CDK Construct Development Rules

Compute

AWS Lambda Functions

• Separate business logic from infrastructure code.
• Add the function handler code in a file with a .lambda.ts suffix.
• Group function handlers in a functions folder.
• Configure appropriate memory and timeout settings.
• Use environment variables for configuration.
• Set up appropriate IAM permissions with least privilege.

ECS / Fargate

• Use appropriate task definitions and container configurations
• If needed, configure auto-scaling based on metrics
• Set up proper networking and security groups
• Implement health checks and monitoring

Storage

Amazon S3

• Configure appropriate encryption and access controls
• Set up lifecycle rules for cost optimization
• Implement versioning for critical data
• Configure logging and monitoring
• Configure backup and retention policies

Amazon DynamoDB

• Configure appropriate capacity mode (on-demand or provisioned)
• Set up auto-scaling for provisioned capacity
• Implement proper key schema and indexes
• Configure backup and point-in-time recovery

APIs

• Configure appropriate authentication and authorization
• Set up request validation and throttling
• Implement CORS for cross-origin requests
• Configure logging and monitoring

Amazon API Gateway

• Configure appropriate authentication and authorization
• Set up request validation and throttling
• Implement CORS for cross-origin requests
• Configure logging and monitoring

Networking

VPC

• Design VPCs with appropriate subnet architecture
• Configure security groups with least privilege
• Set up VPC endpoints for AWS services when possible

Cloudfront

• Configure appropriate cache behaviors for different content types
• Set up proper origin configurations
• Implement security headers and CORS
• Configure logging and monitoring

Observability

Cloudwatch

• Set up alarms for critical metrics
• Configure appropriate thresholds and actions
• Create dashboards for monitoring