WIP

Yuriy Bezsonov · Yuriy Bezsonov · commit 4d4fc68dd835 · 2025-12-13T19:53:54.000+01:00
diff --git a/infra/cdk/src/main/java/sample/com/WorkshopStack.java b/infra/cdk/src/main/java/sample/com/WorkshopStack.java
@@ -7,6 +7,7 @@
 import software.amazon.awscdk.Aws;
 import software.constructs.Construct;
 import sample.com.constructs.*;
+import sample.com.constructs.Ide.IdeProps;
 import java.util.Map;
 
 public class WorkshopStack extends Stack {
@@ -50,7 +51,10 @@ public WorkshopStack(final Construct scope, final String id, final StackProps pr
 
         // Core infrastructure (always created)
         Vpc vpc = new Vpc(this, "Vpc");
-        Ide ide = new Ide(this, "Ide", vpc.getVpc());
+        Ide ide = new Ide(this, "Ide", IdeProps.builder()
+            .vpc(vpc.getVpc())
+            .gitBranch(gitBranch)
+            .build());
 
         // Custom roles only for non-base templates
         if (!"base".equals(templateType)) {
diff --git a/infra/cdk/src/main/java/sample/com/constructs/CodeBuild.java b/infra/cdk/src/main/java/sample/com/constructs/CodeBuild.java
@@ -133,12 +133,12 @@ public CodeBuild(final Construct scope, final String id, final CodeBuildProps pr
 
         // Create start build Lambda function
         var startLambda = new Lambda(this, "StartLambda",
-            "/lambda/codebuild-start.py", props.getProjectName() + "-start", Duration.minutes(2), lambdaRole);
+            "/lambda/codebuild-start.py", Aws.STACK_NAME + "-codebuild-start", Duration.minutes(2), lambdaRole);
         Function startBuildFunction = startLambda.getFunction();
 
         // Create report build Lambda function
         var reportLambda = new Lambda(this, "ReportLambda",
-            "/lambda/codebuild-report.py", props.getProjectName() + "-report", Duration.minutes(2), lambdaRole);
+            "/lambda/codebuild-report.py", Aws.STACK_NAME + "-codebuild-report", Duration.minutes(2), lambdaRole);
         Function reportBuildFunction = reportLambda.getFunction();
 
         // Create EventBridge rule for build completion
diff --git a/infra/cdk/src/main/java/sample/com/constructs/Ide.java b/infra/cdk/src/main/java/sample/com/constructs/Ide.java
@@ -55,6 +55,7 @@ public static class IdeProps {
             "ms-kubernetes-tools.vscode-kubernetes-tools",
             "ms-azuretools.vscode-docker"
         );
+        private String gitBranch = "main";
 
         public static IdeProps.Builder builder() { return new Builder(); }
 
@@ -69,6 +70,7 @@ public static class Builder {
             public Builder additionalSecurityGroups(List<ISecurityGroup> additionalSecurityGroups) { props.additionalSecurityGroups = additionalSecurityGroups; return this; }
             public Builder bootstrapTimeoutMinutes(int bootstrapTimeoutMinutes) { props.bootstrapTimeoutMinutes = bootstrapTimeoutMinutes; return this; }
             public Builder vscodeExtensions(List<String> vscodeExtensions) { props.vscodeExtensions = vscodeExtensions; return this; }
+            public Builder gitBranch(String gitBranch) { props.gitBranch = gitBranch; return this; }
 
             public IdeProps build() { return props; }
         }
@@ -82,6 +84,7 @@ public static class Builder {
         public List<ISecurityGroup> getAdditionalSecurityGroups() { return additionalSecurityGroups; }
         public int getBootstrapTimeoutMinutes() { return bootstrapTimeoutMinutes; }
         public List<String> getVscodeExtensions() { return vscodeExtensions; }
+        public String getGitBranch() { return gitBranch; }
     }
 
     public Ide(final Construct scope, final String id, final IVpc vpc) {
@@ -153,7 +156,7 @@ public Ide(final Construct scope, final String id, final IdeProps props) {
 
