Improve S3 cleanup

Author: Yuriy Bezsonov

infra/cdk/src/main/java/sample/com/constructs/WorkshopBucket.java

@@ -45,12 +45,12 @@ public WorkshopBucket(final Construct scope, final String id, final WorkshopBuck
         String timestamp = LocalDateTime.now().format(DateTimeFormatter.ofPattern("yyyyMMddHHmmss"));
 
         // Create S3 bucket for workshop data (thread dumps, profiling data)
+        // Note: autoDeleteObjects removed - CfnPreDeleteCleanup Lambda handles bucket emptying
         this.bucket = Bucket.Builder.create(this, "Bucket")
             .bucketName(String.format("%s-bucket-%s-%s-%s", prefix, Aws.ACCOUNT_ID, Aws.REGION, timestamp))
             .blockPublicAccess(BlockPublicAccess.BLOCK_ALL)
             .enforceSsl(true)
             .removalPolicy(RemovalPolicy.DESTROY)
-            .autoDeleteObjects(true)
             .build();
 
         // Create SSM parameter for bucket name discovery

infra/cdk/src/main/resources/lambda/cfn-pre-delete-cleanup.py

@@ -5,6 +5,7 @@
 ec2 = boto3.client('ec2')
 logs = boto3.client('logs')
 s3 = boto3.client('s3')
+s3_resource = boto3.resource('s3')
 
 def lambda_handler(event, context):
     """
@@ -139,58 +140,15 @@ def cleanup_s3_buckets():
     print("S3 bucket cleanup completed")
 
 def empty_bucket(bucket_name):
-    """Delete all objects and versions from a bucket."""
+    """Delete all objects and versions from a bucket using boto3 resource API."""
     try:
-        # Delete all object versions (for versioned buckets)
-        paginator = s3.get_paginator('list_object_versions')
-        try:
-            for page in paginator.paginate(Bucket=bucket_name):
-                objects_to_delete = []
-
-                # Collect versions
-                for version in page.get('Versions', []):
-                    objects_to_delete.append({
-                        'Key': version['Key'],
-                        'VersionId': version['VersionId']
-                    })
-
-                # Collect delete markers
-                for marker in page.get('DeleteMarkers', []):
-                    objects_to_delete.append({
-                        'Key': marker['Key'],
-                        'VersionId': marker['VersionId']
-                    })
-
-                if objects_to_delete:
-                    s3.delete_objects(
-                        Bucket=bucket_name,
-                        Delete={'Objects': objects_to_delete}
-                    )
-                    print(f"Deleted {len(objects_to_delete)} objects from {bucket_name}")
-        except s3.exceptions.ClientError as e:
-            # Bucket might not have versioning, try regular delete
-            if 'NoSuchBucket' not in str(e):
-                delete_objects_without_versions(bucket_name)
-
+        bucket = s3_resource.Bucket(bucket_name)
+        # Delete all object versions (handles both versioned and non-versioned buckets)
+        bucket.object_versions.delete()
+        print(f"Emptied bucket: {bucket_name}")
     except Exception as e:
         print(f"Error emptying bucket {bucket_name}: {e}")
 
-def delete_objects_without_versions(bucket_name):
-    """Delete objects from non-versioned bucket."""
-    try:
-        paginator = s3.get_paginator('list_objects_v2')
-        for page in paginator.paginate(Bucket=bucket_name):
-            objects = page.get('Contents', [])
-            if objects:
-                objects_to_delete = [{'Key': obj['Key']} for obj in objects]
-                s3.delete_objects(
-                    Bucket=bucket_name,
-                    Delete={'Objects': objects_to_delete}
-                )
-                print(f"Deleted {len(objects_to_delete)} objects from {bucket_name}")
-    except Exception as e:
-        print(f"Error deleting objects from {bucket_name}: {e}")
-
 def wait_for_deletion(endpoint_ids, max_wait=300):
     """Poll until endpoints are deleted or timeout."""
     start_time = time.time()

infra/cfn/base-stack.yaml

@@ -676,6 +676,28 @@ Resources:
         Fn::GetAtt:
           - IdeInstanceLauncherFunction803C5A2A
           - Arn
+      InstanceName: ide
+      IamInstanceProfileArn:
+        Fn::GetAtt:
+          - IdeInstanceProfile61B92038
+          - Arn
+      VolumeSize: "50"
+      SubnetIds:
+        Fn::Join:
+          - ""
+          - - Ref: VpcPublicSubnet1Subnet8E8DEDC0
+            - ","
+            - Ref: VpcPublicSubnet2SubnetA811849C
+      SecurityGroupIds:
+        Fn::Join:
+          - ""
+          - - Fn::GetAtt:
+                - IdeSecurityGroup73B02454
+                - GroupId
+            - ","
+            - Fn::GetAtt:
+                - IdeInternalSecurityGroupB0A5D76B
+                - GroupId
       ImageId:
         Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61arm64C96584B6F00A464EAD1953AFF4B05118Parameter
       UserData:
@@ -815,28 +837,6 @@ Resources:
                     exit 1
                 fi
       InstanceTypes: m7g.xlarge,m6g.xlarge,c7g.xlarge,t4g.xlarge
-      InstanceName: ide
-      IamInstanceProfileArn:
-        Fn::GetAtt:
-          - IdeInstanceProfile61B92038
-          - Arn
-      VolumeSize: "50"
-      SubnetIds:
-        Fn::Join:
-          - ""
-          - - Ref: VpcPublicSubnet1Subnet8E8DEDC0
-            - ","
-            - Ref: VpcPublicSubnet2SubnetA811849C
-      SecurityGroupIds:
-        Fn::Join:
-          - ""
-          - - Fn::GetAtt:
-                - IdeSecurityGroup73B02454
-                - GroupId
-            - ","
-            - Fn::GetAtt:
-                - IdeInternalSecurityGroupB0A5D76B
-                - GroupId
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
   IdeEipAssociationDFF81215:

infra/cfn/java-ai-agents-stack.yaml

@@ -757,12 +757,30 @@ Resources:
         Fn::GetAtt:
           - IdeInstanceLauncherFunction803C5A2A
           - Arn
+      InstanceName: ide
       IamInstanceProfileArn:
         Fn::GetAtt:
           - IdeInstanceProfile61B92038
           - Arn
-      InstanceName: ide
-      InstanceTypes: m7g.xlarge,m6g.xlarge,c7g.xlarge,t4g.xlarge
+      VolumeSize: "50"
+      SubnetIds:
+        Fn::Join:
+          - ""
+          - - Ref: VpcPublicSubnet1Subnet8E8DEDC0
+            - ","
+            - Ref: VpcPublicSubnet2SubnetA811849C
+      SecurityGroupIds:
+        Fn::Join:
+          - ""
+          - - Fn::GetAtt:
+                - IdeSecurityGroup73B02454
+                - GroupId
+            - ","
+            - Fn::GetAtt:
+                - IdeInternalSecurityGroupB0A5D76B
+                - GroupId
+      ImageId:
+        Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61arm64C96584B6F00A464EAD1953AFF4B05118Parameter
       UserData:
         Fn::Base64:
           Fn::Join:
@@ -899,25 +917,7 @@ Resources:
                 "
                     exit 1
                 fi
-      ImageId:
-        Ref: SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61arm64C96584B6F00A464EAD1953AFF4B05118Parameter
-      SecurityGroupIds:
-        Fn::Join:
-          - ""
-          - - Fn::GetAtt:
-                - IdeSecurityGroup73B02454
-                - GroupId
-            - ","
-            - Fn::GetAtt:
-                - IdeInternalSecurityGroupB0A5D76B
-                - GroupId
-      SubnetIds:
-        Fn::Join:
-          - ""
-          - - Ref: VpcPublicSubnet1Subnet8E8DEDC0
-            - ","
-            - Ref: VpcPublicSubnet2SubnetA811849C
-      VolumeSize: "50"
+      InstanceTypes: m7g.xlarge,m6g.xlarge,c7g.xlarge,t4g.xlarge
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
   IdeEipAssociationDFF81215: