Blog anatomy - Infrastructure provisioning (upgrade 2024)

Overview

I expected that the provisioning aspect will swallow a lion's share of my time devoted to upgrade.

I knew that the iterations that help my discovery process and testing are going to be really slow when run on certain cloud services. That's in contrast to superfast iterations when executing code locally:

  • CloudFront takes time updating distribution at edge locations. I’m really pleased AWS allowed CloudFront functions in-place of Lambda@Edge as the latter was ridiculously slow to propagate. Managing their lifecycle was one of the most annoying tasks I’ve encountered in AWS. Destruction of L@E hanging for hours was my pet peeve.
    That single problem was calling for a new service "AWS prayer" to increase your chances of it ever completing 😉
  • Route53 propagation isn't instant, as expected from a DNS,
  • CertificateManager requires verification, which uses DNS, please look above,
  • CloudFormation itself can manifest slowness, long timeouts, and ultimately, hanging.

Cloud services are undergoing rapid growth; therefore, I’ve expected the provisioning tools will have a lot to keep up with.

AWS CDK v1 was a fairly new tool (generally available in 2019), and I used it for this blog in 2021 which was rather shortly after it was released. So we talk about a fairly immature tool, and we leave it for 3 years while the cloud provider grows, and the CDK user base grows as well and starts to feed back. No wonder that AWS CDK v1 became deprecated. I now had to fix whatever broke and rewrite whatever was endangered by deprecation during the upgrade to CDK v2.

I had to do something as my code didn't run against CDK v2 runtime. Luckily, I didn't have to redo everything.

The changes ended up in one of the three mental categories:

  • improvement
    • crossRegionReferences being the biggest one
    • dependencies put together into one lib is convenient. I wonder if CDK was to only support JS, would the rush be there? It seems that juggling dependencies is a status quo in JS ecosystem.
  • minor corrections
    • OriginAccessIdentity confusing Name and Id which puzzled me for a minute the first time I’ve seen this,
    • CloudFront's DistributionProps restructured severely
  • "why on earth did you do this?"
    • deprecation of DnsValidatedCertificate, for which I don't know the upgrade path yet.

Please note:
Origin Access Identity is now classed as legacy and the new projects are to start using Origin Access Control, introduced in 2022. Read more here


Other posts in blog-anatomy series