(cdk + boto3)：在 CDK 应用程序中使用 boto3

Question

I run CDK against different environments using ENV=<enviornment name> cdk synth --profile <PROFILE_NAME> --all - now I want to create SSM secret parameter inside my CDK application. This should only happen during scaffolding but needs boto3 as there is no CloudFormation equivalent. How can I reuse the CDK authentication together with boto3? I develop in Python both with the CDK as with boto3 and use an MFA. Any ideas?

#1 Trial - Using cached credentials

Not working as CDK is not caching credentials:(

I came a accross some way to retrive cached credentials with boto3. Still I need the profile used with CDK, as without I get the error message botocore.exceptions.NoCredentialsError: Unable to locate credentials . Does somebody know how to get the AWS CDK profile used within the code? Maybe the first step to a solution.

# By default the cache path is ~/.aws/boto/cache
cli_cache = os.path.join(os.path.expanduser("~"), ".aws/cli/cache")

# Construct botocore session with cache
session = botocore.session.get_session()
session.get_component("credential_provider").get_provider(
    "assume-role"
).cache = credentials.JSONFileCache(cli_cache)

# Create boto3 client from session
return boto3.Session(botocore_session=session)

Answer 1

I would suggest looking into custom resources , it is a way to call AWS api's (or even execute any code) inside of CDK.

Answer 2

Another way of doing this is using Lambda. In this example , you can see how tables were created after provisioning RDS. In your case you can replace table creation with SSM secret parameter creation.