Production-ready AWS CodePipelines from TypeScript, CLI, or a single AI prompt. 124+ reusable plugins, per-org compliance enforcement, multi-tenant isolation, and zero vendor lock-in.
AWS CDK synthesis/deployment and pipeline utility plugins.
| Plugin | Purpose | Compute | Secrets | Key Env Vars |
|---|---|---|---|---|
| cdk-synth | Synthesize CDK app to CloudFormation | MEDIUM | None (AWS IAM) | CDK_DEFAULT_REGION, CDK_DEFAULT_ACCOUNT, RESOLVED_SYNTH_PLUGIN |
For CDK deployment plugins (cdk-deploy, cdk-deploy-multi-region), see Deploy Plugins.
| Plugin | Purpose | Compute | Secrets | Key Env Vars |
|---|---|---|---|---|
| manual-approval | Native CDK approval gate that pauses the pipeline and waits for confirmation in the AWS CodePipeline console | SMALL | None | APPROVAL_COMMENT |
| manual-approval-custom | Approval gate that publishes an SNS notification, then polls for approval with a configurable timeout | SMALL | None (AWS IAM) | APPROVAL_TOPIC_ARN, APPROVAL_MESSAGE, APPROVAL_TIMEOUT, APPROVAL_URL |
| s3-cache | S3 build cache with zstd compression | SMALL | None (AWS IAM) | CACHE_BUCKET, CACHE_KEY, CACHE_PATHS, CACHE_ACTION |
| shell | Run arbitrary OS install/build commands on a clean Ubuntu 24.04 step (git/curl/jq/wget/apt) — the escape hatch when no language/tool plugin fits | SMALL | None | shellInstall, shellCommand, shellOutputDir |
flowchart LR
Synth[cdk-synth] --> CloudAssembly[cdk.out/]
CloudAssembly --> SelfMutate[Self-Mutation]
CloudAssembly --> Stages[Pipeline Stages]
These strategies apply to the cdk-deploy-multi-region plugin. The CDK_DEPLOY_STRATEGY env var controls how stacks are deployed across regions:
flowchart LR
Start([Start]) --> Primary[Deploy Primary Region]
Primary -->|Success| R2[Deploy Region 2]
R2 -->|Success| R3[Deploy Region 3]
R3 -->|Success| Done([Complete])
Primary -->|Failure| Rollback1[Rollback Primary]
R2 -->|Failure| Rollback2[Rollback Region 2]
R3 -->|Failure| Rollback3[Rollback Region 3]
Rollback1 --> Failed([Failed])
Rollback2 --> Failed
Rollback3 --> Failed
Deploys to each region one at a time in the order specified by CDK_REGIONS. If a deployment fails in any region, subsequent regions are skipped. This is the safest strategy and is recommended for production workloads.
flowchart LR
Start([Start]) --> Primary[Deploy Primary Region]
Primary -->|Success| Fork{Fork}
Fork --> R2[Deploy Region 2]
Fork --> R3[Deploy Region 3]
Fork --> R4[Deploy Region N]
R2 --> Join{Join}
R3 --> Join
R4 --> Join
Join -->|All Succeed| Done([Complete])
Join -->|Any Failure| RollbackFailed[Rollback Failed Regions]
RollbackFailed --> Partial([Partial - Successful Regions Kept])
Primary -->|Failure| Failed([Failed])
Deploys to all regions simultaneously. Faster than sequential but provides less isolation between regions. Best suited for non-production environments or stateless workloads where region-level failures do not cascade.
When CDK_PRIMARY_REGION is set, the deployment always starts with the primary region first regardless of the chosen strategy. Once the primary region deployment succeeds, the remaining regions proceed according to the selected strategy (sequential or parallel). This allows the primary region to serve as a canary, catching issues before they propagate to all regions.
When CDK_ROLLBACK_ON_FAILURE=true, a failed deployment in any region triggers an automatic rollback of that region to the previous known-good state. In sequential mode, this also prevents deployment to subsequent regions. In parallel mode, regions that have already completed successfully are not rolled back – only the failed region is reverted.