chore(infra): refactor CloudFormation templates and Lambda functions

- Remove sensitive data from Lambda function logs (database-setup.py, password-exporter.py)
- Replace f-string logging with generic success messages for security compliance
- Reorganize CDK nag suppression rules in base-stack.yaml for consistency
- Reorder suppression rule format to use id-first structure across all CloudFormation templates
- Consolidate and standardize metadata configuration in java-on-amazon-eks-stack.yaml
- Update java-on-aws-immersion-day-stack.yaml metadata structure
- Update java-spring-ai-agents-stack.yaml metadata structure
- Improve generate.sh script for CloudFormation generation
- Enhance security posture by preventing accidental exposure of ARNs and secret names in logs

Author: Yuriy Bezsonov

infra/cdk/src/main/resources/lambda/database-setup.py

@@ -92,7 +92,7 @@ def lambda_handler(event, context):
                 SecretId=secret_name
             )
             secret_arn = secret_details['ARN']
-            print(f"Secret ARN: {secret_arn}")
+            print("Secret ARN retrieved successfully.")
         except ClientError as e:
             print(f"Error retrieving secret details: {str(e)}")
             raise
@@ -115,7 +115,7 @@ def lambda_handler(event, context):
             region,
             account_id
         )
-        print(f"Cluster ARN: {cluster_arn}")
+        print("Cluster ARN resolved successfully.")
 
         # Initialize RDS Data API client
         rds_data = boto3.client('rds-data')

infra/cdk/src/main/resources/lambda/password-exporter.py

@@ -23,7 +23,7 @@ def lambda_handler(event, context):
             props = event['ResourceProperties']
             password_name = props['PasswordName']
 
-            print(f'Retrieving password from secret: {password_name}')
+            print('Retrieving password from secret in Secrets Manager')
 
             response = secretsmanager.get_secret_value(SecretId=password_name)
             secret_data = json.loads(response['SecretString'])