Closes #172 update BYOA deployment

PetAdoptions/cdk/pet_stack/lib/common/s3_replication_enabler.ts

@@ -18,7 +18,7 @@ export class S3ReplicationSetup extends Construct {
 
     // Create the Lambda function
     const lambdaFunction = new lambda.Function(this, 'S3ReplicationSetupFunction', {
-      runtime: lambda.Runtime.PYTHON_3_9,
+      runtime: lambda.Runtime.PYTHON_3_11,
       handler: 'index.handler',
       timeout: cdk.Duration.minutes(15),
       code: lambda.Code.fromAsset('lib/lambda/s3replication'),

PetAdoptions/cdk/pet_stack/lib/common/tgw-connection-accepter.ts

@@ -95,7 +95,7 @@ export class TransitGatewayPeeringAttachmentWaiter extends Construct {
 
     // Create the Lambda function
     const lambdaFunction = new lambda.Function(this, 'TransitGatewayPeeringAttachmentWaiterFunction', {
-      runtime: lambda.Runtime.PYTHON_3_9,
+      runtime: lambda.Runtime.PYTHON_3_11,
       handler: 'index.handler',
       timeout: cdk.Duration.minutes(15),
       code: lambda.Code.fromAsset('lib/lambda/tgwpeeringconfirm'),

PetAdoptions/cdk/pet_stack/lib/services.ts

@@ -778,7 +778,7 @@ export class Services extends Stack {
             code: lambda.Code.fromAsset(path.join(__dirname, '/../resources/resource-controller-widget')),
             handler: 'petsite-application-resource-controler.lambda_handler',
             memorySize: 128,
-            runtime: lambda.Runtime.PYTHON_3_9,
+            runtime: lambda.Runtime.PYTHON_3_11,
             role: customWidgetLambdaRole,
             timeout: Duration.minutes(10)
         });
@@ -794,7 +794,7 @@ export class Services extends Stack {
             code: lambda.Code.fromAsset(path.join(__dirname, '/../resources/resource-controller-widget')),
             handler: 'cloudwatch-custom-widget.lambda_handler',
             memorySize: 128,
-            runtime: lambda.Runtime.PYTHON_3_9,
+            runtime: lambda.Runtime.PYTHON_3_11,
             role: customWidgetLambdaRole,
             timeout: Duration.seconds(60)
         });

PetAdoptions/cdk/pet_stack/lib/services/stepfn.ts

@@ -72,7 +72,7 @@ export class PetAdoptionsStepFn extends Construct {
       index: lambdaFileName + '.py',
       handler: 'lambda_handler',
       memorySize: 128,
-      runtime: lambda.Runtime.PYTHON_3_9,
+      runtime: lambda.Runtime.PYTHON_3_11,
       role: lambdaRole,
       layers: lambdalayers,
       tracing: Tracing.ACTIVE

PetAdoptions/cdk/pet_stack/package.json

@@ -15,7 +15,7 @@
     "@aws-cdk/assert": "2.68.0",
     "@types/jest": "^29.5.12",
     "@types/node": "^20.17.6",
-    "aws-cdk": "2.147.0",
+    "aws-cdk": "2.1029.2",
     "cdk-nag": "^2.28.27",
     "constructs": "^10.3.0",
     "ts-jest": "^29.1.2",

PetAdoptions/petadoptionshistory-py/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM --platform=linux/amd64 python:3.8
+FROM --platform=linux/amd64 python:3.11
 
 WORKDIR /app
 

PetAdoptions/petsearch-java/docker-compose.yml

@@ -1,4 +1,4 @@
-version: "3.8"
+version: "3.11"
 
 services:
   localstack:

bring-your-own-account/cdk/README.md

@@ -1,59 +1,48 @@
 # AWS Fault Injection Simulator Workshop - Bring Your Own Account Setup
 
-This guide helps you set up the AWS Fault Injection Simulator Workshop in your own AWS account using AWS CDK.
+This guide helps you set up the AWS Fault Injection Simulator Workshop in your own AWS account using the AWS Cloud Development Kit (CDK). See the [Bring your own AWS account](https://catalog.workshops.aws/fis-v2/en-US/environment/bring-your-own) page in the Chaos Engineering Workshop V2 for more details.
 
 ## Prerequisites
-
-Before you begin, ensure you have the following:
-
-### AWS Account Requirements
-- An AWS account with AdministratorAccess permissions
-- Access to regions: us-east-1 (primary) and us-west-2 (secondary)
-- Ability to create and manage AWS resources including IAM roles, S3 buckets, CodePipeline, CodeBuild, etc.
+Before you begin, ensure you have satisfied the following prerequisites.
 
 ### Local Development Environment
-- Node.js (version 16.x or later)
-- AWS CLI v2 configured with your credentials
-- AWS CDK CLI (v2.x)
+- Node.js (version 18 or later) and Node Package Manager (npm)
+- [AWS CLI v2](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html) configured with your credentials
+- [AWS CDK v2](https://docs.aws.amazon.com/cdk/v2/guide/home.html)
 - Git
-- Docker Desktop (latest stable version)
+- Docker
+
+### AWS Account Requirements
+- An AWS account [bootstrapped](https://docs.aws.amazon.com/cdk/v2/guide/ref-cli-cmd-bootstrap.html) for the AWS CDK in both the us-east-1 and us-west-2 Regions
+```bash
+cdk bootstrap aws://{account-id}/us-east-1 aws://{account-id}/us-west-2
+```
+- If not using the default IAM service roles created by the bootstrapping process, an IAM role with sufficient permissions to deploy all of the workshop stacks. See [Customize bootstrapping](https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping-customizing.html) and [Secure CDK deployments with IAM permission boundaries](https://aws.amazon.com/blogs/devops/secure-cdk-deployments-with-iam-permission-boundaries/) for more details.
 
 ### Environment Variables
-- `eeTeamRoleArn`: The ARN of the your role in AWS.
+- `eeTeamRoleArn`: The ARN of the IAM role you will be using to execute the workshop. This role can be different than the role with AdministratorAccess permissions used to created the workshop infrastructure via CDK, but should have the same permissions.
 
 #### Optional Parameters
-- `environmentName`: Name prefix for resources (default: "EEPipeline")
-- `gitBranch`: Git branch to check out (default: empty string for main branch)
-- `isEventEngine`: Variable that define if defines it is your own account ('false') or AWS provided environment ('true'). Default: 'false'
-
-
+- `environmentName`: A prefix to apply to resource names (default: `EEPipeline`).
+- `gitRepoUrl`: URL of the project repo to pull for the CodeBuild job, e.g. a fork for working on feature branches. Default is the [upstream project repo]('https://github.com/aws-samples/aws-fault-injection-simulator-workshop-v2.git').
+- `gitBranch`: Git branch to pull for the CodeBuild job. The default is an empty string (`""`) for `main`.
+- `isEventEngine`: Set to `false` (default) if deploying in your own account or `true` if deploying in an AWS provided environment, e.g. workshop.
 
 ## Installation Steps
-
-1. Clone the workshop repository:
+- Clone the workshop repository:
 ```bash
 git clone https://github.com/aws-samples/aws-fault-injection-simulator-workshop-v2.git
-cd aws-fault-injection-simulator-workshop-v2/bring-your-own-account [[2]](https://docs.aws.amazon.com/fis/latest/userguide/update.html)
+cd aws-fault-injection-simulator-workshop-v2/bring-your-own-account/cdk
 ```
-
-2. Install dependencies:
-
+- Install dependencies:
 ```bash
 npm install
 ```
-
-3. Set Environment Variables:
+- Set Environment Variables:
 ```bash
 export eeTeamRoleArn=<your-team-role-arn> # for example arn:aws:iam::123456789012:role/TeamRole
 ```
-
-3. Bootstrap CDK in both regions:
-
-```bash
-cdk bootstrap aws://ACCOUNT-NUMBER/us-east-1
-cdk bootstrap aws://ACCOUNT-NUMBER/us-west-2
-```
-4. Deploy the workshop infrastructure:
+- Deploy the workshop supporting infrastructure in FisWorkshopStack. The CodePipeline pipeline that launches the PetAdoptions application should start automatically.
 
 ```bash
 cdk deploy --all
@@ -69,19 +58,10 @@ The CDK stack creates the following resources:
 + Build and destroy specifications
 
 ## Workshop Deployment
-
-To trigger builds:
-
-### Start workshop deployment
-
+The workshop deployment should start automatically when the `build.zip` is uploaded to the S3 bucket, which triggers the CodePipeline job. If it does not, you can start the job directly in CodeBuild using
 ```bash
 aws codebuild start-build --project-name FIS-Workshop-Build
 ```
-### Clean up workshop resources
-
-```bash
-aws codebuild start-build --project-name FIS-Workshop-Destroy
-```
 
 ### Monitoring Deployment
 You can monitor the deployment progress through:
@@ -121,12 +101,10 @@ Common issues and solutions:
 - Check region-specific service quotas
 
 ## Resource Limits
-
 + Verify service quotas for EC2, VPC, and other services
 + Request quota increases if needed
 
 ## Useful Commands
-
 1. Compile TypeScript to JS
 ```bash
 npm run build

bring-your-own-account/cdk/bin/bring-your-own-account.ts

@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 import * as cdk from 'aws-cdk-lib';
 import { FisWorkshopStack } from '../lib/fis-workshop-stack';
+import { GitHubEnterpriseSourceCredentials } from 'aws-cdk-lib/aws-codebuild';
 
 const app = new cdk.App();
 
@@ -10,6 +11,7 @@ if (!eeTeamRoleArn) {
     throw new Error('eeTeamRoleArn must be provided either via context or eeTeamRoleArn environment variable');
 }
 
+const gitRepoUrl = app.node.tryGetContext('gitRepoUrl') ||  process.env.gitRepoUrl || 'https://github.com/aws-samples/aws-fault-injection-simulator-workshop-v2.git';
 const gitBranch = app.node.tryGetContext('gitBranch') ||  process.env.gitBranch || 'main';
 // const environmentName = app.node.tryGetContext('environmentName') ||  process.env.environmentName || 'FISWorkshopPipeline'; //'An environment name that is prefixed to resource names'
 const isEventEngine = app.node.tryGetContext('isEventEngine') ||  process.env.isEventEngine || 'false'; // 'Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone'
@@ -22,6 +24,7 @@ new FisWorkshopStack(app, 'FisWorkshopStack', {
     region: 'us-east-1'
   },
   eeTeamRoleArn: eeTeamRoleArn,
+  gitRepoUrl: gitRepoUrl,
   gitBranch: gitBranch,
   // environmentName: environmentName,
   isEventEngine: isEventEngine