WIP

Author: Yuriy Bezsonov

.kiro/specs/infra/java-on-aws-workshop-architecture.png

@@ -25,7 +25,7 @@ public class CodeBuild extends Construct {
     private final Role lambdaRole;
 
     public static class CodeBuildProps {
-        private String projectName = "workshop-codebuild";
+        private String projectName = "workshop-setup";
         private IBuildImage buildImage = LinuxBuildImage.AMAZON_LINUX_2_5;
         private ComputeType computeType = ComputeType.MEDIUM;
         private Duration timeout = Duration.minutes(30);

infra/cdk/src/main/java/sample/com/constructs/CodeBuild.java

@@ -101,7 +101,7 @@ public Ide(final Construct scope, final String id, final IdeProps props) {
         // Create workshop role for IDE instances if not provided
         if (props.getIdeRole() == null) {
             props.ideRole = Role.Builder.create(this, "Role")
-                .roleName("ide-user")
+                .roleName("workshop-ide-user")
                 .assumedBy(ServicePrincipal.Builder.create("ec2.amazonaws.com").build())
                 .managedPolicies(List.of(
                     ManagedPolicy.fromAwsManagedPolicyName("ReadOnlyAccess"),
@@ -191,7 +191,7 @@ public Ide(final Construct scope, final String id, final IdeProps props) {
         this.ideSecurityGroup = SecurityGroup.Builder.create(this, "SecurityGroup")
             .vpc(props.getVpc())
             .allowAllOutbound(true)
-            .securityGroupName(instanceName + "-cloudfront-ide-sg")
+            .securityGroupName("workshop-ide-cloudfront-sg")
             .description("IDE security group")
             .build();
 
@@ -205,7 +205,7 @@ public Ide(final Construct scope, final String id, final IdeProps props) {
         this.ideInternalSecurityGroup = SecurityGroup.Builder.create(this, "InternalSecurityGroup")
             .vpc(props.getVpc())
             .allowAllOutbound(false)
-            .securityGroupName(instanceName + "-internal-sg")
+            .securityGroupName("workshop-ide-internal-sg")
             .description("IDE internal security group")
             .build();
 
@@ -217,7 +217,7 @@ public Ide(final Construct scope, final String id, final IdeProps props) {
         // Create instance profile
         var instanceProfile = InstanceProfile.Builder.create(this, "InstanceProfile")
             .role(this.ideRole)
-            .instanceProfileName(this.ideRole.getRoleName())
+            .instanceProfileName("workshop-ide-instance-profile")
             .build();
 
         // Create Elastic IP
@@ -246,7 +246,7 @@ public Ide(final Construct scope, final String id, final IdeProps props) {
                 .secretStringTemplate("{\"password\":\"\"}")
                 .excludeCharacters("\"@/\\\\")
                 .build())
-            .secretName(instanceName + "-password")
+            .secretName("workshop-ide-password")
             .removalPolicy(RemovalPolicy.DESTROY)
             .build();
 

infra/cdk/src/main/java/sample/com/constructs/Ide.java

@@ -239,7 +239,7 @@ Resources:
               - Ref: AWS::Partition
               - :iam::aws:policy/CloudWatchAgentServerPolicy
         - Ref: IdeUserPolicy2460FC7D
-      RoleName: ide-user
+      RoleName: workshop-ide-user
   IdeRoleDefaultPolicyFD4BDE67:
     Type: AWS::IAM::Policy
     Properties:
@@ -483,7 +483,7 @@ Resources:
     Type: AWS::EC2::SecurityGroup
     Properties:
       GroupDescription: IDE security group
-      GroupName: ide-cloudfront-ide-sg
+      GroupName: workshop-ide-cloudfront-sg
       SecurityGroupEgress:
         - CidrIp: 0.0.0.0/0
           Description: Allow all outbound traffic by default
@@ -509,7 +509,7 @@ Resources:
     Type: AWS::EC2::SecurityGroup
     Properties:
       GroupDescription: IDE internal security group
-      GroupName: ide-internal-sg
+      GroupName: workshop-ide-internal-sg
       VpcId:
         Ref: VpcC3027511
   IdeInternalSecurityGroupfromWorkshopStackIdeInternalSecurityGroup2A6A3A7DALLTRAFFIC101F9997:
@@ -541,8 +541,7 @@ Resources:
   IdeInstanceProfile61B92038:
     Type: AWS::IAM::InstanceProfile
     Properties:
-      InstanceProfileName:
-        Ref: IdeRole4650E22E
+      InstanceProfileName: workshop-ide-instance-profile
       Roles:
         - Ref: IdeRole4650E22E
   IdeElasticIP3327A0B5:
@@ -559,7 +558,7 @@ Resources:
         IncludeSpace: false
         PasswordLength: 32
         SecretStringTemplate: '{"password":""}'
-      Name: ide-password
+      Name: workshop-ide-password
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
   IdeInstanceLauncherFunction803C5A2A:
@@ -714,17 +713,6 @@ Resources:
         Fn::GetAtt:
           - IdeInstanceLauncherFunction803C5A2A
           - Arn
-      SubnetIds:
-        Fn::Join:
-          - ""
-          - - Ref: VpcPublicSubnet1Subnet8E8DEDC0
-            - ","
-            - Ref: VpcPublicSubnet2SubnetA811849C
-      VolumeSize: "50"
-      IamInstanceProfileArn:
-        Fn::GetAtt:
-          - IdeInstanceProfile61B92038
-          - Arn
       InstanceName: ide
       InstanceTypes: m5.xlarge,m6i.xlarge,t3.xlarge
       UserData:
@@ -872,6 +860,17 @@ Resources:
             - Fn::GetAtt:
                 - IdeInternalSecurityGroupB0A5D76B
                 - GroupId
+      SubnetIds:
+        Fn::Join:
+          - ""
+          - - Ref: VpcPublicSubnet1Subnet8E8DEDC0
+            - ","
+            - Ref: VpcPublicSubnet2SubnetA811849C
+      VolumeSize: "50"
+      IamInstanceProfileArn:
+        Fn::GetAtt:
+          - IdeInstanceProfile61B92038
+          - Arn
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
   IdeEipAssociationDFF81215:
@@ -1081,6 +1080,15 @@ Resources:
                         - Fn::Split:
                             - ":"
                             - Ref: IdePasswordSecretF907B9F2
+            - Fn::Select:
+                - 2
+                - Fn::Split:
+                    - "-"
+                    - Fn::Select:
+                        - 6
+                        - Fn::Split:
+                            - ":"
+                            - Ref: IdePasswordSecretF907B9F2
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
   CodeBuildRoleE9A44575:
@@ -1241,12 +1249,12 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_MEDIUM
         EnvironmentVariables:
-          - Name: TEMPLATE_TYPE
-            Type: PLAINTEXT
-            Value: base
           - Name: GIT_BRANCH
             Type: PLAINTEXT
             Value: new-ws-infra
+          - Name: TEMPLATE_TYPE
+            Type: PLAINTEXT
+            Value: base
         Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
         ImagePullCredentialsType: CODEBUILD
         PrivilegedMode: false
@@ -1452,12 +1460,12 @@ Resources:
       Description: workshop-setup build complete
       EventPattern:
         detail:
-          project-name:
-            - Ref: CodeBuildProjectA0FF5539
           build-status:
             - SUCCEEDED
             - FAILED
             - STOPPED
+          project-name:
+            - Ref: CodeBuildProjectA0FF5539
         detail-type:
           - CodeBuild Build State Change
         source:
@@ -1489,13 +1497,13 @@ Resources:
         Fn::GetAtt:
           - CodeBuildStartLambdaFunction8349284F
           - Arn
-      ProjectName:
-        Ref: CodeBuildProjectA0FF5539
-      ContentHash: "1765725419413"
+      ContentHash: "1765726247489"
       CodeBuildIamRoleArn:
         Fn::GetAtt:
           - CodeBuildRoleE9A44575
           - Arn
+      ProjectName:
+        Ref: CodeBuildProjectA0FF5539
     DependsOn:
       - CodeBuildCompleteRuleAllowEventRuleWorkshopStackCodeBuildReportLambdaFunctionD77C60919E0B0C89
       - CodeBuildCompleteRuleEE9277E8

infra/cfn/base-stack.yaml

@@ -259,7 +259,7 @@ Resources:
               - Ref: AWS::Partition
               - :iam::aws:policy/CloudWatchAgentServerPolicy
         - Ref: IdeUserPolicy2460FC7D
-      RoleName: ide-user
+      RoleName: workshop-ide-user
   IdeRoleDefaultPolicyFD4BDE67:
     Type: AWS::IAM::Policy
     Properties:
@@ -503,7 +503,7 @@ Resources:
     Type: AWS::EC2::SecurityGroup
     Properties:
       GroupDescription: IDE security group
-      GroupName: ide-cloudfront-ide-sg
+      GroupName: workshop-ide-cloudfront-sg
       SecurityGroupEgress:
         - CidrIp: 0.0.0.0/0
           Description: Allow all outbound traffic by default
@@ -529,7 +529,7 @@ Resources:
     Type: AWS::EC2::SecurityGroup
     Properties:
       GroupDescription: IDE internal security group
-      GroupName: ide-internal-sg
+      GroupName: workshop-ide-internal-sg
       VpcId:
         Ref: VpcC3027511
   IdeInternalSecurityGroupfromWorkshopStackIdeInternalSecurityGroup2A6A3A7DALLTRAFFIC101F9997:
@@ -561,8 +561,7 @@ Resources:
   IdeInstanceProfile61B92038:
     Type: AWS::IAM::InstanceProfile
     Properties:
-      InstanceProfileName:
-        Ref: IdeRole4650E22E
+      InstanceProfileName: workshop-ide-instance-profile
       Roles:
         - Ref: IdeRole4650E22E
   IdeElasticIP3327A0B5:
@@ -579,7 +578,7 @@ Resources:
         IncludeSpace: false
         PasswordLength: 32
         SecretStringTemplate: '{"password":""}'
-      Name: ide-password
+      Name: workshop-ide-password
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
   IdeInstanceLauncherFunction803C5A2A:
@@ -734,18 +733,8 @@ Resources:
         Fn::GetAtt:
           - IdeInstanceLauncherFunction803C5A2A
           - Arn
-      InstanceName: ide
-      IamInstanceProfileArn:
-        Fn::GetAtt:
-          - IdeInstanceProfile61B92038
-          - Arn
-      VolumeSize: "50"
-      SubnetIds:
-        Fn::Join:
-          - ""
-          - - Ref: VpcPublicSubnet1Subnet8E8DEDC0
-            - ","
-            - Ref: VpcPublicSubnet2SubnetA811849C
+      ImageId:
+        Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter
       SecurityGroupIds:
         Fn::Join:
           - ""
@@ -756,8 +745,19 @@ Resources:
             - Fn::GetAtt:
                 - IdeInternalSecurityGroupB0A5D76B
                 - GroupId
-      ImageId:
-        Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter
+      SubnetIds:
+        Fn::Join:
+          - ""
+          - - Ref: VpcPublicSubnet1Subnet8E8DEDC0
+            - ","
+            - Ref: VpcPublicSubnet2SubnetA811849C
+      VolumeSize: "50"
+      IamInstanceProfileArn:
+        Fn::GetAtt:
+          - IdeInstanceProfile61B92038
+          - Arn
+      InstanceName: ide
+      InstanceTypes: m5.xlarge,m6i.xlarge,t3.xlarge
       UserData:
         Fn::Base64:
           Fn::Join:
@@ -891,7 +891,6 @@ Resources:
                 "
                     exit 1
                 fi
-      InstanceTypes: m5.xlarge,m6i.xlarge,t3.xlarge
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
   IdeEipAssociationDFF81215:
@@ -1101,6 +1100,15 @@ Resources:
                         - Fn::Split:
                             - ":"
                             - Ref: IdePasswordSecretF907B9F2
+            - Fn::Select:
+                - 2
+                - Fn::Split:
+                    - "-"
+                    - Fn::Select:
+                        - 6
+                        - Fn::Split:
+                            - ":"
+                            - Ref: IdePasswordSecretF907B9F2
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
   CodeBuildRoleE9A44575:
@@ -1509,13 +1517,13 @@ Resources:
         Fn::GetAtt:
           - CodeBuildStartLambdaFunction8349284F
           - Arn
-      ProjectName:
-        Ref: CodeBuildProjectA0FF5539
       CodeBuildIamRoleArn:
         Fn::GetAtt:
           - CodeBuildRoleE9A44575
           - Arn
-      ContentHash: "1765725424912"
+      ProjectName:
+        Ref: CodeBuildProjectA0FF5539
+      ContentHash: "1765726252761"
     DependsOn:
       - CodeBuildCompleteRuleAllowEventRuleWorkshopStackCodeBuildReportLambdaFunctionD77C60919E0B0C89
       - CodeBuildCompleteRuleEE9277E8
@@ -1930,6 +1938,9 @@ Resources:
         Fn::GetAtt:
           - DatabaseSetupFunction6A2230B7
           - Arn
+      SqlStatements: |-
+        CREATE TABLE IF NOT EXISTS unicorns(id TEXT DEFAULT gen_random_uuid() PRIMARY KEY, name TEXT, age TEXT, size TEXT, type TEXT);
+        CREATE EXTENSION IF NOT EXISTS vector;
       SecretName:
         Fn::Join:
           - "-"
@@ -1960,9 +1971,6 @@ Resources:
                         - Fn::Split:
                             - ":"
                             - Ref: DatabaseSecret3B817195
-      SqlStatements: |-
-        CREATE TABLE IF NOT EXISTS unicorns(id TEXT DEFAULT gen_random_uuid() PRIMARY KEY, name TEXT, age TEXT, size TEXT, type TEXT);
-        CREATE EXTENSION IF NOT EXISTS vector;
     DependsOn:
       - DatabaseClusterDatabaseWriterF4C0B9A6
       - DatabaseCluster5B53A178

