{"id":38443590,"url":"https://github.com/citizensadvice/ca-cdk-constructs","last_synced_at":"2026-01-17T04:37:11.883Z","repository":{"id":45670991,"uuid":"459171682","full_name":"citizensadvice/ca-cdk-constructs","owner":"citizensadvice","description":"AWS CDK constructs (Python)","archived":false,"fork":false,"pushed_at":"2025-12-03T10:49:59.000Z","size":22833,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-12-06T13:49:21.819Z","etag":null,"topics":["aws","cdk","cdk-constructs","sre-owned"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/citizensadvice.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-02-14T13:23:26.000Z","updated_at":"2025-12-03T10:49:59.000Z","dependencies_parsed_at":"2023-10-04T17:19:25.163Z","dependency_job_id":"9687c3c0-c684-4103-9c10-9837307095c9","html_url":"https://github.com/citizensadvice/ca-cdk-constructs","commit_stats":null,"previous_names":[],"tags_count":34,"template":false,"template_full_name":null,"purl":"pkg:github/citizensadvice/ca-cdk-constructs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/citizensadvice%2Fca-cdk-constructs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/citizensadvice%2Fca-cdk-constructs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/citizensadvice%2Fca-cdk-constructs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/citizensadvice%2Fca-cdk-constructs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/citizensadvice","download_url":"https://codeload.github.com/citizensadvice/ca-cdk-constructs/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/citizensadvice%2Fca-cdk-constructs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28495254,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T04:31:57.058Z","status":"ssl_error","status_checked_at":"2026-01-17T04:31:45.816Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cdk","cdk-constructs","sre-owned"],"created_at":"2026-01-17T04:37:11.270Z","updated_at":"2026-01-17T04:37:11.864Z","avatar_url":"https://github.com/citizensadvice.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CDK constructs\n\nTo be used with the AWS CDK for Python\n\n### Core\n\n### DNS/Edge services\n\n\u003cdetails\u003e\n  \u003csummary\u003eCrossAccountDomainDelegation\u003c/summary\u003e\n\nCreates delegated domains\n\n```python\nfrom ca_cdk_constructs import CrossAccountDomainDelegation, R53ParentZoneConfig\n\nzone = PublicHostedZone(self, \"Zone\", zone_name=\"my-subdomain.acme.org\")\n\n# creates delegation records in for my-subdomain.acme.org in acme.org\nCrossAccountDomainDelegation(\n    subdomain_stack,\n    \"MySubdomainDnsDelegation\",\n    parent_zone_config=R53ParentZoneConfig(\n        account_id=\"1234566789012\",\n        zone_name=\"acme.org\",\n        role_name=\"R53UpdateRole\" # existing role in the parent zone account\n    ),\n    hosted_zone=zone\n)\n\n```\n\n\u003c/details\u003e\n\n### Edge services\n\n\u003cdetails\u003e\n    \u003csummary\u003eWAF Rule Templates\u003c/summary\u003e\n\nTODO TODO TODO\n\n\u003c/details\u003e\n\n### Kubernetes / AWS EKS\n\n`ca_cdk_constructs` includes a vendored cdk8s library that is compatible with the [currently supported CA Kubernetes platform version](https://citizensadvice.atlassian.net/wiki/spaces/OPS/pages/2874441735/Current+version).\n\nYou need to update the version of `ca_cdk_constructs` in your project if both of these are correct:\n\n- your project deploys k8s resources using the vendored cdk8s library\n- the CA platform was updated to a new version\n\nTo vendor the libraries for the [K8s version currently supported by the CA Kubernetes platform](https://citizensadvice.atlassian.net/wiki/spaces/OPS/pages/2874441735/Current+version):\n\n- update the k8s / crd versions in `cdk8s.yaml`\n- run `just import-cdk8s`\n\nThe library can be then used as follows:\n\n```python\nimport ca_cdk_constructs.eks.imports.k8s as k8s\n\nk8s.KubeDeployment(.....)\n```\n\n\u003cdetails\u003e\n  \u003csummary\u003eEksClusterIntegration\u003c/summary\u003e\n\nMakes it possible to deploy to imported EKS clusters.