Cloud9 Upgrade to Ubuntu 22.04

Changed CDK code to reuse the same Cloudformation template used for self-hosted deployments.

Author: rapgaws

PetAdoptions/cdk/pet_stack/lib/modules/core/cloud9.ts

@@ -0,0 +1,39 @@
+import { Construct } from "constructs";
+import * as cloudformation_include from "aws-cdk-lib/cloudformation-include";
+import { CfnRole } from "aws-cdk-lib/aws-iam";
+
+export interface Cloud9EnvironmentProps {
+    name?: string;
+    vpcId: string;
+    subnetId: string;
+    templateFile: string;
+    cloud9OwnerArn?: string;
+}
+
+export class Cloud9Environment extends Construct {
+    public readonly c9Role: CfnRole;
+    constructor(scope: Construct, id: string, props: Cloud9EnvironmentProps) {
+        super(scope, id);
+
+        const template = new  cloudformation_include.CfnInclude(this, 'Cloud9Template', {
+            templateFile: props.templateFile,
+            parameters: {
+                'CreateVPC': false,
+                'Cloud9VPC': props.vpcId,
+                'Cloud9Subnet': props.subnetId
+            },
+            preserveLogicalIds: false
+        });
+
+        if (props.name) {
+            template.getParameter("EnvironmentName").default = props.name;
+        }
+
+        if (props.cloud9OwnerArn) {
+            template.getParameter("Cloud9OwnerRole").default = props.cloud9OwnerArn.valueOf();
+        }
+
+        this.c9Role = template.getResource("C9Role") as CfnRole;
+
+    }
+}

PetAdoptions/cdk/pet_stack/lib/services.ts

@@ -32,6 +32,7 @@ import { readFileSync } from 'fs';
 import 'ts-replace-all'
 import { TreatMissingData, ComparisonOperator } from 'aws-cdk-lib/aws-cloudwatch';
 import { KubectlLayer } from 'aws-cdk-lib/lambda-layer-kubectl';
+import { Cloud9Environment } from './modules/core/cloud9';
 
 export class Services extends Stack {
     constructor(scope: Construct, id: string, props?: StackProps) {
@@ -451,9 +452,16 @@ export class Services extends Stack {
 
         if (isEventEngine === 'true')
         {
-            var c9role = undefined
-            var c9InstanceProfile = undefined
-            var c9env = undefined
+
+            var c9Env = new Cloud9Environment(this, 'Cloud9Environment', {
+                vpcId: theVPC.vpcId,
+                subnetId: theVPC.publicSubnets[0].subnetId,
+                cloud9OwnerArn: "assumed-role/WSParticipantRole/Participant",
+                templateFile: __dirname + "/../../../../cloud9-cfn.yaml"
+            
+            });
+    
+            var c9role = c9Env.c9Role;
 
             // Dynamically check if AWSCloud9SSMAccessRole and AWSCloud9SSMInstanceProfile exists
             const c9SSMRole = new iam.Role(this,'AWSCloud9SSMAccessRole', {
@@ -463,51 +471,15 @@ export class Services extends Stack {
                 managedPolicies: [iam.ManagedPolicy.fromAwsManagedPolicyName("AWSCloud9SSMInstanceProfile"),iam.ManagedPolicy.fromAwsManagedPolicyName("AdministratorAccess")]
             });
 
-            const c9SSMRoleNoPath = iam.Role.fromRoleArn(this,'c9SSMRoleNoPath', "arn:aws:iam::" + stack.account + ":role/AWSCloud9SSMAccessRole")
-            cluster.awsAuth.addMastersRole(c9SSMRoleNoPath);
-
-            new iam.CfnInstanceProfile(this, 'AWSCloud9SSMInstanceProfile', {
-                path: '/cloud9/',
-                roles: [c9SSMRole.roleName],
-                instanceProfileName: 'AWSCloud9SSMInstanceProfile'
-            });
-
-            c9env = new cloud9.CfnEnvironmentEC2(this,"CloudEnv",{
-                ownerArn: "arn:aws:iam::" + stack.account +":assumed-role/WSParticipantRole/Participant",
-                instanceType: "t2.micro",
-                name: "observabilityworkshop",
-                subnetId: theVPC.privateSubnets[0].subnetId,
-                connectionType: 'CONNECT_SSM',
-                repositories: [
-                    {
-                        repositoryUrl: "https://github.com/aws-samples/one-observability-demo.git",
-                        pathComponent: "workshopfiles/one-observability-demo"
-                    }
-                ]
-            });
-
-            c9role = new iam.Role(this,'cloud9InstanceRole', {
-                assumedBy: new iam.ServicePrincipal("ec2.amazonaws.com"),
-                managedPolicies: [iam.ManagedPolicy.fromAwsManagedPolicyName("AdministratorAccess"), iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonSSMManagedInstanceCore")],
-                roleName: "observabilityworkshop-admin"
-            });
-
-            c9InstanceProfile = new iam.CfnInstanceProfile(this,'cloud9InstanceProfile', {
-                roles: [c9role.roleName],
-                instanceProfileName: "observabilityworkshop-profile"
-            })
-
-            const teamRole = iam.Role.fromRoleArn(this,'TeamRole',"arn:aws:iam::" + stack.account +":role/TeamRole");
+            const teamRole = iam.Role.fromRoleArn(this,'TeamRole',"arn:aws:iam::" + stack.account +":role/WSParticipantRole");
             cluster.awsAuth.addRoleMapping(teamRole,{groups:["dashboard-view"]});
+            
 
+            if (c9role!=undefined) {
+                cluster.awsAuth.addMastersRole(iam.Role.fromRoleArn(this, 'c9role', c9role.attrArn, { mutable: false }));
+            }
 
 
-            if (c9role!=undefined)
-                cluster.awsAuth.addMastersRole(c9role)
-
-            if (c9env!=undefined)
-                cluster.node.addDependency(c9env)
-
         }
 
         const eksAdminArn = this.node.tryGetContext('admin_role');