After few months of hesitation and following different blog posts and news about AWS CDK, I finally decided to give it a try and build infrastructure around simple integration between S3 and CloudFront to distribute different assets and see if this something that I can replace Terraform with - have one project with Terraform 0.11 and AWS provider 1.19 to migrate.
First confusion came from CloudFront OAC (Origin Access Control) and it’s actually not supported in both interfaces S3OriginProps nor S3OriginConfig and then I found this GitHub Issue #21771 opened since Aug 26, 2022! For sure I can do patching and all this stuff, but what about convenience and simplified onboarding process. Still not sure what L2 construct need to use Distribution or CloudFrontWebDistribution, but whatever L1 waiting for me. I’m uncertain about L2 constructs at this point and don’t want to spend time with migration from OAI to OAC even after.
Second confusion, since I never worked with CloudFormation was removal of resources outside of template. You just go and remove resource, yes - manually, yes - by hands. And guess what? Cloudformation can point you with drift detection that this resource removed, but can do nothing about it. AWS CDK diff saying all good, no difference. I’m sure there are some way, so I just changed ID of resource to enforce CDK re-create it for me…
Sorry for rant maybe, will definitely spend a little bit more time to see, if I missing so far. But it’s not something I expected from tool to manage my infrastructure… To be continued. Will pass my experience to AWS, hope it will be helpful to improve the product.
Link to X post.