@friggframework/devtools 2.0.0--canary.428.5364e8f.0 → 2.0.0--canary.428.1c210bc.0

package/infrastructure/serverless-template.js

@@ -1050,6 +1050,17 @@ const composeServerlessDefinition = async (AppDefinition) => {
                 `Using existing KMS key: ${discoveredResources.defaultKmsKeyId}`
             );
 
+            // Create a CloudFormation-managed alias to track the discovered key
+            // This ensures CloudFormation always has a resource to manage, preventing deletion
+            definition.resources.Resources.FriggKMSKeyAlias = {
+                Type: 'AWS::KMS::Alias',
+                DeletionPolicy: 'Retain',
+                Properties: {
+                    AliasName: 'alias/${self:service}-${self:provider.stage}-frigg-kms',
+                    TargetKeyId: discoveredResources.defaultKmsKeyId
+                }
+            };
+
             definition.provider.iamRoleStatements.push({
                 Effect: 'Allow',
                 Action: ['kms:GenerateDataKey', 'kms:Decrypt'],
@@ -1065,6 +1076,8 @@ const composeServerlessDefinition = async (AppDefinition) => {
 
                 definition.resources.Resources.FriggKMSKey = {
                     Type: 'AWS::KMS::Key',
+                    DeletionPolicy: 'Retain',
+                    UpdateReplacePolicy: 'Retain',
                     Properties: {
                         EnableKeyRotation: true,
                         Description: 'Frigg KMS key for field-level encryption',
@@ -1110,6 +1123,10 @@ const composeServerlessDefinition = async (AppDefinition) => {
                                 Key: 'Name',
                                 Value: '${self:service}-${self:provider.stage}-frigg-kms-key',
                             },
+                            {
+                                Key: 'ManagedBy',
+                                Value: 'Frigg',
+                            },
                             {
                                 Key: 'Purpose',
                                 Value: 'Field-level encryption for Frigg application',
@@ -1118,6 +1135,16 @@ const composeServerlessDefinition = async (AppDefinition) => {
                     },
                 };
 
+                // Create an alias for the new KMS key for consistent discovery
+                definition.resources.Resources.FriggKMSKeyAlias = {
+                    Type: 'AWS::KMS::Alias',
+                    DeletionPolicy: 'Retain',
+                    Properties: {
+                        AliasName: 'alias/${self:service}-${self:provider.stage}-frigg-kms',
+                        TargetKeyId: { 'Fn::GetAtt': ['FriggKMSKey', 'Arn'] }
+                    }
+                };
+
                 definition.provider.iamRoleStatements.push({
                     Effect: 'Allow',
                     Action: ['kms:GenerateDataKey', 'kms:Decrypt'],

package/infrastructure/serverless-template.test.js

@@ -398,6 +398,17 @@ describe('composeServerlessDefinition', () => {
             expect(result.custom.kmsGrants).toEqual({
                 kmsKeyId: 'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012'
             });
+
+            // Check KMS Alias resource is created for discovered key
+            expect(result.resources.Resources.FriggKMSKeyAlias).toBeDefined();
+            expect(result.resources.Resources.FriggKMSKeyAlias).toEqual({
+                Type: 'AWS::KMS::Alias',
+                DeletionPolicy: 'Retain',
+                Properties: {
+                    AliasName: 'alias/${self:service}-${self:provider.stage}-frigg-kms',
+                    TargetKeyId: 'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012'
+                }
+            });
         });
 
         it('should create new KMS key when encryption is enabled, no key found, and createResourceIfNoneFound is true', async () => {
@@ -426,9 +437,11 @@ describe('composeServerlessDefinition', () => {
 
             const result = await composeServerlessDefinition(appDefinition);
 
-            // Check that KMS key resource was created
+            // Check that KMS key resource was created with DeletionPolicy
             expect(result.resources.Resources.FriggKMSKey).toEqual({
                 Type: 'AWS::KMS::Key',
+                DeletionPolicy: 'Retain',
+                UpdateReplacePolicy: 'Retain',
                 Properties: {
                     EnableKeyRotation: true,
                     Description: 'Frigg KMS key for field-level encryption',
@@ -479,6 +492,17 @@ describe('composeServerlessDefinition', () => {
                 }
             });
 
+            // Check KMS Alias resource is created for the new key
+            expect(result.resources.Resources.FriggKMSKeyAlias).toBeDefined();
+            expect(result.resources.Resources.FriggKMSKeyAlias).toEqual({
+                Type: 'AWS::KMS::Alias',
+                DeletionPolicy: 'Retain',
+                Properties: {
+                    AliasName: 'alias/${self:service}-${self:provider.stage}-frigg-kms',
+                    TargetKeyId: { 'Fn::GetAtt': ['FriggKMSKey', 'Arn'] }
+                }
+            });
+
             // Check IAM permissions for the new key
             const kmsPermission = result.provider.iamRoleStatements.find(
                 statement => statement.Action.includes('kms:GenerateDataKey')

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@friggframework/devtools",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0--canary.428.5364e8f.0",
+  "version": "2.0.0--canary.428.1c210bc.0",
   "dependencies": {
     "@aws-sdk/client-ec2": "^3.835.0",
     "@aws-sdk/client-kms": "^3.835.0",
@@ -9,8 +9,8 @@
     "@babel/eslint-parser": "^7.18.9",
     "@babel/parser": "^7.25.3",
     "@babel/traverse": "^7.25.3",
-    "@friggframework/schemas": "2.0.0--canary.428.5364e8f.0",
-    "@friggframework/test": "2.0.0--canary.428.5364e8f.0",
+    "@friggframework/schemas": "2.0.0--canary.428.1c210bc.0",
+    "@friggframework/test": "2.0.0--canary.428.1c210bc.0",
     "@hapi/boom": "^10.0.1",
     "@inquirer/prompts": "^5.3.8",
     "axios": "^1.7.2",
@@ -32,8 +32,8 @@
     "serverless-http": "^2.7.0"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0--canary.428.5364e8f.0",
-    "@friggframework/prettier-config": "2.0.0--canary.428.5364e8f.0",
+    "@friggframework/eslint-config": "2.0.0--canary.428.1c210bc.0",
+    "@friggframework/prettier-config": "2.0.0--canary.428.1c210bc.0",
     "aws-sdk-client-mock": "^4.1.0",
     "aws-sdk-client-mock-jest": "^4.1.0",
     "jest": "^30.1.3",
@@ -68,5 +68,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "5364e8f51732aa43ffbb4431fdcea2bfa69fb632"
+  "gitHead": "1c210bc49b0013c033077c703eaa7e388927d4bf"
 }