WIP

Yuriy Bezsonov · Yuriy Bezsonov · commit 1bdc91ba9637 · 2025-12-14T13:30:15.000+01:00
diff --git a/.kiro/specs/infra/deployment-guide.md b/.kiro/specs/infra/deployment-guide.md
@@ -16,6 +16,9 @@ aws cloudformation deploy \
   --s3-bucket workshop-cfn-templates-1765640257
 ```
 
+## Architecture Fix Applied
+**Fixed bootstrap failure rollback issue**: Removed WaitCondition dependencies from critical outputs to match original working architecture. Stack will still fail if bootstrap fails, but will rollback cleanly without orphaned resources.
+
 ## Test & Debug
 
 ### Get Stack Outputs
diff --git a/infra/cdk/src/main/java/sample/com/WorkshopStack.java b/infra/cdk/src/main/java/sample/com/WorkshopStack.java
@@ -2,7 +2,6 @@
 
 import software.amazon.awscdk.Stack;
 import software.amazon.awscdk.StackProps;
-import software.amazon.awscdk.Aws;
 import software.constructs.Construct;
 import sample.com.constructs.*;
 import sample.com.constructs.Ide.IdeProps;
diff --git a/infra/cdk/src/main/java/sample/com/constructs/CodeBuild.java b/infra/cdk/src/main/java/sample/com/constructs/CodeBuild.java
@@ -1,14 +1,12 @@
 package sample.com.constructs;
 
-import software.amazon.awscdk.Aws;
 import software.amazon.awscdk.CustomResource;
 import software.amazon.awscdk.Duration;
 import software.amazon.awscdk.services.codebuild.*;
 import software.amazon.awscdk.services.events.*;
 import software.amazon.awscdk.services.events.targets.LambdaFunction;
 import software.amazon.awscdk.services.iam.*;
 import software.amazon.awscdk.services.lambda.*;
-import software.amazon.awscdk.services.lambda.Runtime;
 import software.amazon.awscdk.services.ec2.IVpc;
 import software.amazon.awscdk.services.ec2.SubnetSelection;
 import software.amazon.awscdk.services.ec2.SubnetType;
diff --git a/infra/cdk/src/main/java/sample/com/constructs/Database.java b/infra/cdk/src/main/java/sample/com/constructs/Database.java
@@ -4,7 +4,6 @@
 import software.amazon.awscdk.RemovalPolicy;
 import software.amazon.awscdk.SecretValue;
 import software.amazon.awscdk.SecretsManagerSecretOptions;
-import software.amazon.awscdk.Stack;
 import software.amazon.awscdk.CustomResource;
 import software.amazon.awscdk.services.ec2.IVpc;
 import software.amazon.awscdk.services.ec2.Port;
@@ -115,7 +114,7 @@ public Database(final Construct scope, final String id, final IVpc vpc) {
             .code(Code.fromInline(loadFile("/lambda/database-setup.py")))
             .handler("index.lambda_handler")
             .runtime(Runtime.PYTHON_3_13)
-            .functionName("workshop-db-setup-lambda")
+            .functionName("workshop-db-setup")
             .timeout(Duration.minutes(3))
             .vpc(vpc)
             .securityGroups(List.of(databaseSecurityGroup))
diff --git a/infra/cdk/src/main/java/sample/com/constructs/Ide.java b/infra/cdk/src/main/java/sample/com/constructs/Ide.java
@@ -328,22 +328,18 @@ public Ide(final Construct scope, final String id, final IdeProps props) {
             .build();
         waitCondition.getNode().addDependency(ec2InstanceResource);
 
-        // CloudFront doesn't need to wait for bootstrap - it's just infrastructure
-
-        // Outputs - these should only be created if bootstrap succeeds
         var ideUrlOutput = CfnOutput.Builder.create(this, "Url")
             .value("https://" + distribution.getDistributionDomainName())
             .description("Workshop IDE Url")
             .exportName(instanceName + "-url")
             .build();
-        ideUrlOutput.getNode().addDependency(waitCondition);
 
         var idePasswordOutput = CfnOutput.Builder.create(this, "Password")
             .value(getIdePassword(instanceName))
             .description("Workshop IDE Password")
             .exportName(instanceName + "-password")
             .build();
-        idePasswordOutput.getNode().addDependency(waitCondition);
+        idePasswordOutput.getNode().addDependency(ideSecretsManagerPassword);
     }
 
     public SecurityGroup getIdeSecurityGroup() {
diff --git a/infra/cdk/src/main/java/sample/com/constructs/Roles.java b/infra/cdk/src/main/java/sample/com/constructs/Roles.java
@@ -1,13 +1,6 @@
 package sample.com.constructs;
 
-import software.amazon.awscdk.services.iam.*;
 import software.constructs.Construct;
-import org.json.JSONObject;
-
-import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.util.List;
 
 public class Roles extends Construct {
 
diff --git a/infra/cfn/base-stack.yaml b/infra/cfn/base-stack.yaml
@@ -714,25 +714,7 @@ Resources:
         Fn::GetAtt:
           - IdeInstanceLauncherFunction803C5A2A
           - Arn
-      VolumeSize: "50"
-      SubnetIds:
-        Fn::Join:
-          - ""
-          - - Ref: VpcWorkshopVpcPublicSubnet1SubnetBCB45C45
-            - ","
-            - Ref: VpcWorkshopVpcPublicSubnet2SubnetF8F9426F
-      SecurityGroupIds:
-        Fn::Join:
-          - ""
-          - - Fn::GetAtt:
-                - IdeIdeSecurityGroup5C503C8A
-                - GroupId
-            - ","
-            - Fn::GetAtt:
-                - IdeIdeInternalSecurityGroupD5D3B421
-                - GroupId
-      ImageId:
-        Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter
+      InstanceTypes: m5.xlarge,m6i.xlarge,t3.xlarge
       UserData:
         Fn::Base64:
           Fn::Join:
@@ -866,12 +848,30 @@ Resources:
                 "
                     exit 1
                 fi
-      InstanceTypes: m5.xlarge,m6i.xlarge,t3.xlarge
-      InstanceName: ide
+      ImageId:
+        Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter
+      SecurityGroupIds:
+        Fn::Join:
+          - ""
+          - - Fn::GetAtt:
+                - IdeIdeSecurityGroup5C503C8A
+                - GroupId
+            - ","
+            - Fn::GetAtt:
+                - IdeIdeInternalSecurityGroupD5D3B421
+                - GroupId
+      SubnetIds:
+        Fn::Join:
+          - ""
+          - - Ref: VpcWorkshopVpcPublicSubnet1SubnetBCB45C45
+            - ","
+            - Ref: VpcWorkshopVpcPublicSubnet2SubnetF8F9426F
+      VolumeSize: "50"
       IamInstanceProfileArn:
         Fn::GetAtt:
           - IdeIdeInstanceProfile8BD997EA
           - Arn
+      InstanceName: ide
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
   IdeIdeEipAssociation6C6C215D:
@@ -1241,12 +1241,12 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_MEDIUM
         EnvironmentVariables:
-          - Name: GIT_BRANCH
-            Type: PLAINTEXT
-            Value: new-ws-infra
           - Name: TEMPLATE_TYPE
             Type: PLAINTEXT
             Value: base
+          - Name: GIT_BRANCH
+            Type: PLAINTEXT
+            Value: new-ws-infra
         Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
         ImagePullCredentialsType: CODEBUILD
         PrivilegedMode: false
@@ -1489,13 +1489,13 @@ Resources:
         Fn::GetAtt:
           - CodeBuildStartLambdaFunction8349284F
           - Arn
-      ProjectName:
-        Ref: CodeBuildProjectA0FF5539
+      ContentHash: "1765715394125"
       CodeBuildIamRoleArn:
         Fn::GetAtt:
           - CodeBuildCodeBuildRoleBA9C6D5C
           - Arn
-      ContentHash: "1765710511221"
+      ProjectName:
+        Ref: CodeBuildProjectA0FF5539
     DependsOn:
       - CodeBuildBuildCompleteRuleAllowEventRuleWorkshopStackCodeBuildReportLambdaFunctionD77C6091DA4A4BD8
       - CodeBuildBuildCompleteRule06AAF17D
diff --git a/infra/cfn/java-on-aws-stack.yaml b/infra/cfn/java-on-aws-stack.yaml
@@ -734,8 +734,12 @@ Resources:
         Fn::GetAtt:
           - IdeInstanceLauncherFunction803C5A2A
           - Arn
-      ImageId:
-        Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter
+      SubnetIds:
+        Fn::Join:
+          - ""
+          - - Ref: VpcWorkshopVpcPublicSubnet1SubnetBCB45C45
+            - ","
+            - Ref: VpcWorkshopVpcPublicSubnet2SubnetF8F9426F
       SecurityGroupIds:
         Fn::Join:
           - ""
@@ -746,19 +750,8 @@ Resources:
             - Fn::GetAtt:
                 - IdeIdeInternalSecurityGroupD5D3B421
                 - GroupId
-      SubnetIds:
-        Fn::Join:
-          - ""
-          - - Ref: VpcWorkshopVpcPublicSubnet1SubnetBCB45C45
-            - ","
-            - Ref: VpcWorkshopVpcPublicSubnet2SubnetF8F9426F
-      VolumeSize: "50"
-      IamInstanceProfileArn:
-        Fn::GetAtt:
-          - IdeIdeInstanceProfile8BD997EA
-          - Arn
-      InstanceName: ide
-      InstanceTypes: m5.xlarge,m6i.xlarge,t3.xlarge
+      ImageId:
+        Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter
       UserData:
         Fn::Base64:
           Fn::Join:
@@ -892,6 +885,13 @@ Resources:
                 "
                     exit 1
                 fi
+      InstanceTypes: m5.xlarge,m6i.xlarge,t3.xlarge
+      InstanceName: ide
+      IamInstanceProfileArn:
+        Fn::GetAtt:
+          - IdeIdeInstanceProfile8BD997EA
+          - Arn
+      VolumeSize: "50"
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
   IdeIdeEipAssociation6C6C215D:
@@ -1261,12 +1261,12 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_MEDIUM
         EnvironmentVariables:
-          - Name: TEMPLATE_TYPE
-            Type: PLAINTEXT
-            Value: java-on-aws
           - Name: GIT_BRANCH
             Type: PLAINTEXT
             Value: new-ws-infra
+          - Name: TEMPLATE_TYPE
+            Type: PLAINTEXT
+            Value: java-on-aws
         Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
         ImagePullCredentialsType: CODEBUILD
         PrivilegedMode: false
@@ -1472,12 +1472,12 @@ Resources:
       Description: workshop-setup build complete
       EventPattern:
         detail:
-          project-name:
-            - Ref: CodeBuildProjectA0FF5539
           build-status:
             - SUCCEEDED
             - FAILED
             - STOPPED
+          project-name:
+            - Ref: CodeBuildProjectA0FF5539
         detail-type:
           - CodeBuild Build State Change
         source:
@@ -1513,9 +1513,9 @@ Resources:
         Fn::GetAtt:
           - CodeBuildCodeBuildRoleBA9C6D5C
           - Arn
+      ContentHash: "1765715399417"
       ProjectName:
         Ref: CodeBuildProjectA0FF5539
-      ContentHash: "1765710516249"
     DependsOn:
       - CodeBuildBuildCompleteRuleAllowEventRuleWorkshopStackCodeBuildReportLambdaFunctionD77C6091DA4A4BD8
       - CodeBuildBuildCompleteRule06AAF17D
@@ -1902,7 +1902,7 @@ Resources:
                   responseData = {'Error': tb_err}
               finally:
                   cfnresponse.send(event, context, status, responseData, 'CustomResourcePhysicalID')
-      FunctionName: workshop-db-setup-lambda
+      FunctionName: workshop-db-setup
       Handler: index.lambda_handler
       Role:
         Fn::GetAtt:
