From 5d7653402faccbbe5bf26e7e2c3d4208766bc1e2 Mon Sep 17 00:00:00 2001 From: hrodmn Date: Thu, 12 Mar 2026 13:02:56 -0500 Subject: [PATCH 1/7] fix: untangle dependency between PatchManager and PgstacInfra stacks --- cdk/PatchManager.ts | 10 +++++++--- cdk/PgStacInfra.ts | 8 ++++++-- cdk/app.ts | 6 +++--- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/cdk/PatchManager.ts b/cdk/PatchManager.ts index cc1e6cb..3781091 100644 --- a/cdk/PatchManager.ts +++ b/cdk/PatchManager.ts @@ -37,6 +37,10 @@ export class PatchManagerStack extends Stack { }, ); + const instanceIds = props.pgbouncerParamNames.map((paramName) => + ssm.StringParameter.valueFromLookup(this, paramName) + ); + // Target EC2 instances by Name tag const target = new ssm.CfnMaintenanceWindowTarget( this, @@ -47,7 +51,7 @@ export class PatchManagerStack extends Stack { targets: [ { key: 'InstanceIds', - values: [...props.instanceIds], + values: instanceIds, }, ], }, @@ -81,7 +85,7 @@ export class PatchManagerStack extends Stack { export interface Props extends StackProps { /** - * Instance IDs to target for patching. + * SSM parameter names storing the PgBouncer EC2 instance IDs to target for patching. */ - instanceIds: string[]; + pgbouncerParamNames: string[]; } diff --git a/cdk/PgStacInfra.ts b/cdk/PgStacInfra.ts index 82b035a..f2241a7 100644 --- a/cdk/PgStacInfra.ts +++ b/cdk/PgStacInfra.ts @@ -9,6 +9,7 @@ import { aws_cloudfront as cloudfront, aws_cloudfront_origins as origins, aws_cloudwatch as cloudwatch, + aws_ssm as ssm, } from "aws-cdk-lib"; import { Aws, Duration, RemovalPolicy, Stack, StackProps } from "aws-cdk-lib"; import { Construct } from "constructs"; @@ -27,7 +28,6 @@ import { load } from "js-yaml"; import { DpsStacItemGenerator } from "./constructs/DpsStacItemGenerator"; export class PgStacInfra extends Stack { - public readonly pgbouncerInstanceId: string; constructor(scope: Construct, id: string, props: Props) { super(scope, id, props); @@ -71,7 +71,11 @@ export class PgStacInfra extends Stack { bootstrapperLambdaFunctionOptions: { timeout: Duration.minutes(15) }, }); if (pgstacDb.pgbouncerInstanceId) { - this.pgbouncerInstanceId = pgstacDb.pgbouncerInstanceId; + new ssm.StringParameter(this, "pgbouncer-instance-id-param", { + parameterName: `/maap-eoapi/${stage}/${type}/pgbouncer-instance-id`, + stringValue: pgstacDb.pgbouncerInstanceId, + description: `PgBouncer EC2 instance ID for MAAP eoAPI ${type} stack (${stage})`, + }); } const apiSubnetSelection: ec2.SubnetSelection = { diff --git a/cdk/app.ts b/cdk/app.ts index 0d5e15f..949d440 100644 --- a/cdk/app.ts +++ b/cdk/app.ts @@ -130,9 +130,9 @@ const userInfrastructure = new PgStacInfra(app, buildStackName("userSTAC"), { }); new PatchManagerStack(app, buildStackName("patch-manager"), { - instanceIds: [ - coreInfrastructure.pgbouncerInstanceId, - userInfrastructure.pgbouncerInstanceId, + pgbouncerParamNames: [ + `/maap-eoapi/${stage}/public/pgbouncer-instance-id`, + `/maap-eoapi/${stage}/internal/pgbouncer-instance-id`, ], terminationProtection: false, }); From 78cc1543fe51200da5f8abee7c47534923742957 Mon Sep 17 00:00:00 2001 From: hrodmn Date: Thu, 12 Mar 2026 13:11:13 -0500 Subject: [PATCH 2/7] fix: provide env to PatchManager stack --- cdk/app.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cdk/app.ts b/cdk/app.ts index 949d440..61aefd8 100644 --- a/cdk/app.ts +++ b/cdk/app.ts @@ -134,5 +134,9 @@ new PatchManagerStack(app, buildStackName("patch-manager"), { `/maap-eoapi/${stage}/public/pgbouncer-instance-id`, `/maap-eoapi/${stage}/internal/pgbouncer-instance-id`, ], + env: { + account: process.env.CDK_DEFAULT_ACCOUNT, + region: process.env.CDK_DEFAULT_REGION, + }, terminationProtection: false, }); From d92b5e1ae44e8fb3d6f6045c8479e870c0d590c9 Mon Sep 17 00:00:00 2001 From: hrodmn Date: Thu, 12 Mar 2026 13:21:49 -0500 Subject: [PATCH 3/7] fix: don't look up ssm parameters until deploy time --- cdk/PatchManager.ts | 2 +- cdk/app.ts | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/cdk/PatchManager.ts b/cdk/PatchManager.ts index 3781091..0887392 100644 --- a/cdk/PatchManager.ts +++ b/cdk/PatchManager.ts @@ -38,7 +38,7 @@ export class PatchManagerStack extends Stack { ); const instanceIds = props.pgbouncerParamNames.map((paramName) => - ssm.StringParameter.valueFromLookup(this, paramName) + ssm.StringParameter.valueForStringParameter(this, paramName) ); // Target EC2 instances by Name tag diff --git a/cdk/app.ts b/cdk/app.ts index 61aefd8..949d440 100644 --- a/cdk/app.ts +++ b/cdk/app.ts @@ -134,9 +134,5 @@ new PatchManagerStack(app, buildStackName("patch-manager"), { `/maap-eoapi/${stage}/public/pgbouncer-instance-id`, `/maap-eoapi/${stage}/internal/pgbouncer-instance-id`, ], - env: { - account: process.env.CDK_DEFAULT_ACCOUNT, - region: process.env.CDK_DEFAULT_REGION, - }, terminationProtection: false, }); From 9d471292f1d3b1e9f9c336f5626f2a2c2992da6d Mon Sep 17 00:00:00 2001 From: hrodmn Date: Thu, 12 Mar 2026 13:40:21 -0500 Subject: [PATCH 4/7] fix: add dependency --- cdk/app.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cdk/app.ts b/cdk/app.ts index 949d440..4376a7e 100644 --- a/cdk/app.ts +++ b/cdk/app.ts @@ -129,10 +129,12 @@ const userInfrastructure = new PgStacInfra(app, buildStackName("userSTAC"), { terminationProtection: false, }); -new PatchManagerStack(app, buildStackName("patch-manager"), { +const patchManager = new PatchManagerStack(app, buildStackName("patch-manager"), { pgbouncerParamNames: [ `/maap-eoapi/${stage}/public/pgbouncer-instance-id`, `/maap-eoapi/${stage}/internal/pgbouncer-instance-id`, ], terminationProtection: false, }); +patchManager.addDependency(coreInfrastructure); +patchManager.addDependency(userInfrastructure); From 6cc6aa6c568801aef1240cf77012e1c80dcd91ed Mon Sep 17 00:00:00 2001 From: hrodmn Date: Thu, 12 Mar 2026 14:51:43 -0500 Subject: [PATCH 5/7] deps: upgrade to eoapi-cdk v11.3.0 adds some deployment stability magic --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 3506d73..45865b6 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "dependencies": { "aws-cdk-lib": "^2.220.0", "constructs": "^10.3.0", - "eoapi-cdk": "^11.2.0", + "eoapi-cdk": "^11.3.0", "source-map-support": "^0.5.16" } } From cb94ef82ac7264eb8cc397f324b5cd3e4878025a Mon Sep 17 00:00:00 2001 From: hrodmn Date: Thu, 12 Mar 2026 14:55:32 -0500 Subject: [PATCH 6/7] deps: update package-lock.json --- package-lock.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index eed0e1f..32e7c0e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "dependencies": { "aws-cdk-lib": "^2.220.0", "constructs": "^10.3.0", - "eoapi-cdk": "^11.2.0", + "eoapi-cdk": "^11.3.0", "source-map-support": "^0.5.16" }, "bin": { @@ -2544,9 +2544,9 @@ "license": "MIT" }, "node_modules/eoapi-cdk": { - "version": "11.2.0", - "resolved": "https://registry.npmjs.org/eoapi-cdk/-/eoapi-cdk-11.2.0.tgz", - "integrity": "sha512-uD6oK+W9oqtrwcL4wBDDtg7G4AOdbUqD+hzUCFk/ZsI5jlwRy9HW049aN/M3lbsvW5TtuBRQ6ccLhjNne9Yv5g==", + "version": "11.3.0", + "resolved": "https://registry.npmjs.org/eoapi-cdk/-/eoapi-cdk-11.3.0.tgz", + "integrity": "sha512-tTVvSC/56IN68MltobbgfYi6hVbxSAt206wi2kpBgX8VakoH1BgnH99KE9JsdSmXCya58Tfjw9r4C0UJifibXA==", "license": "ISC", "peerDependencies": { "aws-cdk-lib": "^2.220.0", From 734b204a2ea272a26a96494418d6b32ad20cb535 Mon Sep 17 00:00:00 2001 From: hrodmn Date: Thu, 12 Mar 2026 15:07:40 -0500 Subject: [PATCH 7/7] deps: pin uv version in titiler-pgstac runtime dockerfile --- cdk/dockerfiles/Dockerfile.raster | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cdk/dockerfiles/Dockerfile.raster b/cdk/dockerfiles/Dockerfile.raster index abcaea9..a07facc 100644 --- a/cdk/dockerfiles/Dockerfile.raster +++ b/cdk/dockerfiles/Dockerfile.raster @@ -1,7 +1,7 @@ ARG PYTHON_VERSION=3.12 FROM --platform=linux/amd64 public.ecr.aws/lambda/python:${PYTHON_VERSION} -COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/ +COPY --from=ghcr.io/astral-sh/uv:0.10.9 /uv /uvx /bin/ # Install system dependencies to compile (numexpr) RUN dnf install -y gcc-c++