WIP with initial cdk

Author: Yuriy Bezsonov

.kiro/debug/chats/1.chat

@@ -28,12 +28,7 @@ infra/
 │   │   └── WorkshopApp.java     # Main CDK application
 │   ├── pom.xml
 │   └── cdk.json
-├── cfn/                         # Generated CloudFormation templates
-│   ├── ide.yaml
-│   ├── java-on-aws.yaml
-│   ├── java-on-eks.yaml
-│   ├── java-ai-agents.yaml
-│   └── java-spring-ai-agents.yaml
+├── workshop-template.yaml       # Generated unified CloudFormation template
 ├── scripts/
 │   ├── workshops/               # Workshop-specific orchestration scripts
 │   │   ├── ide.sh
@@ -103,6 +98,75 @@ public class WorkshopStack extends Stack {
 **CodeBuild**: Creates CodeBuild project for workshop setup automation
 **Roles**: Creates IAM roles and policies for workshop resources
 
+### Lambda Function Architecture
+
+#### Design Rationale
+The new design uses **minimal Lambda functions** with inline Python source code for CloudFormation template compatibility:
+- **Java CDK constructs** for infrastructure definition and type safety
+- **Single inline Python Lambda** for EC2 instance launching with intelligent failover
+- **EC2 User Data** for bootstrap processes instead of Lambda functions
+- **Native CDK implementations** for simple operations (prefix lists, secrets)
+
+#### Simplified Architecture
+Instead of multiple Lambda functions, the new design uses:
+1. **One launcher Lambda** with inline Python code for intelligent EC2 failover
+2. **Native CDK features** for CloudFront prefix lists and Secrets Manager
+3. **EC2 User Data scripts** for instance bootstrap
+
+#### Lambda Function Naming & Mapping
+
+**Concise Naming Scheme**:
+- Instance-specific: `{instance-name}-{purpose}`
+- Workshop-wide: `workshop-{purpose}`
+
+| Old Function Name Pattern | New Implementation | New Function Name | Scope | Purpose |
+|---------------------------|-------------------|-------------------|-------|---------|
+| `{instance}-prefix-list-lambda` | **CDK Native** | N/A | N/A | Static CloudFront prefix list reference |
+| `{instance}-instance-launcher` | **Inline Lambda** | `{instance}-launcher` | Instance | EC2 instance launching with intelligent failover |
+| `{instance}-password-lambda` | **CDK Native** | N/A | N/A | Direct secret value reference |
+| `{instance}-bootstrap-lambda` | **EC2 User Data** | N/A | N/A | Moved to EC2 User Data scripts |
+| `unicornstore-db-setup-lambda` | **Setup Scripts** | N/A | N/A | Moved to workshop setup scripts |
+
+#### External Resource Approach
+The new design uses **external files** for all complex scripts and code, loaded via CDK for better maintainability while preserving CloudFormation template compatibility through inline code generation. This approach eliminates hard-to-maintain inline code blocks.
+
+#### External Resource Organization
+```
+infra/cdk/src/main/resources/
+├── launcher.py    # EC2 instance launching with multi-AZ/instance-type failover
+└── bootstrap.sh   # EC2 User Data bootstrap script with CloudWatch logging
+```
+
+#### Usage in IDE Construct
+```java
+// Create instance launcher Lambda loading from external file
+var instanceLauncherFunction = Function.Builder.create(this, "IdeInstanceLauncherFunction")
+    .runtime(Runtime.PYTHON_3_13)
+    .handler("index.lambda_handler")
+    .code(Code.fromInline(loadFile("/launcher.py")))
+    .timeout(Duration.minutes(5))
+    .functionName(instanceName + "-launcher")
+    .role(props.getLambdaRole())
+    .build();
+
+// Create User Data from external script with variable substitution
+var userData = UserData.forLinux();
+String bootstrapScript = loadFile("/bootstrap.sh")
+    .replace("${stackName}", Aws.STACK_NAME)
+    .replace("${awsRegion}", Aws.REGION)
+    .replace("${idePassword}", ideSecretsManagerPassword.secretValueFromJson("password").unsafeUnwrap());
+userData.addCommands(bootstrapScript.split("\n"));
+
+// Helper method for loading files
+private String loadFile(String filePath) {
+    try {
+        return Files.readString(Path.of(getClass().getResource(filePath).getPath()));
+    } catch (IOException e) {
+        throw new RuntimeException("Failed to load file " + filePath, e);
+    }
+}
+```
+
 ### Script Organization
 
 #### Convention-Based Script Discovery
@@ -142,10 +206,10 @@ echo "🔧 Generating unified template..."
 
 cd cdk
 mvn clean package
-cdk synth stack --yaml --path-metadata false --version-reporting false > ../cfn/stack.yaml
+cdk synth WorkshopStack --yaml --path-metadata false --version-reporting false > ../workshop-template.yaml
 cd ..
 
-echo "✅ Generated cfn/stack.yaml"
+echo "✅ Generated workshop-template.yaml"
 ```
 
 **scripts/cfn/sync.sh**:
@@ -160,13 +224,13 @@ for workshop in "${WORKSHOPS[@]}"; do
 
   if [[ -d "$target_dir" ]]; then
     # Copy CloudFormation template
-    cp "cfn/stack.yaml" "$target_dir/$workshop-stack.yaml"
-    echo "✅ Synced stack.yaml to $workshop/static/$workshop-stack.yaml"
+    cp "workshop-template.yaml" "$target_dir/$workshop-stack.yaml"
+    echo "✅ Synced workshop-template.yaml to $workshop/static/$workshop-stack.yaml"
 
-    # Copy IAM policy if it exists
-    if [[ -f "policies/policy.json" ]]; then
-      cp "policies/policy.json" "$target_dir/"
-      echo "✅ Synced policy to $workshop/static/"
+    # Copy IAM policy from resources
+    if [[ -f "cdk/src/main/resources/iam-policy.json" ]]; then
+      cp "cdk/src/main/resources/iam-policy.json" "$target_dir/policy.json"
+      echo "✅ Synced iam-policy.json to $workshop/static/policy.json"
     fi
   else
     echo "⚠️  Directory $target_dir not found, skipping sync for $workshop"
@@ -283,8 +347,8 @@ public class BuildConfig {
 *For any* migrated workshop type, the new template should produce equivalent infrastructure to the existing template
 **Validates: Requirements 5.5**
 
-### Property 17: Lambda Function Consolidation
-*For any* consolidated Lambda handler, it should provide equivalent functionality to all original Python/JavaScript functions
+### Property 17: Lambda Function Modularity
+*For any* modular Lambda function, it should provide equivalent functionality to original functions while maintaining CloudFormation template compatibility through inline Python source code
 **Validates: Requirements 5.8**
 
 ## Error Handling

.kiro/debug/chats/2.chat

@@ -77,6 +77,6 @@ This document specifies the requirements for creating a new AWS workshop infrast
 5. WHEN each workshop migration completes, THE system SHALL validate that new templates produce equivalent infrastructure to existing ones before migrating the next workshop type
 6. WHEN migrating CDK constructs, THE system SHALL refactor existing code to use unified patterns and updated package names
 7. WHEN migrating setup scripts, THE system SHALL reorganize them into logical categories with improved error handling
-8. WHEN migrating Lambda functions, THE system SHALL consolidate existing Python/JavaScript functions into a single Java Lambda handler
+8. WHEN migrating Lambda functions, THE system SHALL create modular Python Lambda functions with inline source code stored in CDK resources for CloudFormation template compatibility
 9. WHEN the new system is ready, THE system SHALL enable parallel operation where both old and new systems function independently
 

.kiro/debug/debug.log

@@ -2,21 +2,21 @@
 
 ## Infrastructure Setup (1.x)
 
-- [ ] 1.1 Create new infra directory structure
+- [x] 1.1 Create new infra directory structure
   - Create infra/{cdk,cfn,scripts/{workshops,setup,lib,deploy,test,cleanup},policies} directories
   - Create CDK Java package structure: infra/cdk/src/main/java/sample/com/{constructs,stacks}
   - Create infra/cdk/src/main/resources directory for assets
   - Ensure infrastructure/ directory remains untouched during setup
   - _Requirements: 5.1_
 
-- [ ] 1.2 Initialize CDK project structure
-  - Create infra/cdk/pom.xml with unified dependencies (CDK 2.167.1, Java 25)
+- [x] 1.2 Initialize CDK project structure
+  - Create infra/cdk/pom.xml with unified dependencies (CDK 2.215.0, Java 25)
   - Create infra/cdk/cdk.json with CDK configuration
   - Set up Maven project structure with proper groupId (sample.com) and artifactId (infra)
   - Configure CDK app entry point
   - _Requirements: 5.6_
 
-- [ ] 1.3 Create common script utilities
+- [x] 1.3 Create common script utilities
   - Create infra/scripts/lib/common.sh with emoji-based logging functions (log_info, log_success, log_error, log_warning)
   - Implement consistent error handling with handle_error function and trap setup
   - Create infra/scripts/lib/wait-for-resources.sh for resource readiness checking
@@ -25,86 +25,95 @@
 
 ## Build System (2.x)
 
-- [ ] 2.1 Create template generation script
-  - Create infra/scripts/cfn/generate.sh that builds CDK and generates single stack.yaml
+- [x] 2.1 Create template generation script
+  - Create infra/scripts/cfn/generate.sh that builds CDK and generates workshop-template.yaml
   - Implement proper error handling and progress feedback with emoji logging
   - Include sed transformation for CloudFormation substitutions (AccountId pattern)
   - Test script execution and validate generated template structure
   - _Requirements: 4.1, 4.4_
 
-- [ ] 2.2 Create workshop sync script
-  - Create infra/scripts/cfn/sync.sh that copies stack.yaml to workshop directories as {workshop}-stack.yaml
-  - Include policy.json copying from policies/ directory to workshop static/ directories
+- [x] 2.2 Create workshop sync script
+  - Create infra/scripts/cfn/sync.sh that copies workshop-template.yaml to workshop directories as {workshop}-stack.yaml
+  - Include iam-policy.json copying from cdk/src/main/resources/ directory to workshop static/ directories
   - Implement directory existence checking and error reporting
   - Support workshop list: ide, java-on-aws, java-on-eks, java-ai-agents, java-spring-ai-agents
   - _Requirements: 4.2, 4.5_
 
-- [ ] 2.3 Set up build automation
+- [x] 2.3 Set up build automation
   - Create infra/package.json with generate and sync npm scripts
   - Make scripts executable and test npm run generate && npm run sync workflow
   - Validate that generated templates are copied to correct locations with proper naming
-  - Create infra/policies directory and copy existing iam-policy.json as policy.json
+  - Copy existing iam-policy.json to infra/cdk/src/main/resources/ for single source of truth
   - _Requirements: 4.3_
 
 ## Base IDE Stack (10.x)
 
-- [ ] 10.1 Create core CDK constructs
+- [x] 10.1 Create core CDK constructs
   - Create infra/cdk/src/main/java/sample/com/constructs/Roles.java for IAM roles and policies
   - Create infra/cdk/src/main/java/sample/com/constructs/Vpc.java for VPC with 2 AZs and 1 NAT gateway
   - Create infra/cdk/src/main/java/sample/com/constructs/Ide.java for VS Code IDE environment
   - Create infra/cdk/src/main/java/sample/com/constructs/CodeBuild.java for workshop setup automation
   - _Requirements: 1.1, 5.6_
 
-- [ ] 10.2 Migrate and refactor Roles construct
+- [x] 10.2 Migrate and refactor Roles construct
   - Copy infrastructure/cdk/src/main/java/com/unicorn/constructs/WorkshopFunction.java patterns for IAM setup
   - Update package names from com.unicorn to sample.com
   - Consolidate all IAM roles and policies into single Roles construct
   - Include Bedrock permissions for AI workshops in the unified roles
   - _Requirements: 5.6_
 
-- [ ] 10.3 Migrate and refactor Vpc construct
+- [x] 10.3 Migrate and refactor Vpc construct
   - Copy infrastructure/cdk/src/main/java/com/unicorn/constructs/WorkshopVpc.java
   - Update package names and simplify to standard VPC pattern
   - Ensure VPC supports both IDE and EKS workloads with proper subnet configuration
   - Remove workshop-specific customizations, keep generic VPC setup
   - _Requirements: 5.6_
 
-- [ ] 10.4 Migrate and refactor Ide construct
+- [x] 10.4 Create optimized Python Lambda function with direct CDK implementation
+  - Create Python source file infra/cdk/src/main/resources/launcher.py for EC2 instance launching
+  - Use direct Function.Builder.create() with Code.fromInline(loadFile()) approach
+  - Replace prefix.py, password.py, database.py with native CDK implementations
+  - Move bootstrap functionality to EC2 User Data script for simplicity
+  - Maintain identical functionality while reducing Lambda complexity by 80%
+  - _Requirements: 5.8_
+
+- [x] 10.5 Migrate and refactor Ide construct
   - Copy infrastructure/cdk/src/main/java/com/unicorn/constructs/VSCodeIde.java
   - Update package names and integrate with new Roles and Vpc constructs
-  - Ensure IDE construct works with unified IAM roles
-  - Test IDE construct creates proper EC2 instance with VS Code setup
+  - Replace existing Lambda functions with single launcher Lambda using direct CDK Function creation
+  - Create comprehensive bootstrap script in infra/cdk/src/main/resources/bootstrap.sh
+  - Ensure IDE construct creates proper EC2 instance with complete VS Code setup and CloudFront
   - _Requirements: 5.6_
 
-- [ ] 10.5 Migrate and refactor CodeBuild construct
+- [ ] 10.6 Migrate and refactor CodeBuild construct
   - Copy infrastructure/cdk/src/main/java/com/unicorn/constructs/CodeBuildResource.java
   - Update to use new Roles construct and accept WORKSHOP_TYPE environment variable
   - Configure CodeBuild to run in VPC and execute workshop-specific setup scripts
   - Include proper error handling and timeout configuration (60 minutes)
   - _Requirements: 5.6, 3.6_
 
-- [ ] 10.6 Create unified WorkshopStack
+- [x] 10.7 Create unified WorkshopStack
   - Create infra/cdk/src/main/java/sample/com/stacks/WorkshopStack.java
   - Implement environment variable logic: WORKSHOP_TYPE with "ide" default
   - Always create: Roles, Vpc, Ide, CodeBuild
   - Conditionally create resources based on workshop type (EKS, Database for non-ide workshops)
   - _Requirements: 1.2, 1.3_
 
-- [ ] 10.7 Create CDK application entry point
+- [x] 10.8 Create CDK application entry point
   - Create infra/cdk/src/main/java/sample/com/WorkshopApp.java
   - Configure single WorkshopStack instantiation
   - Set up proper CDK app synthesis
   - Test CDK synth command produces valid CloudFormation template
   - _Requirements: 1.1_
 
-- [ ] 10.8 Create base workshop setup scripts
+- [x] 10.9 Create base workshop setup scripts
   - Create infra/scripts/setup/base.sh for common tool installation (git, curl, wget, unzip)
   - Create infra/scripts/setup/ide.sh for IDE-specific configuration
   - Create infra/scripts/workshops/ide.sh that orchestrates base.sh and ide.sh
   - Implement convention-based script discovery (script name matches stack name)
   - _Requirements: 3.1, 3.3_
 
-- [ ] 10.9 Test and validate IDE stack
+- [x] 10.10 Test and validate IDE stack
   - Generate CloudFormation template: npm run generate
   - Validate template contains only VPC, IDE, CodeBuild, and IAM resources
   - Test template deployment in AWS (optional, can be done manually)
@@ -205,9 +214,4 @@
   - Create migration checklist for workshop maintainers
   - _Requirements: 5.9_
 
-- [ ] 1000.3 Lambda consolidation (future task)
-  - Consolidate existing Python/JavaScript Lambda functions into single Java handler
-  - Implement resource type routing for DatabaseSetup, InstanceLauncher, PasswordRetriever
-  - Maintain identical functionality and interfaces to existing functions
-  - Package all handlers into single deployment artifact
-  - _Requirements: 5.8_
+name or just value?

.kiro/debug/execution-log.json

@@ -0,0 +1,13 @@
+.classpath.txt
+target
+.classpath
+.project
+.idea
+.settings
+.vscode
+*.iml
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
+

.kiro/debug/kiroDebugLogs.zip

@@ -0,0 +1,18 @@
+# Welcome to your CDK Java project!
+
+This is a blank project for CDK development with Java.
+
+The `cdk.json` file tells the CDK Toolkit how to execute your app.
+
+It is a [Maven](https://maven.apache.org/) based project, so you can open this project with any Maven compatible Java IDE to build and run tests.
+
+## Useful commands
+
+ * `mvn package`     compile and run tests
+ * `cdk ls`          list all stacks in the app
+ * `cdk synth`       emits the synthesized CloudFormation template
+ * `cdk deploy`      deploy this stack to your default AWS account/region
+ * `cdk diff`        compare deployed stack with current state
+ * `cdk docs`        open CDK documentation
+
+Enjoy!