Skip to content

Commit 1031722

Browse files
author
Yuriy Bezsonov
committed
fix(infra): reorganize CloudFormation resource properties and remove unnecessary IAM permissions
1 parent 6215579 commit 1031722

6 files changed

Lines changed: 63 additions & 68 deletions

File tree

infra/cdk/src/main/resources/iam-policy.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,6 @@
8585
"Effect": "Allow",
8686
"Action": [
8787
"iam:GetRole",
88-
"iam:PassRole",
8988
"iam:ListRoles"
9089
],
9190
"Resource": "*"

infra/cfn/base-stack.yaml

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -676,6 +676,30 @@ Resources:
676676
Fn::GetAtt:
677677
- IdeInstanceLauncherFunction803C5A2A
678678
- Arn
679+
ImageId:
680+
Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter
681+
SecurityGroupIds:
682+
Fn::Join:
683+
- ""
684+
- - Fn::GetAtt:
685+
- IdeSecurityGroup73B02454
686+
- GroupId
687+
- ","
688+
- Fn::GetAtt:
689+
- IdeInternalSecurityGroupB0A5D76B
690+
- GroupId
691+
SubnetIds:
692+
Fn::Join:
693+
- ""
694+
- - Ref: VpcPublicSubnet1Subnet8E8DEDC0
695+
- ","
696+
- Ref: VpcPublicSubnet2SubnetA811849C
697+
VolumeSize: "50"
698+
IamInstanceProfileArn:
699+
Fn::GetAtt:
700+
- IdeInstanceProfile61B92038
701+
- Arn
702+
InstanceName: ide
679703
InstanceTypes: m6a.xlarge,m7a.xlarge
680704
UserData:
681705
Fn::Base64:
@@ -813,30 +837,6 @@ Resources:
813837
"
814838
exit 1
815839
fi
816-
ImageId:
817-
Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter
818-
SecurityGroupIds:
819-
Fn::Join:
820-
- ""
821-
- - Fn::GetAtt:
822-
- IdeSecurityGroup73B02454
823-
- GroupId
824-
- ","
825-
- Fn::GetAtt:
826-
- IdeInternalSecurityGroupB0A5D76B
827-
- GroupId
828-
SubnetIds:
829-
Fn::Join:
830-
- ""
831-
- - Ref: VpcPublicSubnet1Subnet8E8DEDC0
832-
- ","
833-
- Ref: VpcPublicSubnet2SubnetA811849C
834-
VolumeSize: "50"
835-
IamInstanceProfileArn:
836-
Fn::GetAtt:
837-
- IdeInstanceProfile61B92038
838-
- Arn
839-
InstanceName: ide
840840
UpdateReplacePolicy: Delete
841841
DeletionPolicy: Delete
842842
IdeEipAssociationDFF81215:

infra/cfn/java-ai-agents-stack.yaml

Lines changed: 13 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -403,7 +403,6 @@ Resources:
403403
- Action:
404404
- iam:GetRole
405405
- iam:ListRoles
406-
- iam:PassRole
407406
Effect: Allow
408407
Resource: "*"
409408
Sid: GetRole
@@ -775,6 +774,19 @@ Resources:
775774
Fn::GetAtt:
776775
- IdeInstanceLauncherFunction803C5A2A
777776
- Arn
777+
InstanceTypes: m6a.xlarge,m7a.xlarge
778+
InstanceName: ide
779+
IamInstanceProfileArn:
780+
Fn::GetAtt:
781+
- IdeInstanceProfile61B92038
782+
- Arn
783+
VolumeSize: "50"
784+
SubnetIds:
785+
Fn::Join:
786+
- ""
787+
- - Ref: VpcPublicSubnet1Subnet8E8DEDC0
788+
- ","
789+
- Ref: VpcPublicSubnet2SubnetA811849C
778790
SecurityGroupIds:
779791
Fn::Join:
780792
- ""
@@ -923,19 +935,6 @@ Resources:
923935
"
924936
exit 1
925937
fi
926-
InstanceTypes: m6a.xlarge,m7a.xlarge
927-
InstanceName: ide
928-
IamInstanceProfileArn:
929-
Fn::GetAtt:
930-
- IdeInstanceProfile61B92038
931-
- Arn
932-
VolumeSize: "50"
933-
SubnetIds:
934-
Fn::Join:
935-
- ""
936-
- - Ref: VpcPublicSubnet1Subnet8E8DEDC0
937-
- ","
938-
- Ref: VpcPublicSubnet2SubnetA811849C
939938
UpdateReplacePolicy: Delete
940939
DeletionPolicy: Delete
941940
IdeEipAssociationDFF81215:

infra/cfn/java-on-amazon-eks-stack.yaml

Lines changed: 11 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -423,7 +423,6 @@ Resources:
423423
- Action:
424424
- iam:GetRole
425425
- iam:ListRoles
426-
- iam:PassRole
427426
Effect: Allow
428427
Resource: "*"
429428
Sid: GetRole
@@ -795,6 +794,7 @@ Resources:
795794
Fn::GetAtt:
796795
- IdeInstanceLauncherFunction803C5A2A
797796
- Arn
797+
VolumeSize: "50"
798798
IamInstanceProfileArn:
799799
Fn::GetAtt:
800800
- IdeInstanceProfile61B92038
@@ -955,7 +955,6 @@ Resources:
955955
- - Ref: VpcPublicSubnet1Subnet8E8DEDC0
956956
- ","
957957
- Ref: VpcPublicSubnet2SubnetA811849C
958-
VolumeSize: "50"
959958
UpdateReplacePolicy: Delete
960959
DeletionPolicy: Delete
961960
IdeEipAssociationDFF81215:
@@ -1334,12 +1333,12 @@ Resources:
13341333
Environment:
13351334
ComputeType: BUILD_GENERAL1_MEDIUM
13361335
EnvironmentVariables:
1337-
- Name: GIT_BRANCH
1338-
Type: PLAINTEXT
1339-
Value: new-ws-infra
13401336
- Name: TEMPLATE_TYPE
13411337
Type: PLAINTEXT
13421338
Value: java-on-amazon-eks
1339+
- Name: GIT_BRANCH
1340+
Type: PLAINTEXT
1341+
Value: new-ws-infra
13431342
Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
13441343
ImagePullCredentialsType: CODEBUILD
13451344
PrivilegedMode: false
@@ -1544,12 +1543,12 @@ Resources:
15441543
Description: workshop-setup build complete
15451544
EventPattern:
15461545
detail:
1546+
project-name:
1547+
- Ref: CodeBuildProjectA0FF5539
15471548
build-status:
15481549
- SUCCEEDED
15491550
- FAILED
15501551
- STOPPED
1551-
project-name:
1552-
- Ref: CodeBuildProjectA0FF5539
15531552
detail-type:
15541553
- CodeBuild Build State Change
15551554
source:
@@ -1581,7 +1580,7 @@ Resources:
15811580
Fn::GetAtt:
15821581
- CodeBuildStartLambdaFunction8349284F
15831582
- Arn
1584-
ContentHash: "1767285087259"
1583+
ContentHash: "1767285932676"
15851584
CodeBuildIamRoleArn:
15861585
Fn::GetAtt:
15871586
- CodeBuildRoleE9A44575
@@ -1945,7 +1944,7 @@ Resources:
19451944
- Ref: AWS::AccountId
19461945
- "-"
19471946
- Ref: AWS::Region
1948-
- "-20260101173127"
1947+
- "-20260101174532"
19491948
PublicAccessBlockConfiguration:
19501949
BlockPublicAcls: true
19511950
BlockPublicPolicy: true
@@ -2794,9 +2793,6 @@ Resources:
27942793
Fn::GetAtt:
27952794
- UnicornUnicornStoreDatabaseSetupFunction04E12F8B
27962795
- Arn
2797-
SqlStatements: |
2798-
CREATE TABLE IF NOT EXISTS unicorns(id TEXT DEFAULT gen_random_uuid() PRIMARY KEY, name TEXT, age TEXT, size TEXT, type TEXT);
2799-
CREATE EXTENSION IF NOT EXISTS vector;
28002796
SecretName:
28012797
Fn::Join:
28022798
- "-"
@@ -2827,6 +2823,9 @@ Resources:
28272823
- Fn::Split:
28282824
- ":"
28292825
- Ref: DatabaseSecret3B817195
2826+
SqlStatements: |
2827+
CREATE TABLE IF NOT EXISTS unicorns(id TEXT DEFAULT gen_random_uuid() PRIMARY KEY, name TEXT, age TEXT, size TEXT, type TEXT);
2828+
CREATE EXTENSION IF NOT EXISTS vector;
28302829
DependsOn:
28312830
- DatabaseClusterDatabaseWriterF4C0B9A6
28322831
- DatabaseCluster5B53A178