\n\n```python\nfrom ca_cdk_constructs.eks import EksClusterIntegration\n\n# in an existing stack\neks_integration = EksClusterIntegration(self, \"EksIntegration\", vpc=vpc, cluster_name=\"mycluster\")\n\n# for imported clusters the kubectl role must be manually added to aws-auth\n# The role ARN will also be available in the K8sAuthRoleArn output\neks_integration.role\n# the EKS cluster\neks_integration.cluster\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eExternalAwsSecretsChart\u003c/summary\u003e\n\ncdk8s Chart to deploy [External Secrets](https://external-secrets.io/) referencing one or more AWS SecretsManager or ParameterStore secrets.\n\nSee [the tests](./tests/eks/external_secrets/test_external_secrets_chart.py)\n\n\u003c/details\u003e\n\n### Storage\n\n\u003cdetails\u003e\n  \u003csummary\u003eModifyDBClusterPassword\u003c/summary\u003e\n\nModifies the password of an Aurora cluster\n\n```python\nmodify_cluster_password = ModifyDBClusterPassword(self, \"ModifyClusterPassword\", cluster_id=cluster_id, secret=db_secret)\nmodify_cluster_password.trigger_on_stack_create_update()\n# access the udnerlaying lambda to e.g. add it to a state machine\nmodify_cluster_password.lambda_funct\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eAuroraFastClone\u003c/summary\u003e\n\nClones an Aurora cluster.\n\n```python\nfrom ca_cdk_constructs.storage.aurora_clone_refresh import AuroraCloneRefresh\n\nsource_cluster = DatabaseCluster(self, \"AuroraCluster\", ....) # or lookup one\nvpc = source_cluster.vpc # or look it up\n\ncluster_pg = CfnDBClusterParameterGroup(\n    self,\n    \"DBClusterParameterGroup\",\n    description=f\"Cluster parameter group for test clone\",\n    family=source_cluster.engine.parameter_group_family,\n    parameters={\"log_hostname\": 1},\n)\ncluster_instance_pg = rds.CfnDBParameterGroup(\n    self,\n    \"DBParameterGroup\",\n    description=f\"DB parameter group for test clone instance\",\n    family=source_cluster.engine.parameter_group_family,\n    parameters={\"log_hostname\": 1},\n)\n\n# periodically clone the source cluster\ncloned_cluster = AuroraCloneRefresh(self, \"TestClone\",\n                              source_cluster=source_cluster,\n                              source_cluster_vpc=vpc,\n                              source_cluster_master_username=username,\n                              db_instance_class=\"db.t3.medium\",\n                              cluster_parameter_group=cluster_pg,\n                              instance_parameter_group=cluster_instance_pg,\n                                    tags={\n                                        \"Tag\": \"Value\"\n                                    },\n                              clone_schedule=Schedule.cron(minute=\"0\", hour=\"8\"),\n                              notifications_topic=topic)\n\n# allow access to the clone from certain ranges\ncloned_cluster.allow_from(ec2.Peer.ipv4(vpc.vpc_cidr_block))\n# or\nclone.cluster_sg.allow_....\n\n# access the cloned cluster credentials\ncloned_cluster.clone_secret # DatabaseSecret\n# the clone SNS topic\ncloned_cluster.notifications_topic # Topic\n\n# the event rule\ncloned_cluster.event_rule\n\n```\n\n\u003c/details\u003e\n\n## Contributing\n\nWe welcome contributions.\n\nThis project uses `just` for running tasks and `uv` for project management.\n\nInstall and run `just` to see the list of available commands.\n\n### Tests\n\n```shell\njust pytest\n```\n\nTo run tests against a particular version of python (e.g. 3.10), run `uv venv --python 3.10 --clear`.\n\n### Releases\n\nThis project uses semantic versioning and versions must be bumped in accordance with SemVer rules.\n\nThe `Justfile` contains a helper command for making releases, `just draft-release`. To use it:\n\n1. Determine the release type (patch, minor, major)\n2. Run `just draft-release \u003cpatch | minor | major\u003e`\n3. Approve the version bump if acceptable\n4. Check the staged changes and approve if acceptable\n5. Follow the link to the draft release and edit it to add details if requied\n6. Publish the release\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcitizensadvice%2Fca-cdk-constructs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcitizensadvice%2Fca-cdk-constructs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcitizensadvice%2Fca-cdk-constructs/lists"}