npm - @btc-embedded/cdk-extensions - Versions diffs - 0.22.22 → 0.22.23 - Mend

@btc-embedded/cdk-extensions 0.22.22 → 0.22.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/.jsii +880 -182
package/API.md +777 -52
package/CHANGELOG.md +2 -0
package/assets/cli/catnip.js +1 -1
package/lib/constructs/EventPipe.js +1 -1
package/lib/constructs/ExportedService.js +1 -1
package/lib/constructs/S3Bucket.js +1 -1
package/lib/constructs/SecureRestApi.js +1 -1
package/lib/constructs/SecureRestApiV2.js +1 -1
package/lib/constructs/api-keys/ApiKeyClientAuthorization.js +1 -1
package/lib/constructs/api-keys/ApiKeyManagement.js +1 -1
package/lib/constructs/api-keys/ApiKeyPreTokenHandler.js +1 -1
package/lib/constructs/api-keys/ApiKeyStore.js +1 -1
package/lib/extensions/ApiGatewayExtension.d.ts +17 -0
package/lib/extensions/ApiGatewayExtension.js +31 -32
package/lib/extensions/ApplicationContainer.js +1 -1
package/lib/extensions/ApplicationLoadBalancerExtension.d.ts +16 -0
package/lib/extensions/ApplicationLoadBalancerExtension.js +28 -28
package/lib/extensions/ApplicationLoadBalancerExtensionV2.d.ts +27 -7
package/lib/extensions/ApplicationLoadBalancerExtensionV2.js +16 -7
package/lib/extensions/CloudMapExtension.d.ts +15 -0
package/lib/extensions/CloudMapExtension.js +7 -3
package/lib/extensions/DeactivatableServiceExtension.js +1 -1
package/lib/extensions/DeploymentConfigExtension.js +1 -1
package/lib/extensions/DocumentDbAccessExtension.d.ts +14 -2
package/lib/extensions/DocumentDbAccessExtension.js +9 -3
package/lib/extensions/DomainEventMessagingExtension.js +1 -1
package/lib/extensions/EfsMountExtension.js +1 -1
package/lib/extensions/ExtraContainerExtension.js +1 -1
package/lib/extensions/HTTPApiExtension.d.ts +30 -1
package/lib/extensions/HTTPApiExtension.js +14 -7
package/lib/extensions/LogExtension.js +1 -1
package/lib/extensions/ModifyContainerDefinitionExtension.js +1 -1
package/lib/extensions/ModifyTaskDefinitionExtension.js +1 -1
package/lib/extensions/OpenIdExtension.d.ts +14 -0
package/lib/extensions/OpenIdExtension.js +9 -3
package/lib/extensions/OpenTelemetryExtension.js +1 -1
package/lib/extensions/PostgresDbAccessExtension.d.ts +30 -7
package/lib/extensions/PostgresDbAccessExtension.js +24 -29
package/lib/extensions/SharedVolumeExtension.js +1 -1
package/lib/extensions/TcpKeepAliveExtension.js +1 -1
package/lib/platform/ApiGateway.d.ts +29 -1
package/lib/platform/ApiGateway.js +31 -2
package/lib/platform/ApiGatewayVpcLink.js +2 -2
package/lib/platform/ApplicationLoadBalancer.js +1 -1
package/lib/platform/ApplicationLoadBalancerV2.js +2 -2
package/lib/platform/AuroraPostgresDB.d.ts +63 -3
package/lib/platform/AuroraPostgresDB.js +45 -7
package/lib/platform/BTCLogGroup.js +1 -1
package/lib/platform/CognitoUserPool.js +2 -2
package/lib/platform/DefaultUserPoolClients.js +1 -1
package/lib/platform/DocumentDB.d.ts +10 -2
package/lib/platform/DocumentDB.js +12 -7
package/lib/platform/EcsCluster.js +1 -1
package/lib/platform/EfsFileSystem.js +1 -1
package/lib/platform/HostedZone.js +1 -1
package/lib/platform/PrivateDnsNamespace.js +1 -1
package/lib/platform/ResourceServer.js +1 -1
package/lib/platform/Vpc.js +1 -1
package/lib/platform/VpcV2.js +1 -1
package/lib/stacks/ApplicationStack.js +1 -1
package/lib/utils/BasePlatformStackResolver.js +1 -1
package/lib/utils/StackParameter.js +1 -1
package/package.json +1 -1

package/API.md CHANGED Viewed

@@ -4,6 +4,8 @@
 ### ApiGateway <a name="ApiGateway" id="@btc-embedded/cdk-extensions.ApiGateway"></a>
+- *Implements:* <a href="#@btc-embedded/cdk-extensions.IApiGateway">IApiGateway</a>
 API Gateway construct to be used in base platforms.
 This API Gateway construct sets up an API Gateway V2 and a default HTTP API
@@ -70,6 +72,7 @@ Returns a string representation of this construct.
 | **Name** | **Description** |
 | --- | --- |
 | <code><a href="#@btc-embedded/cdk-extensions.ApiGateway.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
+| <code><a href="#@btc-embedded/cdk-extensions.ApiGateway.fromBasePlatform">fromBasePlatform</a></code> | Reconstructs an {@link IApiGateway} from CloudFormation exports produced by a V1 {@link ApiGateway} in a different stack. |
 ---
@@ -105,11 +108,49 @@ Any object.
 ---
+##### ~~`fromBasePlatform`~~ <a name="fromBasePlatform" id="@btc-embedded/cdk-extensions.ApiGateway.fromBasePlatform"></a>
+```typescript
+import { ApiGateway } from '@btc-embedded/cdk-extensions'
+ApiGateway.fromBasePlatform(scope: Construct, id: string, basePlatformStackName?: string)
+```
+Reconstructs an {@link IApiGateway} from CloudFormation exports produced by a V1 {@link ApiGateway} in a different stack.
+###### `scope`<sup>Required</sup> <a name="scope" id="@btc-embedded/cdk-extensions.ApiGateway.fromBasePlatform.parameter.scope"></a>
+- *Type:* constructs.Construct
+The CDK scope in which to create the import construct.
+---
+###### `id`<sup>Required</sup> <a name="id" id="@btc-embedded/cdk-extensions.ApiGateway.fromBasePlatform.parameter.id"></a>
+- *Type:* string
+The CDK construct identifier.
+---
+###### `basePlatformStackName`<sup>Optional</sup> <a name="basePlatformStackName" id="@btc-embedded/cdk-extensions.ApiGateway.fromBasePlatform.parameter.basePlatformStackName"></a>
+- *Type:* string
+Override the stack name to import from.
+When omitted the stack name is resolved via {@link BasePlatformStackResolver }.
+---
 #### Properties <a name="Properties" id="Properties"></a>
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
 | <code><a href="#@btc-embedded/cdk-extensions.ApiGateway.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
+| <code><a href="#@btc-embedded/cdk-extensions.ApiGateway.property.apiId">apiId</a></code> | <code>string</code> | The ID of the underlying HTTP API. |
+| <code><a href="#@btc-embedded/cdk-extensions.ApiGateway.property.vpcLinkId">vpcLinkId</a></code> | <code>string</code> | The ID of the VPC Link created for this API Gateway. |
 ---
@@ -127,6 +168,34 @@ The tree node.
 ---
+##### ~~`apiId`~~<sup>Required</sup> <a name="apiId" id="@btc-embedded/cdk-extensions.ApiGateway.property.apiId"></a>
+- *Deprecated:* Use the ApiGatewayVpcLink construct instead.
+```typescript
+public readonly apiId: string;
+```
+- *Type:* string
+The ID of the underlying HTTP API.
+---
+##### ~~`vpcLinkId`~~<sup>Required</sup> <a name="vpcLinkId" id="@btc-embedded/cdk-extensions.ApiGateway.property.vpcLinkId"></a>
+- *Deprecated:* Use the ApiGatewayVpcLink construct instead.
+```typescript
+public readonly vpcLinkId: string;
+```
+- *Type:* string
+The ID of the VPC Link created for this API Gateway.
+---
 ### ApiGatewayVpcLink <a name="ApiGatewayVpcLink" id="@btc-embedded/cdk-extensions.ApiGatewayVpcLink"></a>
@@ -2555,6 +2624,7 @@ Returns a string representation of this construct.
 | **Name** | **Description** |
 | --- | --- |
 | <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresCluster.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresCluster.fromBasePlatform">fromBasePlatform</a></code> | Imports an {@link IAuroraPostgresDB} instance from a base platform stack. |
 ---
@@ -2590,13 +2660,57 @@ Any object.
 ---
+##### `fromBasePlatform` <a name="fromBasePlatform" id="@btc-embedded/cdk-extensions.AuroraPostgresCluster.fromBasePlatform"></a>
+```typescript
+import { AuroraPostgresCluster } from '@btc-embedded/cdk-extensions'
+AuroraPostgresCluster.fromBasePlatform(scope: Construct, id: string, basePlatformStackName?: string)
+```
+Imports an {@link IAuroraPostgresDB} instance from a base platform stack.
+Use this for cross-stack access. For same-stack usage, pass the
+{@link AuroraPostgresCluster} construct directly where {@link IAuroraPostgresDB}
+is expected.
+###### `scope`<sup>Required</sup> <a name="scope" id="@btc-embedded/cdk-extensions.AuroraPostgresCluster.fromBasePlatform.parameter.scope"></a>
+- *Type:* constructs.Construct
+Construct scope to attach the imported component to.
+---
+###### `id`<sup>Required</sup> <a name="id" id="@btc-embedded/cdk-extensions.AuroraPostgresCluster.fromBasePlatform.parameter.id"></a>
+- *Type:* string
+Construct id for the imported component.
+---
+###### `basePlatformStackName`<sup>Optional</sup> <a name="basePlatformStackName" id="@btc-embedded/cdk-extensions.AuroraPostgresCluster.fromBasePlatform.parameter.basePlatformStackName"></a>
+- *Type:* string
+Base platform stack name.
+Falls back to
+`BasePlatformStackResolver` (CDK context) when omitted.
+---
 #### Properties <a name="Properties" id="Properties"></a>
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
 | <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresCluster.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
-| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresCluster.property.cluster">cluster</a></code> | <code>aws-cdk-lib.aws_rds.DatabaseCluster</code> | Aurora database cluster. |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresCluster.property.connectionSecret">connectionSecret</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | Secret containing the postgres connection string prefix in the form `postgresql://user:pass@host:port/`. |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresCluster.property.credentialsSecret">credentialsSecret</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | Secret containing postgres credentials (username and password). |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresCluster.property.endpoint">endpoint</a></code> | <code>string</code> | Cluster endpoint in the form `host:port`. |
 | <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresCluster.property.securityGroup">securityGroup</a></code> | <code>aws-cdk-lib.aws_ec2.SecurityGroup</code> | Security group attached to the Aurora cluster. |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresCluster.property.cluster">cluster</a></code> | <code>aws-cdk-lib.aws_rds.DatabaseCluster</code> | Aurora database cluster. |
 ---
@@ -2612,6 +2726,54 @@ The tree node.
 ---
+##### `connectionSecret`<sup>Required</sup> <a name="connectionSecret" id="@btc-embedded/cdk-extensions.AuroraPostgresCluster.property.connectionSecret"></a>
+```typescript
+public readonly connectionSecret: ISecret;
+```
+- *Type:* aws-cdk-lib.aws_secretsmanager.ISecret
+Secret containing the postgres connection string prefix in the form `postgresql://user:pass@host:port/`.
+---
+##### `credentialsSecret`<sup>Required</sup> <a name="credentialsSecret" id="@btc-embedded/cdk-extensions.AuroraPostgresCluster.property.credentialsSecret"></a>
+```typescript
+public readonly credentialsSecret: ISecret;
+```
+- *Type:* aws-cdk-lib.aws_secretsmanager.ISecret
+Secret containing postgres credentials (username and password).
+---
+##### `endpoint`<sup>Required</sup> <a name="endpoint" id="@btc-embedded/cdk-extensions.AuroraPostgresCluster.property.endpoint"></a>
+```typescript
+public readonly endpoint: string;
+```
+- *Type:* string
+Cluster endpoint in the form `host:port`.
+---
+##### `securityGroup`<sup>Required</sup> <a name="securityGroup" id="@btc-embedded/cdk-extensions.AuroraPostgresCluster.property.securityGroup"></a>
+```typescript
+public readonly securityGroup: SecurityGroup;
+```
+- *Type:* aws-cdk-lib.aws_ec2.SecurityGroup
+Security group attached to the Aurora cluster.
+---
 ##### `cluster`<sup>Required</sup> <a name="cluster" id="@btc-embedded/cdk-extensions.AuroraPostgresCluster.property.cluster"></a>
 ```typescript
@@ -2624,13 +2786,171 @@ Aurora database cluster.
 ---
-##### `securityGroup`<sup>Required</sup> <a name="securityGroup" id="@btc-embedded/cdk-extensions.AuroraPostgresCluster.property.securityGroup"></a>
+### AuroraPostgresClusterBase <a name="AuroraPostgresClusterBase" id="@btc-embedded/cdk-extensions.AuroraPostgresClusterBase"></a>
+- *Implements:* <a href="#@btc-embedded/cdk-extensions.IAuroraPostgresDB">IAuroraPostgresDB</a>
+Abstract base class shared by the concrete {@link AuroraPostgresCluster} and the import class created by {@link AuroraPostgresCluster.fromBasePlatform}.
+#### Initializers <a name="Initializers" id="@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.Initializer"></a>
 ```typescript
-public readonly securityGroup: SecurityGroup;
+import { AuroraPostgresClusterBase } from '@btc-embedded/cdk-extensions'
+new AuroraPostgresClusterBase(scope: Construct, id: string)
 ```
-- *Type:* aws-cdk-lib.aws_ec2.SecurityGroup
+| **Name** | **Type** | **Description** |
+| --- | --- | --- |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.Initializer.parameter.scope">scope</a></code> | <code>constructs.Construct</code> | The scope in which to define this construct. |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.Initializer.parameter.id">id</a></code> | <code>string</code> | The scoped construct ID. |
+---
+##### `scope`<sup>Required</sup> <a name="scope" id="@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.Initializer.parameter.scope"></a>
+- *Type:* constructs.Construct
+The scope in which to define this construct.
+---
+##### `id`<sup>Required</sup> <a name="id" id="@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.Initializer.parameter.id"></a>
+- *Type:* string
+The scoped construct ID.
+Must be unique amongst siblings. If
+the ID includes a path separator (`/`), then it will be replaced by double
+dash `--`.
+---
+#### Methods <a name="Methods" id="Methods"></a>
+| **Name** | **Description** |
+| --- | --- |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.toString">toString</a></code> | Returns a string representation of this construct. |
+---
+##### `toString` <a name="toString" id="@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.toString"></a>
+```typescript
+public toString(): string
+```
+Returns a string representation of this construct.
+#### Static Functions <a name="Static Functions" id="Static Functions"></a>
+| **Name** | **Description** |
+| --- | --- |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.isConstruct">isConstruct</a></code> | Checks if `x` is a construct. |
+---
+##### `isConstruct` <a name="isConstruct" id="@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.isConstruct"></a>
+```typescript
+import { AuroraPostgresClusterBase } from '@btc-embedded/cdk-extensions'
+AuroraPostgresClusterBase.isConstruct(x: any)
+```
+Checks if `x` is a construct.
+Use this method instead of `instanceof` to properly detect `Construct`
+instances, even when the construct library is symlinked.
+Explanation: in JavaScript, multiple copies of the `constructs` library on
+disk are seen as independent, completely different libraries. As a
+consequence, the class `Construct` in each copy of the `constructs` library
+is seen as a different class, and an instance of one class will not test as
+`instanceof` the other class. `npm install` will not create installations
+like this, but users may manually symlink construct libraries together or
+use a monorepo tool: in those cases, multiple copies of the `constructs`
+library can be accidentally installed, and `instanceof` will behave
+unpredictably. It is safest to avoid using `instanceof`, and using
+this type-testing method instead.
+###### `x`<sup>Required</sup> <a name="x" id="@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.isConstruct.parameter.x"></a>
+- *Type:* any
+Any object.
+---
+#### Properties <a name="Properties" id="Properties"></a>
+| **Name** | **Type** | **Description** |
+| --- | --- | --- |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.property.connectionSecret">connectionSecret</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | Secret containing the postgres connection string prefix in the form `postgresql://user:pass@host:port/`. |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.property.credentialsSecret">credentialsSecret</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | Secret containing postgres credentials (username and password). |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.property.endpoint">endpoint</a></code> | <code>string</code> | Cluster endpoint in the form `host:port`. |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.property.securityGroup">securityGroup</a></code> | <code>aws-cdk-lib.aws_ec2.ISecurityGroup</code> | Security group attached to the Aurora cluster. |
+---
+##### `node`<sup>Required</sup> <a name="node" id="@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.property.node"></a>
+```typescript
+public readonly node: Node;
+```
+- *Type:* constructs.Node
+The tree node.
+---
+##### `connectionSecret`<sup>Required</sup> <a name="connectionSecret" id="@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.property.connectionSecret"></a>
+```typescript
+public readonly connectionSecret: ISecret;
+```
+- *Type:* aws-cdk-lib.aws_secretsmanager.ISecret
+Secret containing the postgres connection string prefix in the form `postgresql://user:pass@host:port/`.
+---
+##### `credentialsSecret`<sup>Required</sup> <a name="credentialsSecret" id="@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.property.credentialsSecret"></a>
+```typescript
+public readonly credentialsSecret: ISecret;
+```
+- *Type:* aws-cdk-lib.aws_secretsmanager.ISecret
+Secret containing postgres credentials (username and password).
+---
+##### `endpoint`<sup>Required</sup> <a name="endpoint" id="@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.property.endpoint"></a>
+```typescript
+public readonly endpoint: string;
+```
+- *Type:* string
+Cluster endpoint in the form `host:port`.
+---
+##### `securityGroup`<sup>Required</sup> <a name="securityGroup" id="@btc-embedded/cdk-extensions.AuroraPostgresClusterBase.property.securityGroup"></a>
+```typescript
+public readonly securityGroup: ISecurityGroup;
+```
+- *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup
 Security group attached to the Aurora cluster.
@@ -3913,7 +4233,11 @@ public readonly frontendClient: IUserPoolClient;
 Platform component that provisions an Amazon DocumentDB cluster and exports the required outputs for application stacks.
-Cross-stack access is supported via {@link fromBasePlatform}, which imports:
+Implements {@link IDocumentDB} directly so that it can be passed to extensions
+(e.g. {@link DocumentDbAccessExtension }) when platform and application share the
+same stack, avoiding the need for cross-stack {@link fromBasePlatform} imports.
+Cross-stack access is still supported via {@link fromBasePlatform}, which imports:
 - the MongoDB connection URL secret ARN
 - the DocumentDB security group ID
@@ -3956,6 +4280,7 @@ new DocumentDB(scope: Construct, id: string, props: DocumentDBProps)
 | **Name** | **Description** |
 | --- | --- |
 | <code><a href="#@btc-embedded/cdk-extensions.DocumentDB.toString">toString</a></code> | Returns a string representation of this construct. |
+| <code><a href="#@btc-embedded/cdk-extensions.DocumentDB.allowAccess">allowAccess</a></code> | *No description.* |
 ---
@@ -3967,6 +4292,18 @@ public toString(): string
 Returns a string representation of this construct.
+##### `allowAccess` <a name="allowAccess" id="@btc-embedded/cdk-extensions.DocumentDB.allowAccess"></a>
+```typescript
+public allowAccess(service: IConnectable): void
+```
+###### `service`<sup>Required</sup> <a name="service" id="@btc-embedded/cdk-extensions.DocumentDB.allowAccess.parameter.service"></a>
+- *Type:* aws-cdk-lib.aws_ec2.IConnectable
+---
 #### Static Functions <a name="Static Functions" id="Static Functions"></a>
 | **Name** | **Description** |
@@ -4042,23 +4379,49 @@ Base platform stack name used to import stack parameters.
 ---
-#### Properties <a name="Properties" id="Properties"></a>
+#### Properties <a name="Properties" id="Properties"></a>
+| **Name** | **Type** | **Description** |
+| --- | --- | --- |
+| <code><a href="#@btc-embedded/cdk-extensions.DocumentDB.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
+| <code><a href="#@btc-embedded/cdk-extensions.DocumentDB.property.secret">secret</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | MongoDB connection URL secret for this cluster. |
+| <code><a href="#@btc-embedded/cdk-extensions.DocumentDB.property.securityGroup">securityGroup</a></code> | <code>aws-cdk-lib.aws_ec2.ISecurityGroup</code> | Security group attached to this DocumentDB cluster. |
+---
+##### `node`<sup>Required</sup> <a name="node" id="@btc-embedded/cdk-extensions.DocumentDB.property.node"></a>
+```typescript
+public readonly node: Node;
+```
+- *Type:* constructs.Node
+The tree node.
+---
+##### `secret`<sup>Required</sup> <a name="secret" id="@btc-embedded/cdk-extensions.DocumentDB.property.secret"></a>
+```typescript
+public readonly secret: ISecret;
+```
+- *Type:* aws-cdk-lib.aws_secretsmanager.ISecret
-| **Name** | **Type** | **Description** |
-| --- | --- | --- |
-| <code><a href="#@btc-embedded/cdk-extensions.DocumentDB.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
+MongoDB connection URL secret for this cluster.
 ---
-##### `node`<sup>Required</sup> <a name="node" id="@btc-embedded/cdk-extensions.DocumentDB.property.node"></a>
+##### `securityGroup`<sup>Required</sup> <a name="securityGroup" id="@btc-embedded/cdk-extensions.DocumentDB.property.securityGroup"></a>
 ```typescript
-public readonly node: Node;
+public readonly securityGroup: ISecurityGroup;
 ```
-- *Type:* constructs.Node
+- *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup
-The tree node.
+Security group attached to this DocumentDB cluster.
 ---
@@ -7415,7 +7778,10 @@ const apiGatewayExtensionProps: ApiGatewayExtensionProps = { ... }
 | --- | --- | --- |
 | <code><a href="#@btc-embedded/cdk-extensions.ApiGatewayExtensionProps.property.prefix">prefix</a></code> | <code>string</code> | The prefix for the API Gateway endpoint. |
 | <code><a href="#@btc-embedded/cdk-extensions.ApiGatewayExtensionProps.property.securityGroupId">securityGroupId</a></code> | <code>string</code> | The security group ID of the API Gateway which should be allowed to connect to the service. |
+| <code><a href="#@btc-embedded/cdk-extensions.ApiGatewayExtensionProps.property.apiGateway">apiGateway</a></code> | <code><a href="#@btc-embedded/cdk-extensions.IApiGateway">IApiGateway</a></code> | Provide a direct {@link IApiGateway} reference for same-stack usage. |
 | <code><a href="#@btc-embedded/cdk-extensions.ApiGatewayExtensionProps.property.basePlatformStackName">basePlatformStackName</a></code> | <code>string</code> | The name of the base platform stack. |
+| <code><a href="#@btc-embedded/cdk-extensions.ApiGatewayExtensionProps.property.cognitoUserPool">cognitoUserPool</a></code> | <code><a href="#@btc-embedded/cdk-extensions.ICognitoUserPool">ICognitoUserPool</a></code> | Provide a direct Cognito user pool reference for same-stack usage. |
+| <code><a href="#@btc-embedded/cdk-extensions.ApiGatewayExtensionProps.property.fqdn">fqdn</a></code> | <code>string</code> | Provide the FQDN directly for same-stack usage. |
 ---
@@ -7443,6 +7809,20 @@ The security group ID of the API Gateway which should be allowed to connect to t
 ---
+##### `apiGateway`<sup>Optional</sup> <a name="apiGateway" id="@btc-embedded/cdk-extensions.ApiGatewayExtensionProps.property.apiGateway"></a>
+```typescript
+public readonly apiGateway: IApiGateway;
+```
+- *Type:* <a href="#@btc-embedded/cdk-extensions.IApiGateway">IApiGateway</a>
+Provide a direct {@link IApiGateway} reference for same-stack usage.
+When omitted the VPC link ID and API ID are imported from the base platform stack.
+---
 ##### `basePlatformStackName`<sup>Optional</sup> <a name="basePlatformStackName" id="@btc-embedded/cdk-extensions.ApiGatewayExtensionProps.property.basePlatformStackName"></a>
 ```typescript
@@ -7455,6 +7835,34 @@ The name of the base platform stack.
 ---
+##### `cognitoUserPool`<sup>Optional</sup> <a name="cognitoUserPool" id="@btc-embedded/cdk-extensions.ApiGatewayExtensionProps.property.cognitoUserPool"></a>
+```typescript
+public readonly cognitoUserPool: ICognitoUserPool;
+```
+- *Type:* <a href="#@btc-embedded/cdk-extensions.ICognitoUserPool">ICognitoUserPool</a>
+Provide a direct Cognito user pool reference for same-stack usage.
+When omitted the user pool attributes are imported from the base platform stack.
+---
+##### `fqdn`<sup>Optional</sup> <a name="fqdn" id="@btc-embedded/cdk-extensions.ApiGatewayExtensionProps.property.fqdn"></a>
+```typescript
+public readonly fqdn: string;
+```
+- *Type:* string
+Provide the FQDN directly for same-stack usage.
+When omitted the FQDN is imported from the base platform stack.
+---
 ### ApiGatewayProps <a name="ApiGatewayProps" id="@btc-embedded/cdk-extensions.ApiGatewayProps"></a>
 #### Initializer <a name="Initializer" id="@btc-embedded/cdk-extensions.ApiGatewayProps.Initializer"></a>
@@ -8701,9 +9109,11 @@ const applicationLoadBalancerExtensionProps: ApplicationLoadBalancerExtensionPro
 | <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.securityGroupId">securityGroupId</a></code> | <code>string</code> | *No description.* |
 | <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.userPoolClientSecret">userPoolClientSecret</a></code> | <code>string</code> | *No description.* |
 | <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.basePlatformStackName">basePlatformStackName</a></code> | <code>string</code> | *No description.* |
+| <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.cognitoUserPool">cognitoUserPool</a></code> | <code><a href="#@btc-embedded/cdk-extensions.ICognitoUserPool">ICognitoUserPool</a></code> | Provide a direct Cognito user pool reference for same-stack usage. |
+| <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.fqdn">fqdn</a></code> | <code>string</code> | Provide the FQDN directly for same-stack usage. |
 | <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.healtCheckPath">healtCheckPath</a></code> | <code>string</code> | *No description.* |
-| <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.listener">listener</a></code> | <code>aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationListener</code> | *No description.* |
-| <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.path">path</a></code> | <code>string</code> | *No description.* |
+| <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.listener">listener</a></code> | <code>aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationListener</code> | Provide a direct ALB listener reference for same-stack usage. |
+| <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.path">path</a></code> | <code>string</code> | Path to redirect the client after successful authentication. |
 ---
@@ -8747,6 +9157,34 @@ public readonly basePlatformStackName: string;
 ---
+##### `cognitoUserPool`<sup>Optional</sup> <a name="cognitoUserPool" id="@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.cognitoUserPool"></a>
+```typescript
+public readonly cognitoUserPool: ICognitoUserPool;
+```
+- *Type:* <a href="#@btc-embedded/cdk-extensions.ICognitoUserPool">ICognitoUserPool</a>
+Provide a direct Cognito user pool reference for same-stack usage.
+When omitted the user pool attributes are imported from the base platform stack.
+---
+##### `fqdn`<sup>Optional</sup> <a name="fqdn" id="@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.fqdn"></a>
+```typescript
+public readonly fqdn: string;
+```
+- *Type:* string
+Provide the FQDN directly for same-stack usage.
+When omitted the FQDN is imported from the base platform stack.
+---
 ##### `healtCheckPath`<sup>Optional</sup> <a name="healtCheckPath" id="@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.healtCheckPath"></a>
 ```typescript
@@ -8765,6 +9203,10 @@ public readonly listener: IApplicationListener;
 - *Type:* aws-cdk-lib.aws_elasticloadbalancingv2.IApplicationListener
+Provide a direct ALB listener reference for same-stack usage.
+When omitted the listener ARN is imported from the base platform stack.
 ---
 ##### `path`<sup>Optional</sup> <a name="path" id="@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionProps.property.path"></a>
@@ -8775,6 +9217,8 @@ public readonly path: string;
 - *Type:* string
+Path to redirect the client after successful authentication.
 ---
 ### ApplicationLoadBalancerExtensionPropsV2 <a name="ApplicationLoadBalancerExtensionPropsV2" id="@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionPropsV2"></a>
@@ -8794,7 +9238,7 @@ const applicationLoadBalancerExtensionPropsV2: ApplicationLoadBalancerExtensionP
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
 | <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionPropsV2.property.basePlatformStackName">basePlatformStackName</a></code> | <code>string</code> | The name of the platform stack to use for the load balancer. |
-| <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionPropsV2.property.loadBalancer">loadBalancer</a></code> | <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerV2">ApplicationLoadBalancerV2</a></code> | The Application Load Balancer to use. |
+| <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionPropsV2.property.loadBalancer">loadBalancer</a></code> | <code><a href="#@btc-embedded/cdk-extensions.IApplicationLoadBalancerV2">IApplicationLoadBalancerV2</a></code> | The Application Load Balancer to use directly. |
 ---
@@ -8808,21 +9252,27 @@ public readonly basePlatformStackName: string;
 The name of the platform stack to use for the load balancer.
-Either this or `loadBalancer` must be provided.
+Used when {@link ApplicationLoadBalancerExtensionPropsV2.loadBalancer} is not provided. Falls back to
+`BasePlatformStackResolver` (CDK context) when also omitted.
 ---
 ##### `loadBalancer`<sup>Optional</sup> <a name="loadBalancer" id="@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionPropsV2.property.loadBalancer"></a>
 ```typescript
-public readonly loadBalancer: ApplicationLoadBalancerV2;
+public readonly loadBalancer: IApplicationLoadBalancerV2;
 ```
-- *Type:* <a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerV2">ApplicationLoadBalancerV2</a>
+- *Type:* <a href="#@btc-embedded/cdk-extensions.IApplicationLoadBalancerV2">IApplicationLoadBalancerV2</a>
-The Application Load Balancer to use.
+The Application Load Balancer to use directly.
-Either this or `platformStackName` must be provided.
+When provided, the extension uses this construct as-is and no cross-stack
+import via {@link ApplicationLoadBalancerV2.fromBasePlatform} is performed.
+Use this when the ALB resides in the same CDK stack as the ECS service.
+When omitted, the extension imports the ALB from the base platform stack
+identified by {@link ApplicationLoadBalancerExtensionPropsV2.basePlatformStackName}.
 ---
@@ -9557,6 +10007,7 @@ const auroraPostgresTunnelHostProps: AuroraPostgresTunnelHostProps = { ... }
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
+| <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresTunnelHostProps.property.cpuType">cpuType</a></code> | <code>aws-cdk-lib.aws_ec2.AmazonLinuxCpuType</code> | The CPU type for the tunnel host. |
 | <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresTunnelHostProps.property.createSsmVpcEndpoints">createSsmVpcEndpoints</a></code> | <code>boolean</code> | Whether to create SSM interface endpoints in the VPC (ssm, ssmmessages, ec2messages). |
 | <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresTunnelHostProps.property.enabled">enabled</a></code> | <code>boolean</code> | Whether a dedicated EC2 tunnel host should be provisioned. |
 | <code><a href="#@btc-embedded/cdk-extensions.AuroraPostgresTunnelHostProps.property.instanceType">instanceType</a></code> | <code>aws-cdk-lib.aws_ec2.InstanceType</code> | Instance type used for the tunnel host. |
@@ -9564,6 +10015,21 @@ const auroraPostgresTunnelHostProps: AuroraPostgresTunnelHostProps = { ... }
 ---
+##### `cpuType`<sup>Optional</sup> <a name="cpuType" id="@btc-embedded/cdk-extensions.AuroraPostgresTunnelHostProps.property.cpuType"></a>
+```typescript
+public readonly cpuType: AmazonLinuxCpuType;
+```
+- *Type:* aws-cdk-lib.aws_ec2.AmazonLinuxCpuType
+- *Default:* AmazonLinuxCpuType.ARM_64
+The CPU type for the tunnel host.
+Set it to match the {@link AuroraPostgresTunnelHostProps.instanceType}.
+---
 ##### `createSsmVpcEndpoints`<sup>Optional</sup> <a name="createSsmVpcEndpoints" id="@btc-embedded/cdk-extensions.AuroraPostgresTunnelHostProps.property.createSsmVpcEndpoints"></a>
 ```typescript
@@ -9599,7 +10065,7 @@ public readonly instanceType: InstanceType;
 ```
 - *Type:* aws-cdk-lib.aws_ec2.InstanceType
-- *Default:* t3.nano
+- *Default:* t4g.nano
 Instance type used for the tunnel host.
@@ -9797,6 +10263,7 @@ const cloudMapExtensionProps: CloudMapExtensionProps = { ... }
 | --- | --- | --- |
 | <code><a href="#@btc-embedded/cdk-extensions.CloudMapExtensionProps.property.basePlatformStackName">basePlatformStackName</a></code> | <code>string</code> | The name of the platform stack to import the namespace parameter details from. |
 | <code><a href="#@btc-embedded/cdk-extensions.CloudMapExtensionProps.property.exportService">exportService</a></code> | <code>boolean</code> | Whether to export this service for cross-stack consumption. |
+| <code><a href="#@btc-embedded/cdk-extensions.CloudMapExtensionProps.property.privateDnsNamespace">privateDnsNamespace</a></code> | <code><a href="#@btc-embedded/cdk-extensions.IPrivateDnsNamespace">IPrivateDnsNamespace</a></code> | Private DNS namespace to use directly. |
 ---
@@ -9810,6 +10277,9 @@ public readonly basePlatformStackName: string;
 The name of the platform stack to import the namespace parameter details from.
+Used when {@link privateDnsNamespace} is not provided. Falls back to
+`BasePlatformStackResolver` (CDK context) when also omitted.
 ---
 ##### `exportService`<sup>Optional</sup> <a name="exportService" id="@btc-embedded/cdk-extensions.CloudMapExtensionProps.property.exportService"></a>
@@ -9829,6 +10299,25 @@ to this service using ExportedService.fromAttributes().
 ---
+##### `privateDnsNamespace`<sup>Optional</sup> <a name="privateDnsNamespace" id="@btc-embedded/cdk-extensions.CloudMapExtensionProps.property.privateDnsNamespace"></a>
+```typescript
+public readonly privateDnsNamespace: IPrivateDnsNamespace;
+```
+- *Type:* <a href="#@btc-embedded/cdk-extensions.IPrivateDnsNamespace">IPrivateDnsNamespace</a>
+Private DNS namespace to use directly.
+When provided, the extension uses this construct as-is and no cross-stack
+import via {@link PrivateDnsNamespace.fromBasePlatform} is performed. Use
+this when the namespace resides in the same CDK stack as the ECS service.
+When omitted, the extension imports the namespace from the base platform
+stack identified by {@link basePlatformStackName}.
+---
 ### CognitoUserPoolProps <a name="CognitoUserPoolProps" id="@btc-embedded/cdk-extensions.CognitoUserPoolProps"></a>
 #### Initializer <a name="Initializer" id="@btc-embedded/cdk-extensions.CognitoUserPoolProps.Initializer"></a>
@@ -10933,37 +11422,58 @@ const documentDbAccessExtensionProps: DocumentDbAccessExtensionProps = { ... }
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
-| <code><a href="#@btc-embedded/cdk-extensions.DocumentDbAccessExtensionProps.property.securityGroupId">securityGroupId</a></code> | <code>string</code> | ID of the security group associated with the database access path. |
 | <code><a href="#@btc-embedded/cdk-extensions.DocumentDbAccessExtensionProps.property.basePlatformStackName">basePlatformStackName</a></code> | <code>string</code> | Name of the base platform stack to import the shared DocumentDB instance from. |
+| <code><a href="#@btc-embedded/cdk-extensions.DocumentDbAccessExtensionProps.property.documentDb">documentDb</a></code> | <code><a href="#@btc-embedded/cdk-extensions.IDocumentDB">IDocumentDB</a></code> | DocumentDB instance to use directly. |
+| <code><a href="#@btc-embedded/cdk-extensions.DocumentDbAccessExtensionProps.property.securityGroupId">securityGroupId</a></code> | <code>string</code> | ID of the security group associated with the database access path. |
 ---
-##### `securityGroupId`<sup>Required</sup> <a name="securityGroupId" id="@btc-embedded/cdk-extensions.DocumentDbAccessExtensionProps.property.securityGroupId"></a>
+##### `basePlatformStackName`<sup>Optional</sup> <a name="basePlatformStackName" id="@btc-embedded/cdk-extensions.DocumentDbAccessExtensionProps.property.basePlatformStackName"></a>
 ```typescript
-public readonly securityGroupId: string;
+public readonly basePlatformStackName: string;
 ```
 - *Type:* string
-ID of the security group associated with the database access path.
+Name of the base platform stack to import the shared DocumentDB instance from.
-Note: This property is currently not referenced directly by this extension's
-implementation, but is kept as part of the public contract.
+Used when {@link documentDb} is not provided. Falls back to
+`BasePlatformStackResolver` (CDK context) when also omitted.
 ---
-##### `basePlatformStackName`<sup>Optional</sup> <a name="basePlatformStackName" id="@btc-embedded/cdk-extensions.DocumentDbAccessExtensionProps.property.basePlatformStackName"></a>
+##### `documentDb`<sup>Optional</sup> <a name="documentDb" id="@btc-embedded/cdk-extensions.DocumentDbAccessExtensionProps.property.documentDb"></a>
 ```typescript
-public readonly basePlatformStackName: string;
+public readonly documentDb: IDocumentDB;
+```
+- *Type:* <a href="#@btc-embedded/cdk-extensions.IDocumentDB">IDocumentDB</a>
+DocumentDB instance to use directly.
+When provided, the extension uses this construct as-is and no cross-stack
+import via {@link DocumentDB.fromBasePlatform} is performed. Use this when
+the DocumentDB resides in the same CDK stack as the ECS service.
+When omitted, the extension imports the DocumentDB from the base platform
+stack identified by {@link basePlatformStackName}.
+---
+##### `securityGroupId`<sup>Optional</sup> <a name="securityGroupId" id="@btc-embedded/cdk-extensions.DocumentDbAccessExtensionProps.property.securityGroupId"></a>
+```typescript
+public readonly securityGroupId: string;
 ```
 - *Type:* string
-Name of the base platform stack to import the shared DocumentDB instance from.
+ID of the security group associated with the database access path.
-This is passed to {@link DocumentDB.fromBasePlatform}.
+Note: This property is currently not referenced directly by this extension's
+implementation, but is kept as part of the public contract.
 ---
@@ -12678,7 +13188,9 @@ const hTTPApiExtensionProps: HTTPApiExtensionProps = { ... }
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
+| <code><a href="#@btc-embedded/cdk-extensions.HTTPApiExtensionProps.property.apiGatewayVpcLink">apiGatewayVpcLink</a></code> | <code><a href="#@btc-embedded/cdk-extensions.IApiGatewayVpcLink">IApiGatewayVpcLink</a></code> | API Gateway VPC Link to use directly. |
 | <code><a href="#@btc-embedded/cdk-extensions.HTTPApiExtensionProps.property.basePlatformStackName">basePlatformStackName</a></code> | <code>string</code> | The name of the base platform stack. |
+| <code><a href="#@btc-embedded/cdk-extensions.HTTPApiExtensionProps.property.cognitoUserPool">cognitoUserPool</a></code> | <code><a href="#@btc-embedded/cdk-extensions.ICognitoUserPool">ICognitoUserPool</a></code> | Cognito User Pool to use directly for HTTP API authorization. |
 | <code><a href="#@btc-embedded/cdk-extensions.HTTPApiExtensionProps.property.domainPrefix">domainPrefix</a></code> | <code>string</code> | Domain prefix for the API Gateway endpoint. |
 | <code><a href="#@btc-embedded/cdk-extensions.HTTPApiExtensionProps.property.enableAccessLogs">enableAccessLogs</a></code> | <code>boolean</code> | Enable access logs for the API Gateway. |
 | <code><a href="#@btc-embedded/cdk-extensions.HTTPApiExtensionProps.property.endpointPrefix">endpointPrefix</a></code> | <code>string</code> | The prefix for the API Gateway endpoint. |
@@ -12687,6 +13199,25 @@ const hTTPApiExtensionProps: HTTPApiExtensionProps = { ... }
 ---
+##### `apiGatewayVpcLink`<sup>Optional</sup> <a name="apiGatewayVpcLink" id="@btc-embedded/cdk-extensions.HTTPApiExtensionProps.property.apiGatewayVpcLink"></a>
+```typescript
+public readonly apiGatewayVpcLink: IApiGatewayVpcLink;
+```
+- *Type:* <a href="#@btc-embedded/cdk-extensions.IApiGatewayVpcLink">IApiGatewayVpcLink</a>
+API Gateway VPC Link to use directly.
+When provided, the extension uses this construct as-is and no cross-stack
+import via {@link ApiGatewayVpcLink.fromBasePlatform} is performed. Use
+this when the VPC Link resides in the same CDK stack as the ECS service.
+When omitted, the extension imports the VPC Link from the base platform
+stack identified by {@link basePlatformStackName}.
+---
 ##### `basePlatformStackName`<sup>Optional</sup> <a name="basePlatformStackName" id="@btc-embedded/cdk-extensions.HTTPApiExtensionProps.property.basePlatformStackName"></a>
 ```typescript
@@ -12697,6 +13228,29 @@ public readonly basePlatformStackName: string;
 The name of the base platform stack.
+Used when {@link cognitoUserPool}, {@link apiGatewayVpcLink}, or
+{@link hostedZone} are not provided. Falls back to
+`BasePlatformStackResolver` (CDK context) when also omitted.
+---
+##### `cognitoUserPool`<sup>Optional</sup> <a name="cognitoUserPool" id="@btc-embedded/cdk-extensions.HTTPApiExtensionProps.property.cognitoUserPool"></a>
+```typescript
+public readonly cognitoUserPool: ICognitoUserPool;
+```
+- *Type:* <a href="#@btc-embedded/cdk-extensions.ICognitoUserPool">ICognitoUserPool</a>
+Cognito User Pool to use directly for HTTP API authorization.
+When provided, the extension uses this construct as-is and no cross-stack
+import via {@link CognitoUserPool.fromBasePlatform} is performed. Use this
+when the user pool resides in the same CDK stack as the ECS service.
+When omitted, the extension imports the user pool from the base platform
+stack identified by {@link basePlatformStackName}.
 ---
 ##### `domainPrefix`<sup>Optional</sup> <a name="domainPrefix" id="@btc-embedded/cdk-extensions.HTTPApiExtensionProps.property.domainPrefix"></a>
@@ -12749,9 +13303,7 @@ Specify additional HTTP API Attributes.
 ---
-##### ~~`hostedZone`~~<sup>Optional</sup> <a name="hostedZone" id="@btc-embedded/cdk-extensions.HTTPApiExtensionProps.property.hostedZone"></a>
-- *Deprecated:* Provide only platformStackName. The hosted zone will be imported automatically.
+##### `hostedZone`<sup>Optional</sup> <a name="hostedZone" id="@btc-embedded/cdk-extensions.HTTPApiExtensionProps.property.hostedZone"></a>
 ```typescript
 public readonly hostedZone: IHostedZone;
@@ -12762,6 +13314,9 @@ public readonly hostedZone: IHostedZone;
 Hosted Zone to create the gateway domain A record.
+When omitted, the hosted zone is imported from the base platform stack
+via {@link HostedZone.fromBasePlatform}.
 ---
 ### ImportLogGroupOption <a name="ImportLogGroupOption" id="@btc-embedded/cdk-extensions.ImportLogGroupOption"></a>
@@ -12827,6 +13382,7 @@ const openIdExtensionProps: OpenIdExtensionProps = { ... }
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
 | <code><a href="#@btc-embedded/cdk-extensions.OpenIdExtensionProps.property.basePlatformStackName">basePlatformStackName</a></code> | <code>string</code> | The name of the base platform stack. |
+| <code><a href="#@btc-embedded/cdk-extensions.OpenIdExtensionProps.property.cognitoUserPool">cognitoUserPool</a></code> | <code><a href="#@btc-embedded/cdk-extensions.ICognitoUserPool">ICognitoUserPool</a></code> | Cognito User Pool to use directly. |
 | <code><a href="#@btc-embedded/cdk-extensions.OpenIdExtensionProps.property.redirectUri">redirectUri</a></code> | <code>string</code> | Adds OIDC_REDIRECT_URI environment variable to the container if set. |
 ---
@@ -12841,6 +13397,28 @@ public readonly basePlatformStackName: string;
 The name of the base platform stack.
+Used when {@link cognitoUserPool} is not provided. Falls back to
+`BasePlatformStackResolver` (CDK context) when also omitted.
+---
+##### `cognitoUserPool`<sup>Optional</sup> <a name="cognitoUserPool" id="@btc-embedded/cdk-extensions.OpenIdExtensionProps.property.cognitoUserPool"></a>
+```typescript
+public readonly cognitoUserPool: ICognitoUserPool;
+```
+- *Type:* <a href="#@btc-embedded/cdk-extensions.ICognitoUserPool">ICognitoUserPool</a>
+Cognito User Pool to use directly.
+When provided, the extension uses this construct as-is and no cross-stack
+import via {@link CognitoUserPool.fromBasePlatform} is performed. Use this
+when the user pool resides in the same CDK stack as the ECS service.
+When omitted, the extension imports the user pool from the base platform
+stack identified by {@link basePlatformStackName}.
 ---
 ##### `redirectUri`<sup>Optional</sup> <a name="redirectUri" id="@btc-embedded/cdk-extensions.OpenIdExtensionProps.property.redirectUri"></a>
@@ -12941,6 +13519,7 @@ const postgresDbAccessExtensionProps: PostgresDbAccessExtensionProps = { ... }
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
 | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtensionProps.property.dbName">dbName</a></code> | <code>string</code> | The name of the database. |
+| <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtensionProps.property.auroraPostgresDB">auroraPostgresDB</a></code> | <code><a href="#@btc-embedded/cdk-extensions.IAuroraPostgresDB">IAuroraPostgresDB</a></code> | Aurora PostgreSQL cluster to use directly. |
 | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtensionProps.property.basePlatformStackName">basePlatformStackName</a></code> | <code>string</code> | The name of the base platform stack. |
 | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtensionProps.property.dbConnectionProperties">dbConnectionProperties</a></code> | <code>{[ key: string ]: string}</code> | Additional connection properties to be added to the database connection string as query parameters. |
 | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtensionProps.property.enableMigration">enableMigration</a></code> | <code>boolean</code> | Enable database migration by calling the default image with the migration parameter. |
@@ -12962,6 +13541,25 @@ The name of the database.
 ---
+##### `auroraPostgresDB`<sup>Optional</sup> <a name="auroraPostgresDB" id="@btc-embedded/cdk-extensions.PostgresDbAccessExtensionProps.property.auroraPostgresDB"></a>
+```typescript
+public readonly auroraPostgresDB: IAuroraPostgresDB;
+```
+- *Type:* <a href="#@btc-embedded/cdk-extensions.IAuroraPostgresDB">IAuroraPostgresDB</a>
+Aurora PostgreSQL cluster to use directly.
+When provided, the extension uses this construct as-is and no cross-stack
+import via {@link AuroraPostgresCluster.fromBasePlatform} is performed. Use
+this when the Aurora cluster resides in the same CDK stack as the ECS service.
+When omitted, the extension imports the cluster from the base platform stack
+identified by {@link PostgresDbAccessExtensionProps.basePlatformStackName}.
+---
 ##### `basePlatformStackName`<sup>Optional</sup> <a name="basePlatformStackName" id="@btc-embedded/cdk-extensions.PostgresDbAccessExtensionProps.property.basePlatformStackName"></a>
 ```typescript
@@ -12972,8 +13570,9 @@ public readonly basePlatformStackName: string;
 The name of the base platform stack.
-This name is used to look up output
-parameters.
+Used to look up output parameters when
+{@link PostgresDbAccessExtensionProps.auroraPostgresDB} is not provided. Falls back to
+`BasePlatformStackResolver` (CDK context) when also omitted.
 ---
@@ -14759,7 +15358,7 @@ new ApplicationLoadBalancerExtensionV2(props: ApplicationLoadBalancerExtensionPr
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
-| <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionV2.Initializer.parameter.props">props</a></code> | <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionPropsV2">ApplicationLoadBalancerExtensionPropsV2</a></code> | - The properties for configuring the load balancer extension. |
+| <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionV2.Initializer.parameter.props">props</a></code> | <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionPropsV2">ApplicationLoadBalancerExtensionPropsV2</a></code> | *No description.* |
 ---
@@ -14767,8 +15366,6 @@ new ApplicationLoadBalancerExtensionV2(props: ApplicationLoadBalancerExtensionPr
 - *Type:* <a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionPropsV2">ApplicationLoadBalancerExtensionPropsV2</a>
-The properties for configuring the load balancer extension.
 ---
 #### Methods <a name="Methods" id="Methods"></a>
@@ -14782,7 +15379,7 @@ The properties for configuring the load balancer extension.
 | <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionV2.modifyTaskDefinitionProps">modifyTaskDefinitionProps</a></code> | This is a hook which allows extensions to modify the settings of the task definition prior to it being created. |
 | <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionV2.prehook">prehook</a></code> | A hook that is called for each extension ahead of time to allow for any initial setup, such as creating resources in advance. |
 | <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionV2.resolveContainerDependencies">resolveContainerDependencies</a></code> | Once all containers are added to the task definition, this hook is called for each extension to give it a chance to resolve its dependency graph so that its container starts in the right order based on the other extensions that were enabled. |
-| <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionV2.useService">useService</a></code> | When this hook is implemented by extension, it allows the extension to use the service which has been created. |
+| <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionV2.useService">useService</a></code> | Wires the ECS service to the Application Load Balancer. |
 | <code><a href="#@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionV2.useTaskDefinition">useTaskDefinition</a></code> | Once the task definition is created, this hook is called for each extension to give it a chance to add containers to the task definition, change the task definition's role to add permissions, etc. |
 ---
@@ -14909,10 +15506,12 @@ Once all containers are added to the task definition, this hook is called for ea
 public useService(service: Ec2Service | FargateService): void
 ```
-When this hook is implemented by extension, it allows the extension to use the service which has been created.
+Wires the ECS service to the Application Load Balancer.
-It is generally used to
-create any final resources which might depend on the service itself.
+Uses the directly injected {@link ApplicationLoadBalancerExtensionPropsV2.loadBalancer}
+when available (same-stack), otherwise imports from the base platform stack. Falls back to
+`BasePlatformStackResolver` (CDK context) when
+{@link ApplicationLoadBalancerExtensionPropsV2.basePlatformStackName} is also absent.
 ###### `service`<sup>Required</sup> <a name="service" id="@btc-embedded/cdk-extensions.ApplicationLoadBalancerExtensionV2.useService.parameter.service"></a>
@@ -18396,7 +18995,9 @@ public readonly props: OpenTelemetryExtensionProps;
 ECS service extension that grants an ECS service access to an Aurora Postgres database created by the base platform.
 What it does:
-- Imports DB endpoint, secrets and security group IDs from the base platform stack outputs.
+- Resolves DB endpoint, secrets and security group from either a directly
+  injected {@link IAuroraPostgresDB} (same-stack) or from the base platform
+  stack outputs via {@link AuroraPostgresCluster.fromBasePlatform} (cross-stack).
 - Allows the service SG to connect to the DB SG on port 5432.
 - Injects connection details into selected containers via container hooks.
 - Optionally adds a one-shot migration container and wires dependencies so the
@@ -18431,7 +19032,7 @@ new PostgresDbAccessExtension(props: PostgresDbAccessExtensionProps)
 | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.connectToService">connectToService</a></code> | This hook allows the extension to establish a connection to extensions from another service. |
 | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.modifyServiceProps">modifyServiceProps</a></code> | When migrations are enabled, ensures the default container depends on the migration container completing successfully. |
 | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.modifyTaskDefinitionProps">modifyTaskDefinitionProps</a></code> | This is a hook which allows extensions to modify the settings of the task definition prior to it being created. |
-| <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.prehook">prehook</a></code> | Resolves base-platform outputs (endpoint, secret ARNs) and prepares a service-specific connection-string secret. |
+| <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.prehook">prehook</a></code> | Resolves Aurora cluster outputs (endpoint, secret ARNs, security group) and prepares a service-specific connection-string secret. |
 | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.resolveContainerDependencies">resolveContainerDependencies</a></code> | Once all containers are added to the task definition, this hook is called for each extension to give it a chance to resolve its dependency graph so that its container starts in the right order based on the other extensions that were enabled. |
 | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.useService">useService</a></code> | Grants the ECS service security group ingress to the database security group on TCP 5432. |
 | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.useTaskDefinition">useTaskDefinition</a></code> | Optionally adds a non-essential migration container that runs before the default container. |
@@ -18535,7 +19136,13 @@ Properties of the task definition to be created.
 public prehook(parent: Service, _scope: Construct): void
 ```
-Resolves base-platform outputs (endpoint, secret ARNs) and prepares a service-specific connection-string secret.
+Resolves Aurora cluster outputs (endpoint, secret ARNs, security group) and prepares a service-specific connection-string secret.
+Uses the directly injected {@link IAuroraPostgresDB} when available (same-stack),
+otherwise imports from the base platform stack via
+{@link AuroraPostgresCluster.fromBasePlatform}. Falls back to
+`BasePlatformStackResolver` (CDK context) when
+{@link PostgresDbAccessExtensionProps.basePlatformStackName} is also absent.
 ###### `parent`<sup>Required</sup> <a name="parent" id="@btc-embedded/cdk-extensions.PostgresDbAccessExtension.prehook.parameter.parent"></a>
@@ -18597,8 +19204,8 @@ container, but runs with `command: [migrationParameter]`.
 | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.property.container">container</a></code> | <code>aws-cdk-lib.aws_ecs.ContainerDefinition</code> | The container for this extension. |
 | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.property.props">props</a></code> | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtensionProps">PostgresDbAccessExtensionProps</a></code> | *No description.* |
 | <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.property.connectionString">connectionString</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | Connection-string secret created for this service (populated in {@link prehook}). |
-| <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.property.credentialsSecret">credentialsSecret</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | Credentials secret imported from base platform (populated in {@link prehook}). |
-| <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.property.endpoint">endpoint</a></code> | <code>string</code> | Database endpoint imported from base platform (populated in {@link prehook}). |
+| <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.property.credentialsSecret">credentialsSecret</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | Credentials secret resolved from the Aurora cluster (populated in {@link prehook}). |
+| <code><a href="#@btc-embedded/cdk-extensions.PostgresDbAccessExtension.property.endpoint">endpoint</a></code> | <code>string</code> | Database endpoint resolved from the Aurora cluster (populated in {@link prehook}). |
 ---
@@ -18661,7 +19268,7 @@ public readonly credentialsSecret: ISecret;
 - *Type:* aws-cdk-lib.aws_secretsmanager.ISecret
-Credentials secret imported from base platform (populated in {@link prehook}).
+Credentials secret resolved from the Aurora cluster (populated in {@link prehook}).
 ---
@@ -18673,7 +19280,7 @@ public readonly endpoint: string;
 - *Type:* string
-Database endpoint imported from base platform (populated in {@link prehook}).
+Database endpoint resolved from the Aurora cluster (populated in {@link prehook}).
 ---
@@ -19299,6 +19906,53 @@ public readonly props: TcpKeepAliveExtensionProps;
 ## Protocols <a name="Protocols" id="Protocols"></a>
+### IApiGateway <a name="IApiGateway" id="@btc-embedded/cdk-extensions.IApiGateway"></a>
+- *Implemented By:* <a href="#@btc-embedded/cdk-extensions.ApiGateway">ApiGateway</a>, <a href="#@btc-embedded/cdk-extensions.IApiGateway">IApiGateway</a>
+Public contract for the V1 `ApiGateway` platform construct.
+Implementations expose the VPC Link and HTTP API identifiers so
+that {@link ApiGatewayExtension } can be used in the same stack.
+#### Properties <a name="Properties" id="Properties"></a>
+| **Name** | **Type** | **Description** |
+| --- | --- | --- |
+| <code><a href="#@btc-embedded/cdk-extensions.IApiGateway.property.apiId">apiId</a></code> | <code>string</code> | The ID of the underlying HTTP API. |
+| <code><a href="#@btc-embedded/cdk-extensions.IApiGateway.property.vpcLinkId">vpcLinkId</a></code> | <code>string</code> | The ID of the VPC Link used by the API Gateway. |
+---
+##### ~~`apiId`~~<sup>Required</sup> <a name="apiId" id="@btc-embedded/cdk-extensions.IApiGateway.property.apiId"></a>
+- *Deprecated:* Use {@link ApiGatewayVpcLink } together with {@link HTTPApiExtension } instead.
+```typescript
+public readonly apiId: string;
+```
+- *Type:* string
+The ID of the underlying HTTP API.
+---
+##### ~~`vpcLinkId`~~<sup>Required</sup> <a name="vpcLinkId" id="@btc-embedded/cdk-extensions.IApiGateway.property.vpcLinkId"></a>
+- *Deprecated:* Use {@link ApiGatewayVpcLink } together with {@link HTTPApiExtension } instead.
+```typescript
+public readonly vpcLinkId: string;
+```
+- *Type:* string
+The ID of the VPC Link used by the API Gateway.
+---
 ### IApiGatewayVpcLink <a name="IApiGatewayVpcLink" id="@btc-embedded/cdk-extensions.IApiGatewayVpcLink"></a>
 - *Implemented By:* <a href="#@btc-embedded/cdk-extensions.ApiGatewayVpcLink">ApiGatewayVpcLink</a>, <a href="#@btc-embedded/cdk-extensions.ApiGatewayVpcLinkBase">ApiGatewayVpcLinkBase</a>, <a href="#@btc-embedded/cdk-extensions.IApiGatewayVpcLink">IApiGatewayVpcLink</a>
@@ -19417,6 +20071,77 @@ public readonly targetGroup: IApplicationTargetGroup;
 ---
+### IAuroraPostgresDB <a name="IAuroraPostgresDB" id="@btc-embedded/cdk-extensions.IAuroraPostgresDB"></a>
+- *Implemented By:* <a href="#@btc-embedded/cdk-extensions.AuroraPostgresCluster">AuroraPostgresCluster</a>, <a href="#@btc-embedded/cdk-extensions.AuroraPostgresClusterBase">AuroraPostgresClusterBase</a>, <a href="#@btc-embedded/cdk-extensions.IAuroraPostgresDB">IAuroraPostgresDB</a>
+Public interface for an Aurora PostgreSQL database component.
+Implemented by both the concrete {@link AuroraPostgresCluster} (same-stack usage) and
+the import returned by {@link AuroraPostgresCluster.fromBasePlatform} (cross-stack usage).
+Extensions such as {@link PostgresDbAccessExtension } accept this interface so they work
+in either deployment topology.
+#### Properties <a name="Properties" id="Properties"></a>
+| **Name** | **Type** | **Description** |
+| --- | --- | --- |
+| <code><a href="#@btc-embedded/cdk-extensions.IAuroraPostgresDB.property.connectionSecret">connectionSecret</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | Secret containing the postgres connection string prefix in the form `postgresql://user:pass@host:port/`. |
+| <code><a href="#@btc-embedded/cdk-extensions.IAuroraPostgresDB.property.credentialsSecret">credentialsSecret</a></code> | <code>aws-cdk-lib.aws_secretsmanager.ISecret</code> | Secret containing postgres credentials (username and password). |
+| <code><a href="#@btc-embedded/cdk-extensions.IAuroraPostgresDB.property.endpoint">endpoint</a></code> | <code>string</code> | Cluster endpoint in the form `host:port`. |
+| <code><a href="#@btc-embedded/cdk-extensions.IAuroraPostgresDB.property.securityGroup">securityGroup</a></code> | <code>aws-cdk-lib.aws_ec2.ISecurityGroup</code> | Security group attached to the Aurora cluster. |
+---
+##### `connectionSecret`<sup>Required</sup> <a name="connectionSecret" id="@btc-embedded/cdk-extensions.IAuroraPostgresDB.property.connectionSecret"></a>
+```typescript
+public readonly connectionSecret: ISecret;
+```
+- *Type:* aws-cdk-lib.aws_secretsmanager.ISecret
+Secret containing the postgres connection string prefix in the form `postgresql://user:pass@host:port/`.
+---
+##### `credentialsSecret`<sup>Required</sup> <a name="credentialsSecret" id="@btc-embedded/cdk-extensions.IAuroraPostgresDB.property.credentialsSecret"></a>
+```typescript
+public readonly credentialsSecret: ISecret;
+```
+- *Type:* aws-cdk-lib.aws_secretsmanager.ISecret
+Secret containing postgres credentials (username and password).
+---
+##### `endpoint`<sup>Required</sup> <a name="endpoint" id="@btc-embedded/cdk-extensions.IAuroraPostgresDB.property.endpoint"></a>
+```typescript
+public readonly endpoint: string;
+```
+- *Type:* string
+Cluster endpoint in the form `host:port`.
+---
+##### `securityGroup`<sup>Required</sup> <a name="securityGroup" id="@btc-embedded/cdk-extensions.IAuroraPostgresDB.property.securityGroup"></a>
+```typescript
+public readonly securityGroup: ISecurityGroup;
+```
+- *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup
+Security group attached to the Aurora cluster.
+---
 ### ICognitoUserPool <a name="ICognitoUserPool" id="@btc-embedded/cdk-extensions.ICognitoUserPool"></a>
 - *Implemented By:* <a href="#@btc-embedded/cdk-extensions.CognitoUserPool">CognitoUserPool</a>, <a href="#@btc-embedded/cdk-extensions.CognitoUserPoolBase">CognitoUserPoolBase</a>, <a href="#@btc-embedded/cdk-extensions.ICognitoUserPool">ICognitoUserPool</a>
@@ -19508,7 +20233,7 @@ public readonly userPool: IUserPool;
 ### IDocumentDB <a name="IDocumentDB" id="@btc-embedded/cdk-extensions.IDocumentDB"></a>
-- *Implemented By:* <a href="#@btc-embedded/cdk-extensions.DocumentDBBase">DocumentDBBase</a>, <a href="#@btc-embedded/cdk-extensions.IDocumentDB">IDocumentDB</a>
+- *Implemented By:* <a href="#@btc-embedded/cdk-extensions.DocumentDB">DocumentDB</a>, <a href="#@btc-embedded/cdk-extensions.DocumentDBBase">DocumentDBBase</a>, <a href="#@btc-embedded/cdk-extensions.IDocumentDB">IDocumentDB</a>
 Public interface for a DocumentDB component.