Skip to content

Move disasters jupyterhub from dev to prod #155

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
smohiudd wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Move disasters jupyterhub from dev to prod #155

smohiudd wants to merge 3 commits into from

Conversation

@smohiudd
Copy link
Contributor

@smohiudd smohiudd commented Dec 8, 2025

Since this change will create a new secret for the jupyterhub-disasters client, we'll need to let 2i2c know of the updated secret value.

@github-actions
Copy link

github-actions bot commented Dec 8, 2025
edited
Loading

Diff for stage: DefaultStage

Warning

2 Destructive Changes

Diff for stack: veda-keycloak-dev - 0 to add, 2 to update, 1 to destroy

Details

[!WARNING]
Destructive Changes ‼️
Stack: veda-keycloak-dev - Resource: configjupyterhubdisastersclientsecret7640859E - Impact: WILL_DESTROY

Stack: veda-keycloak-dev - Resource: configConfigTaskDef650ED3A2 - Impact: WILL_REPLACE

IAM Statement Changes
┌───┬──────────────────────────────────────────────────┬────────┬───────────────────────────────┬─────────────────────────────────────────────────┬───────────┐
│   │ Resource                                         │ Effect │ Action                        │ Principal                                       │ Condition │
├───┼──────────────────────────────────────────────────┼────────┼───────────────────────────────┼─────────────────────────────────────────────────┼───────────┤
│ - │ ${configjupyterhubdisastersclientsecret7640859E} │ Allow  │ secretsmanager:DescribeSecret │ AWS:${configConfigTaskDefExecutionRole55730F7C} │           │
│   │                                                  │        │ secretsmanager:GetSecretValue │                                                 │           │
└───┴──────────────────────────────────────────────────┴────────┴───────────────────────────────┴─────────────────────────────────────────────────┴───────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Resources
[-] AWS::SecretsManager::Secret configjupyterhubdisastersclientsecret7640859E destroy
[~] AWS::ECS::TaskDefinition configConfigTaskDef650ED3A2 replace
 └─ [~] ContainerDefinitions (requires replacement)
     └─ @@ -28,7 +28,7 @@
        [ ] ],
        [ ] "Essential": true,
        [ ] "Image": {
        [-]   "Fn::Sub": "853558080719.dkr.ecr.us-west-2.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-853558080719-us-west-2:d6df6d93cdf4243a42d9fabeba218c7ea72406d941b4552b759f902fa6ef33b3"
        [+]   "Fn::Sub": "853558080719.dkr.ecr.us-west-2.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-853558080719-us-west-2:d0ae8bee6489bfe4ec28d528541e88f3a4fd62a31dac75ba27becc4d258eff08"
        [ ] },
        [ ] "LogConfiguration": {
        [ ]   "LogDriver": "awslogs",
        @@ -239,34 +239,6 @@
        [ ]   }
        [ ] },
        [ ] {
        [-]   "Name": "JUPYTERHUB_DISASTERS_CLIENT_ID",
        [-]   "ValueFrom": {
        [-]     "Fn::Join": [
        [-]       "",
        [-]       [
        [-]         {
        [-]           "Ref": "configjupyterhubdisastersclientsecret7640859E"
        [-]         },
        [-]         ":id::"
        [-]       ]
        [-]     ]
        [-]   }
        [-] },
        [-] {
        [-]   "Name": "JUPYTERHUB_DISASTERS_CLIENT_SECRET",
        [-]   "ValueFrom": {
        [-]     "Fn::Join": [
        [-]       "",
        [-]       [
        [-]         {
        [-]           "Ref": "configjupyterhubdisastersclientsecret7640859E"
        [-]         },
        [-]         ":secret::"
        [-]       ]
        [-]     ]
        [-]   }
        [-] },
        [-] {
        [ ]   "Name": "INGEST_UI_CLIENT_ID",
        [ ]   "ValueFrom": {
        [ ]     "Fn::Join": [
[~] AWS::IAM::Policy configConfigTaskDefExecutionRoleDefaultPolicyB2F7D3D0
 └─ [~] PolicyDocument
     └─ [~] .Statement:
         └─ @@ -114,16 +114,6 @@
            [ ]   ],
            [ ]   "Effect": "Allow",
            [ ]   "Resource": {
            [-]     "Ref": "configjupyterhubdisastersclientsecret7640859E"
            [-]   }
            [-] },
            [-] {
            [-]   "Action": [
            [-]     "secretsmanager:GetSecretValue",
            [-]     "secretsmanager:DescribeSecret"
            [-]   ],
            [-]   "Effect": "Allow",
            [-]   "Resource": {
            [ ]     "Ref": "configingestuiclientsecretFE3C4C92"
            [ ]   }
            [ ] },

Generated for commit cd99f62 at 2025-12-15T15:45:04.401Z

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@smohiudd