update infra

Author: Yuriy Bezsonov

infrastructure/cdk/src/main/java/com/unicorn/constructs/VSCodeIde.java

@@ -22,9 +22,7 @@
 import software.amazon.awscdk.services.ec2.IMachineImage;
 import software.amazon.awscdk.services.ec2.ISecurityGroup;
 import software.amazon.awscdk.services.ec2.IVpc;
-import software.amazon.awscdk.services.ec2.InstanceClass;
-import software.amazon.awscdk.services.ec2.InstanceSize;
-import software.amazon.awscdk.services.ec2.InstanceType;
+
 import software.amazon.awscdk.services.ec2.MachineImage;
 import software.amazon.awscdk.services.ec2.Peer;
 import software.amazon.awscdk.services.ec2.Port;
@@ -41,8 +39,7 @@
 import software.amazon.awscdk.services.lambda.Code;
 import software.amazon.awscdk.services.lambda.Function;
 import software.amazon.awscdk.services.lambda.Runtime;
-import software.amazon.awscdk.services.logs.LogGroup;
-import software.amazon.awscdk.services.logs.RetentionDays;
+
 import software.amazon.awscdk.services.secretsmanager.Secret;
 import software.amazon.awscdk.services.secretsmanager.SecretStringGenerator;
 import software.amazon.awscdk.services.ssm.CfnDocument;
@@ -54,8 +51,7 @@
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.time.LocalDateTime;
-import java.time.format.DateTimeFormatter;
+
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -180,6 +176,7 @@ public VSCodeIde(final Construct scope, final String id, final VSCodeIdeProps pr
         // props.getRole().addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("AdministratorAccess"));
         props.getRole().addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("ReadOnlyAccess"));
         props.getRole().addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("AmazonSSMManagedInstanceCore"));
+        props.getRole().addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("CloudWatchAgentServerPolicy"));
 
         var filePath = props.getAdditionalIamPolicyPath();
         if (Files.exists(Path.of(getClass().getResource(filePath).getPath()))) {
@@ -191,15 +188,8 @@ public VSCodeIde(final Construct scope, final String id, final VSCodeIdeProps pr
                 props.getRole().addManagedPolicy(policy);
         }
 
-        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyyMMdd-HHmmss");
-        String timestamp = LocalDateTime.now().format(formatter);
-
-        // Set up logging
-        LogGroup logGroup = LogGroup.Builder.create(this, "IdeLogGroup")
-            .retention(RetentionDays.ONE_WEEK)
-            .logGroupName(props.getInstanceName() + "-bootstrap-log-" + timestamp)
-            .build();
-        logGroup.grantWrite(props.getRole());
+        // Log group will be created dynamically by CloudWatch agent at runtime
+        // No pre-created log group needed - avoids hardcoded timestamp issues
 
         // Create prefix List of CloudFront IP for EC2 instance segurity Group
         Function prefixListFunction = Function.Builder.create(this, "IdePrefixListFunction")
@@ -448,7 +438,8 @@ public VSCodeIde(final Construct scope, final String id, final VSCodeIdeProps pr
                 Map.entry("readmeUrl", props.getReadmeUrl()),
                 Map.entry("environmentContentsZip", props.getEnvironmentContentsZip()),
                 Map.entry("extensions", String.join(",", props.getExtensions())),
-                Map.entry("terminalOnStartup", String.valueOf(props.isTerminalOnStartup()))
+                Map.entry("terminalOnStartup", String.valueOf(props.isTerminalOnStartup())),
+                Map.entry("logGroupPrefix", props.getInstanceName() + "-bootstrap")
             ))
         ));
 
@@ -502,8 +493,8 @@ public VSCodeIde(final Construct scope, final String id, final VSCodeIdeProps pr
             .serviceToken(bootstrapFunction.getFunctionArn())
             .properties(Map.of(
                 "InstanceId", instanceId,
-                "SsmDocument", ssmDocument.getRef(),
-                "LogGroupName", logGroup.getLogGroupName()
+                "SsmDocument", ssmDocument.getRef()
+                // LogGroupName removed - will be created dynamically by CloudWatch agent
             ))
             .build();
     }

infrastructure/cdk/src/main/resources/bootstrapDocument.sh

@@ -1,6 +1,43 @@
 bash << 'HEREDOC'
 set -e
 
+# Generate unique log group name with runtime timestamp
+LOG_GROUP_NAME="${logGroupPrefix}-$(date +%Y%m%d-%H%M%S)"
+echo "Bootstrap logs will be written to CloudWatch log group: $LOG_GROUP_NAME"
+
+# Install and configure CloudWatch agent for logging
+echo "Installing CloudWatch agent..."
+yum install -y amazon-cloudwatch-agent
+
+# Create CloudWatch agent configuration
+cat > /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json << EOF
+{
+  "logs": {
+    "logs_collected": {
+      "files": {
+        "collect_list": [
+          {
+            "file_path": "/var/log/bootstrap.log",
+            "log_group_name": "$LOG_GROUP_NAME",
+            "log_stream_name": "{instance_id}",
+            "retention_in_days": 7
+          }
+        ]
+      }
+    }
+  }
+}
+EOF
+
+# Start CloudWatch agent
+/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl \
+  -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json -s
+
+# Redirect all bootstrap output to log file and console
+exec > >(tee -a /var/log/bootstrap.log)
+exec 2>&1
+
+echo "Bootstrap started at $(date) - Logging to $LOG_GROUP_NAME"
 echo "Retrieving IDE password..."
 
 PASSWORD_SECRET_VALUE=$(aws secretsmanager get-secret-value --secret-id "${passwordName}" --query 'SecretString' --output text)

infrastructure/cdk/src/main/resources/lambda.py

@@ -53,11 +53,7 @@ def lambda_handler(event, context):
 
             ssm.send_command(
                 InstanceIds=[instance_id],
-                DocumentName=ssm_document,
-                CloudWatchOutputConfig={
-                    'CloudWatchLogGroupName': event['ResourceProperties']['LogGroupName'],
-                    'CloudWatchOutputEnabled': True
-                })
+                DocumentName=ssm_document)
 
             responseData = {'Success': 'Started bootstrapping for instance: '+instance_id}
         except Exception as e: