Condensation brings together two great services from AWS, CloudFormation and Lambda, by turning their parts into a composable project. In the case of Lambda, code (in a Condensation asset particle) can be packaged alongside a template (another Condensation particle) that defines properties and resources needed for execution.  Particles, reusable modules and assets are the core of a Condensation project.  They can be as small as a single parameter, as large as an entire template, or any set of resources in-between.  Packaged and deployed to S3 as a unit, templates automatically link to assets (and other templates) within a project.  The project can be deployed in as many regions and buckets as necessary, with every deployment acting as an independent implementation.  Create deployments for us-east-1, us-west-2, development, UAT, or production. In any region and any environment, code and infrastructure are tracked and linked together.

Real Project, Real Results

To demonstrate the concept of particles with Lambda we have taken CloudSploit Scans, an open source configuration and security scanning tool highlighted by Jeff Barr, and created a condensation project, particles-cloudsploit-scans. The project references CloudSploit Scans as a submodule.  When built with condensation the submodule is updated, dependencies are installed and the code is rolled up into a zip file ready to be put on S3.  At the same time, a template is created that accepts an optional ExecutionRole parameter.  The template re-uses code from particles-common-core to create the parameter and an is_empty condition.  If an ExecutionRole is not provided one will be created with the recommended policy from CloudSploit. Both the zip file and the template are packaged together and deployed to a bucket in every region that supports Lambda.  This goes a step further than simply replicating a bucket from one region to another.  The template will always reference the URL of the asset that it was deployed with.  In us-east-1, the template is linked to the asset in us-east-1, in us-west-2, the template is linked to the asset in us-west-2 and so on. If CloudSploit is part of a bigger project, this project can be referenced from any other condensation project as a particle.  Install it as a npm dependency and use the templateS3Url helper provided by condensation.  There is no need to copy and paste template code. To make this even easier to use, we have compiled and deployed particles-cloudsploit-scans to publically accessible S3 buckets.  Use the launch button below to install CloudSploit in your own account.

  • us-east-1        Launch Stack
  • us-west-2        Launch Stack
  • eu-west-1        Launch Stack
  • ap-northeast-1 Launch Stack
Related Articles