AWS CDK Bootstrap: The Why and the How

In the ever-expanding ecosystem of cloud services, we come across numerous tools and frameworks that amplify our cloud capabilities.

AWS Cloud Development Kit (AWS CDK), an open-source software development framework, is one such tool.

This post will delve deeper into a critical aspect of AWS CDK – the cdk bootstrap command, its purpose, usage, and how to keep track of its version.

So, if you’re all geared up, let’s jump right in!

What is AWS CDK Bootstrap?

The AWS Cloud Development Kit (AWS CDK) is a robust framework that allows developers to define their cloud resources using familiar programming languages.

AWS CDK synthesizes your application into a CloudFormation template, which can then be deployed to AWS Cloud.

Before any AWS CDK app can be deployed, you have to bootstrap your AWS environment to create certain AWS resources that the AWS CDK CLI (Command Line Interface) uses to deploy your AWS CDK app.

And this is precisely where cdk bootstrap command comes into play.

When run, it deploys a CloudFormation stack with the following AWS Resources:

CDKToolkit stack resources (cdk bootstrap)

What is the Purpose and Scope of Using AWS CDK Bootstrap?

The main purpose of cdk bootstrap is to provision a set of resources required to support the deployment of AWS CDK applications.

The S3 bucket that cdk bootstrap sets up acts as a staging area for storing the assets and CloudFormation templates generated by the AWS CDK.

The scope of bootstrapping also extends to setting up permissions that allow the CloudFormation service to access these resources during the deployment process.

The necessary IAM roles are automatically created to ensure a secure and seamless deployment.

AWS CDK Bootstrap Security Considerations

Security is always a paramount concern when we work with cloud resources, and AWS CDK Bootstrap is no exception.

When you run cdk bootstrap, AWS CDK creates a new Amazon S3 bucket, Amazon ECR Repsitory and IAM roles.

Understanding these resources and their permissions is crucial to securing your AWS CDK applications.

The Bucket

The Amazon S3 bucket created by the bootstrap command is used as a staging area for your AWS CDK applications. The bucket policy is automatically configured to prevent public access.

This ensures that only authorized AWS accounts can access the files stored in this bucket.

The IAM Roles

cdk bootstrap also sets up IAM roles to manage access permissions for the AWS CloudFormation service. This includes a deployment role, a CloudFormation execution role, and an asset publishing role.

  1. Deployment Role: This role is assumed by the AWS CDK toolkit when deploying your application’s stack. It’s used to execute the AWS CloudFormation ChangeSet operation.
  2. CloudFormation Execution Role: This role is assumed by AWS CloudFormation during the stack deployment operations. It defines what resources CloudFormation is allowed to create on your behalf.
  3. File Publishing Role: This role is used to publish assets (like AWS Lambda function code, Amazon ECS task definitions, etc.) to your environment.
  4. Image Publishing Role: This role is used to publish docker container images to the Amazon ECR repository that was deployed via cdk bootstrap.

By default, these IAM roles have limited permissions and follow the principle of least privilege, an essential aspect of AWS security best practices.

Remember to regularly review the permissions on these roles and update them as needed, adhering to your organization’s IAM policies and guidelines.

Understanding these security considerations is key to maintaining a secure environment for your AWS CDK applications.

How to Deploy AWS CDK Bootstrap?

Deploying cdk bootstrap is a straightforward process. Open your terminal and enter the following command:


Make sure to replace ACCOUNT-ID and REGION with your actual AWS account ID and the region where you want to deploy your AWS CDK applications. F

or example, if your AWS account ID is 123456789012 and you want to deploy your AWS CDK apps in the eu-west-1 region, your command would look like this:

CDK_NEW_BOOTSTRAP=1 cdk bootstrap --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess aws://123456789012/eu-west-1

A successful bootstrap looks like the following:

➜ CDK_NEW_BOOTSTRAP=1 cdk bootstrap --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess aws://946890292784/eu-west-1

 ⏳  Bootstrapping environment aws://123456789012/eu-west-1...
Trusted accounts for deployment: (none)
Trusted accounts for lookup: (none)
Execution policies: arn:aws:iam::aws:policy/AdministratorAccess
CDKToolkit: creating CloudFormation changeset...
 ✅  Environment aws://123456789012/eu-west-1 bootstrapped.

Once the command runs successfully, your environment is set up and ready for your AWS CDK applications!

How to Detect the Current CDK Bootstrap Version?

To ensure compatibility and seamless operations, it’s essential to keep track of your AWS CDK Bootstrap version.

To check the version of your bootstrap stack, you can use the AWS CloudFormation console or AWS CLI.

The version is stored as an output variable in the CDKToolkit stack, with the output key named BootstrapVersion.

Here’s how you can check it using the AWS CLI:

aws cloudformation describe-stacks --stack-name CDKToolkit --query "Stacks[0].Outputs[?OutputKey=='BootstrapVersion'].OutputValue" --output text

This command will output the version of the bootstrap stack deployed in your AWS account.

How to update the AWS CDK Bootstrap stack

As AWS CDK continues to evolve, it is quite likely that you might need to update your bootstrap stack to utilize new features or improvements. The process is just as straightforward as the initial bootstrapping.

To update your bootstrap stack, you can simply run the cdk bootstrap command again. The command is idempotent, meaning that you can run it as many times as you like and it will always result in the same state.

If your bootstrap stack is already up-to-date, running the command will not change anything.

However, if the stack is outdated or has been modified, the command will update the stack to the current version.

Since the bootstrap command is part of the aws-cdk package, the only way to get the latest bootstrap version is if you update the aws-cdk NPM package and then run the cdk bootstrap again:


Keeping your bootstrap stack up-to-date is an essential maintenance task that helps you stay on top of new AWS CDK features and improvements. It is part of an ongoing commitment to managing and maintaining your AWS CDK environment efficiently and effectively.


To sum up, cdk bootstrap is a pivotal command in the AWS CDK toolkit, setting up an environment ready for deploying your AWS CDK applications.

It ensures all necessary resources and permissions are in place, enabling a smooth deployment process.

Staying updated with your bootstrap version will ensure compatibility and better performance of your AWS CDK apps.

As AWS CDK continues to evolve, understanding the nuances of commands like cdk bootstrap is crucial for leveraging the power of the AWS Cloud and building scalable and robust applications.

Danny Steenman

A Senior AWS Cloud Engineer with over 9 years of experience migrating workloads from on-premises to AWS Cloud.

I have helped companies of all sizes shape their cloud adoption strategies, optimizing operational efficiency, reducing costs, and improving organizational agility.

Connect with me today to discuss your cloud aspirations, and let’s work together to transform your business by leveraging the power of AWS Cloud.

I need help with..
stacked cubes
Improving or managing my CDK App.Maximize the potential of your AWS CDK app by leveraging the expertise of a seasoned CDK professional.
Reducing AWS Costs.We can start by doing a thorough assessment of your current AWS infrastructure, identifying areas with potential for cost reduction and efficiency improvement.
Verifying if my infrastructure is reliable and efficient.We’ve created a comprehensive AWS Operations Checklist that you can utilize to quickly verify if your AWS Resources are set up reliably and efficiently.