Add Ecr

Author: Yuriy Bezsonov

apps/unicorn-store-spring/Dockerfile

@@ -5,7 +5,7 @@ RUN yum install -y shadow-utils
 COPY ./pom.xml ./pom.xml
 COPY src ./src/
 
-RUN mvn clean package && mv target/store-spring-1.0.0-exec.jar store-spring.jar
+RUN mvn clean package -DskipTests -ntp && mv target/store-spring-1.0.0-exec.jar store-spring.jar
 RUN rm -rf ~/.m2/repository
 
 RUN groupadd --system spring -g 1000

infra/cdk/pom.xml

@@ -11,7 +11,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <maven.compiler.source>25</maven.compiler.source>
         <maven.compiler.target>25</maven.compiler.target>
-        <cdk.version>2.224.0</cdk.version>
+        <cdk.version>2.233.0</cdk.version>
         <constructs.version>10.4.2</constructs.version>
         <cdknag.version>2.36.2</cdknag.version>
         <junit.version>5.11.3</junit.version>

infra/cdk/src/main/java/sample/com/constructs/Unicorn.java

@@ -2,6 +2,9 @@
 
 import software.amazon.awscdk.CustomResource;
 import software.amazon.awscdk.Duration;
+import software.amazon.awscdk.RemovalPolicy;
+import software.amazon.awscdk.services.ecr.Repository;
+import software.amazon.awscdk.services.ecr.TagMutability;
 import software.amazon.awscdk.services.iam.*;
 import software.amazon.awscdk.services.lambda.Code;
 import software.amazon.awscdk.services.lambda.Function;
@@ -20,15 +23,16 @@
  * Uses "unicorn*" naming convention for compatibility with workshop content.
  *
  * Contains:
+ * - ECR repository (unicorn-store-spring)
  * - EKS Pod Identity role (unicornstore-eks-pod-role)
  * - ECS task roles (unicornstore-ecs-task-role, unicornstore-ecs-task-execution-role)
  * - Database schema setup (unicorns table)
- *
- * Note: ECR repository (unicorn-store-spring) is now created automatically via
- * ECR Repository Creation Template (create-on-push) instead of explicit definition.
  */
 public class Unicorn extends Construct {
 
+    // ECR Repository
+    private Repository ecrRepository;
+
     // EKS Roles
     private Role eksPodRole;
 
@@ -42,8 +46,14 @@ public class Unicorn extends Construct {
     public Unicorn(final Construct scope, final String id, final UnicornProps props) {
         super(scope, id);
 
-        // Note: ECR repository (unicorn-store-spring) is created automatically via
-        // ECR Repository Creation Template when images are pushed
+        // === ECR REPOSITORY ===
+        this.ecrRepository = Repository.Builder.create(this, "UnicornStoreRepository")
+            .repositoryName("unicorn-store-spring")
+            .imageScanOnPush(true)
+            .imageTagMutability(TagMutability.MUTABLE)
+            .removalPolicy(RemovalPolicy.DESTROY)
+            .emptyOnDelete(true)
+            .build();
 
         // === EKS ROLES ===
         if (props.isEksRolesEnabled()) {
@@ -236,6 +246,10 @@ private void createEcsRoles(UnicornProps props) {
     }
 
     // Getters
+    public Repository getEcrRepository() {
+        return ecrRepository;
+    }
+
     public Role getEksPodRole() {
         return eksPodRole;
     }

infra/cfn/base-stack.yaml

@@ -676,6 +676,13 @@ Resources:
         Fn::GetAtt:
           - IdeInstanceLauncherFunction803C5A2A
           - Arn
+      VolumeSize: "50"
+      IamInstanceProfileArn:
+        Fn::GetAtt:
+          - IdeInstanceProfile61B92038
+          - Arn
+      InstanceName: ide
+      InstanceTypes: m7g.xlarge,m6g.xlarge,c7g.xlarge,t4g.xlarge
       UserData:
         Fn::Base64:
           Fn::Join:
@@ -812,19 +819,8 @@ Resources:
                 "
                     exit 1
                 fi
-      InstanceTypes: m7g.xlarge,m6g.xlarge,c7g.xlarge,t4g.xlarge
-      InstanceName: ide
-      IamInstanceProfileArn:
-        Fn::GetAtt:
-          - IdeInstanceProfile61B92038
-          - Arn
-      VolumeSize: "50"
-      SubnetIds:
-        Fn::Join:
-          - ""
-          - - Ref: VpcPublicSubnet1Subnet8E8DEDC0
-            - ","
-            - Ref: VpcPublicSubnet2SubnetA811849C
+      ImageId:
+        Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61arm64C96584B6F00A464EAD1953AFF4B05118Parameter
       SecurityGroupIds:
         Fn::Join:
           - ""
@@ -835,8 +831,12 @@ Resources:
             - Fn::GetAtt:
                 - IdeInternalSecurityGroupB0A5D76B
                 - GroupId
-      ImageId:
-        Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61arm64C96584B6F00A464EAD1953AFF4B05118Parameter
+      SubnetIds:
+        Fn::Join:
+          - ""
+          - - Ref: VpcPublicSubnet1Subnet8E8DEDC0
+            - ","
+            - Ref: VpcPublicSubnet2SubnetA811849C
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
   IdeEipAssociationDFF81215:

infra/cfn/java-ai-agents-stack.yaml

@@ -757,7 +757,6 @@ Resources:
         Fn::GetAtt:
           - IdeInstanceLauncherFunction803C5A2A
           - Arn
-      InstanceTypes: m7g.xlarge,m6g.xlarge,c7g.xlarge,t4g.xlarge
       UserData:
         Fn::Base64:
           Fn::Join:
@@ -918,6 +917,7 @@ Resources:
           - IdeInstanceProfile61B92038
           - Arn
       InstanceName: ide
+      InstanceTypes: m7g.xlarge,m6g.xlarge,c7g.xlarge,t4g.xlarge
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
   IdeEipAssociationDFF81215:

