How to set up parameterized components automatically in a declarative way?

Hello everyone,

we need to set up some AWS resources automatically for some users of our system. The current approach is to have the user authenticate and redirect his request to a Lambda endpoint. The Lambda checks if the user already has the resources and if not creates the desired resources in an imperative way. The resources are always the same (S3 Bucket, Encryption Key, Role, ELB Listener Rule, Target Group).

This has several disadvantages. Tagging of resources is tedious and also resource creation is not an atomic operation and thus the process is error prone. Therefore we would like to change to a declarative approach.

Our current idea is to create a CfnTemplate with the desired resources and proper parameters to create the individual resources. The Lambda back end would than deploy the CfnTemplate up on user authentication.

While this looks like a step in the right direction we would like to confirm if this is the best approach or if there are other/better options.

Specifically many resources created in our project already use the TypeScript CDK and if there is a way to define something like a "component factory" in CDK, that would be nice as well!

Any guidance or link to useful resources is highly appreciated. Thanks in advance!