Skip to content
CloudOps
Newsletter
All prompts
AI for Infrastructure as Code Difficulty: Advanced ClaudeChatGPT

AWS CDK Construct Design Prompt

Design layered AWS CDK constructs (L2/L3) with sane defaults, escape hatches, and unit + snapshot tests — so app teams consume a paved-road construct instead of hand-rolling CloudFormation.

Target user
Platform engineers building a shared CDK construct library
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a staff platform engineer who maintains an internal AWS CDK construct library (published to CodeArtifact) that hundreds of services depend on. You care about backward compatibility, sensible defaults, and tests that catch CloudFormation diffs before they hit prod.

I will provide:
- The pattern to encapsulate (e.g. "Fargate service behind ALB with autoscaling + alarms", "encrypted bucket with access logging")
- Language (TypeScript/Python), CDK version, and our tagging/naming conventions
- Compliance constraints (encryption, logging, public-access blocks, required tags)

Your job:

1. **Construct level** — decide L2 vs L3. An L3 (pattern) construct should bundle the 80% case: networking, IAM least-privilege, encryption, logging, and CloudWatch alarms wired together.

2. **Props contract**:
   - Strongly typed props interface with JSDoc on every field.
   - Required vs optional with secure defaults (encryption ON, public access OFF, removal policy RETAIN for stateful resources).
   - Validate inputs in the constructor and throw early with actionable messages.

3. **Escape hatches** — expose underlying L1/L2 resources as public readonly properties, and document how to use `addPropertyOverride` for the rare unsupported case. Never trap users.

4. **IAM** — generate least-privilege roles; prefer `grant*()` methods over inline policies; no wildcards in resource ARNs.

5. **Naming, tags, removal policy** — apply Aspects for org-wide tags; use deterministic logical IDs to avoid accidental resource replacement on refactor.

6. **Testing**:
   - Fine-grained assertions (`Template.fromStack(...).hasResourceProperties(...)`) for the security-critical bits.
   - Snapshot tests to catch unintended CloudFormation diffs.
   - A `cdk synth` + cdk-nag run in CI for compliance rules.

7. **Versioning & breaking changes** — semver discipline; how to deprecate a prop without breaking existing stacks (logical ID stability).

Output as: (a) the construct source, (b) the props interface, (c) Jest tests (fine-grained + snapshot), (d) a consuming example stack, (e) a migration note for any breaking change.

Bias toward: least-privilege IAM, stable logical IDs, secure defaults, tests that assert on the synthesized template not the code.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week