@dga-itc/aws-cdk-constructs 1.0.0

package/dist/aws-cdk/utils/priority-tracker.js

@@ -0,0 +1,131 @@
+"use strict";
+/**
+ * Priority Tracker for ALB Listener Rules
+ *
+ * Manages priority assignments for ALB Listener Rules to prevent conflicts.
+ * Priorities must be unique within a listener (range: 1-50000).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PriorityTracker = void 0;
+class PriorityTracker {
+    constructor() {
+        this.assignments = new Map();
+        this.serviceNames = new Set();
+    }
+    /**
+     * Register a priority assignment
+     * @param serviceName Name of the ECS service
+     * @param priority Priority value (1-50000)
+     * @param path Optional path pattern
+     * @param host Optional host header
+     * @throws Error if priority is already assigned or out of range
+     */
+    registerPriority(serviceName, priority, path, host) {
+        // Validate priority range
+        if (priority < 1 || priority > 50000) {
+            throw new Error(`Invalid priority ${priority} for service ${serviceName}. Priority must be between 1 and 50000.`);
+        }
+        // Check for duplicate priority
+        if (this.assignments.has(priority)) {
+            const existing = this.assignments.get(priority);
+            throw new Error(`Priority conflict: Priority ${priority} is already assigned to service "${existing.serviceName}". ` +
+                `Cannot assign to service "${serviceName}".`);
+        }
+        // Check for duplicate service name
+        if (this.serviceNames.has(serviceName)) {
+            throw new Error(`Service name conflict: Service "${serviceName}" is already registered.`);
+        }
+        // Register the assignment
+        this.assignments.set(priority, {
+            serviceName,
+            priority,
+            path,
+            host,
+        });
+        this.serviceNames.add(serviceName);
+    }
+    /**
+     * Get all priority assignments sorted by priority
+     * @returns Array of priority assignments
+     */
+    getAssignments() {
+        return Array.from(this.assignments.values()).sort((a, b) => a.priority - b.priority);
+    }
+    /**
+     * Check if a priority is available
+     * @param priority Priority value to check
+     * @returns True if priority is available
+     */
+    isPriorityAvailable(priority) {
+        return !this.assignments.has(priority);
+    }
+    /**
+     * Get the next available priority
+     * @param startFrom Starting priority (default: 1)
+     * @returns Next available priority
+     */
+    getNextAvailablePriority(startFrom = 1) {
+        let priority = startFrom;
+        while (this.assignments.has(priority) && priority <= 50000) {
+            priority++;
+        }
+        if (priority > 50000) {
+            throw new Error('No available priorities. Maximum priority limit (50000) reached.');
+        }
+        return priority;
+    }
+    /**
+     * Print a summary of all priority assignments
+     */
+    printSummary() {
+        const assignments = this.getAssignments();
+        if (assignments.length === 0) {
+            console.log('\n📋 Priority Tracker: No assignments registered\n');
+            return;
+        }
+        console.log('\n📋 Priority Tracker Summary');
+        console.log('═══════════════════════════════════════════════════════════════');
+        console.log(`Total Services: ${assignments.length}`);
+        console.log('───────────────────────────────────────────────────────────────');
+        assignments.forEach((assignment) => {
+            const conditions = [];
+            if (assignment.path)
+                conditions.push(`Path: ${assignment.path}`);
+            if (assignment.host)
+                conditions.push(`Host: ${assignment.host}`);
+            const conditionStr = conditions.length > 0 ? ` (${conditions.join(', ')})` : '';
+            console.log(`Priority ${assignment.priority.toString().padStart(5)}: ${assignment.serviceName}${conditionStr}`);
+        });
+        console.log('═══════════════════════════════════════════════════════════════\n');
+    }
+    /**
+     * Validate all assignments for conflicts
+     * @throws Error if conflicts are detected
+     */
+    validate() {
+        const priorities = Array.from(this.assignments.keys());
+        const uniquePriorities = new Set(priorities);
+        if (priorities.length !== uniquePriorities.size) {
+            throw new Error('Priority conflict detected: Duplicate priorities found.');
+        }
+        const services = Array.from(this.serviceNames);
+        if (services.length !== this.assignments.size) {
+            throw new Error('Service name conflict detected: Duplicate service names found.');
+        }
+    }
+    /**
+     * Clear all assignments
+     */
+    clear() {
+        this.assignments.clear();
+        this.serviceNames.clear();
+    }
+    /**
+     * Get total number of assignments
+     * @returns Number of registered assignments
+     */
+    get count() {
+        return this.assignments.size;
+    }
+}
+exports.PriorityTracker = PriorityTracker;

package/dist/index.d.ts

@@ -0,0 +1,33 @@
+export * from './aws-cdk/constructs/vpc';
+export * from './aws-cdk/constructs/alb';
+export * from './aws-cdk/constructs/nlb';
+export * from './aws-cdk/constructs/ecs-cluster';
+export { EcsServiceConstruct as CdkEcsServiceConstruct, EcsServiceConstructProps as CdkEcsServiceConstructProps } from './aws-cdk/constructs/ecs-service';
+export * from './aws-cdk/constructs/rds';
+export * from './aws-cdk/constructs/elasticache';
+export * from './aws-cdk/constructs/efs';
+export * from './aws-cdk/constructs/bastion';
+export { NaclConstruct, NaclConstructProps, NaclRuleConfig as CdkNaclRuleConfig, NaclConfig as CdkNaclConfig } from './aws-cdk/constructs/nacl';
+export * from './aws-cdk/constructs/ecr';
+export * from './aws-cdk/constructs/acm';
+export * from './aws-cdk/constructs/cloudfront';
+export * from './aws-cdk/constructs/sqs';
+export * from './aws-cdk/constructs/waf';
+export * from './aws-cdk/constructs/self-signed-cert';
+export * from './aws-cdk/interfaces/vpc-config';
+export * from './aws-cdk/interfaces/alb-config';
+export * from './aws-cdk/interfaces/nlb-config';
+export * from './aws-cdk/interfaces/ecs-cluster-config';
+export { EcsServiceConfig as CdkEcsServiceConfig } from './aws-cdk/interfaces/ecs-service-config';
+export * from './aws-cdk/interfaces/rds-config';
+export * from './aws-cdk/interfaces/elasticache-config';
+export * from './aws-cdk/interfaces/efs-config';
+export * from './aws-cdk/interfaces/bastion-config';
+export * from './aws-cdk/interfaces/ecr-config';
+export * from './aws-cdk/interfaces/account-config';
+export * from './aws-cdk/interfaces/tag-config';
+export * from './aws-cdk/interfaces/acm-config';
+export * from './aws-cdk/interfaces/cloudfront-config';
+export * from './aws-cdk/interfaces/sqs-config';
+export * from './aws-cdk/interfaces/waf-config';
+export * from './aws-cdk/utils/priority-tracker';

package/dist/index.js

@@ -0,0 +1,55 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NaclConstruct = exports.CdkEcsServiceConstruct = void 0;
+// AWS CDK Constructs
+__exportStar(require("./aws-cdk/constructs/vpc"), exports);
+__exportStar(require("./aws-cdk/constructs/alb"), exports);
+__exportStar(require("./aws-cdk/constructs/nlb"), exports);
+__exportStar(require("./aws-cdk/constructs/ecs-cluster"), exports);
+var ecs_service_1 = require("./aws-cdk/constructs/ecs-service");
+Object.defineProperty(exports, "CdkEcsServiceConstruct", { enumerable: true, get: function () { return ecs_service_1.EcsServiceConstruct; } });
+__exportStar(require("./aws-cdk/constructs/rds"), exports);
+__exportStar(require("./aws-cdk/constructs/elasticache"), exports);
+__exportStar(require("./aws-cdk/constructs/efs"), exports);
+__exportStar(require("./aws-cdk/constructs/bastion"), exports);
+var nacl_1 = require("./aws-cdk/constructs/nacl");
+Object.defineProperty(exports, "NaclConstruct", { enumerable: true, get: function () { return nacl_1.NaclConstruct; } });
+__exportStar(require("./aws-cdk/constructs/ecr"), exports);
+__exportStar(require("./aws-cdk/constructs/acm"), exports);
+__exportStar(require("./aws-cdk/constructs/cloudfront"), exports);
+__exportStar(require("./aws-cdk/constructs/sqs"), exports);
+__exportStar(require("./aws-cdk/constructs/waf"), exports);
+__exportStar(require("./aws-cdk/constructs/self-signed-cert"), exports);
+// AWS CDK Interfaces
+__exportStar(require("./aws-cdk/interfaces/vpc-config"), exports);
+__exportStar(require("./aws-cdk/interfaces/alb-config"), exports);
+__exportStar(require("./aws-cdk/interfaces/nlb-config"), exports);
+__exportStar(require("./aws-cdk/interfaces/ecs-cluster-config"), exports);
+__exportStar(require("./aws-cdk/interfaces/rds-config"), exports);
+__exportStar(require("./aws-cdk/interfaces/elasticache-config"), exports);
+__exportStar(require("./aws-cdk/interfaces/efs-config"), exports);
+__exportStar(require("./aws-cdk/interfaces/bastion-config"), exports);
+// nacl-config already exports from constructs, skip to avoid duplicates
+__exportStar(require("./aws-cdk/interfaces/ecr-config"), exports);
+__exportStar(require("./aws-cdk/interfaces/account-config"), exports);
+__exportStar(require("./aws-cdk/interfaces/tag-config"), exports);
+__exportStar(require("./aws-cdk/interfaces/acm-config"), exports);
+__exportStar(require("./aws-cdk/interfaces/cloudfront-config"), exports);
+__exportStar(require("./aws-cdk/interfaces/sqs-config"), exports);
+__exportStar(require("./aws-cdk/interfaces/waf-config"), exports);
+// AWS CDK Utils
+__exportStar(require("./aws-cdk/utils/priority-tracker"), exports);

package/dist/terraform-cdk/constructs/alb-listener-rule.d.ts

@@ -0,0 +1,33 @@
+/**
+ * ALB Listener Rule Construct
+ *
+ * Creates an ALB Listener Rule with:
+ * - Priority management
+ * - Conditions (path pattern, host header)
+ * - Target Group integration
+ */
+import { Construct } from 'constructs';
+import { LbListenerRule } from '@cdktf/provider-aws/lib/lb-listener-rule';
+import { LbTargetGroup } from '@cdktf/provider-aws/lib/lb-target-group';
+export interface AlbListenerRuleProps {
+    listenerArn: string;
+    priority: number;
+    targetGroup: LbTargetGroup;
+    pathPattern?: string;
+    hostHeader?: string;
+    serviceName: string;
+    environment: string;
+    tags?: Record<string, string>;
+}
+export declare class AlbListenerRuleConstruct extends Construct {
+    readonly listenerRule: LbListenerRule;
+    constructor(scope: Construct, id: string, props: AlbListenerRuleProps);
+    /**
+     * Get a human-readable description of the rule conditions
+     */
+    getConditionDescription(): string;
+    /**
+     * Static helper to format condition description
+     */
+    static formatConditions(pathPattern?: string, hostHeader?: string): string;
+}