infra/cfn/java-on-aws-immersion-day-stack.yaml

Lines changed: 15 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -423,7 +423,6 @@ Resources:
423423
- Action:
424424
- iam:GetRole
425425
- iam:ListRoles
426-
- iam:PassRole
427426
Effect: Allow
428427
Resource: "*"
429428
Sid: GetRole
@@ -795,11 +794,6 @@ Resources:
795794
Fn::GetAtt:
796795
- IdeInstanceLauncherFunction803C5A2A
797796
- Arn
798-
VolumeSize: "50"
799-
IamInstanceProfileArn:
800-
Fn::GetAtt:
801-
- IdeInstanceProfile61B92038
802-
- Arn
803797
InstanceName: ide
804798
InstanceTypes: m6a.xlarge,m7a.xlarge
805799
UserData:
@@ -956,6 +950,11 @@ Resources:
956950
- - Ref: VpcPublicSubnet1Subnet8E8DEDC0
957951
- ","
958952
- Ref: VpcPublicSubnet2SubnetA811849C
953+
VolumeSize: "50"
954+
IamInstanceProfileArn:
955+
Fn::GetAtt:
956+
- IdeInstanceProfile61B92038
957+
- Arn
959958
UpdateReplacePolicy: Delete
960959
DeletionPolicy: Delete
961960
IdeEipAssociationDFF81215:
@@ -1334,12 +1333,12 @@ Resources:
13341333
Environment:
13351334
ComputeType: BUILD_GENERAL1_MEDIUM
13361335
EnvironmentVariables:
1337-
- Name: TEMPLATE_TYPE
1338-
Type: PLAINTEXT
1339-
Value: java-on-aws-immersion-day
13401336
- Name: GIT_BRANCH
13411337
Type: PLAINTEXT
13421338
Value: new-ws-infra
1339+
- Name: TEMPLATE_TYPE
1340+
Type: PLAINTEXT
1341+
Value: java-on-aws-immersion-day
13431342
Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
13441343
ImagePullCredentialsType: CODEBUILD
13451344
PrivilegedMode: false
@@ -1544,12 +1543,12 @@ Resources:
15441543
Description: workshop-setup build complete
15451544
EventPattern:
15461545
detail:
1547-
project-name:
1548-
- Ref: CodeBuildProjectA0FF5539
15491546
build-status:
15501547
- SUCCEEDED
15511548
- FAILED
15521549
- STOPPED
1550+
project-name:
1551+
- Ref: CodeBuildProjectA0FF5539
15531552
detail-type:
15541553
- CodeBuild Build State Change
15551554
source:
@@ -1581,7 +1580,7 @@ Resources:
15811580
Fn::GetAtt:
15821581
- CodeBuildStartLambdaFunction8349284F
15831582
- Arn
1584-
ContentHash: "1767285074286"
1583+
ContentHash: "1767285922590"
15851584
CodeBuildIamRoleArn:
15861585
Fn::GetAtt:
15871586
- CodeBuildRoleE9A44575
@@ -1945,7 +1944,7 @@ Resources:
19451944
- Ref: AWS::AccountId
19461945
- "-"
19471946
- Ref: AWS::Region
1948-
- "-20260101173114"
1947+
- "-20260101174522"
19491948
PublicAccessBlockConfiguration:
19501949
BlockPublicAcls: true
19511950
BlockPublicPolicy: true
@@ -2794,6 +2793,9 @@ Resources:
27942793
Fn::GetAtt:
27952794
- UnicornUnicornStoreDatabaseSetupFunction04E12F8B
27962795
- Arn
2796+
SqlStatements: |
2797+
CREATE TABLE IF NOT EXISTS unicorns(id TEXT DEFAULT gen_random_uuid() PRIMARY KEY, name TEXT, age TEXT, size TEXT, type TEXT);
2798+
CREATE EXTENSION IF NOT EXISTS vector;
27972799
SecretName:
27982800
Fn::Join:
27992801
- "-"
@@ -2824,9 +2826,6 @@ Resources:
28242826
- Fn::Split:
28252827
- ":"
28262828
- Ref: DatabaseSecret3B817195
2827-
SqlStatements: |
2828-
CREATE TABLE IF NOT EXISTS unicorns(id TEXT DEFAULT gen_random_uuid() PRIMARY KEY, name TEXT, age TEXT, size TEXT, type TEXT);
2829-
CREATE EXTENSION IF NOT EXISTS vector;
28302829
DependsOn:
28312830
- DatabaseClusterDatabaseWriterF4C0B9A6
28322831
- DatabaseCluster5B53A178

infra/cfn/java-spring-ai-agents-stack.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -403,7 +403,6 @@ Resources:
403403
- Action:
404404
- iam:GetRole
405405
- iam:ListRoles
406-
- iam:PassRole
407406
Effect: Allow
408407
Resource: "*"
409408
Sid: GetRole

0 commit comments

Comments
 (0)