-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improved ergonomics for stack default environment #58
Comments
On deployment, environment-agnostic stacks regions are currently resolved to the aws cli profile. Is the intent of this to do that resolution earlier than at deploy time? |
@stlserverless yes, the intent is that when an app is synthesized within the context of a |
We are in the process of importing this RFC from the AWS CDK repo. You can read more here: aws/aws-cdk#4131 |
Marking this RFCs as |
Originally posted here: aws/aws-cdk#4131
RFC: Default Stack Environments
Background
At the moment, if a
Stack
is defined withoutenv
, it is said to be an environment-agnostic stack. This technically means thatstack.account
andstack.region
will resolve to{ "Ref": "AWS::AccountId" }
and{ "Ref": "AWS::Region" }
. The implication are that code that relies on parsing one of these values will fail (e.g. the EKS library has an AMI map keyed bystack.region
).Users are able to explicitly "inherit" the CLI's current environment by using a couple of environment variables which are always populated by the CLI:
Prior to introducing explicit support for environment agnostic stacks (PR), falling back to the CLI's current environment was the default behavior if you didn't specify
env
.The problem with this approach was that if users wanted to use
cdk synth
and use the resulting artifact (template/cloud-assembly) in CI/CD systems, they couldn't rely on the fact that results will be deterministic since they will be dependent on the specific runtime environment. For example, in one environmentAWS_DEFAULT_REGION
can be set tous-east-1
and in another it will be set tous-west-2
, which can technically result in a totally different output.Problem
The current situation creates undesired friction when getting started with certain modules of the CDK (and potentially 3rd party modules as well that depend on explicit env). For example, if a user wishes to deploy an EKS cluster with
cdk deploy
, they will have to define their stacks with explicitenv
(either specify account/region or useCDK_DEFAULT_XXX
).Opportunity
When using
cdk deploy
directly with an app that has stack(s) without explicitenv
, the synthesized output is an intermediate artifact that is never visible. In this case, defaulting to the current account/region is safe and is probably what most users expect.Proposal
The proposal is:
--default-env=inherit|explicit|agnostic
switch to the CLI which will control the default env mode.CDK_DEFAULT_ACCOUNT
andCDK_DEFAULT_REGION
to be able to express these three modes (currently it cannot express environment-agnosticness).env
inStack
to fall back toCDK_DEFAULT_ACCOUNT
andCDK_DEFAULT_REGION
if an explicit value is not specified.env
is not explicitly set andCDK_DEFAULT_XXX
is undefined, stack initialization will fail with an error.cdk deploy
will beinherit
. This is because when a stack without env is deployed with the CLI, we know where it's going. There's no point playing this game here.cdk synth
will beexplicit
. The implication of this (detalied below) is that if users wish to synthesize an artifact from their CDK app and deploy it at a later stage, they will have to either explicitly specifyenv
for all stacks or usecdk synth --default-env=inherit|agnostic
.{ env: { region: Aws.REGION, account: Aws.ACCOUNT_ID } }
but can be made easier with{ env: Stack.ANY_ENV }
.Implications
It also means that
cdk synth
will fail unless all stacks have a specific environment specified (either env-specific or env-agnostic), which may be undesirable for certain use cases.Let's look at what people use
cdk synth
for:cdk.out
(the "cloud assembly") or the templates inside it as a self-contained artifact which can later be deployed usingcdk-deploy --app cdk.out
.For the 2nd use case (CI/CD), where
cdk synth
is used during build to produce a deployment artifact, we feel that requiring explicitness is actually a benefit. Deterministic infrastructure definitions are an important tenent of the AWS CDK, and requiring that users be explicit when they deploy apps through CI/CD is actually an added value. If users wish to synthesize environment agnostic templates, they can simply specifyenv: Stack.ANY_ENV
when they define their stacks.The 1st use case, however, where
cdk synth
is used to print a template to STDOUT for inspection, is something we still wish to support without requiring users to explicitly specifyenv
s.Before we decide what to do about that, we should acknowledge that the current behavior of
cdk synth
is a bit confusing today:cdk synth
requires that you specify the stack name in order to print to STDOUT, otherwise it just createscdk.out
.cdk synth
prints to STDOUT is prints in YAML (unless--json
is specified), whilecdk.out
always uses JSON (#2965).cdk.out
is created no matter what, for both use cases ofsynth
and even if it the app was synthesized implicitly as part ofcdk deploy
. This also somewhat causes confusion.We propose to separate the "synth" use cases into two different CLI commands:
cdk print
andcdk synth
. The first will serve the inspection use case and the second the CI/CD use case. This way, we can decide that--default-env
will have a different default behavior for these two commands. Forcdk print
we will default toagnostic
and forcdk synth
we will default toexplicit
.Description
We are looking to change the default behavior for when a Stack is defined without env in order to improve the developer experience.
When using
cdk deploy
directly with an app that has stack(s) without explicit env, we can inherit the CLI's current environment instead of synthesize environment-agnostic stacks.Progress
The text was updated successfully, but these errors were encountered: