Skip to content
Arda Platform Documentation

Skipped

1. BulkStoresStack Snapshot Test (Task 2.13)

Section titled “1. BulkStoresStack Snapshot Test (Task 2.13)”

Reason: CDK serverAccessLogsBucket + BUCKET_OWNER_ENFORCED conflict in test environment. The stack creates its logging bucket internally with BUCKET_OWNER_ENFORCED, but CDK’s serverAccessLogsBucket property sets accessControl: LogDeliveryWrite which conflicts. Works in production (CDK token resolution path differs).

Tracked in: infrastructure#433

Workaround: Stack is verified by ci-check (CDK synth for all 8 targets). A test.skip() placeholder exists.

2. ImageStorageStack Snapshot Test

Section titled “2. ImageStorageStack Snapshot Test”

Reason: Lambda asset hashes differ between local and CI environments, making snapshots environment-dependent. Snapshot removed in favor of the export verification test (which provides equivalent contract coverage).

Tracked in: infrastructure#433

3. cdk-nag AwsSolutions Integration

Section titled “3. cdk-nag AwsSolutions Integration”

Reason: cdk-nag is installed as a devDependency but not yet integrated into CDK app entry points. The specification called for adding AwsSolutionsChecks to each entry point, but this was deferred to avoid scope expansion into pre-existing constructs that may have unsuppressed findings.

Tracked in: infrastructure#433

4. cfn-guard Policy-as-Code Rules

Section titled “4. cfn-guard Policy-as-Code Rules”

Reason: Out of scope for this project. Requires rule authoring for S3, IAM, CloudFront, and Secrets Manager policies.

Tracked in: infrastructure#434

5. Multi-Environment Deployment (Tasks 2.19–2.22)

Section titled “5. Multi-Environment Deployment (Tasks 2.19–2.22)”

Status: Alpha002/dev deployed and verified. Remaining environments pending operator action:

  • Alpha002/stage
  • Alpha001/demo + prod
  • SandboxKyle002/kyle

Reason: Each environment requires 1Password authentication and amm.sh execution. Phase 0 (root zone + infra subdomain) must be deployed to Alpha001 and SandboxKyle002 before their partitions.

6. CI Integration for Root Targets

Section titled “6. CI Integration for Root Targets”

Reason: ci-root-check.js exists but is not wired into ci.yaml. Adding it requires deciding whether root synth should be a PR-blocking check (it targets a different account than the infra/ partition targets).

7. Presigning Role Assumption Test in verify-image-cdn.ts

Section titled “7. Presigning Role Assumption Test in verify-image-cdn.ts”

Reason: The presigning role’s trust policy only allows the EKS pod role to assume it. Admin SSO credentials cannot assume the role, so the verification script’s --presign-role-arn parameter was made optional. The role assumption is verified in the real application flow (Phase 2).

Copyright: (c) Arda Systems 2025-2026, All rights reserved

Copyright: © Arda Systems 2025-2026, All rights reserved