README
¶
AWS CDK Assets
Assets are local files or directories which are needed by a CDK app. A common example is a directory which contains the handler code for a Lambda function, but assets can represent any artifact that is needed for the app's operation.
When deploying a CDK app that includes constructs with assets, the CDK toolkit will first upload all the assets to S3, and only then deploy the stacks. The S3 locations of the uploaded assets will be passed in as CloudFormation Parameters to the relevant stacks.
The following JavaScript example defines a directory asset which is archived as a .zip file and uploaded to S3 during deployment.
asset := assets.NewAsset(this, jsii.String("SampleAsset"), &AssetProps{
Path: path.join(__dirname, jsii.String("sample-asset-directory")),
})
The following JavaScript example defines a file asset, which is uploaded as-is to an S3 bucket during deployment.
asset := assets.NewAsset(this, jsii.String("SampleAsset"), &AssetProps{
Path: path.join(__dirname, jsii.String("file-asset.txt")),
// Optional: describe the purpose of the asset with a human-readable string
DisplayName: jsii.String("My file"),
})
Attributes
Asset constructs expose the following deploy-time attributes:
s3BucketName- the name of the assets S3 bucket.s3ObjectKey- the S3 object key of the asset file (whether it's a file or a zip archive)s3ObjectUrl- the S3 object URL of the asset (i.e. s3://amzn-s3-demo-bucket/mykey.zip)httpUrl- the S3 HTTP URL of the asset (i.e. https://s3.us-east-1.amazonaws.com/amzn-s3-demo-bucket/mykey.zip)
In the following example, the various asset attributes are exported as stack outputs:
asset := assets.NewAsset(this, jsii.String("SampleAsset"), &AssetProps{
Path: path.join(__dirname, jsii.String("sample-asset-directory")),
})
cdk.NewCfnOutput(this, jsii.String("S3BucketName"), &CfnOutputProps{
Value: asset.S3BucketName,
})
cdk.NewCfnOutput(this, jsii.String("S3ObjectKey"), &CfnOutputProps{
Value: asset.S3ObjectKey,
})
cdk.NewCfnOutput(this, jsii.String("S3HttpURL"), &CfnOutputProps{
Value: asset.HttpUrl,
})
cdk.NewCfnOutput(this, jsii.String("S3ObjectURL"), &CfnOutputProps{
Value: asset.S3ObjectUrl,
})
Permissions
IAM roles, users or groups which need to be able to read assets in runtime will should be
granted IAM permissions. To do that use the asset.grantRead(principal) method:
The following example grants an IAM group read permissions on an asset:
group := iam.NewGroup(this, jsii.String("MyUserGroup"))
asset.GrantRead(group)
How does it work
When an asset is defined in a construct, a construct metadata entry
aws:cdk:asset is emitted with instructions on where to find the asset and what
type of packaging to perform (zip or file). Furthermore, the synthesized
CloudFormation template will also include two CloudFormation parameters: one for
the asset's bucket and one for the asset S3 key. Those parameters are used to
reference the deploy-time values of the asset (using { Ref: "Param" }).
Then, when the stack is deployed, the toolkit will package the asset (i.e. zip the directory), calculate an MD5 hash of the contents and will render an S3 key for this asset within the toolkit's asset store. If the file doesn't exist in the asset store, it is uploaded during deployment.
The toolkit's asset store is an S3 bucket created by the toolkit for each environment the toolkit operates in (environment = account + region).
Now, when the toolkit deploys the stack, it will set the relevant CloudFormation Parameters to point to the actual bucket and key for each asset.
Asset Bundling
When defining an asset, you can use the bundling option to specify a command
to run inside a docker container. The command can read the contents of the asset
source from /asset-input and is expected to write files under /asset-output
(directories mapped inside the container). The files under /asset-output will
be zipped and uploaded to S3 as the asset.
The following example uses custom asset bundling to convert a markdown file to html:
asset := assets.NewAsset(this, jsii.String("BundledAsset"), &AssetProps{
Path: path.join(__dirname, jsii.String("markdown-asset")),
// /asset-input and working directory in the container
Bundling: &BundlingOptions{
Image: awscdk.DockerImage_FromBuild(path.join(__dirname, jsii.String("alpine-markdown"))),
// Build an image
Command: []*string{
jsii.String("sh"),
jsii.String("-c"),
jsii.String(`
markdown index.md > /asset-output/index.html
`),
},
},
})
The bundling docker image (image) can either come from a registry (DockerImage.fromRegistry)
or it can be built from a Dockerfile located inside your project (DockerImage.fromBuild).
You can set the CDK_DOCKER environment variable in order to provide a custom
docker program to execute. This may sometime be needed when building in
environments where the standard docker cannot be executed (see
https://github.com/aws/aws-cdk/issues/8460 for details).
Use local to specify a local bundling provider. The provider implements a
method tryBundle() which should return true if local bundling was performed.
If false is returned, docker bundling will be done:
import "github.com/aws/aws-cdk-go/awscdk"
type myBundle struct {
}
func (this *myBundle) tryBundle(outputDir *string, options bundlingOptions) *bool {
canRunLocally := true // replace with actual logic
if canRunLocally {
// perform local bundling here
return jsii.Boolean(true)
}
return jsii.Boolean(false)
}
awscdk.NewAsset(this, jsii.String("BundledAsset"), &AssetProps{
Path: jsii.String("/path/to/asset"),
Bundling: &bundlingOptions{
Local: NewMyBundle(),
// Docker bundling fallback
Image: cdk.DockerImage_FromRegistry(jsii.String("alpine")),
Entrypoint: []*string{
jsii.String("/bin/sh"),
jsii.String("-c"),
},
Command: []*string{
jsii.String("bundle"),
},
},
})
Although optional, it's recommended to provide a local bundling method which can greatly improve performance.
If the bundling output contains a single archive file (zip or jar) it will be
uploaded to S3 as-is and will not be zipped. Otherwise the contents of the
output directory will be zipped and the zip file will be uploaded to S3. This
is the default behavior for bundling.outputType (BundlingOutput.AUTO_DISCOVER).
Use BundlingOutput.NOT_ARCHIVED if the bundling output must always be zipped:
import "github.com/aws/aws-cdk-go/awscdk"
asset := awscdk.NewAsset(this, jsii.String("BundledAsset"), &AssetProps{
Path: jsii.String("/path/to/asset"),
Bundling: &BundlingOptions{
Image: cdk.DockerImage_FromRegistry(jsii.String("alpine")),
Command: []*string{
jsii.String("command-that-produces-an-archive.sh"),
},
OutputType: cdk.BundlingOutput_NOT_ARCHIVED,
},
})
Use BundlingOutput.ARCHIVED if the bundling output contains a single archive file and
you don't want it to be zipped.
Docker options
Depending on your build environment, you may need to pass certain docker options to the docker run command that bundles assets.
This can be done using BundlingOptions properties.
Some optional properties to pass to the docker bundling
import lambda "github.com/aws/aws-cdk-go/awscdk"
asset := awscdk.NewAsset(this, jsii.String("BundledAsset"), &AssetProps{
Path: jsii.String("/path/to/asset"),
Bundling: &BundlingOptions{
Image: lambda.Runtime_PYTHON_3_9().BundlingImage,
Command: []*string{
jsii.String("bash"),
jsii.String("-c"),
jsii.String("pip install -r requirements.txt -t /asset-output && cp -au . /asset-output"),
},
SecurityOpt: jsii.String("no-new-privileges:true"),
// https://docs.docker.com/engine/reference/commandline/run/#optional-security-options---security-opt
Network: jsii.String("host"),
},
})
CloudFormation Resource Metadata
NOTE: This section is relevant for authors of AWS Resource Constructs.
In certain situations, it is desirable for tools to be able to know that a certain CloudFormation resource is using a local asset. For example, SAM CLI can be used to invoke AWS Lambda functions locally for debugging purposes.
To enable such use cases, external tools will consult a set of metadata entries on AWS CloudFormation resources:
aws:asset:pathpoints to the local path of the asset.aws:asset:propertyis the name of the resource property where the asset is used
Using these two metadata entries, tools will be able to identify that assets are used by a certain resource, and enable advanced local experiences.
To add these metadata entries to a resource, use the
asset.addResourceMetadata(resource, property) method.
See https://github.com/aws/aws-cdk/issues/1432 for more details
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Asset_IsConstruct ¶
func Asset_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func NewAsset_Override ¶
func NewAsset_Override(a Asset, scope constructs.Construct, id *string, props *AssetProps)
Types ¶
type Asset ¶
type Asset interface {
constructs.Construct
awscdk.IAsset
// A hash of this asset, which is available at construction time.
//
// As this is a plain string, it
// can be used in construct IDs in order to enforce creation of a new resource when the content
// hash has changed.
AssetHash() *string
// The path to the asset, relative to the current Cloud Assembly.
//
// If asset staging is disabled, this will just be the original path.
// If asset staging is enabled it will be the staged path.
AssetPath() *string
// The S3 bucket in which this asset resides.
Bucket() awss3.IBucket
// Attribute which represents the S3 HTTP URL of this asset.
//
// For example, `https://s3.us-west-1.amazonaws.com/bucket/key`
HttpUrl() *string
// Indicates if this asset is a single file.
//
// Allows constructs to ensure that the
// correct file type was used.
IsFile() *bool
// Indicates if this asset is a zip archive.
//
// Allows constructs to ensure that the
// correct file type was used.
IsZipArchive() *bool
// The tree node.
Node() constructs.Node
// Attribute that represents the name of the bucket this asset exists in.
S3BucketName() *string
// Attribute which represents the S3 object key of this asset.
S3ObjectKey() *string
// Attribute which represents the S3 URL of this asset.
//
// For example, `s3://bucket/key`.
S3ObjectUrl() *string
// Adds CloudFormation template metadata to the specified resource with information that indicates which resource property is mapped to this local asset.
//
// This can be used by tools such as SAM CLI to provide local
// experience such as local invocation and debugging of Lambda functions.
//
// Asset metadata will only be included if the stack is synthesized with the
// "aws:cdk:enable-asset-metadata" context key defined, which is the default
// behavior when synthesizing via the CDK Toolkit.
// See: https://github.com/aws/aws-cdk/issues/1432
//
AddResourceMetadata(resource awscdk.CfnResource, resourceProperty *string)
// Grants read permissions to the principal on the assets bucket.
GrantRead(grantee awsiam.IGrantable)
// Returns a string representation of this construct.
ToString() *string
}
An asset represents a local file or directory, which is automatically uploaded to S3 and then can be referenced within a CDK application.
Example:
import "github.com/aws/aws-cdk-go/awscdk"
asset := awscdk.NewAsset(this, jsii.String("BundledAsset"), &AssetProps{
Path: jsii.String("/path/to/asset"),
Bundling: &BundlingOptions{
Image: cdk.DockerImage_FromRegistry(jsii.String("alpine")),
Command: []*string{
jsii.String("command-that-produces-an-archive.sh"),
},
OutputType: cdk.BundlingOutput_NOT_ARCHIVED,
},
})
func NewAsset ¶
func NewAsset(scope constructs.Construct, id *string, props *AssetProps) Asset
type AssetOptions ¶
type AssetOptions struct {
// Specify a custom hash for this asset.
//
// If `assetHashType` is set it must
// be set to `AssetHashType.CUSTOM`. For consistency, this custom hash will
// be SHA256 hashed and encoded as hex. The resulting hash will be the asset
// hash.
//
// NOTE: the hash is used in order to identify a specific revision of the asset, and
// used for optimizing and caching deployment activities related to this asset such as
// packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will
// need to make sure it is updated every time the asset changes, or otherwise it is
// possible that some deployments will not be invalidated.
// Default: - based on `assetHashType`.
//
AssetHash *string `field:"optional" json:"assetHash" yaml:"assetHash"`
// Specifies the type of hash to calculate for this asset.
//
// If `assetHash` is configured, this option must be `undefined` or
// `AssetHashType.CUSTOM`.
// Default: - the default is `AssetHashType.SOURCE`, but if `assetHash` is
// explicitly specified this value defaults to `AssetHashType.CUSTOM`.
//
AssetHashType awscdk.AssetHashType `field:"optional" json:"assetHashType" yaml:"assetHashType"`
// Bundle the asset by executing a command in a Docker container or a custom bundling provider.
//
// The asset path will be mounted at `/asset-input`. The Docker
// container is responsible for putting content at `/asset-output`.
// The content at `/asset-output` will be zipped and used as the
// final asset.
// Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file,
// archived into a .zip file and uploaded to S3 otherwise
//
Bundling *awscdk.BundlingOptions `field:"optional" json:"bundling" yaml:"bundling"`
// File paths matching the patterns will be excluded.
//
// See `ignoreMode` to set the matching behavior.
// Has no effect on Assets bundled using the `bundling` property.
// Default: - nothing is excluded.
//
Exclude *[]*string `field:"optional" json:"exclude" yaml:"exclude"`
// A strategy for how to handle symlinks.
// Default: SymlinkFollowMode.NEVER
//
FollowSymlinks awscdk.SymlinkFollowMode `field:"optional" json:"followSymlinks" yaml:"followSymlinks"`
// The ignore behavior to use for `exclude` patterns.
// Default: IgnoreMode.GLOB
//
IgnoreMode awscdk.IgnoreMode `field:"optional" json:"ignoreMode" yaml:"ignoreMode"`
// Whether or not the asset needs to exist beyond deployment time;
//
// i.e.
// are copied over to a different location and not needed afterwards.
// Setting this property to true has an impact on the lifecycle of the asset,
// because we will assume that it is safe to delete after the CloudFormation
// deployment succeeds.
//
// For example, Lambda Function assets are copied over to Lambda during
// deployment. Therefore, it is not necessary to store the asset in S3, so
// we consider those deployTime assets.
// Default: false.
//
DeployTime *bool `field:"optional" json:"deployTime" yaml:"deployTime"`
// A display name for this asset.
//
// If supplied, the display name will be used in locations where the asset
// identifier is printed, like in the CLI progress information. If the same
// asset is added multiple times, the display name of the first occurrence is
// used.
//
// The default is the construct path of the Asset construct, with respect to
// the enclosing stack. If the asset is produced by a construct helper
// function (such as `lambda.Code.fromAsset()`), this will look like
// `MyFunction/Code`.
//
// We use the stack-relative construct path so that in the common case where
// you have multiple stacks with the same asset, we won't show something like
// `/MyBetaStack/MyFunction/Code` when you are actually deploying to
// production.
// Default: - Stack-relative construct path.
//
DisplayName *string `field:"optional" json:"displayName" yaml:"displayName"`
// A list of principals that should be able to read this asset from S3.
//
// You can use `asset.grantRead(principal)` to grant read permissions later.
// Default: - No principals that can read file asset.
//
Readers *[]awsiam.IGrantable `field:"optional" json:"readers" yaml:"readers"`
// The ARN of the KMS key used to encrypt the handler code.
// Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
//
SourceKMSKey awskms.IKey `field:"optional" json:"sourceKMSKey" yaml:"sourceKMSKey"`
}
Example:
lambda.NewFunction(this, jsii.String("Function"), &FunctionProps{
Code: lambda.Code_FromAsset(path.join(__dirname, jsii.String("my-python-handler")), &AssetOptions{
Bundling: &BundlingOptions{
Image: lambda.Runtime_PYTHON_3_9().BundlingImage,
Command: []*string{
jsii.String("bash"),
jsii.String("-c"),
jsii.String("pip install -r requirements.txt -t /asset-output && cp -au . /asset-output"),
},
},
}),
Runtime: lambda.Runtime_PYTHON_3_9(),
Handler: jsii.String("index.handler"),
})
type AssetProps ¶
type AssetProps struct {
// Specify a custom hash for this asset.
//
// If `assetHashType` is set it must
// be set to `AssetHashType.CUSTOM`. For consistency, this custom hash will
// be SHA256 hashed and encoded as hex. The resulting hash will be the asset
// hash.
//
// NOTE: the hash is used in order to identify a specific revision of the asset, and
// used for optimizing and caching deployment activities related to this asset such as
// packaging, uploading to Amazon S3, etc. If you chose to customize the hash, you will
// need to make sure it is updated every time the asset changes, or otherwise it is
// possible that some deployments will not be invalidated.
// Default: - based on `assetHashType`.
//
AssetHash *string `field:"optional" json:"assetHash" yaml:"assetHash"`
// Specifies the type of hash to calculate for this asset.
//
// If `assetHash` is configured, this option must be `undefined` or
// `AssetHashType.CUSTOM`.
// Default: - the default is `AssetHashType.SOURCE`, but if `assetHash` is
// explicitly specified this value defaults to `AssetHashType.CUSTOM`.
//
AssetHashType awscdk.AssetHashType `field:"optional" json:"assetHashType" yaml:"assetHashType"`
// Bundle the asset by executing a command in a Docker container or a custom bundling provider.
//
// The asset path will be mounted at `/asset-input`. The Docker
// container is responsible for putting content at `/asset-output`.
// The content at `/asset-output` will be zipped and used as the
// final asset.
// Default: - uploaded as-is to S3 if the asset is a regular file or a .zip file,
// archived into a .zip file and uploaded to S3 otherwise
//
Bundling *awscdk.BundlingOptions `field:"optional" json:"bundling" yaml:"bundling"`
// File paths matching the patterns will be excluded.
//
// See `ignoreMode` to set the matching behavior.
// Has no effect on Assets bundled using the `bundling` property.
// Default: - nothing is excluded.
//
Exclude *[]*string `field:"optional" json:"exclude" yaml:"exclude"`
// A strategy for how to handle symlinks.
// Default: SymlinkFollowMode.NEVER
//
FollowSymlinks awscdk.SymlinkFollowMode `field:"optional" json:"followSymlinks" yaml:"followSymlinks"`
// The ignore behavior to use for `exclude` patterns.
// Default: IgnoreMode.GLOB
//
IgnoreMode awscdk.IgnoreMode `field:"optional" json:"ignoreMode" yaml:"ignoreMode"`
// Whether or not the asset needs to exist beyond deployment time;
//
// i.e.
// are copied over to a different location and not needed afterwards.
// Setting this property to true has an impact on the lifecycle of the asset,
// because we will assume that it is safe to delete after the CloudFormation
// deployment succeeds.
//
// For example, Lambda Function assets are copied over to Lambda during
// deployment. Therefore, it is not necessary to store the asset in S3, so
// we consider those deployTime assets.
// Default: false.
//
DeployTime *bool `field:"optional" json:"deployTime" yaml:"deployTime"`
// A display name for this asset.
//
// If supplied, the display name will be used in locations where the asset
// identifier is printed, like in the CLI progress information. If the same
// asset is added multiple times, the display name of the first occurrence is
// used.
//
// The default is the construct path of the Asset construct, with respect to
// the enclosing stack. If the asset is produced by a construct helper
// function (such as `lambda.Code.fromAsset()`), this will look like
// `MyFunction/Code`.
//
// We use the stack-relative construct path so that in the common case where
// you have multiple stacks with the same asset, we won't show something like
// `/MyBetaStack/MyFunction/Code` when you are actually deploying to
// production.
// Default: - Stack-relative construct path.
//
DisplayName *string `field:"optional" json:"displayName" yaml:"displayName"`
// A list of principals that should be able to read this asset from S3.
//
// You can use `asset.grantRead(principal)` to grant read permissions later.
// Default: - No principals that can read file asset.
//
Readers *[]awsiam.IGrantable `field:"optional" json:"readers" yaml:"readers"`
// The ARN of the KMS key used to encrypt the handler code.
// Default: - the default server-side encryption with Amazon S3 managed keys(SSE-S3) key will be used.
//
SourceKMSKey awskms.IKey `field:"optional" json:"sourceKMSKey" yaml:"sourceKMSKey"`
// The disk location of the asset.
//
// The path should refer to one of the following:
// - A regular file or a .zip file, in which case the file will be uploaded as-is to S3.
// - A directory, in which case it will be archived into a .zip file and uploaded to S3.
Path *string `field:"required" json:"path" yaml:"path"`
}
Example:
import "github.com/aws/aws-cdk-go/awscdk"
asset := awscdk.NewAsset(this, jsii.String("BundledAsset"), &AssetProps{
Path: jsii.String("/path/to/asset"),
Bundling: &BundlingOptions{
Image: cdk.DockerImage_FromRegistry(jsii.String("alpine")),
Command: []*string{
jsii.String("command-that-produces-an-archive.sh"),
},
OutputType: cdk.BundlingOutput_NOT_ARCHIVED,
},
})
Source Files
Directories