@aws-mdaa/devops 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/SCHEMA.md +981 -0
  2. package/bin/devops.d.ts +6 -0
  3. package/bin/devops.js +10 -0
  4. package/cdk.json +7 -0
  5. package/lib/config-schema.json +431 -0
  6. package/lib/devops.d.ts +210 -0
  7. package/lib/devops.js +392 -0
  8. package/lib/index.d.ts +5 -0
  9. package/lib/index.js +24 -0
  10. package/mdaa.config.json +3 -0
  11. package/package.json +57 -0
package/bin/devops.d.ts ADDED
@@ -0,0 +1,6 @@
1
+ #!/usr/bin/env node
2
+ /*!
3
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
4
+ * SPDX-License-Identifier: Apache-2.0
5
+ */
6
+ export {};
package/bin/devops.js ADDED
@@ -0,0 +1,10 @@
1
+ #!/usr/bin/env node
2
+ "use strict";
3
+ /*!
4
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
5
+ * SPDX-License-Identifier: Apache-2.0
6
+ */
7
+ Object.defineProperty(exports, "__esModule", { value: true });
8
+ const devops_1 = require("../lib/devops");
9
+ new devops_1.MdaaDevopsCDKApp().generateStack();
10
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGV2b3BzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiZGV2b3BzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQ0E7OztHQUdHOztBQUVILDBDQUFpRDtBQUNqRCxJQUFJLHlCQUFnQixFQUFFLENBQUMsYUFBYSxFQUFFLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIjIS91c3IvYmluL2VudiBub2RlXG4vKiFcbiAqIENvcHlyaWdodCBBbWF6b24uY29tLCBJbmMuIG9yIGl0cyBhZmZpbGlhdGVzLiBBbGwgUmlnaHRzIFJlc2VydmVkLlxuICogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjBcbiAqL1xuXG5pbXBvcnQgeyBNZGFhRGV2b3BzQ0RLQXBwIH0gZnJvbSAnLi4vbGliL2Rldm9wcyc7XG5uZXcgTWRhYURldm9wc0NES0FwcCgpLmdlbmVyYXRlU3RhY2soKTtcbiJdfQ==
package/cdk.json ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "app": "npx ts-node --prefer-ts-exts bin/devops.ts",
3
+ "context": {
4
+ "aws-cdk:enableDiffNoFail": true,
5
+ "@aws-cdk/core:enablePartitionLiterals": true
6
+ }
7
+ }
package/lib/config-schema.json ADDED
@@ -0,0 +1,431 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-07/schema#",
3
+ "additionalProperties": false,
4
+ "definitions": {
5
+ "CfnParameterProps": {
6
+ "additionalProperties": false,
7
+ "properties": {
8
+ "allowedPattern": {
9
+ "default": "- No constraints on patterns allowed for parameter.",
10
+ "description": "A regular expression that represents the patterns to allow for String types.",
11
+ "type": "string"
12
+ },
13
+ "allowedValues": {
14
+ "default": "- No constraints on values allowed for parameter.",
15
+ "description": "An array containing the list of values allowed for the parameter.",
16
+ "items": {
17
+ "type": "string"
18
+ },
19
+ "type": "array"
20
+ },
21
+ "constraintDescription": {
22
+ "default": "- No description with customized error message when user specifies invalid values.",
23
+ "description": "A string that explains a constraint when the constraint is violated.\nFor example, without a constraint description, a parameter that has an allowed\npattern of [A-Za-z0-9]+ displays the following error message when the user specifies\nan invalid value:",
24
+ "type": "string"
25
+ },
26
+ "default": {
27
+ "default": "- No default value for parameter.",
28
+ "description": "A value of the appropriate type for the template to use if no value is specified\nwhen a stack is created. If you define constraints for the parameter, you must specify\na value that adheres to those constraints."
29
+ },
30
+ "description": {
31
+ "default": "- No description for the parameter.",
32
+ "description": "A string of up to 4000 characters that describes the parameter.",
33
+ "type": "string"
34
+ },
35
+ "maxLength": {
36
+ "default": "- None.",
37
+ "description": "An integer value that determines the largest number of characters you want to allow for String types.",
38
+ "type": "number"
39
+ },
40
+ "maxValue": {
41
+ "default": "- None.",
42
+ "description": "A numeric value that determines the largest numeric value you want to allow for Number types.",
43
+ "type": "number"
44
+ },
45
+ "minLength": {
46
+ "default": "- None.",
47
+ "description": "An integer value that determines the smallest number of characters you want to allow for String types.",
48
+ "type": "number"
49
+ },
50
+ "minValue": {
51
+ "default": "- None.",
52
+ "description": "A numeric value that determines the smallest numeric value you want to allow for Number types.",
53
+ "type": "number"
54
+ },
55
+ "noEcho": {
56
+ "default": "- Parameter values are not masked.",
57
+ "description": "Whether to mask the parameter value when anyone makes a call that describes the stack.\nIf you set the value to ``true``, the parameter value is masked with asterisks (``*****``).",
58
+ "type": "boolean"
59
+ },
60
+ "type": {
61
+ "default": "String",
62
+ "description": "The data type for the parameter (DataType).",
63
+ "type": "string"
64
+ }
65
+ },
66
+ "type": "object"
67
+ },
68
+ "MdaaNagSuppressionByPath": {
69
+ "additionalProperties": false,
70
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for suppressing specific CDK Nag security rules on individual CloudFormation resources identified by their resource path. Provides targeted rule suppression with mandatory justification for audit and compliance tracking.\n\nUse cases: Individual resource security exceptions; False positive rule suppressions; Documented compliance deviations\n\nAWS: Suppresses specific CDK Nag security rules for individual CloudFormation resources during deployment validation\n\nValidation: path must be valid CloudFormation resource path; suppressions array must contain valid rule IDs and justifications",
71
+ "properties": {
72
+ "path": {
73
+ "description": "Q-ENHANCED-PROPERTY\nCloudFormation resource path identifying the specific resource for which CDK Nag rules should be suppressed. Uses CDK construct tree path format to precisely target individual resources within the deployment stack.\n\nUse cases: Specific resource targeting; Individual resource exceptions; Precise suppression scope control\n\nAWS: CloudFormation resource path for targeted CDK Nag rule suppression during validation\n\nValidation: Must be valid CDK construct tree path format (e.g., /StackName/ConstructName/ResourceName)",
74
+ "type": "string"
75
+ },
76
+ "suppressions": {
77
+ "description": "Q-ENHANCED-PROPERTY\nArray of specific CDK Nag rule suppressions with rule IDs and mandatory justifications for audit compliance. Each suppression must include the rule identifier and business justification for the security exception.\n\nUse cases: Multiple rule suppressions per resource; Documented security exceptions; Audit trail maintenance\n\nAWS: CDK Nag rule ID suppression with justification tracking for compliance auditing\n\nValidation: Each suppression must have valid CDK Nag rule ID and non-empty reason string\n *",
78
+ "items": {
79
+ "additionalProperties": false,
80
+ "properties": {
81
+ "id": {
82
+ "type": "string"
83
+ },
84
+ "reason": {
85
+ "type": "string"
86
+ }
87
+ },
88
+ "required": [
89
+ "id",
90
+ "reason"
91
+ ],
92
+ "type": "object"
93
+ },
94
+ "type": "array"
95
+ }
96
+ },
97
+ "required": [
98
+ "path",
99
+ "suppressions"
100
+ ],
101
+ "type": "object"
102
+ },
103
+ "MdaaNagSuppressionConfigs": {
104
+ "additionalProperties": false,
105
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for CDK Nag rule suppressions organized by CloudFormation resource paths. Enables selective suppression of security compliance rules for specific resources while maintaining overall compliance posture and audit trail.\n\nUse cases: False positive suppression; Approved security exceptions; Legacy resource compliance exemptions\n\nAWS: Suppresses CDK Nag security rule violations for specific CloudFormation resources during deployment validation\n\nValidation: by_path array must contain valid suppression configurations with resource paths and justifications",
106
+ "properties": {
107
+ "by_path": {
108
+ "description": "Q-ENHANCED-PROPERTY\nArray of CDK Nag suppressions organized by CloudFormation resource path, enabling targeted suppression of specific security rules for individual resources. Each suppression requires justification and maps to specific CloudFormation resource paths.\n\nUse cases: Resource-specific security exceptions; False positive rule suppressions; Approved compliance deviations\n\nAWS: CDK Nag rule suppression targeting specific CloudFormation resources during security validation\n\nValidation: Must be array of valid MdaaNagSuppressionByPath objects with valid resource paths and suppression details\n *",
109
+ "items": {
110
+ "$ref": "#/definitions/MdaaNagSuppressionByPath"
111
+ },
112
+ "type": "array"
113
+ }
114
+ },
115
+ "required": [
116
+ "by_path"
117
+ ],
118
+ "type": "object"
119
+ },
120
+ "MdaaServiceCatalogConstraintConfig": {
121
+ "additionalProperties": false,
122
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog constraints that group multiple validation rules with descriptive information. Enables parameter validation and business rule enforcement for Service Catalog products.\n\nUse cases: Product parameter validation; Business rule grouping; Service Catalog compliance enforcement\n\nAWS: Configures AWS Service Catalog constraints with multiple validation rules for product provisioning\n\nValidation: description must be non-empty; rules must be object with valid constraint rule configurations",
123
+ "properties": {
124
+ "description": {
125
+ "description": "Q-ENHANCED-PROPERTY\nHuman-readable description explaining the purpose and scope of the Service Catalog constraint. Provides clear documentation about the validation rules and business requirements enforced by the constraint.\n\nUse cases: Constraint documentation; User guidance; Business rule explanation\n\nAWS: AWS Service Catalog constraint description for user understanding\n\nValidation: Must be non-empty descriptive text explaining the constraint purpose and scope",
126
+ "type": "string"
127
+ },
128
+ "rules": {
129
+ "additionalProperties": {
130
+ "$ref": "#/definitions/MdaaServiceCatalogConstraintRuleConfig"
131
+ },
132
+ "description": "Q-ENHANCED-PROPERTY\nObject containing named constraint rules that define the validation logic for Service Catalog product parameters. Each rule can contain conditions and assertions for parameter validation.\n\nUse cases: Named validation rules; Organized constraint logic; Multiple validation scenarios\n\nAWS: AWS Service Catalog constraint rules for structured parameter validation\n\nValidation: Must be object with string keys and valid MdaaServiceCatalogConstraintRuleConfig values\n *",
133
+ "type": "object"
134
+ }
135
+ },
136
+ "required": [
137
+ "description",
138
+ "rules"
139
+ ],
140
+ "type": "object"
141
+ },
142
+ "MdaaServiceCatalogConstraintRuleAssertionConfig": {
143
+ "additionalProperties": false,
144
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog constraint rule assertions that define validation logic for Service Catalog product parameters. Enables parameter validation and business rule enforcement during Service Catalog product provisioning.\n\nUse cases: Parameter validation rules; Business logic enforcement; Service Catalog product compliance\n\nAWS: Configures AWS Service Catalog constraint rules for product parameter validation during provisioning\n\nValidation: assert must be valid constraint assertion expression; description must be non-empty explanatory text",
145
+ "properties": {
146
+ "assert": {
147
+ "description": "Q-ENHANCED-PROPERTY\nConstraint assertion expression that defines the validation logic for Service Catalog product parameters. Uses CloudFormation intrinsic functions and conditions to validate parameter values during product provisioning.\n\nUse cases: Parameter range validation; Cross-parameter dependency checks; Business rule enforcement\n\nAWS: AWS Service Catalog constraint rule assertion for parameter validation\n\nValidation: Must be valid CloudFormation condition expression using intrinsic functions",
148
+ "type": "string"
149
+ },
150
+ "description": {
151
+ "description": "Q-ENHANCED-PROPERTY\nHuman-readable description explaining the purpose and requirements of the constraint assertion. Provides clear guidance to users about parameter validation requirements and business rules.\n\nUse cases: User guidance for parameter validation; Error message context; Business rule documentation\n\nAWS: AWS Service Catalog constraint rule description for user guidance\n\nValidation: Must be non-empty descriptive text explaining the constraint purpose",
152
+ "type": "string"
153
+ }
154
+ },
155
+ "required": [
156
+ "assert",
157
+ "description"
158
+ ],
159
+ "type": "object"
160
+ },
161
+ "MdaaServiceCatalogConstraintRuleCondititionConfig": {
162
+ "additionalProperties": false,
163
+ "type": "object"
164
+ },
165
+ "MdaaServiceCatalogConstraintRuleConfig": {
166
+ "additionalProperties": false,
167
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog constraint rules that combine conditions and assertions for parameter validation. Enables complex validation logic with conditional assertions based on parameter values.\n\nUse cases: Complex parameter validation; Conditional business rules; Multi-parameter validation logic\n\nAWS: Configures AWS Service Catalog constraint rules with conditions and assertions for product parameter validation\n\nValidation: condition must be valid condition config; assertions must be array of valid assertion configs",
168
+ "properties": {
169
+ "assertions": {
170
+ "description": "Q-ENHANCED-PROPERTY\nArray of constraint assertions that define the validation logic to be applied when the condition is met. Each assertion validates specific aspects of the Service Catalog product parameters.\n\nUse cases: Multiple validation checks; parameter validation; Business rule enforcement\n\nAWS: AWS Service Catalog constraint rule assertions for parameter validation\n\nValidation: Must be array of valid MdaaServiceCatalogConstraintRuleAssertionConfig objects",
171
+ "items": {
172
+ "$ref": "#/definitions/MdaaServiceCatalogConstraintRuleAssertionConfig"
173
+ },
174
+ "type": "array"
175
+ },
176
+ "condition": {
177
+ "$ref": "#/definitions/MdaaServiceCatalogConstraintRuleCondititionConfig",
178
+ "description": "Q-ENHANCED-PROPERTY\nCondition configuration that determines when the constraint rule assertions should be evaluated. Enables conditional validation logic based on parameter values and deployment context.\n\nUse cases: Conditional validation logic; Context-dependent rules; Parameter-dependent constraints\n\nAWS: AWS Service Catalog constraint rule condition for conditional validation\n\nValidation: Must be valid MdaaServiceCatalogConstraintRuleCondititionConfig object"
179
+ }
180
+ },
181
+ "required": [
182
+ "assertions",
183
+ "condition"
184
+ ],
185
+ "type": "object"
186
+ },
187
+ "MdaaServiceCatalogParameterConfig": {
188
+ "additionalProperties": false,
189
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog product parameters that combines CloudFormation parameter properties with optional constraint validation. Enables parameterized Service Catalog products with validation rules.\n\nUse cases: Service Catalog product parameterization; Parameter validation; User input constraints\n\nAWS: Configures AWS Service Catalog product parameters with CloudFormation properties and validation constraints\n\nValidation: props must be valid CfnParameterProps; constraints must be valid constraint configuration if provided",
190
+ "properties": {
191
+ "constraints": {
192
+ "$ref": "#/definitions/MdaaServiceCatalogConstraintConfig",
193
+ "description": "Q-ENHANCED-PROPERTY\nOptional constraint configuration that defines additional validation rules for the Service Catalog product parameter. Enables business rule enforcement and complex parameter validation beyond basic CloudFormation constraints.\n\nUse cases: Advanced parameter validation; Business rule enforcement; Cross-parameter validation\n\nAWS: AWS Service Catalog parameter constraints for enhanced validation during provisioning\n\nValidation: Must be valid MdaaServiceCatalogConstraintConfig object if provided"
194
+ },
195
+ "props": {
196
+ "$ref": "#/definitions/CfnParameterProps",
197
+ "description": "Q-ENHANCED-PROPERTY\nCloudFormation parameter properties that define the parameter characteristics including type, default value, and allowed values. Provides the foundational parameter definition for Service Catalog products.\n\nUse cases: Parameter type definition; Default value specification; Allowed value constraints\n\nAWS: AWS CloudFormation parameter properties for Service Catalog product parameters\n\nValidation: Must be valid CfnParameterProps object with required CloudFormation parameter properties"
198
+ }
199
+ },
200
+ "required": [
201
+ "props"
202
+ ],
203
+ "type": "object"
204
+ },
205
+ "MdaaServiceCatalogProductConfig": {
206
+ "additionalProperties": false,
207
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog product deployment that specifies portfolio association, ownership, and parameterization. Enables MDAA modules to be deployed as self-service Service Catalog products with controlled access and validation.\n\nUse cases: Self-service infrastructure deployment; Controlled resource provisioning; Parameterized product offerings\n\nAWS: Configures AWS Service Catalog products for self-service deployment of MDAA modules with portfolio management\n\nValidation: portfolio_arn must be valid Service Catalog portfolio ARN; owner and name must be non-empty strings",
208
+ "properties": {
209
+ "launch_role_name": {
210
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM role name that will be used to launch the Service Catalog product. Enables controlled permissions for product provisioning and resource creation with specific IAM role constraints.\n\nUse cases: Controlled provisioning permissions; IAM role-based access; Security constraint enforcement\n\nAWS: AWS Service Catalog launch role for controlled product provisioning permissions\n\nValidation: Must be valid IAM role name if provided",
211
+ "type": "string"
212
+ },
213
+ "name": {
214
+ "description": "Q-ENHANCED-PROPERTY\nDisplay name for the Service Catalog product that will be visible to end users in the Service Catalog console. Should be descriptive and user-friendly to facilitate product discovery and selection.\n\nUse cases: Product identification; User-friendly naming; Service Catalog console display\n\nAWS: AWS Service Catalog product name for user interface display\n\nValidation: Must be non-empty string suitable for Service Catalog product naming",
215
+ "type": "string"
216
+ },
217
+ "owner": {
218
+ "description": "Q-ENHANCED-PROPERTY\nOwner identifier for the Service Catalog product, typically representing the team or organization responsible for the product. Provides accountability and contact information for product management.\n\nUse cases: Product ownership identification; Contact information; Responsibility assignment\n\nAWS: AWS Service Catalog product owner for accountability and management\n\nValidation: Must be non-empty string identifying the product owner",
219
+ "type": "string"
220
+ },
221
+ "parameters": {
222
+ "additionalProperties": {
223
+ "$ref": "#/definitions/MdaaServiceCatalogParameterConfig"
224
+ },
225
+ "description": "Q-ENHANCED-PROPERTY\nOptional object containing named parameter configurations for the Service Catalog product. Enables parameterized product deployment with validation rules and user input constraints.\n\nUse cases: Product parameterization; User input collection; Deployment customization\n\nAWS: AWS Service Catalog product parameters for user-configurable deployment options\n\nValidation: Must be object with string keys and valid MdaaServiceCatalogParameterConfig values if provided\n *",
226
+ "type": "object"
227
+ },
228
+ "portfolio_arn": {
229
+ "description": "Q-ENHANCED-PROPERTY\nARN of the AWS Service Catalog portfolio where the product will be associated. Determines access control and organizational structure for the Service Catalog product deployment.\n\nUse cases: Portfolio organization; Access control; Product categorization\n\nAWS: AWS Service Catalog portfolio ARN for product association and access management\n\nValidation: Must be valid AWS Service Catalog portfolio ARN format",
230
+ "type": "string"
231
+ }
232
+ },
233
+ "required": [
234
+ "name",
235
+ "owner",
236
+ "portfolio_arn"
237
+ ],
238
+ "type": "object"
239
+ },
240
+ "PipelineConfig": {
241
+ "additionalProperties": false,
242
+ "description": "Q-ENHANCED-INTERFACE\nIndividual pipeline configuration interface for environment-specific MDAA deployment pipelines with domain, environment, and module filtering capabilities. Defines pipeline-specific deployment parameters including target filters for selective deployment, custom command execution, and pipeline-level deployment lifecycle management for targeted infrastructure deployment within multi-domain data architectures.\nUse cases: Environment-specific pipelines; Selective module deployment; Domain-filtered deployments; Pipeline customization; Targeted infrastructure updates\nAWS: AWS CodePipeline configuration with domain/environment/module filtering for selective MDAA deployment targeting specific infrastructure components\nValidation: domainFilter, envFilter, and moduleFilter must reference valid MDAA domains, environments, and modules; pipeline must inherit valid Commands configuration",
243
+ "properties": {
244
+ "deploy": {
245
+ "$ref": "#/definitions/StageCommands",
246
+ "description": "Q-ENHANCED-INTERFACE\nDeployment stage command configuration interface for CodeBuild projects that execute custom scripts during MDAA deployment pipeline stages. Defines install dependencies, pre-deployment preparation commands, and post-deployment cleanup commands that run in CodeBuild environments to customize deployment behavior and perform environment-specific operations.\n\nUse cases: Environment preparation; Custom deployment scripts; Post-deployment cleanup; Infrastructure customization; Environment-specific configuration\n\nAWS: AWS CodeBuild project commands with install, pre-execution, and post-execution hooks for deployment stage customization\n\nValidation: install commands must be valid package manager commands; pre/post commands must be executable shell scripts; commands execute in CodeBuild Linux environment"
247
+ },
248
+ "domainFilter": {
249
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of domain names for pipeline deployment filtering enabling selective domain-specific deployments. Restricts pipeline execution to only the specified MDAA domains, allowing for targeted deployment strategies and domain isolation in multi-domain data architectures.\n\nUse cases: Domain-specific deployments; Multi-domain filtering; Selective domain updates; Domain isolation strategies\n\nAWS: AWS CodePipeline domain filtering for selective MDAA domain deployment and targeted infrastructure updates\n\nValidation: Must be array of valid MDAA domain names if provided; domains must exist in MDAA configuration; optional for domain filtering",
250
+ "items": {
251
+ "type": "string"
252
+ },
253
+ "type": "array"
254
+ },
255
+ "envFilter": {
256
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of environment names for pipeline deployment filtering enabling selective environment-specific deployments. Restricts pipeline execution to only the specified MDAA environments, allowing for targeted deployment strategies and environment isolation across development, staging, and production environments.\n\nUse cases: Environment-specific deployments; Multi-environment filtering; Selective environment updates; Environment isolation strategies\n\nAWS: AWS CodePipeline environment filtering for selective MDAA environment deployment and targeted infrastructure updates\n\nValidation: Must be array of valid MDAA environment names if provided; environments must exist in MDAA configuration; optional for environment filtering",
257
+ "items": {
258
+ "type": "string"
259
+ },
260
+ "type": "array"
261
+ },
262
+ "install": {
263
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of package installation commands for CodeBuild environment setup enabling dependency management and tool installation. Defines commands that will be executed during the install phase to install required packages, dependencies, and tools needed for deployment operations.\n\nUse cases: Dependency installation; Tool setup; Package management; Environment preparation; Build tool installation\n\nAWS: AWS CodeBuild install phase commands for dependency installation and environment setup\n\nValidation: Must be array of valid shell commands if provided; commands execute in CodeBuild Linux environment; optional for install phase",
264
+ "items": {
265
+ "type": "string"
266
+ },
267
+ "type": "array"
268
+ },
269
+ "moduleFilter": {
270
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of module names for pipeline deployment filtering enabling selective module-specific deployments. Restricts pipeline execution to only the specified MDAA modules, allowing for targeted deployment strategies and module isolation for specific infrastructure components or services.\n\nUse cases: Module-specific deployments; Multi-module filtering; Selective module updates; Component isolation strategies\n\nAWS: AWS CodePipeline module filtering for selective MDAA module deployment and targeted infrastructure component updates\n\nValidation: Must be array of valid MDAA module names if provided; modules must exist in MDAA configuration; optional for module filtering",
271
+ "items": {
272
+ "type": "string"
273
+ },
274
+ "type": "array"
275
+ },
276
+ "post": {
277
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of post-execution commands for deployment stage cleanup and finalization enabling custom cleanup and post-deployment operations. Defines commands that will be executed after the main deployment stage to perform cleanup, notification, validation, and finalization tasks.\n\nUse cases: Post-deployment cleanup; Notification sending; Validation checks; Resource cleanup; Finalization tasks\n\nAWS: AWS CodeBuild post-execution commands for deployment stage cleanup and finalization\n\nValidation: Must be array of valid shell commands if provided; commands execute in CodeBuild Linux environment; optional for post-execution phase",
278
+ "items": {
279
+ "type": "string"
280
+ },
281
+ "type": "array"
282
+ },
283
+ "postDeployValidate": {
284
+ "$ref": "#/definitions/ValidateStageCommands",
285
+ "description": "Q-ENHANCED-INTERFACE\nValidation stage command configuration interface for CodeBuild validation projects that execute infrastructure testing and compliance verification during MDAA deployment pipelines. Defines install dependencies and validation commands that run in CodeBuild environments to verify deployed infrastructure meets requirements before pipeline progression.\n\nUse cases: Infrastructure smoke testing; Compliance verification; Deployment validation; Quality gate enforcement; Post-deployment verification\n\nAWS: AWS CodeBuild validation project commands with install dependencies and validation script execution for pipeline quality gates\n\nValidation: install commands must be valid package manager commands; commands must be executable shell scripts that return appropriate exit codes for pipeline success/failure"
286
+ },
287
+ "pre": {
288
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of pre-execution commands for deployment stage preparation enabling custom setup and validation before main deployment operations. Defines commands that will be executed before the main deployment stage to perform environment preparation, validation, and custom setup tasks.\n\nUse cases: Environment preparation; Pre-deployment validation; Custom setup; Configuration verification; Prerequisite checks\n\nAWS: AWS CodeBuild pre-execution commands for deployment stage preparation and validation\n\nValidation: Must be array of valid shell commands if provided; commands execute in CodeBuild Linux environment; optional for pre-execution phase",
289
+ "items": {
290
+ "type": "string"
291
+ },
292
+ "type": "array"
293
+ },
294
+ "preDeploy": {
295
+ "$ref": "#/definitions/StageCommands",
296
+ "description": "Q-ENHANCED-INTERFACE\nDeployment stage command configuration interface for CodeBuild projects that execute custom scripts during MDAA deployment pipeline stages. Defines install dependencies, pre-deployment preparation commands, and post-deployment cleanup commands that run in CodeBuild environments to customize deployment behavior and perform environment-specific operations.\n\nUse cases: Environment preparation; Custom deployment scripts; Post-deployment cleanup; Infrastructure customization; Environment-specific configuration\n\nAWS: AWS CodeBuild project commands with install, pre-execution, and post-execution hooks for deployment stage customization\n\nValidation: install commands must be valid package manager commands; pre/post commands must be executable shell scripts; commands execute in CodeBuild Linux environment"
297
+ },
298
+ "preDeployValidate": {
299
+ "$ref": "#/definitions/ValidateStageCommands",
300
+ "description": "Q-ENHANCED-INTERFACE\nValidation stage command configuration interface for CodeBuild validation projects that execute infrastructure testing and compliance verification during MDAA deployment pipelines. Defines install dependencies and validation commands that run in CodeBuild environments to verify deployed infrastructure meets requirements before pipeline progression.\n\nUse cases: Infrastructure smoke testing; Compliance verification; Deployment validation; Quality gate enforcement; Post-deployment verification\n\nAWS: AWS CodeBuild validation project commands with install dependencies and validation script execution for pipeline quality gates\n\nValidation: install commands must be valid package manager commands; commands must be executable shell scripts that return appropriate exit codes for pipeline success/failure"
301
+ }
302
+ },
303
+ "type": "object"
304
+ },
305
+ "StageCommands": {
306
+ "additionalProperties": false,
307
+ "description": "Q-ENHANCED-INTERFACE\nDeployment stage command configuration interface for CodeBuild projects that execute custom scripts during MDAA deployment pipeline stages. Defines install dependencies, pre-deployment preparation commands, and post-deployment cleanup commands that run in CodeBuild environments to customize deployment behavior and perform environment-specific operations.\n\nUse cases: Environment preparation; Custom deployment scripts; Post-deployment cleanup; Infrastructure customization; Environment-specific configuration\n\nAWS: AWS CodeBuild project commands with install, pre-execution, and post-execution hooks for deployment stage customization\n\nValidation: install commands must be valid package manager commands; pre/post commands must be executable shell scripts; commands execute in CodeBuild Linux environment",
308
+ "properties": {
309
+ "install": {
310
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of package installation commands for CodeBuild environment setup enabling dependency management and tool installation. Defines commands that will be executed during the install phase to install required packages, dependencies, and tools needed for deployment operations.\n\nUse cases: Dependency installation; Tool setup; Package management; Environment preparation; Build tool installation\n\nAWS: AWS CodeBuild install phase commands for dependency installation and environment setup\n\nValidation: Must be array of valid shell commands if provided; commands execute in CodeBuild Linux environment; optional for install phase",
311
+ "items": {
312
+ "type": "string"
313
+ },
314
+ "type": "array"
315
+ },
316
+ "post": {
317
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of post-execution commands for deployment stage cleanup and finalization enabling custom cleanup and post-deployment operations. Defines commands that will be executed after the main deployment stage to perform cleanup, notification, validation, and finalization tasks.\n\nUse cases: Post-deployment cleanup; Notification sending; Validation checks; Resource cleanup; Finalization tasks\n\nAWS: AWS CodeBuild post-execution commands for deployment stage cleanup and finalization\n\nValidation: Must be array of valid shell commands if provided; commands execute in CodeBuild Linux environment; optional for post-execution phase",
318
+ "items": {
319
+ "type": "string"
320
+ },
321
+ "type": "array"
322
+ },
323
+ "pre": {
324
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of pre-execution commands for deployment stage preparation enabling custom setup and validation before main deployment operations. Defines commands that will be executed before the main deployment stage to perform environment preparation, validation, and custom setup tasks.\n\nUse cases: Environment preparation; Pre-deployment validation; Custom setup; Configuration verification; Prerequisite checks\n\nAWS: AWS CodeBuild pre-execution commands for deployment stage preparation and validation\n\nValidation: Must be array of valid shell commands if provided; commands execute in CodeBuild Linux environment; optional for pre-execution phase",
325
+ "items": {
326
+ "type": "string"
327
+ },
328
+ "type": "array"
329
+ }
330
+ },
331
+ "type": "object"
332
+ },
333
+ "ValidateStageCommands": {
334
+ "additionalProperties": false,
335
+ "description": "Q-ENHANCED-INTERFACE\nValidation stage command configuration interface for CodeBuild validation projects that execute infrastructure testing and compliance verification during MDAA deployment pipelines. Defines install dependencies and validation commands that run in CodeBuild environments to verify deployed infrastructure meets requirements before pipeline progression.\n\nUse cases: Infrastructure smoke testing; Compliance verification; Deployment validation; Quality gate enforcement; Post-deployment verification\n\nAWS: AWS CodeBuild validation project commands with install dependencies and validation script execution for pipeline quality gates\n\nValidation: install commands must be valid package manager commands; commands must be executable shell scripts that return appropriate exit codes for pipeline success/failure",
336
+ "properties": {
337
+ "commands": {
338
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of validation commands for infrastructure testing and compliance verification enabling quality gate enforcement. Defines commands that will be executed to validate deployed infrastructure, perform smoke tests, and verify compliance requirements before pipeline progression.\n\nUse cases: Infrastructure smoke testing; Compliance verification; Quality gate enforcement; Post-deployment validation; Infrastructure testing\n\nAWS: AWS CodeBuild validation commands for infrastructure testing and compliance verification with quality gate enforcement\n\nValidation: Must be array of valid shell commands if provided; commands must return appropriate exit codes for pipeline success/failure; optional for validation execution",
339
+ "items": {
340
+ "type": "string"
341
+ },
342
+ "type": "array"
343
+ },
344
+ "install": {
345
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of package installation commands for CodeBuild validation environment setup enabling testing tool installation and dependency management. Defines commands that will be executed during the install phase to install required testing frameworks, validation tools, and dependencies needed for infrastructure validation operations.\n\nUse cases: Testing tool installation; Validation dependency setup; Testing framework installation; Environment preparation; Validation tool setup\n\nAWS: AWS CodeBuild validation install phase commands for testing tool installation and validation environment setup\n\nValidation: Must be array of valid shell commands if provided; commands execute in CodeBuild Linux environment; optional for validation install phase",
346
+ "items": {
347
+ "type": "string"
348
+ },
349
+ "type": "array"
350
+ }
351
+ },
352
+ "type": "object"
353
+ }
354
+ },
355
+ "description": "Q-ENHANCED-INTERFACE\nMDAA DevOps configuration interface for CI/CD pipeline orchestration with CodeCommit repository integration and multi-environment deployment management. Defines the complete DevOps infrastructure including source repositories, deployment pipelines, and CDK bootstrap configuration for automated MDAA infrastructure deployment across multiple environments with approval gates and validation stages.\n\nUse cases: Multi-environment CI/CD pipelines; Automated MDAA deployments; Configuration repository management; Infrastructure change management; DevOps automation\n\nAWS: AWS CodePipeline with CodeCommit source repositories, CodeBuild projects for MDAA CLI execution, and CDK bootstrap integration for infrastructure deployment\n\nValidation: mdaaCodeCommitRepo and configsCodeCommitRepo must be valid CodeCommit repository names; pipelines must contain valid PipelineConfig objects; cdkBootstrapContext must be valid CDK qualifier",
356
+ "properties": {
357
+ "cdkBootstrapContext": {
358
+ "description": "Q-ENHANCED-PROPERTY\nCDK bootstrap context qualifier for identifying CDK bootstrap resources in the target environment. Defines the CDK bootstrap qualifier used to locate CDK deployment roles, buckets, and other bootstrap resources for MDAA infrastructure deployment through CI/CD pipelines.\n\nUse cases: CDK bootstrap resource identification; Multi-environment CDK deployment; Bootstrap resource isolation; CDK role management\n\nAWS: AWS CDK bootstrap resources including deployment roles and asset buckets\n\nValidation: Must be valid CDK bootstrap qualifier string; defaults to standard CDK qualifier if not specified; optional string",
359
+ "type": "string"
360
+ },
361
+ "configsBranch": {
362
+ "type": "string"
363
+ },
364
+ "configsCodeCommitRepo": {
365
+ "type": "string"
366
+ },
367
+ "deploy": {
368
+ "$ref": "#/definitions/StageCommands",
369
+ "description": "Q-ENHANCED-INTERFACE\nDeployment stage command configuration interface for CodeBuild projects that execute custom scripts during MDAA deployment pipeline stages. Defines install dependencies, pre-deployment preparation commands, and post-deployment cleanup commands that run in CodeBuild environments to customize deployment behavior and perform environment-specific operations.\n\nUse cases: Environment preparation; Custom deployment scripts; Post-deployment cleanup; Infrastructure customization; Environment-specific configuration\n\nAWS: AWS CodeBuild project commands with install, pre-execution, and post-execution hooks for deployment stage customization\n\nValidation: install commands must be valid package manager commands; pre/post commands must be executable shell scripts; commands execute in CodeBuild Linux environment"
370
+ },
371
+ "install": {
372
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of package installation commands for CodeBuild environment setup enabling dependency management and tool installation. Defines commands that will be executed during the install phase to install required packages, dependencies, and tools needed for deployment operations.\n\nUse cases: Dependency installation; Tool setup; Package management; Environment preparation; Build tool installation\n\nAWS: AWS CodeBuild install phase commands for dependency installation and environment setup\n\nValidation: Must be array of valid shell commands if provided; commands execute in CodeBuild Linux environment; optional for install phase",
373
+ "items": {
374
+ "type": "string"
375
+ },
376
+ "type": "array"
377
+ },
378
+ "mdaaBranch": {
379
+ "type": "string"
380
+ },
381
+ "mdaaCodeCommitRepo": {
382
+ "type": "string"
383
+ },
384
+ "nag_suppressions": {
385
+ "$ref": "#/definitions/MdaaNagSuppressionConfigs",
386
+ "description": "Q-ENHANCED-PROPERTY\nOptional CDK Nag suppression configurations for compliance rule management enabling controlled security rule exceptions and compliance documentation. Provides structured approach to managing security rule suppressions with proper justification and documentation for compliance auditing.\n\nUse cases: Compliance management; Security rule exceptions; Audit documentation; Controlled suppressions\n\nAWS: CDK Nag suppressions for compliance rule management and security exception documentation\n\nValidation: Must be valid MdaaNagSuppressionConfigs if provided; enables structured compliance rule management"
387
+ },
388
+ "pipelines": {
389
+ "additionalProperties": {
390
+ "$ref": "#/definitions/PipelineConfig"
391
+ },
392
+ "type": "object"
393
+ },
394
+ "post": {
395
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of post-execution commands for deployment stage cleanup and finalization enabling custom cleanup and post-deployment operations. Defines commands that will be executed after the main deployment stage to perform cleanup, notification, validation, and finalization tasks.\n\nUse cases: Post-deployment cleanup; Notification sending; Validation checks; Resource cleanup; Finalization tasks\n\nAWS: AWS CodeBuild post-execution commands for deployment stage cleanup and finalization\n\nValidation: Must be array of valid shell commands if provided; commands execute in CodeBuild Linux environment; optional for post-execution phase",
396
+ "items": {
397
+ "type": "string"
398
+ },
399
+ "type": "array"
400
+ },
401
+ "postDeployValidate": {
402
+ "$ref": "#/definitions/ValidateStageCommands",
403
+ "description": "Q-ENHANCED-INTERFACE\nValidation stage command configuration interface for CodeBuild validation projects that execute infrastructure testing and compliance verification during MDAA deployment pipelines. Defines install dependencies and validation commands that run in CodeBuild environments to verify deployed infrastructure meets requirements before pipeline progression.\n\nUse cases: Infrastructure smoke testing; Compliance verification; Deployment validation; Quality gate enforcement; Post-deployment verification\n\nAWS: AWS CodeBuild validation project commands with install dependencies and validation script execution for pipeline quality gates\n\nValidation: install commands must be valid package manager commands; commands must be executable shell scripts that return appropriate exit codes for pipeline success/failure"
404
+ },
405
+ "pre": {
406
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of pre-execution commands for deployment stage preparation enabling custom setup and validation before main deployment operations. Defines commands that will be executed before the main deployment stage to perform environment preparation, validation, and custom setup tasks.\n\nUse cases: Environment preparation; Pre-deployment validation; Custom setup; Configuration verification; Prerequisite checks\n\nAWS: AWS CodeBuild pre-execution commands for deployment stage preparation and validation\n\nValidation: Must be array of valid shell commands if provided; commands execute in CodeBuild Linux environment; optional for pre-execution phase",
407
+ "items": {
408
+ "type": "string"
409
+ },
410
+ "type": "array"
411
+ },
412
+ "preDeploy": {
413
+ "$ref": "#/definitions/StageCommands",
414
+ "description": "Q-ENHANCED-INTERFACE\nDeployment stage command configuration interface for CodeBuild projects that execute custom scripts during MDAA deployment pipeline stages. Defines install dependencies, pre-deployment preparation commands, and post-deployment cleanup commands that run in CodeBuild environments to customize deployment behavior and perform environment-specific operations.\n\nUse cases: Environment preparation; Custom deployment scripts; Post-deployment cleanup; Infrastructure customization; Environment-specific configuration\n\nAWS: AWS CodeBuild project commands with install, pre-execution, and post-execution hooks for deployment stage customization\n\nValidation: install commands must be valid package manager commands; pre/post commands must be executable shell scripts; commands execute in CodeBuild Linux environment"
415
+ },
416
+ "preDeployValidate": {
417
+ "$ref": "#/definitions/ValidateStageCommands",
418
+ "description": "Q-ENHANCED-INTERFACE\nValidation stage command configuration interface for CodeBuild validation projects that execute infrastructure testing and compliance verification during MDAA deployment pipelines. Defines install dependencies and validation commands that run in CodeBuild environments to verify deployed infrastructure meets requirements before pipeline progression.\n\nUse cases: Infrastructure smoke testing; Compliance verification; Deployment validation; Quality gate enforcement; Post-deployment verification\n\nAWS: AWS CodeBuild validation project commands with install dependencies and validation script execution for pipeline quality gates\n\nValidation: install commands must be valid package manager commands; commands must be executable shell scripts that return appropriate exit codes for pipeline success/failure"
419
+ },
420
+ "service_catalog_product_config": {
421
+ "$ref": "#/definitions/MdaaServiceCatalogProductConfig",
422
+ "description": "Q-ENHANCED-PROPERTY\nOptional Service Catalog product configuration for governed self-service deployment enabling controlled infrastructure provisioning and governance. When specified, deploys the module as a Service Catalog product instead of direct deployment for governed access and compliance.\n\nUse cases: Governed deployment; Self-service provisioning; Service Catalog integration; Controlled access\n\nAWS: Service Catalog product configuration for governed infrastructure deployment and self-service provisioning\n\nValidation: Must be valid MdaaServiceCatalogProductConfig if provided; enables Service Catalog deployment mode"
423
+ }
424
+ },
425
+ "required": [
426
+ "configsCodeCommitRepo",
427
+ "mdaaCodeCommitRepo"
428
+ ],
429
+ "type": "object"
430
+ }
431
+