Create serverless aurora cluster with AWS CDK

If you are not familiar with CloudFormation then this article is not for you. I highly recommend getting familiar with AWS CFN before diving into CDK. This article will explain how to provision Aurora DB Serverless cluster including all prerequisites (VPC and subnet groups). Full source code will be provided at the end of this article.

AWS CDK is an open source software development framework to model and provision your cloud application resources using familiar programming languages. With AWS CDK, you can define your infrastructure as code and provision it through AWS CloudFormation. 

What this actually means is that you can write code with your favorite programming language and your code will be transpiled to CloudFormation template. In this example we are going to use TypeScript. You can find more examples at the official AWS samples GitHub repository.

If you haven't done so, install NodeJS, typescript and AWS CDK CLI. To get more information on setting up environment visit official CDK page.

To start a new project you need to create project folder.

mkdir cdk-aurora-serverless && cd cdk-aurora-serverless

Then run following command:

cdk init --language typescript

You can only create an Amazon Aurora DB cluster in a Virtual Private Cloud (VPC) that spans two Availability Zones. Creating VPC is simple but you have to be careful not to create NAT gateways to prevent unnecessary costs. We do not need internet access from our VPC so we will set subnet type to be ISOLATED.

const vpc = new Vpc(this, 'Vpc', {
  cidr: '10.0.0.0/16',
  natGateways: 0,
  subnetConfiguration: [ 
    { name: 'aurora_isolated_', subnetType: SubnetType.ISOLATED }
  ]
});

CloudFormation will create subnetIds for us. We will have to pass this information to Aurora.

const subnetIds: string[] = [];
vpc.isolatedSubnets.forEach((subnet, index) => {
  subnetIds.push(subnet.subnetId);
});

We can then easily output subnetIds and default security group after stack is successfully created.

new CfnOutput(this, 'VpcSubnetIds', {
  value: JSON.stringify(subnetIds)
});

new CfnOutput(this, 'VpcDefaultSecurityGroup', {
  value: vpc.vpcDefaultSecurityGroup
});

We need security group that will have access to our cluster once it is created.

const dbSubnetGroup: CfnDBSubnetGroup = new CfnDBSubnetGroup(this, 'AuroraSubnetGroup', {
  dbSubnetGroupDescription: 'Subnet group to access aurora',
  dbSubnetGroupName: 'aurora-serverless-subnet-group',
  subnetIds
});

Now that our VPC is ready, let's create aurora serverless cluster.

const aurora = new CfnDBCluster(this, 'AuroraServerless', {
  databaseName: 'dbname',
  dbClusterIdentifier: 'aurora-serverless',
  engine: 'aurora',
  engineMode: 'serverless',
  masterUsername: 'masteruser',
  masterUserPassword: 'IT_IS_SMART_TO_GENERATE_THIS_WITH_SECRETS_MANAGER',
  port: 3306,
  dbSubnetGroupName: dbSubnetGroup.dbSubnetGroupName,
  scalingConfiguration: {
    autoPause: true,
    maxCapacity: 2,
    minCapacity: 2,
    secondsUntilAutoPause: 3600
  }
});

//wait for subnet group to be created
aurora.addDependsOn(dbSubnetGroup);

And finally construct and output aurora Arn

const auroraArn = `arn:aws:rds:${region}:${account}:cluster:${aurora.dbClusterIdentifier}`;

new CfnOutput(this, 'AuroraClusterArn', {
  value: auroraArn
}); 

When you are happy with the configuration, run the following commands to build and deploy stack

npm run build && account=YOUR_ACCOUNT_NUMBER region=YOUR_REGION cdk deploy

Full source code is available on GitHub.