fix: update AWS resource naming to avoid hardcoding and allow build and deploy

packages/back-end/src/infra/constructs/s3-construct.ts

@@ -12,11 +12,12 @@ export class S3Construct extends Construct {
     this.props = props;
   }
 
-  public createBucket = (envBucketName: string, envType: string): Bucket => {
+  public createBucket = (envType: string, envBucketName?: string): Bucket => {
     const removalPolicy = envType !== 'prod' ? RemovalPolicy.DESTROY : undefined; // Only for Non-Prod
+    const constructId = envBucketName ?? `bucket-${Math.floor(Math.random() * 10000)}`;
 
-    const bucket = new Bucket(this, envBucketName, {
-      bucketName: envBucketName,
+    const bucket = new Bucket(this, constructId, {
+      bucketName: envType === 'prod' ? envBucketName : undefined,
       objectOwnership: ObjectOwnership.BUCKET_OWNER_ENFORCED,
       blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
       encryption: BucketEncryption.S3_MANAGED,

packages/back-end/src/infra/constructs/vpc-construct.ts

@@ -91,7 +91,8 @@ export class VpcConstruct extends Construct {
       }
     }
 
-    new CfnOutput(this, 'VpcId', { key: 'VpcId', value: this.vpc.vpcId, exportName: 'VpcId' });
-    new CfnOutput(this, 'VpcArn', { key: 'VpcArn', value: this.vpc.vpcArn, exportName: 'VpcArn' });
+    const exportPrefix = this.props.envType === 'prod' ? '' : `${this.props.envType}-${this.props.envName}-`;
+    new CfnOutput(this, 'VpcId', { key: 'VpcId', value: this.vpc.vpcId, exportName: `${exportPrefix}VpcId` });
+    new CfnOutput(this, 'VpcArn', { key: 'VpcArn', value: this.vpc.vpcArn, exportName: `${exportPrefix}VpcArn` });
   }
 }

packages/back-end/src/infra/stacks/aws-healthomics-nested-stack.ts

@@ -1,5 +1,5 @@
 import { NestedStack } from 'aws-cdk-lib';
-import { Effect, PolicyDocument, PolicyStatement, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam';
+import { Effect, PolicyDocument, PolicyStatement, Role, ServicePrincipal, Policy } from 'aws-cdk-lib/aws-iam';
 import { NagSuppressions } from 'cdk-nag';
 import { Construct } from 'constructs';
 import { IamConstruct, IamConstructProps } from '../constructs/iam-construct';
@@ -170,27 +170,33 @@ export class AwsHealthOmicsNestedStack extends NestedStack {
 
   private setupRoles() {
     // easy-genomics-healthomics-workflow-run-role
-    this.iam.addRole(
-      'easy-genomics-healthomics-workflow-run-role',
-      new Role(this, `${this.props.namePrefix}-easy-genomics-healthomics-workflow-run-role`, {
-        roleName: `${this.props.namePrefix}-easy-genomics-healthomics-workflow-run-role`,
-        assumedBy: new ServicePrincipal('omics.amazonaws.com', {
-          region: `${this.props.env.region!}`,
-          conditions: {
-            ['StringEquals']: {
-              'aws:SourceAccount': `${this.props.env.account!}`,
-            },
-            ['ArnLike']: {
-              'aws:SourceArn': `arn:aws:omics:${this.props.env.region}:${this.props.env.account!}:run/*`,
-            },
+    const role = new Role(this, `${this.props.namePrefix}-easy-genomics-healthomics-workflow-run-role`, {
+      roleName: `${this.props.namePrefix}-easy-genomics-healthomics-workflow-run-role`,
+      assumedBy: new ServicePrincipal('omics.amazonaws.com', {
+        region: `${this.props.env.region!}`,
+        conditions: {
+          StringEquals: {
+            'aws:SourceAccount': `${this.props.env.account!}`,
+          },
+          ArnLike: {
+            'aws:SourceArn': `arn:aws:omics:${this.props.env.region}:${this.props.env.account!}:run/*`,
           },
-        }),
-        description: 'Service Role that the Omics Service can use access resources from other services.',
-        inlinePolicies: {
-          ['omics-service-role-policy-document']: this.iam.getPolicyDocument('omics-service-role-policy-document'),
         },
       }),
-    );
+      description: 'Service Role that the Omics Service can use access resources from other services.',
+    });
+
+    // Create a Policy and attach it to the Role
+    new Policy(this, `${this.props.namePrefix}-omics-service-role-policy`, {
+      policyName: `${this.props.namePrefix}-omics-service-role-policy`,
+      statements: this.iam
+        .getPolicyDocument('omics-service-role-policy-document')
+        .toJSON()
+        .Statement.map((stmt: any) => PolicyStatement.fromJson(stmt)),
+      roles: [role],
+    });
+
+    this.iam.addRole('easy-genomics-healthomics-workflow-run-role', role);
   }
 
   private setupLambdaPolicyStatements() {

packages/back-end/src/infra/stacks/data-provisioning-nested-stack.ts

@@ -65,7 +65,7 @@ export class DataProvisioningNestedStack extends NestedStack {
 
       // S3 Bucket Names must be globally unique and less than 63 in length
       const s3BucketFullName = `${this.props.env.account!}-${this.props.namePrefix}-lab-bucket`;
-      if (s3BucketFullName.length > 63) {
+      if (s3BucketFullName && s3BucketFullName.length > 63) {
         throw new Error(`S3 Bucket Name: "${s3BucketFullName}" is too long`);
       }
       this.s3Construct.createBucket(s3BucketFullName, this.props.envType);