Search code examples
amazon-web-servicesaws-cloudformationaws-cdk

Can I replicate the DependsOn behavior in AWS CDK?


Using AWS CDK (python), I'm creating a VPC with isolated subnets, and a number of Interface endpoints.

I'm also launching a Sagemaker notebook with an associated Codecommit repo

I create the Interface endpoint for Codecommit as well as Git Codecommit, but the interface endpoints are still getting created when my Sagemaker notebook starts getting deployed, therefore the Cloudformation stack fails with an error

fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/SomeRepo/': Failed to connect to git-codecommit.us-east-1.amazonaws.com port 443: Connection timed out

If I comment out my Sagemaker notebook, run cdk deploy myStack, the endpoint is created, then I can uncomment my notebook, it launches without any issue since the Codecommit interface endpoints already exist.

Is there a way in the CDK to add in a DependsOn to a resource I create using the CDK?

Relevant code below

from aws_cdk import (
    core,
    aws_sagemaker as sagemaker,
    aws_iam as iam,
    aws_ec2 as ec2
)

class SagemakerStack(core.Stack):

    def __init__(self, scope: core.Construct, id: str, bucket, repo, **kwargs) -> None:  # repo is passed with the codecommit repo I created in a previous stack
        super().__init__(scope, id, **kwargs)

        self.sagemaker_vpc = ec2.Vpc(
            # Leaving out some details
            self, "SagemakerVPC",
            subnet_configuration=[
                ec2.SubnetConfiguration(
                    subnet_type=ec2.SubnetType.ISOLATED,  # <-- Isolated, therefore need interface endpoints
                    name="IsolatedA",
                    cidr_mask=24
                )
            ]
        )

        self.sagemaker_vpc.add_interface_endpoint(
            "GitCodecommitInterface",
            service=ec2.InterfaceVpcEndpointAwsService.CODECOMMIT_GIT  # Needed to be created before I can create notebook
        )


        sagemaker_role = iam.Role()  # Hiding details
        sagemaker_repo = sagemaker.CfnCodeRepository()  # hiding details
        sagemaker_sg = ec2.SecurityGroup()  # Hiding details

        # Need for this to wait until GitCodecommitInterface has been created
        notebook = sagemaker.CfnNotebookInstance(
            self, "MyNotebook",
            instance_type="ml.t3.medium",
            role_arn=sagemaker_role.role_arn,
            default_code_repository=repo.repository_clone_url_http,
            subnet_id=self.sagemaker_vpc.isolated_subnets[0].subnet_id,
            direct_internet_access="Disabled",
            security_group_ids=[sagemaker_sg.security_group_id]
        )

Solution

  • Not sure how is the syntax for Python, since I use Typescript for CDK, but CDK constructs resolves in CloudFormation resources in the end, so it's actually possible.

    Here's an example using Typescript:

    const api = new apigateway.LambdaRestApi(this, "apigw", {...})
    const function = new lambda.Function(this, "lambda", {...})
    
    // "function" will be deployed before "api"
    api.node.addDependency(function)

    So, after you figure our how to access the inner node from the CDK construct, it's pretty straight forward