Merge pull request #66 from OleksandrRebenok/fix/existingVpc

schuettc · schuettc · commit 67a9df7be745 · 2025-12-01T15:53:58.000-06:00
Fix of using existing vpc Add dedicated stack s3bucket. Skip networking stack if user choose to use existing VPC. In case of using existing VPC, we pass subnets and vpc to monitoring stack from user input. Fixes #55 # Conflicts: # source/claude_code_with_bedrock/cli/commands/deploy.py
diff --git a/deployment/infrastructure/networking.yaml b/deployment/infrastructure/networking.yaml
@@ -92,32 +92,6 @@ Resources:
       RouteTableId: !Ref PublicRouteTable
       SubnetId: !Ref PublicSubnet2
 
-  # S3 Bucket for CloudFormation artifacts (Lambda code packages)
-  CfnArtifactsBucket:
-    Type: AWS::S3::Bucket
-    Properties:
-      BucketEncryption:
-        ServerSideEncryptionConfiguration:
-          - ServerSideEncryptionByDefault:
-              SSEAlgorithm: AES256
-      VersioningConfiguration:
-        Status: Enabled
-      LifecycleConfiguration:
-        Rules:
-          - Id: DeleteOldVersions
-            Status: Enabled
-            NoncurrentVersionExpirationInDays: 30
-      PublicAccessBlockConfiguration:
-        BlockPublicAcls: true
-        BlockPublicPolicy: true
-        IgnorePublicAcls: true
-        RestrictPublicBuckets: true
-      Tags:
-        - Key: Name
-          Value: claude-code-cfn-artifacts
-        - Key: Purpose
-          Value: CloudFormation Lambda packaging
-
 Outputs:
   VpcId:
     Description: The ID of the VPC
@@ -143,8 +117,3 @@ Outputs:
     Export:
       Name: !Sub "${AWS::StackName}-SubnetIds"
 
-  CfnArtifactsBucket:
-    Description: S3 bucket for CloudFormation artifacts
-    Value: !Ref CfnArtifactsBucket
-    Export:
-      Name: !Sub "${AWS::StackName}-CfnArtifactsBucket"
diff --git a/deployment/infrastructure/s3bucket.yaml b/deployment/infrastructure/s3bucket.yaml
@@ -0,0 +1,36 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: 'S3 Bucket for CloudFormation artifacts (Lambda code packages)'
+
+Resources:
+  # S3 Bucket for CloudFormation artifacts (Lambda code packages)
+  CfnArtifactsBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+          - ServerSideEncryptionByDefault:
+              SSEAlgorithm: AES256
+      VersioningConfiguration:
+        Status: Enabled
+      LifecycleConfiguration:
+        Rules:
+          - Id: DeleteOldVersions
+            Status: Enabled
+            NoncurrentVersionExpirationInDays: 30
+      PublicAccessBlockConfiguration:
+        BlockPublicAcls: true
+        BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
+      Tags:
+        - Key: Name
+          Value: claude-code-cfn-artifacts
+        - Key: Purpose
+          Value: CloudFormation Lambda packaging
+
+Outputs:
+  CfnArtifactsBucket:
+    Description: S3 bucket for CloudFormation artifacts
+    Value: !Ref CfnArtifactsBucket
+    Export:
+      Name: !Sub "${AWS::StackName}-CfnArtifactsBucket"
diff --git a/source/claude_code_with_bedrock/cli/commands/deploy.py b/source/claude_code_with_bedrock/cli/commands/deploy.py
@@ -155,18 +155,16 @@ def handle(self) -> int:
             # Deploy all configured stacks in dependency order
             stacks_to_deploy.append(("auth", "Authentication Stack (Cognito + IAM)"))
 
-            # Deploy networking first if needed (required by landing-page distribution and monitoring)
-            if profile.monitoring_enabled or (
-                profile.enable_distribution and profile.distribution_type == "landing-page"
-            ):
-                stacks_to_deploy.append(("networking", "VPC Networking for OTEL Collector"))
-
             # Deploy distribution after networking if it's landing-page type
             if profile.enable_distribution:
                 stacks_to_deploy.append(("distribution", "Distribution infrastructure (S3 + IAM)"))
 
             # Deploy remaining monitoring stacks
             if profile.monitoring_enabled:
+                vpc_congig = profile.monitoring_config or {}
+                if vpc_congig.get("create_vpc", True):
+                    stacks_to_deploy.append(("networking", "VPC Networking for OTEL Collector"))
+                stacks_to_deploy.append(("s3bucket", "S3 Bucket"))
                 stacks_to_deploy.append(("monitoring", "OpenTelemetry Collector"))
                 stacks_to_deploy.append(("dashboard", "CloudWatch Dashboard"))
                 # Check if analytics is enabled (default to True for backward compatibility)
@@ -563,6 +561,7 @@ def deploy_with_cf(
                 template = project_root / "deployment" / "infrastructure" / "networking.yaml"
                 stack_name = profile.stack_names.get("networking", f"{profile.identity_pool_name}-networking")
                 vpc_config = profile.monitoring_config or {}
+
                 params = [
                     f"VpcCidr={vpc_config.get('vpc_cidr', '10.0.0.0/16')}",
                     f"PublicSubnet1Cidr={vpc_config.get('subnet1_cidr', '10.0.1.0/24')}",
@@ -572,34 +571,46 @@ def deploy_with_cf(
                     template, stack_name, params, task_description="Deploying networking infrastructure..."
                 )
 