infra/cfn/java-on-aws-stack.yaml

@@ -87,7 +87,7 @@ echo "$(date '+%Y-%m-%d %H:%M:%S') - Installing CloudFormation helper scripts...
 install_with_version "CloudFormation helper scripts" "dnf install -y aws-cfn-bootstrap" "rpm -q aws-cfn-bootstrap --queryformat '%{VERSION}'"
 
 echo "$(date '+%Y-%m-%d %H:%M:%S') - Fetching IDE password from Secrets Manager..."
-IDE_PASSWORD=$(aws secretsmanager get-secret-value --secret-id "ide-password" --query SecretString --output text | jq -r .password)
+IDE_PASSWORD=$(aws secretsmanager get-secret-value --secret-id "workshop-ide-password" --query SecretString --output text | jq -r .password)
 if [ -z "$IDE_PASSWORD" ] || [ "$IDE_PASSWORD" = "null" ]; then
     echo "ERROR: Failed to retrieve IDE password from Secrets Manager"
     exit 1
@@ -167,9 +167,9 @@ echo "$(date '+%Y-%m-%d %H:%M:%S') - Bootstrap completed successfully"
 
 # Create IDE bootstrap summary for easy reference
 echo "Creating IDE bootstrap summary..."
-grep "✅ Success:" /var/log/bootstrap.log | sudo -u ec2-user tee /home/ec2-user/ide-bootstrap.log >/dev/null
-sudo -u ec2-user chmod 644 /home/ec2-user/ide-bootstrap.log
-echo "Bootstrap summary saved to ~/ide-bootstrap.log"
+grep "✅ Success:" /var/log/bootstrap.log | sudo -u ec2-user tee /home/ec2-user/workshop-ide-bootstrap.log >/dev/null
+sudo -u ec2-user chmod 644 /home/ec2-user/workshop-ide-bootstrap.log
+echo "Bootstrap summary saved to ~/workshop-ide-bootstrap.log"
 
 # Signal CloudFormation completion
 /opt/aws/bin/cfn-signal -e $? "$WAIT_CONDITION_HANDLE_URL"