aws cdk - Can I execute another script with values created from cdk deploy?

Question

I'm trying to create EC2 instance with aws CDK and run some scripts to the newly deployed EC2 instance basically like this.

(Python would be better but cdk deploy seems to be run in shell anyway.)

cdk deploy && python script.py -I {new ec2 id} -s {new sg id}

But I need to get the instance id and security group id from cdk deploy result and use it as argument of next script, but not sure how can it be done.

Is it possible for cdk deploy to pass some values after deployment is done without very complex stdout from shell?

p.s: Other ways such as userdata and cloud-init which can be included in synth time doesn't work for me since it needs to get some other values as parameters from local scripts as well as some imperative procedures such as opening temporary port and close after script run.

question from:https://stackoverflow.com/questions/65929855/can-i-execute-another-script-with-values-created-from-cdk-deploy

Answer 1

Based on what you write I think the best option is to use CfnOutput. With CfnOutput you can return the security group or instance id like you would do it in the Outputs section from CloudFormation.

For example:

new CfnOutput(this, 'SecurityGroupOutput', {
  value: mySecurityGroup.securityGroupId,
  description: 'security group id' // Optional,
  exportName: 'MySecurityGroupId'
});

Then you can retrieve the stack outputs using the AWS CLI (or Python, whatever fits you) and use this value in your scripts:

aws cloudformation describe-stacks --stack-name <your-stack-name> --query "Stacks[0].Outputs[?ExportName == MySecurityGroupId].OutputValue" --output text

I'm using ExportName here because CDK will automatically create some logical id for the output which isn't easy to read or remember. You can override it by calling .overrideLogicalId(newLogicalId) on the CfnOutput if you would like to use it instead to retrieve the correct OutputValue.

You can do it similarly for retrieving the EC2 instance id.