Build and Deployment
Make Commands (Recommended)
Use make for deterministic, hermetic builds that work the same locally and in CI/CD:
bash
# Show all available commands make help # Install dependencies make install # Clean build artifacts make clean # Build all packages in dependency order make build-all # Build root package only make build # Build CDK app only make build-app
Code Quality Commands
bash
# Run linter make lint # Fix linting issues make lint-fix # Format code make format # Check formatting (CI) make format-check # Format and fix linting make format-fix # Run all quality checks (format + lint) make check
CDK Commands
bash
# Synthesize CloudFormation templates make synth # Show CDK diff make diff # Deploy all stacks make deploy # Deploy specific stack make deploy-stack STACK=StackName
CI/CD Commands
bash
# CI check (format-check + lint) make ci-check # CI build (checks + full build) make ci-build # CI deploy (checks + build + synth) make ci-deploy
Underlying npm Commands
The Makefile wraps these npm commands:
bash
npm install # Install dependencies npm run clean # Clean build artifacts npm run build # Build root package npm run build:workspaces # Build all packages npm run build:app # Build CDK app npm run lint # Run linter npm run lint:fix # Fix linting npm run format # Format code npm run format:check # Check formatting npm run format:fix # Format and fix linting npm run synth # Synthesize CDK npm run diff # CDK diff npm run deploy # Deploy CDK
Build Order
The build process ensures packages are built in dependency order:
- •Root package (
src/) - Built first - •Base packages (
aws) - No internal dependencies - •Dependent packages (
codeartifact) - Built after dependencies - •CDK app (
bin/,lib/) - Built last, can import from all packages
Build Script Details
The build:workspaces script:
- •Builds root package (
npm run build) - •Copies root to
node_modules/@cdk-constructs/cdk/for workspace resolution - •Builds all workspace packages using TypeScript project references
- •Builds CDK app files (
bin/,lib/)
TypeScript Configuration
Root Package (tsconfig.json)
- •Builds
src/**/*only - •Excludes
bin/,lib/, andpackages/
CDK App (tsconfig.app.json)
- •Builds
bin/**/*andlib/**/* - •Can import from workspace packages after they're built
Workspace Build (tsconfig.build.json)
- •Lists packages in dependency order
- •Uses TypeScript project references for incremental builds
Deployment Patterns
Multi-Account Strategy
This project follows a strict multi-account deployment pattern for security, isolation, and supply chain integrity.
Account Structure
| Account | Purpose | Access Pattern |
|---|---|---|
| BUILD | CI/CD pipelines, artifact generation, supply chain security | Isolated account. Other accounts can access readonly/immutable. |
| DEV | Active development and testing | Can access BUILD artifacts (readonly). |
| STAGING | Pre-production testing and validation | Can access BUILD artifacts (readonly). |
| PROD | Production workloads | Can access BUILD artifacts (readonly). |
BUILD Account Principles
CRITICAL: The BUILD account MUST be its own isolated AWS account.
- •Isolation: BUILD account is completely separate from application environments
- •Readonly Access: DEV, STAGING, and PROD can only read from BUILD (never write)
- •Immutable Artifacts: Once built in BUILD, artifacts cannot be modified
- •Supply Chain Security: All dependencies and builds happen in isolated BUILD environment
- •Access Control: BUILD account has read/write. Other accounts have readonly only.
CodeArtifact Access Patterns
typescript
// BUILD environment - owns the artifact repository
{
...buildEnv,
codeArtifact: {
codeArtifactDomainName: 'cdk-constructs',
codeArtifactRepositoryName: 'cdk-constructs-library-build',
codeArtifactRepositoryDescription: 'Build Repository - Supply Chain Security',
// All accounts can access, but only BUILD can write
allowedAccounts: [Account.BUILD, Account.DEV, Account.STAGING, Account.PROD],
},
}
// Application environments - consume artifacts from BUILD
{
...devEnv,
codeArtifact: {
// DEV has its own repository but also accesses BUILD
allowedAccounts: [Account.DEV, Account.STAGING, Account.BUILD],
},
}
Environment Configuration Location
Environment configurations follow CDK conventions:
- •Types:
lib/types/project.ts- ProjectEnvironment type - •Configs:
lib/config/environments.ts- buildEnv, devEnv, stagingEnv, prodEnv - •Re-exports:
bin/environment.ts- Backwards compatibility
This follows the pattern: bin/ → lib/ for CDK applications.
Deployment Security
- •Never deploy BUILD artifacts to BUILD account - BUILD creates, others consume
- •Enforce readonly - Use IAM policies to prevent write access from non-BUILD accounts
- •Tag everything - Environment and Owner tags applied automatically via EnvironmentConfig
- •Audit access - Monitor cross-account access to BUILD artifacts
Common Build Issues
Issue: "Cannot find module '@cdk-constructs/...'"
Solution:
- •Run
make installto set up workspace links - •Run
make build-allto build packages in order - •Ensure package is listed in
tsconfig.build.json
Issue: Circular dependency detected
Solution:
- •Check package dependencies in
package.json - •Verify build order in
tsconfig.build.json - •Ensure no package depends on a package that depends on it