Rule the
World
Through IaC

WHOA!
MaiCoin Lead Site Reliability Engineering
Taipei HashiCorp User Group Organizer
AWS User Group Taiwan Staff
I’m Smalltown

Taipei HashiCorp User Group

INTRODUCTION
01
What is CDK for
Terraform?
demonstration
02
How CDK for Terraform
Work?
analysis
03
Dive Into CDK for
Terraform
conclusion
04
IaC Day 2

INTRODUCTION
TO CDK For Terraform
01

What is Terraform? (1/2)
Terraform is an open source
provisioning tool.
It ships as a single binary
which is written in Go.
Terraform is cross platform
and can run on Linux,
Windows, or MacOS.
Installing terraform is easy.
You simply download a zip
file, unzip it, and run it.

What is Terraform? (2/2)
● Executable Documentation
● Human and Machine readable
● Easy to Learn
● Test, Share, Re-Use, Automate
● Works on all Major Cloud Providers
resource aws_instance "catapp" {
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
tags = {
Name = "${var.prefix}-meow"
}
}

Terraform Allows Us to...
● Manage Multi-Cloud & Hybrid Infrastructure
● Manage Third-Party SaaS Through Provider
● Increase Provisioning Speed
● Improve Efficiency & Reduce Risk
● ...

What is Terraform Weaknesses ?
● Require User to Learn a New Custom Language, The
HCL (HashiCorp Configuration Language) DSL
● No Loops, Functions, and Classes Concept Like
General Programing Language

CDK for Terraform
● Although HCL has been One of The Fastest Growing
Languages at GitHub
● Officials have Often Heard The Desire to Provision
Infrastructure W/ Familiar Programming Languages
● With the CDK for Terraform Project You Can Define
Infrastructure Resources Using TypeScript, Python...

Demonstration CDK
For Terraform
02

How CDK for Terraform Work
cdktf
(JSON)

cdktf.json
{
"language": "python",
"app": "pipenv run ./main.py",
"terraformProviders": [
"aws@~> 2.70",
"local@~> 1.4",
"null@~> 2.1",
"random@~> 2.1",
"template@~> 2.1"
],
"terraformModules": [
"terraform-aws-modules/vpc/aws",
"terraform-aws-modules/eks/aws"
],
"codeMakerOutput": "imports"
}

Terraform Providers
provider "aws" {
version = "~> 2.70"
region = "us-east-1"
}
from imports.aws import AwsProvider
AwsProvider(self, 'Aws', region='us-east-1')

Terraform Modules
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "my-vpc"
cidr = "10.0.0.0/16"
azs = [“us-west-2a”, “us-west-2b”, “us-west-2c”]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24",
"10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24",
"10.0.103.0/24"]
enable_nat_gateway = true
}
from imports.terraform_aws_modules.vpc.aws import Vpc
my_vpc = Vpc(self, 'MyVpc',
name='my-vpc',
cidr='10.0.0.0/16',
azs=['us-west-2a', 'us-west-2b', 'us-west-2c'],
private_subnets=['10.0.1.0/24', '10.0.2.0/24',
'10.0.3.0/24'],
public_subnets=['10.0.101.0/24', '10.0.102.0/24',
'10.0.103.0/24'],
enable_nat_gateway=True
)

Terraform Datas
data "aws_caller_identity" "current" {}
output "'create_user_arn'" {
value = data.aws_caller_identity.current.arn
}
from imports.aws import DataAwsCallerIdentity
TerraformOutput(self, 'create_user_arn',
value=DataAwsCallerIdentity(self, 'current').arn
)

Resource Dependency
module "my-cluster" {
source = "terraform-aws-modules/eks/aws"
cluster_name = "my-eks"
subnets = my_vpc.private_subnets
vpc_id = my_vpc.vpc_id
}
my_eks= Eks(self, 'MyEks',
cluster_name='my-eks',
subnets=Token().as_list(my_vpc.private_subnets_output),
vpc_id=Token().as_string(my_vpc.vpc_id_output),
manage_aws_auth='false'
)

Demonstration

Other Mappings
● Escape Hatch：Passing Meta-Arguments to Resources
not Natively Supported or Implemented
● Terraform Remote Backend：Store Terraform State to
Remote Backend, Instead of Local Storage
● Terraform Remote State：Extract Value from Exist
Terraform State, Avoid Write Fixed Value in
Configuration File

Analysis CDK for
Terraform
03

What Benefits for CDK
● Manage Multi-Cloud & Hybrid Infrastructure Through
Terraform Provider
● Manage Third-Party SaaS Through Terraform Provider
● Increase Provisioning Speed
● Avoid from Open Source to Close Source/Vendor
Locking

What Benefits for Terraform
Define Infrastructure Resources Using TypeScript,
Python...Whatever Program Language You Like

Ready to Go?

Wait a Moment!

Eco System Not Exist Yet
● Define, Import Terraform Provider, Module…
● Then Download Them from Internet…
● Finally JSII Could Help to Transfer Them...

Exhausted Transfer Process
● Poor Performance During ~$ cdk sync
● No Useful Debug Message When
Transfer Fail
● Documentation is Still Few

Module Chaos
If You Want to Develop a IaC Module…
● Leverage HCL to Develop then Import from CDK?
● Leverage CDK to Develop Directly?

Life will find its way out

Conclusion to IAC
04

What is Infrastructure as Code?
Infrastructure as Code (IaC) is the process of
managing and provisioning cloud infrastructure
with machine-readable definition files.
Think of it as executable documentation.

Infrastructure as Code Allows Us to...
● Provide a codified workflow to create infrastructure
● Change and update existing infrastructure
● Safely test changes using terraform plan in dry run
mode
● Integrate with application code workflows (Git, CI/CD
tools)
● Provide reusable modules for easy sharing and
collaboration
● Enforce security policy and organizational standards
● Enable collaboration between different teams

IaC Day 2
● Develop IaC Along
● Develop IaC W/O Limition
● Develop IaC W/ Service Downtime
● Develop IaC Together
● Develop IaC W/ Org Policy
● Develop IaC W/O Service Downtime

Test Your IaC Module/Construct
Developer
IaC Tool
Terratest
Git Service
CI/CD Framework
Cloud
#1
#2
#3
#4
#5
#6
Unit Test

Multiple Account/Project Structure
Beta
RobotRead Write
Prod
RobotRead Write
Alpha
RobotRead Write

Achieve IaC GitOps

Accomplish Policy as Code
Audit CodePolicy
☝ Policy as Code

CREDITS: This presentation template was created by
Slidesgo, including icons by Flaticon, infographics &
images by Freepik and illustrations by Stories
THANKS!
If You Have Any Questions...

● MaiCoin
○ Backend Engineer
○ Microservice Engineer
○ Site Reliability Engineer
We Are Hiring!
● AMIS
○ Backend Engineer
○ Frontend Engineer
○ Full Stack Engineer
○ Researcher

IaC Day 2 Workshop!
Developer
IaC Tool
Terratest
Git Service
CI/CD Framework
Cloud
#1
#2
#3
#4
#5
#6
PaC Tool
#1
Unit Test
Integration
Test
#2
#3
#5
#4
GitOps
GitOps
#1
#2
#3
#4