## Project Overview We are building a **serverless application** (AppSync + Lambda + DynamoDB) and need a **fully automated CI/CD pipeline** using **AWS CDK (v2, Python)**. The pipeline must deploy environment-specific stacks (**dev**, **test**, **prod**) and follow AWS best practices — secure, scalable, and compliant. --- ## Deliverables ### 1. Infrastructure as Code (IaC) * AWS CDK v2 (Python) project with clean modular structure: * `/lib/stacks/infra_stack.py` for serverless infra (Lambda, AppSync, DynamoDB, Cognito, aurora RDS, VPC, S3, EC2, SNS, SQS,) * `/lib/stacks/pipeline_stack.py` for deployment automation * `/config/dev.yaml`, `/config/test.yaml`, `/config/prod.yaml` for environment parameters * `/buildspecs/buildspec.yml` for CodeBuild commands ### 2. Deployment Pipeline (AWS CodePipeline) * Source: GitHub (via CodeStar Connection) * Build: AWS CodeBuild to synthesize and package CDK templates * Deploy: AWS CloudFormation to apply stacks per environment * Manual approval gates between test → prod * Centralized S3 artifact bucket (S3-managed encryption, SSL enforced) * Reusable pipeline roles (CodePipeline, CodeBuild, CloudFormation) ### 3. Environment Management * Config-driven environment selection (`dev`, `test`, `prod`) * Each environment should: * Have its own stack name and tagging * Be deployable independently or via promotion * Use environment-specific Lambda configurations and secrets ### 4. Security & Compliance * Enforce least-privilege IAM roles * Block public access on all buckets * Use server-side encryption (AES-256) * Enforce SSL connections --- ## Tech Stack * **AWS CDK v2 (Python)** * **AWS CodePipeline / CodeBuild / CloudFormation** * **AWS Lambda (Python 3.12)** * **AWS AppSync (GraphQL)** * **AWS DynamoDB * **AWS Cognito** * **GitHub (CodeStar Connection)** * **S3 (Artifacts)** --- ## Expected Features * One-click deployment for all environments (`cdk deploy -c env=dev`) * Modular, environment-agnostic CDK code * CI/CD pipeline automatically triggered on GitHub push * Clear documentation on setup (bootstrap, env variables, config structure) * Auto-synth and auto-deploy CloudFormation templates --- ## Acceptance Criteria * Pipeline successfully builds and deploys the serverless app to **dev**, **test**, and **prod** * No CDKv1 feature-flag errors (KMS, S3, etc.) * All stacks pass `cdk synth`, `cdk diff`, and `cdk-nag` compliance * Deployments are fully automated and repeatable --- used two difference repos for the infra and deployment pipeline. ---