infra/cfn/java-on-amazon-eks-stack.yaml

@@ -777,6 +777,27 @@ Resources:
         Fn::GetAtt:
           - IdeInstanceLauncherFunction803C5A2A
           - Arn
+      IamInstanceProfileArn:
+        Fn::GetAtt:
+          - IdeInstanceProfile61B92038
+          - Arn
+      VolumeSize: "50"
+      SubnetIds:
+        Fn::Join:
+          - ""
+          - - Ref: VpcPublicSubnet1Subnet8E8DEDC0
+            - ","
+            - Ref: VpcPublicSubnet2SubnetA811849C
+      SecurityGroupIds:
+        Fn::Join:
+          - ""
+          - - Fn::GetAtt:
+                - IdeSecurityGroup73B02454
+                - GroupId
+            - ","
+            - Fn::GetAtt:
+                - IdeInternalSecurityGroupB0A5D76B
+                - GroupId
       ImageId:
         Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61arm64C96584B6F00A464EAD1953AFF4B05118Parameter
       UserData:
@@ -917,27 +938,6 @@ Resources:
                 fi
       InstanceTypes: m7g.xlarge,m6g.xlarge,c7g.xlarge,t4g.xlarge
       InstanceName: ide
-      IamInstanceProfileArn:
-        Fn::GetAtt:
-          - IdeInstanceProfile61B92038
-          - Arn
-      VolumeSize: "50"
-      SubnetIds:
-        Fn::Join:
-          - ""
-          - - Ref: VpcPublicSubnet1Subnet8E8DEDC0
-            - ","
-            - Ref: VpcPublicSubnet2SubnetA811849C
-      SecurityGroupIds:
-        Fn::Join:
-          - ""
-          - - Fn::GetAtt:
-                - IdeSecurityGroup73B02454
-                - GroupId
-            - ","
-            - Fn::GetAtt:
-                - IdeInternalSecurityGroupB0A5D76B
-                - GroupId
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
   IdeEipAssociationDFF81215:
@@ -1316,12 +1316,12 @@ Resources:
       Environment:
         ComputeType: BUILD_GENERAL1_MEDIUM
         EnvironmentVariables:
-          - Name: GIT_BRANCH
-            Type: PLAINTEXT
-            Value: new-ws-infra
           - Name: TEMPLATE_TYPE
             Type: PLAINTEXT
             Value: java-on-amazon-eks
+          - Name: GIT_BRANCH
+            Type: PLAINTEXT
+            Value: new-ws-infra
         Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
         ImagePullCredentialsType: CODEBUILD
         PrivilegedMode: false
@@ -1526,12 +1526,12 @@ Resources:
       Description: workshop-setup build complete
       EventPattern:
         detail:
+          project-name:
+            - Ref: CodeBuildProjectA0FF5539
           build-status:
             - SUCCEEDED
             - FAILED
             - STOPPED
-          project-name:
-            - Ref: CodeBuildProjectA0FF5539
         detail-type:
           - CodeBuild Build State Change
         source:
@@ -1563,13 +1563,13 @@ Resources:
         Fn::GetAtt:
           - CodeBuildStartLambdaFunction8349284F
           - Arn
-      ContentHash: "1766259269788"
       ProjectName:
         Ref: CodeBuildProjectA0FF5539
       CodeBuildIamRoleArn:
         Fn::GetAtt:
           - CodeBuildRoleE9A44575
           - Arn
+      ContentHash: "1766262434985"
     DependsOn:
       - CodeBuildCompleteRuleAllowEventRuleWorkshopStackCodeBuildReportLambdaFunctionD77C60919E0B0C89
       - CodeBuildCompleteRuleEE9277E8
@@ -1921,7 +1921,7 @@ Resources:
             - Ref: AWS::AccountId
             - "-"
             - Ref: AWS::Region
-            - "-20251220203430"
+            - "-20251220212715"
       PublicAccessBlockConfiguration:
         BlockPublicAcls: true
         BlockPublicPolicy: true
@@ -2157,15 +2157,15 @@ Resources:
               }
       Environment:
         Variables:
+          EKS_CLUSTER_NAME:
+            Ref: EksClusterB2BDED5B
           S3_BUCKET_NAME:
             Ref: WorkshopBucketFD5BC43F
           SECRET_NAME: workshop-ide-password
           KUBERNETES_AUTH_TYPE: aws
           APP_LABEL: unicorn-store-spring
           K8S_NAMESPACE: unicorn-store-spring
           S3_THREAD_DUMPS_PREFIX: thread-dumps/
-          EKS_CLUSTER_NAME:
-            Ref: EksClusterB2BDED5B
       FunctionName: workshop-thread-dump-lambda
       Handler: index.lambda_handler
       MemorySize: 512
@@ -2382,6 +2382,16 @@ Resources:
       PolicyName: JvmAnalysisServiceRoleDefaultPolicyB35B4FC8
       Roles:
         - Ref: JvmAnalysisServiceRole87E5AD2B
+  UnicornUnicornStoreRepository7B15FB29:
+    Type: AWS::ECR::Repository
+    Properties:
+      EmptyOnDelete: true
+      ImageScanningConfiguration:
+        ScanOnPush: true
+      ImageTagMutability: MUTABLE
+      RepositoryName: unicorn-store-spring
+    UpdateReplacePolicy: Delete
+    DeletionPolicy: Delete
   UnicornUnicornStoreEksPodRoleB15D12B7:
     Type: AWS::IAM::Role
     Properties: