DefaultStackSynthesizer

class aws_cdk.DefaultStackSynthesizer(*, bootstrap_stack_version_ssm_parameter=None, bucket_prefix=None, cloud_formation_execution_role=None, deploy_role_additional_options=None, deploy_role_arn=None, deploy_role_external_id=None, docker_tag_prefix=None, file_asset_publishing_external_id=None, file_asset_publishing_role_additional_options=None, file_asset_publishing_role_arn=None, file_assets_bucket_name=None, generate_bootstrap_version_rule=None, image_asset_publishing_external_id=None, image_asset_publishing_role_additional_options=None, image_asset_publishing_role_arn=None, image_assets_repository_name=None, lookup_role_additional_options=None, lookup_role_arn=None, lookup_role_external_id=None, qualifier=None, use_lookup_role_for_stack_operations=None)

Bases: StackSynthesizer

Uses conventionally named roles and asset storage locations.

This synthesizer:

Supports cross-account deployments (the CLI can have credentials to one account, and you can still deploy to another account by assuming roles with well-known names in the other account).
Supports the CDK Pipelines library.

Requires the environment to have been bootstrapped with Bootstrap Stack V2 (also known as “modern bootstrap stack”). The synthesizer adds a version check to the template, to make sure the bootstrap stack is recent enough to support all features expected by this synthesizer.

ExampleMetadata:: infused

Example:

# app: App


prod_stage = Stage(app, "ProdStage",
    permissions_boundary=PermissionsBoundary.from_name("cdk-${Qualifier}-PermissionsBoundary-${AWS::AccountId}-${AWS::Region}")
)

Stack(prod_stage, "ProdStack",
    synthesizer=DefaultStackSynthesizer(
        qualifier="custom"
    )
)

Parameters:

bootstrap_stack_version_ssm_parameter (Optional[str]) – Bootstrap stack version SSM parameter. The placeholder ${Qualifier} will be replaced with the value of qualifier. Default: DefaultStackSynthesizer.DEFAULT_BOOTSTRAP_STACK_VERSION_SSM_PARAMETER
bucket_prefix (Optional[str]) – bucketPrefix to use while storing S3 Assets. Default: - DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PREFIX
cloud_formation_execution_role (Optional[str]) – The role CloudFormation will assume when deploying the Stack. You must supply this if you have given a non-standard name to the execution role. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_CLOUDFORMATION_ROLE_ARN
deploy_role_additional_options (Optional[Mapping[str, Any]]) – Additional options to pass to STS when assuming the deploy role. - RoleArn should not be used. Use the dedicated deployRoleArn property instead. - ExternalId should not be used. Use the dedicated deployRoleExternalId instead. - TransitiveTagKeys defaults to use all keys (if any) specified in Tags. E.g, all tags are transitive by default. Default: - No additional options.
deploy_role_arn (Optional[str]) – The role to assume to initiate a deployment in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_DEPLOY_ROLE_ARN
deploy_role_external_id (Optional[str]) – External ID to use when assuming role for cloudformation deployments. Default: - No external ID
docker_tag_prefix (Optional[str]) – A prefix to use while tagging and uploading Docker images to ECR. This does not add any separators - the source hash will be appended to this string directly. Default: - DefaultStackSynthesizer.DEFAULT_DOCKER_ASSET_PREFIX
file_asset_publishing_external_id (Optional[str]) – External ID to use when assuming role for file asset publishing. Default: - No external ID
file_asset_publishing_role_additional_options (Optional[Mapping[str, Any]]) – Additional options to pass to STS when assuming the file asset publishing. - RoleArn should not be used. Use the dedicated fileAssetPublishingRoleArn property instead. - ExternalId should not be used. Use the dedicated fileAssetPublishingExternalId instead. - TransitiveTagKeys defaults to use all keys (if any) specified in Tags. E.g, all tags are transitive by default. Default: - No additional options.
file_asset_publishing_role_arn (Optional[str]) – The role to use to publish file assets to the S3 bucket in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PUBLISHING_ROLE_ARN
file_assets_bucket_name (Optional[str]) – Name of the S3 bucket to hold file assets. You must supply this if you have given a non-standard name to the staging bucket. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_FILE_ASSETS_BUCKET_NAME
generate_bootstrap_version_rule (Optional[bool]) – Whether to add a Rule to the stack template verifying the bootstrap stack version. This generally should be left set to true, unless you explicitly want to be able to deploy to an unbootstrapped environment. Default: true
image_asset_publishing_external_id (Optional[str]) – External ID to use when assuming role for image asset publishing. Default: - No external ID
image_asset_publishing_role_additional_options (Optional[Mapping[str, Any]]) – Additional options to pass to STS when assuming the image asset publishing. - RoleArn should not be used. Use the dedicated imageAssetPublishingRoleArn property instead. - ExternalId should not be used. Use the dedicated imageAssetPublishingExternalId instead. - TransitiveTagKeys defaults to use all keys (if any) specified in Tags. E.g, all tags are transitive by default. Default: - No additional options.
image_asset_publishing_role_arn (Optional[str]) – The role to use to publish image assets to the ECR repository in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_IMAGE_ASSET_PUBLISHING_ROLE_ARN
image_assets_repository_name (Optional[str]) – Name of the ECR repository to hold Docker Image assets. You must supply this if you have given a non-standard name to the ECR repository. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_IMAGE_ASSETS_REPOSITORY_NAME
lookup_role_additional_options (Optional[Mapping[str, Any]]) – Additional options to pass to STS when assuming the lookup role. - RoleArn should not be used. Use the dedicated lookupRoleArn property instead. - ExternalId should not be used. Use the dedicated lookupRoleExternalId instead. - TransitiveTagKeys defaults to use all keys (if any) specified in Tags. E.g, all tags are transitive by default. Default: - No additional options.
lookup_role_arn (Optional[str]) – The role to use to look up values from the target AWS account during synthesis. Default: - None
lookup_role_external_id (Optional[str]) – External ID to use when assuming lookup role. Default: - No external ID
qualifier (Optional[str]) – Qualifier to disambiguate multiple environments in the same account. You can use this and leave the other naming properties empty if you have deployed the bootstrap environment with standard names but only different qualifiers. Default: - Value of context key ‘@aws-cdk/core:bootstrapQualifier’ if set, otherwise DefaultStackSynthesizer.DEFAULT_QUALIFIER
use_lookup_role_for_stack_operations (Optional[bool]) – Use the bootstrapped lookup role for (read-only) stack operations. Use the lookup role when performing a cdk diff. If set to false, the deploy role credentials will be used to perform a cdk diff. Requires bootstrap stack version 8. Default: true

Methods

add_docker_image_asset(*, source_hash, asset_name=None, directory_name=None, docker_build_args=None, docker_build_secrets=None, docker_build_ssh=None, docker_build_target=None, docker_cache_disabled=None, docker_cache_from=None, docker_cache_to=None, docker_file=None, docker_outputs=None, executable=None, network_mode=None, platform=None)

Register a Docker Image Asset.

Returns the parameters that can be used to refer to the asset inside the template.

The synthesizer must rely on some out-of-band mechanism to make sure the given files are actually placed in the returned location before the deployment happens. This can be by writing the instructions to the asset manifest (for use by the cdk-assets tool), by relying on the CLI to upload files (legacy behavior), or some other operator controlled mechanism.

Parameters:

source_hash (str) – The hash of the contents of the docker build context. This hash is used throughout the system to identify this image and avoid duplicate work in case the source did not change. NOTE: this means that if you wish to update your docker image, you must make a modification to the source (e.g. add some metadata to your Dockerfile).
asset_name (Optional[str]) – Unique identifier of the docker image asset and its potential revisions. Required if using AppScopedStagingSynthesizer. Default: - no asset name
directory_name (Optional[str]) – The directory where the Dockerfile is stored, must be relative to the cloud assembly root. Default: - Exactly one of directoryName and executable is required
docker_build_args (Optional[Mapping[str, str]]) – Build args to pass to the docker build command. Since Docker build arguments are resolved before deployment, keys and values cannot refer to unresolved tokens (such as lambda.functionArn or queue.queueUrl). Only allowed when directoryName is specified. Default: - no build args are passed
docker_build_secrets (Optional[Mapping[str, str]]) – Build secrets to pass to the docker build command. Since Docker build secrets are resolved before deployment, keys and values cannot refer to unresolved tokens (such as lambda.functionArn or queue.queueUrl). Only allowed when directoryName is specified. Default: - no build secrets are passed
docker_build_ssh (Optional[str]) – SSH agent socket or keys to pass to the docker buildx command. Default: - no ssh arg is passed
docker_build_target (Optional[str]) – Docker target to build to. Only allowed when directoryName is specified. Default: - no target
docker_cache_disabled (Optional[bool]) – Disable the cache and pass --no-cache to the docker build command. Default: - cache is used
docker_cache_from (Optional[Sequence[Union[DockerCacheOption, Dict[str, Any]]]]) – Cache from options to pass to the docker build command. Default: - no cache from args are passed
docker_cache_to (Union[DockerCacheOption, Dict[str, Any], None]) – Cache to options to pass to the docker build command. Default: - no cache to args are passed
docker_file (Optional[str]) – Path to the Dockerfile (relative to the directory). Only allowed when directoryName is specified. Default: - no file
docker_outputs (Optional[Sequence[str]]) – Outputs to pass to the docker build command. Default: - no build args are passed
executable (Optional[Sequence[str]]) – An external command that will produce the packaged asset. The command should produce the name of a local Docker image on stdout. Default: - Exactly one of directoryName and executable is required
network_mode (Optional[str]) – Networking mode for the RUN commands during build. Requires Docker Engine API v1.25+. Specify this property to build images on a specific networking mode. Default: - no networking mode specified
platform (Optional[str]) – Platform to build for. Requires Docker Buildx. Specify this property to build images on a specific platform. Default: - no platform specified (the current machine architecture will be used)

Return type:

DockerImageAssetLocation

add_file_asset(*, source_hash, deploy_time=None, executable=None, file_name=None, packaging=None)

Register a File Asset.

Returns the parameters that can be used to refer to the asset inside the template.

The synthesizer must rely on some out-of-band mechanism to make sure the given files are actually placed in the returned location before the deployment happens. This can be by writing the instructions to the asset manifest (for use by the cdk-assets tool), by relying on the CLI to upload files (legacy behavior), or some other operator controlled mechanism.

Parameters:

source_hash (str) – A hash on the content source. This hash is used to uniquely identify this asset throughout the system. If this value doesn’t change, the asset will not be rebuilt or republished.
deploy_time (Optional[bool]) – Whether or not the asset needs to exist beyond deployment time; i.e. are copied over to a different location and not needed afterwards. Setting this property to true has an impact on the lifecycle of the asset, because we will assume that it is safe to delete after the CloudFormation deployment succeeds. For example, Lambda Function assets are copied over to Lambda during deployment. Therefore, it is not necessary to store the asset in S3, so we consider those deployTime assets. Default: false
executable (Optional[Sequence[str]]) – An external command that will produce the packaged asset. The command should produce the location of a ZIP file on stdout. Default: - Exactly one of fileName and executable is required
file_name (Optional[str]) – The path, relative to the root of the cloud assembly, in which this asset source resides. This can be a path to a file or a directory, depending on the packaging type. Default: - Exactly one of fileName and executable is required
packaging (Optional[FileAssetPackaging]) – Which type of packaging to perform. Default: - Required if fileName is specified.

Return type:

FileAssetLocation

bind(stack)

Bind to the stack this environment is going to be used on.

Must be called before any of the other methods are called.

Parameters:

stack (Stack) –

Return type:

None

reusable_bind(stack)

Produce a bound Stack Synthesizer for the given stack.

This method may be called more than once on the same object.

Parameters:

stack (Stack) –

Return type:

IBoundStackSynthesizer

synthesize(session)

Synthesize the associated stack to the session.

Parameters:

session (ISynthesisSession) –

Return type:

None

Attributes

DEFAULT_BOOTSTRAP_STACK_VERSION_SSM_PARAMETER = '/cdk-bootstrap/${Qualifier}/version'

DEFAULT_CLOUDFORMATION_ROLE_ARN = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-cfn-exec-role-${AWS::AccountId}-${AWS::Region}'

DEFAULT_DEPLOY_ROLE_ARN = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-deploy-role-${AWS::AccountId}-${AWS::Region}'

DEFAULT_DOCKER_ASSET_PREFIX = ''

DEFAULT_FILE_ASSETS_BUCKET_NAME = 'cdk-${Qualifier}-assets-${AWS::AccountId}-${AWS::Region}'

DEFAULT_FILE_ASSET_KEY_ARN_EXPORT_NAME = 'CdkBootstrap-${Qualifier}-FileAssetKeyArn'

DEFAULT_FILE_ASSET_PREFIX = ''

DEFAULT_FILE_ASSET_PUBLISHING_ROLE_ARN = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-file-publishing-role-${AWS::AccountId}-${AWS::Region}'

DEFAULT_IMAGE_ASSETS_REPOSITORY_NAME = 'cdk-${Qualifier}-container-assets-${AWS::AccountId}-${AWS::Region}'

DEFAULT_IMAGE_ASSET_PUBLISHING_ROLE_ARN = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-image-publishing-role-${AWS::AccountId}-${AWS::Region}'

DEFAULT_LOOKUP_ROLE_ARN = 'arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-${Qualifier}-lookup-role-${AWS::AccountId}-${AWS::Region}'

DEFAULT_QUALIFIER = 'hnb659fds'

bootstrap_qualifier: The qualifier used to bootstrap this stack.

cloud_formation_execution_role_arn: Returns the ARN of the CFN execution Role.

deploy_role_arn: Returns the ARN of the deploy Role.

lookup_role: The role used to lookup for this stack.