+            elif stack_type == "s3bucket":
+                template = project_root / "deployment" / "infrastructure" / "s3bucket.yaml"
+                stack_name = profile.stack_names.get("networking", f"{profile.identity_pool_name}-s3bucket")
+                params = []
+                return deploy_with_cf(template, stack_name, params, task_description="Deploying S3 Bucket...")
             elif stack_type == "monitoring":
                 # Ensure ECS service linked role exists before deploying
                 self._ensure_ecs_service_linked_role(console)
 
                 template = project_root / "deployment" / "infrastructure" / "otel-collector.yaml"
                 stack_name = profile.stack_names.get("monitoring", f"{profile.identity_pool_name}-otel-collector")
+                params = []
+                vpc_congig = profile.monitoring_config or {}
 
-                # Get VPC outputs from networking stack
-                networking_stack_name = profile.stack_names.get(
-                    "networking", f"{profile.identity_pool_name}-networking"
-                )
-                networking_outputs = get_stack_outputs(networking_stack_name, profile.aws_region)
+                if not vpc_congig.get("create_vpc", True):
+                    params.append(f"VpcId={vpc_congig.get('vpc_id', '')}")
+                    subnet_ids = ",".join(vpc_congig.get("subnet_ids", []))
+                    params.append(f"SubnetIds={subnet_ids}")
+                else:
+                    # Get VPC outputs from networking stack
+                    networking_stack_name = profile.stack_names.get(
+                        "networking", f"{profile.identity_pool_name}-networking"
+                    )
+                    networking_outputs = get_stack_outputs(networking_stack_name, profile.aws_region)
 
-                params = []
-                if networking_outputs:
-                    vpc_id = networking_outputs.get("VpcId", "")
-                    subnet_ids = networking_outputs.get("SubnetIds", "")
-                    if vpc_id:
-                        params.append(f"VpcId={vpc_id}")
-                    if subnet_ids:
-                        params.append(f"SubnetIds={subnet_ids}")
+                    if networking_outputs:
+                        vpc_id = networking_outputs.get("VpcId", "")
+                        subnet_ids = networking_outputs.get("SubnetIds", "")
+                        if vpc_id:
+                            params.append(f"VpcId={vpc_id}")
+                        if subnet_ids:
+                            params.append(f"SubnetIds={subnet_ids}")
 
                 # Add HTTPS domain parameters if configured
                 monitoring_config = getattr(profile, "monitoring_config", {})
                 if monitoring_config.get("custom_domain"):
                     params.append(f"CustomDomainName={monitoring_config['custom_domain']}")
                     params.append(f"HostedZoneId={monitoring_config['hosted_zone_id']}")
 
+                console.print(f"[dim]Using parameters: {params}[/dim]")
                 return deploy_with_cf(
                     template, stack_name, params, task_description="Deploying monitoring collector..."
                 )
@@ -609,20 +620,18 @@ def deploy_with_cf(
                 stack_name = profile.stack_names.get("dashboard", f"{profile.identity_pool_name}-dashboard")
 
                 # Get S3 bucket from networking stack for packaging
-                networking_stack_name = profile.stack_names.get(
-                    "networking", f"{profile.identity_pool_name}-networking"
-                )
-                networking_outputs = get_stack_outputs(networking_stack_name, profile.aws_region)
+                s3_stack_name = profile.stack_names.get("s3", f"{profile.identity_pool_name}-s3bucket")
+                s3_outputs = get_stack_outputs(s3_stack_name, profile.aws_region)
 
-                if not networking_outputs or not networking_outputs.get("CfnArtifactsBucket"):
+                if not s3_outputs or not s3_outputs.get("CfnArtifactsBucket"):
                     console.print("[red]Error: S3 bucket for packaging not found[/red]")
                     console.print(
                         "[yellow]The networking stack must be deployed first with the artifacts bucket.[/yellow]"
                     )
                     console.print("Run: [cyan]ccwb deploy networking[/cyan]")
                     return 1
 
-                s3_bucket = networking_outputs["CfnArtifactsBucket"]
+                s3_bucket = s3_outputs["CfnArtifactsBucket"]
 
                 # Package the template using AWS CLI (simple and reliable!)
                 task = progress.add_task("Packaging dashboard Lambda functions...", total=None)
diff --git a/source/claude_code_with_bedrock/cli/commands/destroy.py b/source/claude_code_with_bedrock/cli/commands/destroy.py
@@ -50,15 +50,15 @@ def handle(self) -> int:
 
         stacks_to_destroy = []
         if stack_arg:
-            if stack_arg in ["auth", "networking", "monitoring", "dashboard", "analytics"]:
+            if stack_arg in ["auth", "networking", "monitoring", "dashboard", "analytics", "s3bucket"]:
                 stacks_to_destroy.append(stack_arg)
             else:
                 console.print(f"[red]Unknown stack: {stack_arg}[/red]")
-                console.print("Valid stacks: auth, networking, monitoring, dashboard, analytics")
+                console.print("Valid stacks: auth, networking, monitoring, dashboard, analytics, s3bucket")
                 return 1
         else:
             # Destroy all stacks in reverse order
-            stacks_to_destroy = ["analytics", "dashboard", "monitoring", "networking", "auth"]
+            stacks_to_destroy = ["analytics", "dashboard", "monitoring", "networking", "s3bucket", "auth"]
 
         # Show what will be destroyed
         console.print(
@@ -98,6 +98,8 @@ def handle(self) -> int:
                 continue
             if stack == "analytics" and not profile.monitoring_enabled:
                 continue
+            if stack == "s3bucket" and not profile.monitoring_enabled:
+                continue
 
             stack_name = profile.stack_names.get(stack, f"{profile.identity_pool_name}-{stack}")
             console.print(f"Destroying {stack} stack: [cyan]{stack_name}[/cyan]")
