Choreography: AWS Infrastructure for Item Image Upload
Execution Sequence
Section titled “Execution Sequence”| Order | Run | Directory | Trigger | Estimated Tasks |
|---|---|---|---|---|
| 1 | Run 1: DNS Foundation | run-1-dns-foundation/ | Manual | 7 |
| 2 | Run 2: Partition Resources | run-2-partition-resources/ | After Run 1 exit gate passes + DNS deployed | 23 |
Artifact Dependency Map
Section titled “Artifact Dependency Map”| Artifact | Produced By | Consumed By | Path | Format |
|---|---|---|---|---|
assetsHostedZone import | Run 1 | Run 2 | src/main/cdk/apps/Al1x/util.ts | TypeScript |
assetsCertificateArn import | Run 1 | Run 2 | src/main/cdk/apps/Al1x/util.ts | TypeScript |
assetsDomain() function | Run 1 | Run 2 | src/main/cdk/platform/ari-configuration.ts | TypeScript |
Deployed assets.arda.cards zone | Run 1 | Run 2 | AWS Route53 (root account) | Runtime |
| Deployed ACM cert | Run 1 | Run 2 | AWS ACM (infra account) | Runtime |
| 6 cross-stack exports | Run 2 | Phase 2 (operations) | CloudFormation exports | Runtime |
| Signing private key | Run 2 | Phase 3b (BFF) | AWS Secrets Manager | Runtime |
Hand-Off Protocol
Section titled “Hand-Off Protocol”All hand-offs are filesystem-only for code artifacts. Runtime artifacts (deployed zones, certificates) are verified via CLI commands.
Between Run 1 and Run 2
Section titled “Between Run 1 and Run 2”- Run 1 completes all code changes and
validate-exit.shpasses for code criteria. - Deployment gate: Run
deploy-root.shto deploy the root zone, thenamm.shfor the infrastructure step to deploy the subdomain zone and certificate. - Wait for ACM certificate issuance — DNS validation may take
minutes. Check with:
Expected:
Terminal window aws acm list-certificates \--query "CertificateSummaryList[?DomainName=='*.alpha002.assets.arda.cards'].Status"ISSUED. - Run 2’s entry criteria are checked (code artifacts in repo + deployed infrastructure in AWS).
- Run 2 is launched.
After Run 2
Section titled “After Run 2”- Run 2 completes all code + test tasks and
validate-exit.shpasses. - Deploy Alpha002/dev:
amm.sh Alpha002 dev— first deployment. Runverify-image-cdn.tsagainst dev. - Deploy Alpha002/stage:
amm.sh Alpha002 stage— verifies multi-partition coexistence. - Deploy Alpha001/demo: Requires Phase 0 deployed to Alpha001
first (
deploy-root.sh+amm.sh Alpha001 demoinfra step). Thenamm.sh Alpha001 demofull partition. - Deploy Alpha001/prod:
amm.sh Alpha001 prod— production. - Deploy SandboxKyle002/kyle: Requires Phase 0 deployed to
SandboxKyle002. Then
amm.sh SandboxKyle002 kyle. - PR: Open a single PR from the integration branch to
main.
Worktree Strategy
Section titled “Worktree Strategy”Single repository (infrastructure) — worktrees grouped under
image-upload-infrastructure-worktrees/infrastructure/.
| Run | Branch | Base |
|---|---|---|
| 1 | jmpicnic/image-upload-infrastructure/run-1 | main |
| 2 | jmpicnic/image-upload-infrastructure/run-2 | Run 1 branch |
Integration: Run 2 branches from Run 1’s branch (not main), so it
has access to Run 1’s code changes. The final PR merges Run 2’s branch
(which includes Run 1’s commits) to main.
Cleanup: After the PR is merged, remove the worktree:
git -C /Users/jmp/code/arda/infrastructure worktree remove \ /Users/jmp/code/arda/image-upload-infrastructure-worktrees/infrastructureRecovery Procedures
Section titled “Recovery Procedures”Run 1 fails mid-execution
Section titled “Run 1 fails mid-execution”- Diagnosis: Check which tasks completed by reviewing git diff. Run 1 modifies 5 files — each is independent and can be fixed individually.
- Retry: Fix the failing task, re-run
npm run ci-check. - Root account failure: If
deploy-root.shfails, check AWS CloudFormation console for theRootConfigurationstack. The stack supports rollback.
Run 1 exit gate fails
Section titled “Run 1 exit gate fails”- DNS not resolving: NS delegation may take up to 48 hours (rare).
Check that NS records exist in the root zone:
aws route53 list-resource-record-sets --hosted-zone-id <root-zone-id>. - ACM cert not issuing: Check that the CNAME validation record
exists in the subdomain zone. ACM creates these automatically during
cdk deploy; if missing, re-deploy the infra ingress stack.
Run 2 fails mid-execution
Section titled “Run 2 fails mid-execution”- Diagnosis: Run
npm testto identify failing tests. Runnpm run ci-checkto identify synth failures. - Construct errors: Each construct is independent — fix the failing construct and re-run tests.
- Stack wiring errors: Check
partition.tsfor correct dependency ordering and prop passing.
Run 2 exit gate fails
Section titled “Run 2 exit gate fails”- Deploy failures: Check CloudFormation console for stack events. Common issues: IAM permissions, cross-stack export not found (verify Run 1 deployment succeeded).
- Verification script fails: Run individual steps manually to isolate the failure (presigning, upload, CloudFront access, cookies).
Launch Commands
Section titled “Launch Commands”| Run | Command |
|---|---|
| 1 | /launch-team 1-aws-infrastructure/plan/run-1-dns-foundation |
| 2 | /launch-team 1-aws-infrastructure/plan/run-2-partition-resources |
Copyright: (c) Arda Systems 2025-2026, All rights reserved
Copyright: © Arda Systems 2025-2026, All rights reserved