This project contains the AWS infrastructure for Rabbits Playground, ported from Terraform/Terragrunt to AWS CDK.
The infrastructure includes:
- VPC: Multi-AZ networking with public and private subnets
- EKS: Kubernetes cluster with managed node groups (ARM64/Graviton instances)
- Bastion: EC2 bastion host for secure access
- S3: Static content and user content buckets with lifecycle policies
- CloudFront: CDN for static content delivery
- Route53: DNS management and routing
├── bin/
│ └── rabbits-playground-aws-cdk.ts # CDK app entry point
├── lib/
│ ├── constructs/ # Reusable constructs
│ │ ├── vpc-construct.ts
│ │ ├── eks-construct.ts
│ │ ├── bastion-construct.ts
│ │ ├── s3-construct.ts
│ │ ├── cloudfront-construct.ts
│ │ └── route53-construct.ts
│ └── stacks/
│ └── infrastructure-stack.ts # Main infrastructure stack
├── config/
│ └── environment.ts # Environment-specific configurations
└── cdk.json # CDK configuration
Two environments are supported:
- dev: Development environment with cost-optimized settings
- prod: Production environment with high-availability settings
| Feature | Dev | Prod |
|---|---|---|
| VPC CIDR | 10.0.0.0/16 | 10.1.0.0/16 |
| NAT Gateways | 1 (cost optimization) | 3 (multi-AZ HA) |
| EKS Capacity | SPOT instances | ON_DEMAND instances |
| EKS Instance Type | t4g.medium | t4g.large, t4g.xlarge |
| EKS Nodes | 2 desired (1-3) | 3 desired (3-10) |
| EKS API Access | Public | Private |
| Log Retention | 7 days | 30 days |
| S3 Versioning | Disabled | Enabled |
| S3 Lifecycle | Disabled | Enabled (IA at 90d, Glacier at 180d) |
- Node.js 14.x or later
- AWS CLI configured with appropriate credentials
- AWS CDK CLI:
npm install -g aws-cdk
- Install dependencies:
npm install- Configure AWS credentials:
export AWS_ACCOUNT_ID=your-account-id
export AWS_REGION=us-west-2- Bootstrap CDK (first time only):
cdk bootstrap aws://${AWS_ACCOUNT_ID}/${AWS_REGION}cdk deploy -c environment=devcdk deploy -c environment=prodnpm run build- Compile TypeScript to JavaScriptnpm run watch- Watch for changes and compilenpm run test- Run unit testscdk diff -c environment=dev- Compare deployed stack with current statecdk synth -c environment=dev- Emit the synthesized CloudFormation templatecdk deploy -c environment=dev- Deploy stack to AWS account/regioncdk destroy -c environment=dev- Remove stack from AWS account/region
Environment-specific configurations are defined in config/environment.ts. Update these values as needed for your environments:
- VPC CIDR ranges
- EKS cluster settings
- Bastion access CIDRs
- S3 bucket names
- Domain names
- Route53 hosted zone settings
After deployment, configure kubectl:
aws eks update-kubeconfig --region us-west-2 --name rabbits-playground-devConnect via SSM Session Manager:
aws ssm start-session --target <instance-id>Or via SSH (if key pair configured):
ssh -i your-key.pem ec2-user@bastion.dev.example.comAfter deployment, the stack outputs include:
- VPC ID and subnet IDs
- EKS cluster endpoint and security group
- Bastion host IPs
- S3 bucket names and ARNs
- CloudFront distribution domain name
- Route53 hosted zone details
- EKS nodes run in private subnets
- Bastion host uses IMDSv2 and SSM for secure access
- S3 buckets have encryption and public access blocking enabled
- CloudFront enforces HTTPS-only access
- Security groups restrict traffic by default
- IAM roles follow principle of least privilege
This CDK implementation replaces the previous Terraform/Terragrunt setup with equivalent functionality:
- Terraform modules → CDK constructs
- Terragrunt environments → CDK context
- Remote state in S3 → CloudFormation stacks
- Outputs → CDK CfnOutput
For issues or questions, please refer to the AWS CDK documentation: