DefaultStackSynthesizer

class aws_cdk.core.DefaultStackSynthesizer(*, bootstrap_stack_version_ssm_parameter=None, bucket_prefix=None, cloud_formation_execution_role=None, deploy_role_arn=None, deploy_role_external_id=None, docker_tag_prefix=None, file_asset_key_arn_export_name=None, file_asset_publishing_external_id=None, file_asset_publishing_role_arn=None, file_assets_bucket_name=None, generate_bootstrap_version_rule=None, image_asset_publishing_external_id=None, image_asset_publishing_role_arn=None, image_assets_repository_name=None, lookup_role_arn=None, lookup_role_external_id=None, qualifier=None, use_lookup_role_for_stack_operations=None)

Bases: StackSynthesizer

Uses conventionally named roles and asset storage locations.

This synthesizer:

  • Supports cross-account deployments (the CLI can have credentials to one account, and you can still deploy to another account by assuming roles with well-known names in the other account).

  • Supports the CDK Pipelines library.

Requires the environment to have been bootstrapped with Bootstrap Stack V2 (also known as “modern bootstrap stack”). The synthesizer adds a version check to the template, to make sure the bootstrap stack is recent enough to support all features expected by this synthesizer.

ExampleMetadata:

infused

Example:

MyStack(app, "MyStack",
    synthesizer=DefaultStackSynthesizer(
        file_assets_bucket_name="my-orgs-asset-bucket"
    )
)
Parameters:
  • bootstrap_stack_version_ssm_parameter (Optional[str]) – Bootstrap stack version SSM parameter. The placeholder ${Qualifier} will be replaced with the value of qualifier. Default: DefaultStackSynthesizer.DEFAULT_BOOTSTRAP_STACK_VERSION_SSM_PARAMETER

  • bucket_prefix (Optional[str]) – bucketPrefix to use while storing S3 Assets. Default: - DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PREFIX

  • cloud_formation_execution_role (Optional[str]) – The role CloudFormation will assume when deploying the Stack. You must supply this if you have given a non-standard name to the execution role. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_CLOUDFORMATION_ROLE_ARN

  • deploy_role_arn (Optional[str]) – The role to assume to initiate a deployment in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_DEPLOY_ROLE_ARN

  • deploy_role_external_id (Optional[str]) – External ID to use when assuming role for cloudformation deployments. Default: - No external ID

  • docker_tag_prefix (Optional[str]) – A prefix to use while tagging and uploading Docker images to ECR. This does not add any separators - the source hash will be appended to this string directly. Default: - DefaultStackSynthesizer.DEFAULT_DOCKER_ASSET_PREFIX

  • file_asset_key_arn_export_name (Optional[str]) – (deprecated) Name of the CloudFormation Export with the asset key name. You must supply this if you have given a non-standard name to the KMS key export The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_FILE_ASSET_KEY_ARN_EXPORT_NAME

  • file_asset_publishing_external_id (Optional[str]) – External ID to use when assuming role for file asset publishing. Default: - No external ID

  • file_asset_publishing_role_arn (Optional[str]) – The role to use to publish file assets to the S3 bucket in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PUBLISHING_ROLE_ARN

  • file_assets_bucket_name (Optional[str]) – Name of the S3 bucket to hold file assets. You must supply this if you have given a non-standard name to the staging bucket. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_FILE_ASSETS_BUCKET_NAME

  • generate_bootstrap_version_rule (Optional[bool]) – Whether to add a Rule to the stack template verifying the bootstrap stack version. This generally should be left set to true, unless you explicitly want to be able to deploy to an unbootstrapped environment. Default: true

  • image_asset_publishing_external_id (Optional[str]) – External ID to use when assuming role for image asset publishing. Default: - No external ID

  • image_asset_publishing_role_arn (Optional[str]) – The role to use to publish image assets to the ECR repository in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_IMAGE_ASSET_PUBLISHING_ROLE_ARN

  • image_assets_repository_name (Optional[str]) – Name of the ECR repository to hold Docker Image assets. You must supply this if you have given a non-standard name to the ECR repository. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_IMAGE_ASSETS_REPOSITORY_NAME

  • lookup_role_arn (Optional[str]) – The role to use to look up values from the target AWS account during synthesis. Default: - None

  • lookup_role_external_id (Optional[str]) – External ID to use when assuming lookup role. Default: - No external ID

  • qualifier (Optional[str]) – Qualifier to disambiguate multiple environments in the same account. You can use this and leave the other naming properties empty if you have deployed the bootstrap environment with standard names but only differnet qualifiers. Default: - Value of context key ‘

  • use_lookup_role_for_stack_operations (Optional[bool]) – Use the bootstrapped lookup role for (read-only) stack operations. Use the lookup role when performing a cdk diff. If set to false, the deploy role credentials will be used to perform a cdk diff. Requires bootstrap stack version 8. Default: true

Methods

add_docker_image_asset(*, source_hash, directory_name=None, docker_build_args=None, docker_build_target=None, docker_file=None, executable=None, network_mode=None, platform=None, repository_name=None)

Register a Docker Image Asset.

Returns the parameters that can be used to refer to the asset inside the template.

Parameters:
  • source_hash (str) – The hash of the contents of the docker build context. This hash is used throughout the system to identify this image and avoid duplicate work in case the source did not change. NOTE: this means that if you wish to update your docker image, you must make a modification to the source (e.g. add some metadata to your Dockerfile).

  • directory_name (Optional[str]) – The directory where the Dockerfile is stored, must be relative to the cloud assembly root. Default: - Exactly one of directoryName and executable is required

  • docker_build_args (Optional[Mapping[str, str]]) – Build args to pass to the docker build command. Since Docker build arguments are resolved before deployment, keys and values cannot refer to unresolved tokens (such as lambda.functionArn or queue.queueUrl). Only allowed when directoryName is specified. Default: - no build args are passed

  • docker_build_target (Optional[str]) – Docker target to build to. Only allowed when directoryName is specified. Default: - no target

  • docker_file (Optional[str]) – Path to the Dockerfile (relative to the directory). Only allowed when directoryName is specified. Default: - no file

  • executable (Optional[Sequence[str]]) – An external command that will produce the packaged asset. The command should produce the name of a local Docker image on stdout. Default: - Exactly one of directoryName and executable is required

  • network_mode (Optional[str]) – Networking mode for the RUN commands during build. Requires Docker Engine API v1.25+. Specify this property to build images on a specific networking mode. Default: - no networking mode specified

  • platform (Optional[str]) – Platform to build for. Requires Docker Buildx. Specify this property to build images on a specific platform. Default: - no platform specified (the current machine architecture will be used)

  • repository_name (Optional[str]) – (deprecated) ECR repository name. Specify this property if you need to statically address the image, e.g. from a Kubernetes Pod. Note, this is only the repository name, without the registry and the tag parts. Default: - automatically derived from the asset’s ID.

Return type:

DockerImageAssetLocation

add_file_asset(*, source_hash, executable=None, file_name=None, packaging=None)

Register a File Asset.

Returns the parameters that can be used to refer to the asset inside the template.

Parameters:
  • source_hash (str) – A hash on the content source. This hash is used to uniquely identify this asset throughout the system. If this value doesn’t change, the asset will not be rebuilt or republished.

  • executable (Optional[Sequence[str]]) – An external command that will produce the packaged asset. The command should produce the location of a ZIP file on stdout. Default: - Exactly one of directory and executable is required

  • file_name (Optional[str]) – The path, relative to the root of the cloud assembly, in which this asset source resides. This can be a path to a file or a directory, depending on the packaging type. Default: - Exactly one of directory and executable is required

  • packaging (Optional[FileAssetPackaging]) – Which type of packaging to perform. Default: - Required if fileName is specified.

Return type:

FileAssetLocation

bind(stack)

Bind to the stack this environment is going to be used on.

Must be called before any of the other methods are called.

Parameters:

stack (Stack) –

Return type:

None

synthesize(session)

Synthesize the associated stack to the session.

Parameters:

session (ISynthesisSession) –

Return type:

None

Attributes

DEFAULT_BOOTSTRAP_STACK_VERSION_SSM_PARAMETER = '/cdk-bootstrap/${Qualifier}/version'
DEFAULT_CLOUDFORMATION_ROLE_ARN = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-cfn-exec-role-${AWS::AccountId}-${AWS::Region}'
DEFAULT_DEPLOY_ROLE_ARN = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-deploy-role-${AWS::AccountId}-${AWS::Region}'
DEFAULT_DOCKER_ASSET_PREFIX = ''
DEFAULT_FILE_ASSETS_BUCKET_NAME = 'cdk-${Qualifier}-assets-${AWS::AccountId}-${AWS::Region}'
DEFAULT_FILE_ASSET_KEY_ARN_EXPORT_NAME = 'CdkBootstrap-${Qualifier}-FileAssetKeyArn'
DEFAULT_FILE_ASSET_PREFIX = ''
DEFAULT_FILE_ASSET_PUBLISHING_ROLE_ARN = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-file-publishing-role-${AWS::AccountId}-${AWS::Region}'
DEFAULT_IMAGE_ASSETS_REPOSITORY_NAME = 'cdk-${Qualifier}-container-assets-${AWS::AccountId}-${AWS::Region}'
DEFAULT_IMAGE_ASSET_PUBLISHING_ROLE_ARN = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-image-publishing-role-${AWS::AccountId}-${AWS::Region}'
DEFAULT_LOOKUP_ROLE_ARN = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-lookup-role-${AWS::AccountId}-${AWS::Region}'
DEFAULT_QUALIFIER = 'hnb659fds'
cloud_formation_execution_role_arn

Returns the ARN of the CFN execution Role.

deploy_role_arn

Returns the ARN of the deploy Role.