Further workshop enhancements; clean old workshop folders; update README#7
Merged
Further workshop enhancements; clean old workshop folders; update README#7
Conversation
Member
whummer
commented
Apr 18, 2026
whummer
commented
- Remove 00-hello-world, 01-serverless-image-resizer, 02-serverless-api-ecs-apigateway, 03-appsync-graphql-api-cdk, 04-cloud-pods-persistence, LICENSE (old EuroPython leftovers)
- README: add Mermaid architecture diagram, Makefile targets section, updated module table and repo layout reflecting current state
- ...
…agram - Remove 00-hello-world, 01-serverless-image-resizer, 02-serverless-api-ecs-apigateway, 03-appsync-graphql-api-cdk, 04-cloud-pods-persistence, LICENSE (old EuroPython leftovers) - README: add Mermaid architecture diagram, Makefile targets section, updated module table and repo layout reflecting current state Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- services/fulfillment/: new Docker container — reads order from DynamoDB, sets fulfilled status, writes S3 receipt - terraform: ECR repo, ECS cluster, task definition, IAM execution+task roles; FulfillOrder state now uses ecs:runTask.sync:2 instead of Lambda - order_processor: remove fulfill step and s3/RECEIPTS_BUCKET dependency - Makefile: add `build` target (ECR push); `deploy` runs build first Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- workflow: deploy app (build ECR image + tflocal apply) then run pytest - tests: update status checks from 'processed' to 'fulfilled', increase timeout for ECS pipeline, add products test, update item names Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
whummer
changed the title
Terraform owns ECR repo creation; building before apply caused RepositoryAlreadyExistsException. Reordered CI steps and removed manual ecr create-repository from build target. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…alue
tflocal output -json <name> returns the value directly as JSON,
not {"value": "..."}. Indexing with ["value"] caused TypeError.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…riant runTask.sync:2 relies on EventBridge events for task completion detection which LocalStack does not support — execution hangs indefinitely. The polling-based runTask.sync works correctly. Also increase E2E test timeout to 150s to accommodate ECS container startup time in CI. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
LocalStack may not reliably inject AWS_ENDPOINT_URL into ECS task containers in all environments. Setting it explicitly to localhost.localstack.cloud:4566 ensures the fulfillment container always reaches LocalStack regardless of runtime injection. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
FARGATE tasks with awsvpc network mode require NetworkConfiguration with subnet IDs. Without it, ECS RunTask returns an error that LocalStack's SFN integration doesn't handle, causing States.Runtime. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Demonstrates LocalStack's IAM enforcement mode: - Terraform deploys lambda-exec-role without dynamodb:PutItem (deliberate gap) - Without enforcement (default): order creation works fine - make iam-enforce: toggles ENFORCE_IAM=1 via LocalStack config API; POST /orders now fails with AccessDeniedException — visible in App Inspector - make iam-fix: grants the missing PutItem via awslocal iam put-role-policy; orders flow through the full pipeline again - make iam-off: restores permissive mode UI: IAM Enforcement toggle in sidebar + IAM nav section with step-by-step guide. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The correct LocalStack endpoint is POST /_aws/iam/config with
{"state":"ENFORCED"} / {"state":"ALLOW_ALL"}, not /_localstack/config.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The test polls DynamoDB for "fulfilled" status then immediately reads S3. Previously DynamoDB was updated first, so the test could see "fulfilled" before the S3 write completed, causing a NoSuchKey error. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.