Fix AWS infrastructure deployment issues preventing successful stack …#424
Fix AWS infrastructure deployment issues preventing successful stack …#424
Conversation
…creation Resolves three critical issues that would prevent AWS deployment from working: 1. Fixed Keyspace dependency race condition where CloudFormation attempted to create Cassandra tables before keyspace existed, causing "Keyspace todos does not exist" errors. Added explicit CloudFormation dependencies using addDependency(). 2. Replaced PRIVATE_ISOLATED subnets with VPC Endpoints to enable AWS service access without NAT Gateway. PRIVATE_ISOLATED subnets have no connectivity, preventing ECS tasks from pulling ECR images or connecting to Keyspaces. Added S3 Gateway endpoint (free) and Interface endpoints for ECR, CloudWatch Logs, and Keyspaces (~$29/month vs $32/month for NAT Gateway). 3. Made ECS service creation optional on first deploy to avoid referencing non-existent Docker images. Infrastructure now deploys in two phases: Phase 1 creates VPC, Keyspaces, and ECR repository; Phase 2 (after image push) creates ECS service. Controlled via CDK context parameter createEcsService (default: false). Updated GitHub Actions workflow to implement two-phase deployment strategy with image build and push between infrastructure phases. All tests passing: 21 unit tests, 99% JaCoCo coverage, PMD/Checkstyle/SpotBugs/fmt clean. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
Bug: Missing Port Mapping Breaks Health Check Startup
The container definition is missing port mappings. The health check attempts to access port 8181 (http://localhost:8181/actuator/health), but no port mapping is configured to expose this port from the container. This will cause the health check to fail and prevent the ECS service from starting successfully. The container needs a port mapping configuration added to ContainerDefinitionOptions, such as .portMappings(List.of(PortMapping.builder().containerPort(8181).protocol(Protocol.TCP).build())).
infrastructure/src/main/java/net/ssimmie/todos/infrastructure/EcsStack.java#L137-L167
1 participant
…creation
Resolves three critical issues that would prevent AWS deployment from working:
Fixed Keyspace dependency race condition where CloudFormation attempted to create Cassandra tables before keyspace existed, causing "Keyspace todos does not exist" errors. Added explicit CloudFormation dependencies using addDependency().
Replaced PRIVATE_ISOLATED subnets with VPC Endpoints to enable AWS service access without NAT Gateway. PRIVATE_ISOLATED subnets have no connectivity, preventing ECS tasks from pulling ECR images or connecting to Keyspaces. Added S3 Gateway endpoint (free) and Interface endpoints for ECR, CloudWatch Logs, and Keyspaces (~$29/month vs $32/month for NAT Gateway).
Made ECS service creation optional on first deploy to avoid referencing non-existent Docker images. Infrastructure now deploys in two phases: Phase 1 creates VPC, Keyspaces, and ECR repository; Phase 2 (after image push) creates ECS service. Controlled via CDK context parameter createEcsService (default: false).
Updated GitHub Actions workflow to implement two-phase deployment strategy with image build and push between infrastructure phases.
All tests passing: 21 unit tests, 99% JaCoCo coverage, PMD/Checkstyle/SpotBugs/fmt clean.
🤖 Generated with Claude Code
Note
Adds VPC endpoints, enforces Keyspaces table dependencies, makes ECS service creation optional, and updates CI to a two-phase deploy with image build/push.
EcsStack):-c createEcsService=true; outputServiceArnonly when created and always outputEcrRepositoryUri/ClusterName.clusterandtaskDefinitionfields.KeyspacesStack):CfnTableinstances and add explicit dependencies onCfnKeyspaceto ensure creation order.NetworkStack):VpcEndpointSecurityGroupwith ingress from app SG on ports 443 and 9142..github/workflows/ci.yml):createEcsService=true.EcsStackTestandNetworkStackTestfor new constructor flag, outputs, and VPC endpoint SG accessors; add cases for service creation on/off.Written by Cursor Bugbot for commit f27e0c8. This will update automatically on new commits. Configure here.