28

I recently started working with AWS and IaC, I'm using Cloudformation to provision my AWS resources, but I discovered that AWS provide both a SDK and a CDK to enable you to provision resources programmatically instead of plain json/yaml.

But based on the documentation I did not really understand how they differ, can someone explain me how they differ and for what use case you should use what?

dev.tom
  • 489
  • 2
  • 5
  • 16
  • There are some good answers here, but I also feel that part of the difference between an SDK and CDK is branding: "cloud development kit" just sounds more modern and fancy. – Mike Williamson Dec 15 '21 at 14:28

5 Answers5

28

CDK: Is a framework to model and provision your infrastructure or stack. Stack can consist of a database for ex: DynamoDB, S3 Bucket, Lambda, API Gateway etc. It provides a facility to write code to create an infrastructure in AWS. Also called Infrastructure as code. Check here

SDK: These are the code libraries provided by Amazon in various languages, like Java, Python, PHP, Javascript, Typescript etc. These libraries help interact with AWS services (like creating data in DynamoDB) which you either create through CDK or console. SDKs simplify using AWS services in your application with an API. Check here

horizon7
  • 1,113
  • 14
  • 18
  • 1
    Is CDK a subset of SDK in terms of the work that it accomplishes regardless of the approach it takes like generating CloudFormation JSON/YAML ? – Tushar Jajodia Dec 13 '21 at 14:51
  • 6
    No, CDK is Infrastructure as Code, which means you can write code to create AWS resources like API Gateway, DynamoDB or Lambda. On the other hand SDK helps to interact with these AWS resources for ex: fetch the items from DynamoDB or list the contents of S3 bucket. – horizon7 Dec 14 '21 at 18:28
  • SDK also supports creating AWS resources, so CDK can be perceived as a subset of AWS SDK. – Mina F. Beshay Jul 10 '23 at 21:21
23

AWS SDK is a library primarily to ease the access to the AWS services by handling for you the data (de)serialization, credentials management, failure handling, etc. Perhaps, for specific scenarios, you could use the AWS SDK as the infrastructure as a code tool, however it could be cumbersome as it is not the intended usage of the library.

Based on the https://docs.aws.amazon.com/whitepapers/latest/develop-deploy-dotnet-apps-on-aws/infrastructure-as-code.html, dedicated tools for the IaC are AWS CloudFormation and AWS CDK.

AWS CDK is an abstraction on top of CloudFormation. CDK scripts are in fact transformed to the CloudFormation definitions when scripts are synthesized.

The difference can be best described on an example: Imagine that for each lambda function in your stack you want to create an error CloudWatch alarm and connect to the SNS topic.

With CloudFormation you will either a) need to write a pretty much similar bunch of yaml/json definitions for each lambda function to ensure the monitoring, b) use the nested stack templates, c) use CloudFormation modules.

With CDK you can write a generic code construct - class or method, which can create the alarm for the given lambda function and create the SNS alarm action for given topic.

In other words, CDK helps you generalize and re-use your IaC in a very familiar way to how you develop your business code. The code is shorter and more readable than the CF definitions.

The difference is even more remarkable when you need to set up similar resources in different AWS regions and when you have different AWS account per environment. You can manage all AWS accounts and regions with a single CDK codebase.

Milan Gatyás
  • 2,509
  • 1
  • 17
  • 23
  • Thats a great answer, thank you for giving a thoroughly explanation! :) – dev.tom Apr 18 '20 at 19:08
  • 6
    I am curious as to why this is the chosen answer, given that it doesn't address the difference between the CDK and SDK? – max_max_mir May 04 '21 at 23:52
  • Fair point @max_max_mir, I added it to the description. Let me know if you are happy with the answer now. – Milan Gatyás May 05 '21 at 08:10
  • I thought IaC like CloudFormation helps you to define the infrastructure as some templates. If we backs to use an arbitrary programming language to define cloud resource, why don't we just use the SDK to call the create/delete APIs? – Zhiwei Jun 02 '23 at 16:08
3

Some background first: CloudFormation is Amazon's solution for an “Infrastructure as Code” approach to managing the definition, provisioning and deployment of a bunch of resources across accounts/regions. This is done by using their declarative yaml/json-based template language to define it all, and then executing the templates through various means (console, cli, APIs...). More info:


There are other popular IaC solutions or tools to help achieve it more easily out there, such as Terraform and Kubernetes (container orchestration that also uses declarative templates to define desired states).

Potential benefits of IaC: At a high level, you can better track & audit your infra, reuse definitions/processes, make all your changes in a more consistent manner, faster thanks to all the automation and assurances you can get with an infra-as-code approach. You may be familiar with these as mentioned in previous answers and more, such as:

  • version controlling your infrastructure definitions,
  • more efficient and logically complex ways of constructing templates,
  • ability to write tests against them,
  • do diffs (see "change sets") before making real infra changes with the templates,
  • detect when live infra differs from your definitions,
  • automate rollbacks,
  • and lots of other state management assistance through a framework like CF that might be needed when performing regular ops duties.

CDK: This is for helping to automate CloudFormation as part of an IaC approach to provisioning and deploying resources. It lets you use various popular programming languages to help with the creation, testing, and management of your CF setup. Some of AWS’s motivations: “YAML is an excellent format for describing the desired state of your cluster, but it is does not have primitives for expressing logic and reusable abstractions.“ “AWS CDK uses the familiarity and expressive power of programming languages for modeling your applications.”
 More info: https://docs.aws.amazon.com/cdk/v2/guide/home.html


However, Amazon knows about other solutions, and happily points them out on the main CDK page now, downplaying its original connection to CF. You don't need to use CloudFormation if you don't want to; specifically, they mention you can use the same CDK constructs with the help of:

  • cdktf for Terraform maintained by its creators, Hashicorp

  • cdk8s for Kubernetes by AWS. re: “We realized this was exactly the same problem our customers had faced when defining their applications through CloudFormation templates, a problem solved by the AWS Cloud Development Kit (AWS CDK), and that we could apply the same design concepts from the AWS CDK to help all Kubernetes users.”



SDK: 
AWS has an API for all of their services, and the various SDKs give you access to them. For example, I can use AWS’s Java SDK to manage an API Gateway. If I wanted to script some custom deployment process, I could do so with the SDK, managing all the state, etc. myself. You could probably even re-implement the CloudFormation service with the various underlying APIs... The APIs have varying levels of documentation though. E.g. CloudFormation Java APIs are only mentioned in the raw API reference, not the friendlier Developer Guide.

qix
  • 7,228
  • 1
  • 55
  • 65
0

I find that the difference for me is that the CDK codifies the CloudFormation JSON/YAML. First response, is great ya okay in code but the benefit on the code side of things is you can write unit testing against the code. Therefore you get to build that sense of security or insurance policy against the provisioned services in the CDK.

There are other ways to test CF, however, with a dev background, this feels more comfortable.

Dylan Wright
  • 1,118
  • 12
  • 19
0

In terms of creating infrastructure , aws cdk is preferred. Although popular tools for IaC are AWS Cloudformation and Terraform. AWS prefers cloudformation as it's their native service but I guess since developers are more suited to javascript, java and python , hence cdk is an attempt to make code developer friendly which cloudformation doesn't offer (In case if you don't know how to use cloudformation designer). The whole purpose of cdk is to create single click code for infra setup.

For access to aws services or operations, sdk is preferred. In fact I heard this term sdk after 6 months working in boto3. Other popular way for operations to carry out via code is aws-cli. The whole purpose of sdk is to give developers access to cloud environment without giving them access to management console from security POV (although it can also be done via SCPs, IAM roles)

aws cdk can be used for operations and sdk for infra creation interchangably

Rajeev
  • 119
  • 4