What this hub covers
Use this topic hub when the problem fits this operating surface and you need article-level depth instead of a flat archive.
Topic hub
aws-cdk-patterns
A curated archive for production-grade articles, patterns, and breakdowns inside this topic.
Questions this hub should help answer
Use the topic like a decision surface, not a tag archive.
Best next move
If you are still comparing system shapes, move into the architecture library. If you already know the problem, start with the strongest article below.
Browse architecturesDecision support
Use resources and comparison pieces when you need a checklist, review framework, or a faster way to move from reading to action.
Open resourcesStart here in this topic
The strongest first read in this area.
Open one article that gives the clearest view of how this problem space behaves in production, then continue into the wider set below.
AWS CDK S3 to Lambda via EventBridge: Full Cost and Architecture Breakdown
Most S3-to-Lambda setups skip CloudTrail data events entirely and pay for it later with brittle fan-out and zero audit trail. This post walks through a CDK TypeScript stack that routes S3 events through EventBridge properly — VPC placement, KMS encryption, Secrets Manager, cost model, and the failur
Within this topic
Then move through the rest of the hub.
These pieces stay inside the same operating surface and are better for depth once you already have the context from the spotlight read.
AWS CDK EC2 CodeDeploy Pipeline: ALB and Auto Scaling Without the 2am 502s
Wiring CodePipeline, CodeDeploy, and Auto Scaling in CDK sounds straightforward until your first real scale event cracks the deployment. This post walks the full architecture - VPC, ALB, ASG, SSM config, and the lifecycle hook settings that keep deploys clean under load.
AWS CDK Web App Deployment: VPC, Fargate, Aurora, and CloudFront Wired Together
Most CDK tutorials stop at 'it deployed.' This one covers the full aws cdk web application deployment stack - VPC isolation, Fargate on private subnets, Aurora with KMS, CloudFront, Secrets Manager rotation - and the six operational gaps that will wake you up at 2am if you skip them.
AWS DataSync DMS Step Functions CDK: Building a Multi-Environment Migration Pipeline That Does Not Fail Silently
Coordinating DataSync, DMS, Glue, and OpenSearch under a single Step Functions control plane sounds clean until one service is not ready and the whole pipeline silently produces incomplete data. This post dissects a CDK TypeScript stack that wires all four services together and shows exactly where i
AWS CDK IAM and VPC Security Enforced as Code: KMS, WAFv2, and Security Hub in One Stack
Security drift starts the moment someone opens the AWS console. This post walks through a production CDK TypeScript stack that enforces KMS encryption, least-privilege IAM, VPC Endpoint routing for secrets, WAFv2 on CloudFront and API Gateway, and Security Hub — all as versioned, testable code.
Continue from here
Move to the adjacent surface when the problem broadens.
Read the wider publication
Go back to Start Here if you want the best cross-topic entry points rather than staying inside a single hub.
Open Start HereNeed buyer-side proof?
Case studies and failure breakdowns are where the publication shows how decisions behave under delivery and production pressure.
Read case studiesNeed direct help?
Consulting is for architecture reviews, cost teardowns, and AI infrastructure assessments that need direct judgment instead of more reading.
View consulting