeyId: 'test',
-  secretAccessKey: 'test',
-  region: 'us-east-1',
+  credentials: {
+    accessKeyId: 'test',
+    secretAccessKey: 'test'
+  },
+  region: 'us-east-1'
 })
 
 // the function expects "secretName" and "sqlQuery" as payload
@@ -59,12 +61,12 @@ function query (connection, sql) {
   })
 }
 
-function getSecretValue (secretId) {
-  return new Promise((resolve, reject) => {
-    secrets.getSecretValue({ SecretId: secretId }, (err, data) => {
-      if (err) return reject(err)
-
-      return resolve(JSON.parse(data.SecretString))
-    })
-  })
+async function getSecretValue (secretId) {
+  try {
+    const command = new GetSecretValueCommand({ SecretId: secretId })
+    const response = await secrets.send(command)
+    return JSON.parse(response.SecretString)
+  } catch (error) {
+    throw error
+  }
 }

demos/rds-query-fn-code/package.json

@@ -1,5 +1,5 @@
 {
-    "name": "rds-init-script",
+    "name": "rds-query-fn",
     "version": "1.0.0",
     "description": "Source code for querying RDS instance using Node.js",
     "main": "index.js",
@@ -9,7 +9,8 @@
     "author": "",
     "license": "MIT",
     "dependencies": {
-      "mysql2": "^3.3.1",
-      "dotenv": "^16.0.3"
+      "@aws-sdk/client-secrets-manager": "^3.0.0",
+      "mysql2": "^3.0.0",
+      "dotenv": "^16.0.0"
     }
   }

lib/resource-initializer.ts

@@ -1,12 +1,13 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: MIT-0
 
-import * as ec2 from '@aws-cdk/aws-ec2'
-import * as lambda from '@aws-cdk/aws-lambda'
-import { Construct, Duration, Stack } from '@aws-cdk/core'
-import { AwsCustomResource, AwsCustomResourcePolicy, AwsSdkCall, PhysicalResourceId } from '@aws-cdk/custom-resources'
-import { RetentionDays } from '@aws-cdk/aws-logs'
-import { PolicyStatement, Role, ServicePrincipal } from '@aws-cdk/aws-iam'
+import * as ec2 from 'aws-cdk-lib/aws-ec2'
+import * as lambda from 'aws-cdk-lib/aws-lambda'
+import { Construct } from 'constructs'
+import { Duration, Stack } from 'aws-cdk-lib'
+import { AwsCustomResource, AwsCustomResourcePolicy, AwsSdkCall, PhysicalResourceId } from 'aws-cdk-lib/custom-resources'
+import { RetentionDays } from 'aws-cdk-lib/aws-logs'
+import { PolicyStatement, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'
 import { createHash } from 'crypto'
 
 export interface CdkResourceInitializerProps {
@@ -37,15 +38,14 @@ export class CdkResourceInitializer extends Construct {
     })
 
     const fn = new lambda.DockerImageFunction(this, 'ResourceInitializerFn', {
-      memorySize: props.fnMemorySize || 128,
+      memorySize: props.fnMemorySize || 128,
       functionName: `${id}-ResInit${stack.stackName}`,
       code: props.fnCode,
       vpcSubnets: props.vpc.selectSubnets(props.subnetsSelection),
       vpc: props.vpc,
       securityGroups: [fnSg, ...props.fnSecurityGroups],
       timeout: props.fnTimeout,
-      logRetention: props.fnLogRetention,
-      allowAllOutbound: true
+      logRetention: props.fnLogRetention
     })
 
     const payload: string = JSON.stringify({

package.json

@@ -12,25 +12,16 @@
     "cdk": "cdk"
   },
   "devDependencies": {
-    "@aws-cdk/assert": "^1.125.0",
     "@types/jest": "^27.0.2",
     "@types/node": "^14.17.20",
-    "aws-cdk": "^1.125.0",
+    "aws-cdk": "^2.0.0",
     "jest": "^27.2.4",
     "ts-jest": "^27.0.5",
     "ts-node": "^10.2.1",
     "typescript": "^4.4.3"
   },
   "dependencies": {
-    "@aws-cdk/aws-ec2": "^1.125.0",
-    "@aws-cdk/aws-iam": "^1.125.0",
-    "@aws-cdk/aws-lambda": "^1.125.0",
-    "@aws-cdk/aws-logs": "^1.125.0",
-    "@aws-cdk/aws-rds": "^1.125.0",
-    "@aws-cdk/aws-s3": "^1.125.0",
-    "@aws-cdk/aws-secretsmanager": "^1.125.0",
-    "@aws-cdk/aws-ssm": "^1.125.0",
-    "@aws-cdk/core": "^1.125.0",
-    "@aws-cdk/custom-resources": "^1.125.0"
+    "aws-cdk-lib": "^2.0.0",
+    "constructs": "^10.0.0"
   }
 }