package/dist/terraform-cdk/constructs/alb-listener-rule.js

@@ -0,0 +1,81 @@
+"use strict";
+/**
+ * ALB Listener Rule Construct
+ *
+ * Creates an ALB Listener Rule with:
+ * - Priority management
+ * - Conditions (path pattern, host header)
+ * - Target Group integration
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AlbListenerRuleConstruct = void 0;
+const constructs_1 = require("constructs");
+const lb_listener_rule_1 = require("@cdktf/provider-aws/lib/lb-listener-rule");
+class AlbListenerRuleConstruct extends constructs_1.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const { listenerArn, priority, targetGroup, pathPattern, hostHeader, serviceName, environment, tags, } = props;
+        // Validate that at least one condition is provided
+        if (!pathPattern && !hostHeader) {
+            throw new Error(`At least one condition (pathPattern or hostHeader) must be provided for service ${serviceName}`);
+        }
+        // Build conditions array
+        const conditions = [];
+        if (pathPattern) {
+            conditions.push({
+                pathPattern: {
+                    values: [pathPattern],
+                },
+            });
+        }
+        if (hostHeader) {
+            conditions.push({
+                hostHeader: {
+                    values: [hostHeader],
+                },
+            });
+        }
+        // Create Listener Rule
+        this.listenerRule = new lb_listener_rule_1.LbListenerRule(this, 'listener-rule', {
+            listenerArn,
+            priority,
+            action: [
+                {
+                    type: 'forward',
+                    targetGroupArn: targetGroup.arn,
+                },
+            ],
+            condition: conditions,
+            tags: {
+                Name: `${environment}-${serviceName}-rule`,
+                Environment: environment,
+                Service: serviceName,
+                Priority: priority.toString(),
+                ManagedBy: 'banshee-rx-0',
+                ...tags,
+            },
+        });
+    }
+    /**
+     * Get a human-readable description of the rule conditions
+     */
+    getConditionDescription() {
+        const conditions = [];
+        // Note: We can't access the actual values from the construct props after construction
+        // This method would need to be called with the original props
+        // For now, return a generic description
+        return 'ALB Listener Rule';
+    }
+    /**
+     * Static helper to format condition description
+     */
+    static formatConditions(pathPattern, hostHeader) {
+        const conditions = [];
+        if (pathPattern)
+            conditions.push(`Path: ${pathPattern}`);
+        if (hostHeader)
+            conditions.push(`Host: ${hostHeader}`);
+        return conditions.join(', ');
+    }
+}
+exports.AlbListenerRuleConstruct = AlbListenerRuleConstruct;

package/dist/terraform-cdk/constructs/ecs-service.d.ts

@@ -0,0 +1,29 @@
+/**
+ * ECS Service Construct
+ *
+ * Creates an ECS Service with all required resources:
+ * - Security Group
+ * - CloudWatch Log Group
+ * - IAM Roles (Task Role, Execution Role)
+ * - ECS Task Definition
+ * - ECS Service
+ * - Target Group
+ */
+import { Construct } from 'constructs';
+import { SecurityGroup } from '@cdktf/provider-aws/lib/security-group';
+import { EcsTaskDefinition } from '@cdktf/provider-aws/lib/ecs-task-definition';
+import { EcsService } from '@cdktf/provider-aws/lib/ecs-service';
+import { LbTargetGroup } from '@cdktf/provider-aws/lib/lb-target-group';
+import { EcsServiceConfig } from '../interfaces/ecs-service-config';
+import { InfrastructureRefs } from '../interfaces/infrastructure-refs';
+export interface EcsServiceConstructProps {
+    config: EcsServiceConfig;
+    infrastructureRefs: InfrastructureRefs;
+}
+export declare class EcsServiceConstruct extends Construct {
+    readonly service: EcsService;
+    readonly targetGroup: LbTargetGroup;
+    readonly securityGroup: SecurityGroup;
+    readonly taskDefinition: EcsTaskDefinition;
+    constructor(scope: Construct, id: string, props: EcsServiceConstructProps);
+}

package/dist/terraform-cdk/constructs/ecs-service.js

@@ -0,0 +1,238 @@
+"use strict";
+/**
+ * ECS Service Construct
+ *
+ * Creates an ECS Service with all required resources:
+ * - Security Group
+ * - CloudWatch Log Group
+ * - IAM Roles (Task Role, Execution Role)
+ * - ECS Task Definition
+ * - ECS Service
+ * - Target Group
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EcsServiceConstruct = void 0;
+const constructs_1 = require("constructs");
+const security_group_1 = require("@cdktf/provider-aws/lib/security-group");
+const security_group_rule_1 = require("@cdktf/provider-aws/lib/security-group-rule");
+const cloudwatch_log_group_1 = require("@cdktf/provider-aws/lib/cloudwatch-log-group");
+const iam_role_1 = require("@cdktf/provider-aws/lib/iam-role");
+const iam_role_policy_attachment_1 = require("@cdktf/provider-aws/lib/iam-role-policy-attachment");
+const ecs_task_definition_1 = require("@cdktf/provider-aws/lib/ecs-task-definition");
+const ecs_service_1 = require("@cdktf/provider-aws/lib/ecs-service");
+const lb_target_group_1 = require("@cdktf/provider-aws/lib/lb-target-group");
+const ecs_service_config_1 = require("../interfaces/ecs-service-config");
+class EcsServiceConstruct extends constructs_1.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const { config, infrastructureRefs } = props;
+        const fullServiceName = `${config.environment}-${config.serviceName}`;
+        // Create Security Group for ECS Service
+        this.securityGroup = new security_group_1.SecurityGroup(this, 'security-group', {
+            name: `${fullServiceName}-ecs-sg`,
+            description: `Security group for ${fullServiceName} ECS service`,
+            vpcId: infrastructureRefs.vpcId,
+            tags: {
+                Name: `${fullServiceName}-ecs-sg`,
+                Environment: config.environment,
+                Service: config.serviceName,
+                ManagedBy: 'banshee-rx-0',
+                ...config.tags,
+            },
+        });
+        // Allow inbound traffic from ALB on container port
+        new security_group_rule_1.SecurityGroupRule(this, 'ingress-from-alb', {
+            type: 'ingress',
+            fromPort: config.containerPort,
+            toPort: config.containerPort,
+            protocol: 'tcp',
+            sourceSecurityGroupId: infrastructureRefs.albSecurityGroupId,
+            securityGroupId: this.securityGroup.id,
+            description: `Allow traffic from ALB to ${fullServiceName}`,
+        });
+        // Allow all outbound traffic
+        new security_group_rule_1.SecurityGroupRule(this, 'egress-all', {
+            type: 'egress',
+            fromPort: 0,
+            toPort: 0,
+            protocol: '-1',
+            cidrBlocks: ['0.0.0.0/0'],
+            securityGroupId: this.securityGroup.id,
+            description: 'Allow all outbound traffic',
+        });
+        // Create CloudWatch Log Group
+        const logGroup = new cloudwatch_log_group_1.CloudwatchLogGroup(this, 'log-group', {
+            name: `/ecs/${fullServiceName}`,
+            retentionInDays: config.logRetentionDays || ecs_service_config_1.ECS_SERVICE_DEFAULTS.logRetentionDays,
+            tags: {
+                Name: `/ecs/${fullServiceName}`,
+                Environment: config.environment,
+                Service: config.serviceName,
+                ManagedBy: 'banshee-rx-0',
+                ...config.tags,
+            },
+        });
+        // Create Task Execution Role
+        const executionRole = new iam_role_1.IamRole(this, 'execution-role', {
+            name: `${fullServiceName}-execution-role`,
+            assumeRolePolicy: JSON.stringify({
+                Version: '2012-10-17',
+                Statement: [
+                    {
+                        Effect: 'Allow',
+                        Principal: {
+                            Service: 'ecs-tasks.amazonaws.com',
+                        },
+                        Action: 'sts:AssumeRole',
+                    },
+                ],
+            }),
+            tags: {
+                Name: `${fullServiceName}-execution-role`,
+                Environment: config.environment,
+                Service: config.serviceName,
+                ManagedBy: 'banshee-rx-0',
+                ...config.tags,
+            },
+        });
+        // Attach ECS Task Execution Role Policy
+        new iam_role_policy_attachment_1.IamRolePolicyAttachment(this, 'execution-role-policy', {
+            role: executionRole.name,
+            policyArn: 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy',
+        });
+        // Create Task Role
+        const taskRole = new iam_role_1.IamRole(this, 'task-role', {
+            name: `${fullServiceName}-task-role`,
+            assumeRolePolicy: JSON.stringify({
+                Version: '2012-10-17',
+                Statement: [
+                    {
+                        Effect: 'Allow',
+                        Principal: {
+                            Service: 'ecs-tasks.amazonaws.com',
+                        },
+                        Action: 'sts:AssumeRole',
+                    },
+                ],
+            }),
+            tags: {
+                Name: `${fullServiceName}-task-role`,
+                Environment: config.environment,
+                Service: config.serviceName,
+                ManagedBy: 'banshee-rx-0',
+                ...config.tags,
+            },
+        });
+        // Build environment variables array
+        const environment = config.environmentVariables
+            ? Object.entries(config.environmentVariables).map(([name, value]) => ({
+                name,
+                value,
+            }))
+            : [];
+        // Build container definition
+        const containerDefinitions = [
+            {
+                name: config.serviceName,
+                image: config.containerImage,
+                cpu: config.cpu,
+                memory: config.memory,
+                essential: true,
+                portMappings: [
+                    {
+                        containerPort: config.containerPort,
+                        protocol: 'tcp',
+                    },
+                ],
+                environment,
+                secrets: config.secrets || [],
+                logConfiguration: {
+                    logDriver: 'awslogs',
+                    options: {
+                        'awslogs-group': logGroup.name,
+                        'awslogs-region': infrastructureRefs.region,
+                        'awslogs-stream-prefix': 'ecs',
+                    },
+                },
+            },
+        ];
+        // Create ECS Task Definition
+        this.taskDefinition = new ecs_task_definition_1.EcsTaskDefinition(this, 'task-definition', {
+            family: fullServiceName,
+            networkMode: 'awsvpc',
+            requiresCompatibilities: ['FARGATE'],
+            cpu: config.cpu.toString(),
+            memory: config.memory.toString(),
+            executionRoleArn: executionRole.arn,
+            taskRoleArn: taskRole.arn,
+            containerDefinitions: JSON.stringify(containerDefinitions),
+            tags: {
+                Name: fullServiceName,
+                Environment: config.environment,
+                Service: config.serviceName,
+                ManagedBy: 'banshee-rx-0',
+                ...config.tags,
+            },
+        });
+        // Create Target Group
+        this.targetGroup = new lb_target_group_1.LbTargetGroup(this, 'target-group', {
+            name: `${fullServiceName}-tg`,
+            port: config.containerPort,
+            protocol: config.targetGroupProtocol || ecs_service_config_1.ECS_SERVICE_DEFAULTS.targetGroupProtocol,
+            vpcId: infrastructureRefs.vpcId,
+            targetType: 'ip',
+            deregistrationDelay: (config.deregistrationDelay || ecs_service_config_1.ECS_SERVICE_DEFAULTS.deregistrationDelay).toString(),
+            healthCheck: {
+                enabled: true,
+                path: config.healthCheckPath,
+                protocol: config.targetGroupProtocol || ecs_service_config_1.ECS_SERVICE_DEFAULTS.targetGroupProtocol,
+                interval: config.healthCheckInterval || ecs_service_config_1.ECS_SERVICE_DEFAULTS.healthCheckInterval,
+                timeout: config.healthCheckTimeout || ecs_service_config_1.ECS_SERVICE_DEFAULTS.healthCheckTimeout,
+                healthyThreshold: config.healthCheckHealthyThreshold || ecs_service_config_1.ECS_SERVICE_DEFAULTS.healthCheckHealthyThreshold,
+                unhealthyThreshold: config.healthCheckUnhealthyThreshold || ecs_service_config_1.ECS_SERVICE_DEFAULTS.healthCheckUnhealthyThreshold,
+                matcher: '200',
+            },
+            tags: {
+                Name: `${fullServiceName}-tg`,
+                Environment: config.environment,
+                Service: config.serviceName,
+                ManagedBy: 'banshee-rx-0',
+                ...config.tags,
+            },
+        });
+        // Create ECS Service
+        this.service = new ecs_service_1.EcsService(this, 'service', {
+            name: fullServiceName,
+            cluster: infrastructureRefs.ecsClusterArn,
+            taskDefinition: this.taskDefinition.arn,
+            desiredCount: config.desiredCount,
+            launchType: 'FARGATE',
+            networkConfiguration: {
+                subnets: infrastructureRefs.privateSubnetIds,
+                securityGroups: [this.securityGroup.id],
+                assignPublicIp: false,
+            },
+            loadBalancer: [
+                {
+                    targetGroupArn: this.targetGroup.arn,
+                    containerName: config.serviceName,
+                    containerPort: config.containerPort,
+                },
+            ],
+            tags: {
+                Name: fullServiceName,
+                Environment: config.environment,
+                Service: config.serviceName,
+                ManagedBy: 'banshee-rx-0',
+                ...config.tags,
+            },
+            // Ignore changes to desired count if auto-scaling is enabled
+            lifecycle: config.enableAutoScaling
+                ? {
+                    ignoreChanges: ['desired_count'],
+                }
+                : undefined,
+        });
+    }
+}
+exports.EcsServiceConstruct = EcsServiceConstruct;

package/dist/terraform-cdk/interfaces/ecs-service-config.d.ts

@@ -0,0 +1,53 @@
+/**
+ * ECS Service Configuration Interface
+ *
+ * Defines the configuration structure for creating ECS services with ALB integration.
+ */
+export interface EcsServiceConfig {
+    serviceName: string;
+    environment: string;
+    containerImage: string;
+    containerPort: number;
+    cpu: number;
+    memory: number;
+    desiredCount: number;
+    environmentVariables?: Record<string, string>;
+    secrets?: Array<{
+        name: string;
+        valueFrom: string;
+    }>;
+    healthCheckPath: string;
+    healthCheckInterval?: number;
+    healthCheckTimeout?: number;
+    healthCheckHealthyThreshold?: number;
+    healthCheckUnhealthyThreshold?: number;
+    listenerRulePriority: number;
+    pathPattern?: string;
+    hostHeader?: string;
+    deregistrationDelay?: number;
+    targetGroupProtocol?: string;
+    enableAutoScaling?: boolean;
+    minCapacity?: number;
+    maxCapacity?: number;
+    targetCpuUtilization?: number;
+    targetMemoryUtilization?: number;
+    logRetentionDays?: number;
+    tags?: Record<string, string>;
+}
+/**
+ * Default values for optional ECS service configuration
+ */
+export declare const ECS_SERVICE_DEFAULTS: {
+    readonly healthCheckInterval: 30;
+    readonly healthCheckTimeout: 5;
+    readonly healthCheckHealthyThreshold: 2;
+    readonly healthCheckUnhealthyThreshold: 3;
+    readonly deregistrationDelay: 30;
+    readonly targetGroupProtocol: "HTTP";
+    readonly logRetentionDays: 7;
+    readonly enableAutoScaling: false;
+    readonly minCapacity: 1;
+    readonly maxCapacity: 10;
+    readonly targetCpuUtilization: 70;
+    readonly targetMemoryUtilization: 80;
+};