         // Create CloudFront prefix list lookup Lambda function
         var prefixListLookup = new Lambda(this, "PrefixListLookup",
-            "/lambda/cloudfront-prefix-lookup.py", instanceName + "-prefix-list-lambda", Duration.minutes(3), lambdaRole);
+            "/lambda/cloudfront-prefix-lookup.py", Aws.STACK_NAME + "-cloudfront-prefix-lookup", Duration.minutes(3), lambdaRole);
         var prefixListFunction = prefixListLookup.getFunction();
 
         // Add EC2 permissions for prefix list lookup
@@ -241,12 +244,15 @@ public Ide(final Construct scope, final String id, final IdeProps props) {
         String bootstrapScript = loadFile("/ec2-userdata.sh")
             .replace("${vscodeExtensions}", extensionsString)
             .replace("${templateType}", "base")
-            .replace("${gitBranch}", "new-ws-infra");
+            .replace("${gitBranch}", props.getGitBranch())
+            .replace("${stackName}", Aws.STACK_NAME)
+            .replace("${awsRegion}", Aws.REGION)
+            .replace("${idePassword}", ideSecretsManagerPassword.secretValueFromJson("password").unsafeUnwrap());
         userData.addCommands(bootstrapScript.split("\n"));
 
         // Create instance launcher Lambda with multi-AZ and multi-instance-type failover
         var instanceLauncher = new Lambda(this, "InstanceLauncher",
-            "/lambda/ec2-launcher.py", instanceName + "-launcher", Duration.minutes(5), lambdaRole);
+            "/lambda/ec2-launcher.py", Aws.STACK_NAME + "-ec2-launcher", Duration.minutes(5), lambdaRole);
         var instanceLauncherFunction = instanceLauncher.getFunction();
 
         // Create EC2 instance via Custom Resource with intelligent failover
diff --git a/infra/workshop-template.yaml b/infra/workshop-template.yaml
@@ -456,7 +456,11 @@ Resources:
                       responseData = {'Error': tb_err}
                   finally:
                       cfnresponse.send(event, context, status, responseData, 'CustomResourcePhysicalID')
-      FunctionName: ide-prefix-list-lambda
+      FunctionName:
+        Fn::Join:
+          - ""
+          - - Ref: AWS::StackName
+            - -cloudfront-prefix-lookup
       Handler: index.lambda_handler
       Role:
         Fn::GetAtt:
@@ -704,7 +708,11 @@ Resources:
                   responseData = {'Error': tb_err}
 
               cfnresponse.send(event, context, status, responseData, physical_id)
-      FunctionName: ide-launcher
+      FunctionName:
+        Fn::Join:
+          - ""
+          - - Ref: AWS::StackName
+            - -ec2-launcher
       Handler: index.lambda_handler
       Role:
         Fn::GetAtt:
@@ -752,107 +760,119 @@ Resources:
       ImageId:
         Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter
       UserData:
-        Fn::Base64: |-
-          #!/bin/bash
-          #!/bin/bash
-          set -e
+        Fn::Base64:
+          Fn::Join:
+            - ""
+            - - |-
+                #!/bin/bash
+                #!/bin/bash
+                set -e
 
-          # Minimal EC2 UserData script - downloads and runs full bootstrap
-          # This keeps UserData under size limits while allowing unlimited bootstrap size
+                # Minimal EC2 UserData script - downloads and runs full bootstrap
+                # This keeps UserData under size limits while allowing unlimited bootstrap size
 
-          # Configuration from CDK
-          GIT_BRANCH="${gitBranch:-main}"
-          IDE_PASSWORD="${idePassword}"
-          STACK_NAME="${stackName}"
-          AWS_REGION="${awsRegion}"
-          TEMPLATE_TYPE="${templateType:-base}"
-          VSCODE_EXTENSIONS="${vscodeExtensions:-}"
+                # Configuration from CDK
+                GIT_BRANCH="${gitBranch:-main}"
+                IDE_PASSWORD="{{resolve:secretsmanager:
+              - Ref: IdeIdePasswordSecretF3482811
+              - |-
+                :SecretString:password::}}"
+                STACK_NAME="
+              - Ref: AWS::StackName
+              - |-
+                "
+                AWS_REGION="
+              - Ref: AWS::Region
+              - |-
+                "
+                TEMPLATE_TYPE="${templateType:-base}"
+                VSCODE_EXTENSIONS="${vscodeExtensions:-}"
 
-          # Setup logging
-          LOG_GROUP_NAME="ide-bootstrap-$(date +%Y%m%d-%H%M%S)"
-          echo "Bootstrap logs will be written to CloudWatch log group: $LOG_GROUP_NAME"
+                # Setup logging
+                LOG_GROUP_NAME="ide-bootstrap-$(date +%Y%m%d-%H%M%S)"
+                echo "Bootstrap logs will be written to CloudWatch log group: $LOG_GROUP_NAME"
 
-          # Install CloudWatch agent for logging
-          dnf install -y amazon-cloudwatch-agent
+                # Install CloudWatch agent for logging
+                dnf install -y amazon-cloudwatch-agent
 
-          # Create CloudWatch agent configuration
-          cat > /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json << EOF
-          {
-            "logs": {
-              "logs_collected": {
-                "files": {
-                  "collect_list": [
-                    {
-                      "file_path": "/var/log/bootstrap.log",
-                      "log_group_name": "$LOG_GROUP_NAME",
-                      "log_stream_name": "{instance_id}",
-                      "retention_in_days": 7
+                # Create CloudWatch agent configuration
+                cat > /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json << EOF
+                {
+                  "logs": {
+                    "logs_collected": {
+                      "files": {
+                        "collect_list": [
+                          {
+                            "file_path": "/var/log/bootstrap.log",
+                            "log_group_name": "$LOG_GROUP_NAME",
+                            "log_stream_name": "{instance_id}",
+                            "retention_in_days": 7
+                          }
+                        ]
+                      }
                     }
-                  ]
+                  }
                 }
-              }
-            }
-          }
-          EOF
+                EOF
 
-          # Start CloudWatch agent
-          /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl \
-            -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json -s
+                # Start CloudWatch agent
+                /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl \
+                  -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json -s
 
-          # Redirect all output to log file and console
-          exec > >(tee -a /var/log/bootstrap.log)
-          exec 2>&1
+                # Redirect all output to log file and console
+                exec > >(tee -a /var/log/bootstrap.log)
+                exec 2>&1
 
-          echo "UserData started at $(date) - Logging to $LOG_GROUP_NAME"
+                echo "UserData started at $(date) - Logging to $LOG_GROUP_NAME"
 
-          # Download and run full bootstrap script with retry logic
-          download_bootstrap() {
-              local urls=(
-                  "https://raw.githubusercontent.com/aws-samples/java-on-aws/${GIT_BRANCH}/infra/scripts/ide/bootstrap.sh"
-                  "https://github.com/aws-samples/java-on-aws/raw/${GIT_BRANCH}/infra/scripts/ide/bootstrap.sh"
-              )
-              local max_attempts=5
-              local delay=5
+                # Download and run full bootstrap script with retry logic
+                download_bootstrap() {
+                    local urls=(
+                        "https://raw.githubusercontent.com/aws-samples/java-on-aws/${GIT_BRANCH}/infra/scripts/ide/bootstrap.sh"
+                        "https://github.com/aws-samples/java-on-aws/raw/${GIT_BRANCH}/infra/scripts/ide/bootstrap.sh"
+                    )
+                    local max_attempts=5
+                    local delay=5
 
-              for attempt in $(seq 1 $max_attempts); do
-                  echo "Download attempt $attempt of $max_attempts"
+                    for attempt in $(seq 1 $max_attempts); do
+                        echo "Download attempt $attempt of $max_attempts"
 
-                  for url in "${urls[@]}"; do
-                      echo "Trying to download bootstrap from: $url"
-                      if curl -fsSL --connect-timeout 30 --max-time 60 "$url" -o /tmp/bootstrap.sh; then
-                          echo "Successfully downloaded bootstrap script on attempt $attempt"
-                          return 0
-                      fi
-                      echo "Failed to download from: $url"
-                  done
+                        for url in "${urls[@]}"; do
+                            echo "Trying to download bootstrap from: $url"
+                            if curl -fsSL --connect-timeout 30 --max-time 60 "$url" -o /tmp/bootstrap.sh; then
+                                echo "Successfully downloaded bootstrap script on attempt $attempt"
+                                return 0
+                            fi
+                            echo "Failed to download from: $url"
+                        done
 
-                  if [ $attempt -lt $max_attempts ]; then
-                      echo "All URLs failed on attempt $attempt, waiting ${delay}s before retry..."
-                      sleep $delay
-                  fi
-              done
+                        if [ $attempt -lt $max_attempts ]; then
+                            echo "All URLs failed on attempt $attempt, waiting ${delay}s before retry..."
+                            sleep $delay
+                        fi
+                    done
 
-              echo "All download attempts failed after $max_attempts tries"
-              return 1
-          }
+                    echo "All download attempts failed after $max_attempts tries"
+                    return 1
+                }
 
-          if download_bootstrap; then
-              chmod +x /tmp/bootstrap.sh
-              echo "Executing full bootstrap script..."
-              export VSCODE_EXTENSIONS="$VSCODE_EXTENSIONS"
-              if /tmp/bootstrap.sh "$IDE_PASSWORD" "$GIT_BRANCH" "$STACK_NAME" "$AWS_REGION" "$TEMPLATE_TYPE"; then
-                  echo "Bootstrap completed successfully"
-                  /opt/aws/bin/cfn-signal -e 0 --stack "$STACK_NAME" --resource IdeBootstrapWaitCondition --region "$AWS_REGION"
-              else
-                  echo "FATAL: Bootstrap script failed"
-                  /opt/aws/bin/cfn-signal -e 1 --stack "$STACK_NAME" --resource IdeBootstrapWaitCondition --region "$AWS_REGION"
-                  exit 1
-              fi
-          else
-              echo "FATAL: Could not download bootstrap script from any source"
-              /opt/aws/bin/cfn-signal -e 1 --stack "$STACK_NAME" --resource IdeBootstrapWaitCondition --region "$AWS_REGION"
-              exit 1
-          fi
+                if download_bootstrap; then
+                    chmod +x /tmp/bootstrap.sh
+                    echo "Executing full bootstrap script..."
+                    export VSCODE_EXTENSIONS="$VSCODE_EXTENSIONS"
+                    if /tmp/bootstrap.sh "$IDE_PASSWORD" "$GIT_BRANCH" "$STACK_NAME" "$AWS_REGION" "$TEMPLATE_TYPE"; then
+                        echo "Bootstrap completed successfully"
+                        /opt/aws/bin/cfn-signal -e 0 --stack "$STACK_NAME" --resource IdeBootstrapWaitCondition --region "$AWS_REGION"
+                    else
+                        echo "FATAL: Bootstrap script failed"
+                        /opt/aws/bin/cfn-signal -e 1 --stack "$STACK_NAME" --resource IdeBootstrapWaitCondition --region "$AWS_REGION"
+                        exit 1
+                    fi
+                else
+                    echo "FATAL: Could not download bootstrap script from any source"
+                    /opt/aws/bin/cfn-signal -e 1 --stack "$STACK_NAME" --resource IdeBootstrapWaitCondition --region "$AWS_REGION"
+                    exit 1
+                fi
       InstanceTypes: m5.xlarge,m6i.xlarge,t3.xlarge
       InstanceName: ide
       IamInstanceProfileArn:
@@ -1241,7 +1261,11 @@ Resources:
                   responseData = {'Error': tb_err}
 
               cfnresponse.send(event, context, status, responseData, physical_id)
-      FunctionName: base-setup-start
+      FunctionName:
+        Fn::Join:
+          - ""
+          - - Ref: AWS::StackName
+            - -codebuild-start
       Handler: index.lambda_handler
       Role:
         Fn::GetAtt:
@@ -1318,7 +1342,11 @@ Resources:
                           'error': str(e)
                       })
                   }
-      FunctionName: base-setup-report
+      FunctionName:
+        Fn::Join:
+          - ""
+          - - Ref: AWS::StackName
+            - -codebuild-report
       Handler: index.lambda_handler
       Role:
         Fn::GetAtt:
@@ -1387,7 +1415,7 @@ Resources:
         Fn::GetAtt:
           - CodeBuildCodeBuildRoleBA9C6D5C
           - Arn
-      ContentHash: "1765651009800"
+      ContentHash: "1765651951549"
       ProjectName:
         Ref: CodeBuildProjectA0FF5539
     DependsOn:
