如何Automate AWS Deployments with Claude Code 【实战指南】

Why Automate AWS Deployments with Claude Code

Deploying to AWS involves writing configuration files, managing IAM roles, setting environment variables, and other error-prone tasks. Claude Code can assist with everything from generating infrastructure code to executing deployments, all while understanding your project structure.

Building an AWS CDK Project

Here’s an example of asking Claude Code to build infrastructure using CDK.

> Create an ECS Fargate stack using AWS CDK.
> The app is Node.js with an ALB in front.
> Configure it to pull environment variables from SSM Parameter Store.

Let’s look at the CDK code Claude Code generates.

import * as cdk from 'aws-cdk-lib';
import * as ecs from 'aws-cdk-lib/aws-ecs';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
import * as ssm from 'aws-cdk-lib/aws-ssm';

export class AppStack extends cdk.Stack {
  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const vpc = new ec2.Vpc(this, 'AppVpc', { maxAzs: 2 });

    const cluster = new ecs.Cluster(this, 'AppCluster', { vpc });

    const taskDef = new ecs.FargateTaskDefinition(this, 'TaskDef', {
      memoryLimitMiB: 512,
      cpu: 256,
    });

    const dbHost = ssm.StringParameter.valueForStringParameter(
      this, '/app/prod/DB_HOST'
    );

    taskDef.addContainer('app', {
      image: ecs.ContainerImage.fromAsset('./'),
      portMappings: [{ containerPort: 3000 }],
      environment: { DB_HOST: dbHost },
      logging: ecs.LogDrivers.awsLogs({ streamPrefix: 'app' }),
    });

    const service = new ecs.FargateService(this, 'Service', {
      cluster,
      taskDefinition: taskDef,
      desiredCount: 2,
    });

    const lb = new elbv2.ApplicationLoadBalancer(this, 'ALB', {
      vpc,
      internetFacing: true,
    });

    const listener = lb.addListener('Listener', { port: 80 });
    listener.addTargets('Target', {
      port: 3000,
      targets: [service],
      healthCheck: { path: '/health' },
    });
  }
}

Terraform Integration

You can also streamline infrastructure management with Terraform using Claude Code.

> Define S3 + CloudFront static site hosting in terraform/main.tf.
> Also set up WAF with rate limiting.
> Check the terraform plan output and let me know if there are any issues.

resource "aws_s3_bucket" "site" {
  bucket = "my-app-static-site"
}

resource "aws_cloudfront_distribution" "cdn" {
  origin {
    domain_name = aws_s3_bucket.site.bucket_regional_domain_name
    origin_id   = "s3-origin"

    s3_origin_config {
      origin_access_identity = aws_cloudfront_origin_access_identity.oai.cloudfront_access_identity_path
    }
  }

  enabled             = true
  default_root_object = "index.html"

  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "s3-origin"
    viewer_protocol_policy = "redirect-to-https"

    forwarded_values {
      query_string = false
      cookies { forward = "none" }
    }
  }

  restrictions {
    geo_restriction { restriction_type = "none" }
  }

  viewer_certificate {
    cloudfront_default_certificate = true
  }
}

GitHub Actions Integration

You can also ask Claude Code to set up your CI/CD pipeline.

> Create a GitHub Actions workflow.
> It should automatically run CDK deploy on push to the main branch.
> Use OIDC authentication to connect to AWS.

name: Deploy to AWS
on:
  push:
    branches: [main]

permissions:
  id-token: write
  contents: read

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: arn:aws:iam::123456789012:role/deploy-role
          aws-region: us-east-1

      - uses: actions/setup-node@v4
        with:
          node-version: 20

      - run: npm ci
      - run: npx cdk deploy --require-approval never

Troubleshooting Deployments

When deployment errors occur, you can also ask Claude Code to analyze them.

> I got the following error from cdk deploy. Tell me the cause and how to fix it:
> Error: The security group 'sg-xxx' does not exist

Claude Code cross-references the error message with your project structure to identify VPC or security group configuration issues. For general troubleshooting workflows, refer to 10 Tips to 3x Your Claude Code Productivity.

Best Practices for Deployment Automation

1. Separate environment configs: Switch environments using context in cdk.json
2. Drift detection: Run cdk diff regularly to check for discrepancies
3. Rollback strategy: Prepare Blue/Green deployment configurations in advance

By documenting these settings in CLAUDE.md, Claude Code will always generate code aligned with your project’s guidelines. For more on CLAUDE.md usage, see the Complete CLAUDE.md Guide.

总结

With Claude Code, you can streamline the entire deployment workflow — from AWS infrastructure setup to CI/CD pipeline configuration. It works with CDK, Terraform, and SAM alike. Start with a small stack and gradually expand your automation.

For more on Claude Code, see the official Anthropic documentation. For AWS best practices, refer to the AWS Well-Architected Framework.