@friggframework/devtools 2.0.0--canary.463.62579dd.0 → 2.0.0--canary.461.84ff4f5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/frigg-cli/__tests__/unit/commands/db-setup.test.js +1 -1
  2. package/frigg-cli/db-setup-command/index.js +1 -1
  3. package/infrastructure/POSTGRES-CONFIGURATION.md +630 -0
  4. package/infrastructure/README.md +51 -0
  5. package/infrastructure/__tests__/postgres-config.test.js +914 -0
  6. package/infrastructure/aws-discovery.js +507 -2
  7. package/infrastructure/aws-discovery.test.js +447 -1
  8. package/infrastructure/scripts/build-prisma-layer.js +534 -0
  9. package/infrastructure/serverless-template.js +602 -80
  10. package/infrastructure/serverless-template.test.js +91 -0
  11. package/package.json +8 -6
  12. package/frigg-cli/__tests__/unit/utils/prisma-runner.test.js +0 -486
  13. package/frigg-cli/utils/prisma-runner.js +0 -280
package/infrastructure/aws-discovery.js CHANGED
@@ -8,6 +8,8 @@ let EC2Client,
8
8
  DescribeInternetGatewaysCommand;
9
9
  let KMSClient, ListKeysCommand, DescribeKeyCommand;
10
10
  let STSClient, GetCallerIdentityCommand;
11
+ let RDSClient, DescribeDBClustersCommand, DescribeDBSubnetGroupsCommand;
12
+ let SecretsManagerClient, ListSecretsCommand, DescribeSecretCommand;
11
13
 
12
14
  function loadEC2() {
13
15
  if (!EC2Client) {
@@ -30,6 +32,7 @@ function loadKMS() {
30
32
  KMSClient,
31
33
  ListKeysCommand,
32
34
  DescribeKeyCommand,
35
+ ListAliasesCommand,
33
36
  } = require('@aws-sdk/client-kms'));
34
37
  }
35
38
  }
@@ -43,15 +46,121 @@ function loadSTS() {
43
46
  }
44
47
  }
45
48
 
49
+ function loadRDS() {
50
+ if (!RDSClient) {
51
+ ({
52
+ RDSClient,
53
+ DescribeDBClustersCommand,
54
+ DescribeDBSubnetGroupsCommand,
55
+ } = require('@aws-sdk/client-rds'));
56
+ }
57
+ }
58
+
59
+ function loadSecretsManager() {
60
+ if (!SecretsManagerClient) {
61
+ ({
62
+ SecretsManagerClient,
63
+ ListSecretsCommand,
64
+ DescribeSecretCommand,
65
+ } = require('@aws-sdk/client-secrets-manager'));
66
+ }
67
+ }
68
+
46
69
  class AWSDiscovery {
47
70
  constructor(region = 'us-east-1') {
71
+ console.log('[AWSDiscovery] Initializing AWSDiscovery...');
72
+ console.log('[AWSDiscovery] Region:', region);
73
+ console.log('[AWSDiscovery] System time:', new Date().toISOString());
74
+ console.log('[AWSDiscovery] AWS_PROFILE:', process.env.AWS_PROFILE);
75
+ console.log('[AWSDiscovery] AWS_ACCESS_KEY_ID:', process.env.AWS_ACCESS_KEY_ID ? 'SET (hidden)' : 'NOT SET');
76
+ console.log('[AWSDiscovery] AWS_SECRET_ACCESS_KEY:', process.env.AWS_SECRET_ACCESS_KEY ? 'SET (hidden)' : 'NOT SET');
77
+ console.log('[AWSDiscovery] NODE_TLS_REJECT_UNAUTHORIZED:', process.env.NODE_TLS_REJECT_UNAUTHORIZED);
78
+
48
79
  this.region = region;
49
80
  loadEC2();
50
81
  loadKMS();
51
82
  loadSTS();
83
+ loadRDS();
84
+ loadSecretsManager();
52
85
  this.ec2Client = new EC2Client({ region });
53
86
  this.kmsClient = new KMSClient({ region });
54
87
  this.stsClient = new STSClient({ region });
88
+ this.rdsClient = new RDSClient({ region });
89
+ this.secretsManagerClient = new SecretsManagerClient({ region });
90
+
91
+ console.log('[AWSDiscovery] AWS clients initialized successfully');
92
+ }
93
+
94
+ async validateCredentials() {
95
+ console.log('[AWSDiscovery] Validating AWS credentials...');
96
+
97
+ try {
98
+ const command = new GetCallerIdentityCommand({});
99
+ const startTime = Date.now();
100
+ const response = await this.stsClient.send(command);
101
+ const duration = Date.now() - startTime;
102
+
103
+ console.log('[AWSDiscovery] ✅ Credentials are VALID');
104
+ console.log('[AWSDiscovery] Account ID:', response.Account);
105
+ console.log('[AWSDiscovery] User ARN:', response.Arn);
106
+ console.log('[AWSDiscovery] User ID:', response.UserId);
107
+ console.log('[AWSDiscovery] Validation took', duration, 'ms');
108
+
109
+ return {
110
+ valid: true,
111
+ accountId: response.Account,
112
+ arn: response.Arn,
113
+ userId: response.UserId
114
+ };
115
+ } catch (error) {
116
+ console.error('[AWSDiscovery] ❌ CREDENTIAL VALIDATION FAILED');
117
+ console.error('[AWSDiscovery] Error:', error.message);
118
+ console.error('[AWSDiscovery] Error Code:', error.Code || error.code);
119
+
120
+ // Provide specific guidance based on error type
121
+ if (error.Code === 'RequestExpired' || error.message.includes('expired')) {
122
+ console.error('\n[AWSDiscovery] 🔍 DIAGNOSIS: Expired Credentials');
123
+ console.error('[AWSDiscovery] Your AWS credentials have expired.');
124
+ console.error('[AWSDiscovery] This commonly happens with:');
125
+ console.error('[AWSDiscovery] - Temporary STS credentials (AWS_ACCESS_KEY_ID starting with "ASIA")');
126
+ console.error('[AWSDiscovery] - AWS SSO sessions that have timed out');
127
+ console.error('[AWSDiscovery] - Hardcoded credentials in .env files');
128
+ console.error('\n[AWSDiscovery] 💡 SOLUTIONS:');
129
+ if (process.env.AWS_ACCESS_KEY_ID?.startsWith('ASIA')) {
130
+ console.error('[AWSDiscovery] 1. Comment out AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in your .env file');
131
+ console.error('[AWSDiscovery] 2. Use AWS_PROFILE instead: AWS_PROFILE=your-profile npm run deploy');
132
+ } else if (process.env.AWS_PROFILE) {
133
+ console.error('[AWSDiscovery] 1. Refresh your AWS SSO login: aws sso login --profile', process.env.AWS_PROFILE);
134
+ console.error('[AWSDiscovery] 2. Or regenerate credentials if using IAM user');
135
+ } else {
136
+ console.error('[AWSDiscovery] 1. Set up AWS profile: aws configure --profile your-profile');
137
+ console.error('[AWSDiscovery] 2. Or use AWS SSO: aws sso login');
138
+ }
139
+ } else if (error.Code === 'InvalidClientTokenId' || error.Code === 'SignatureDoesNotMatch') {
140
+ console.error('\n[AWSDiscovery] 🔍 DIAGNOSIS: Invalid Credentials');
141
+ console.error('[AWSDiscovery] Your AWS credentials are not recognized or incorrect.');
142
+ console.error('\n[AWSDiscovery] 💡 SOLUTIONS:');
143
+ console.error('[AWSDiscovery] 1. Check AWS credentials file: cat ~/.aws/credentials');
144
+ console.error('[AWSDiscovery] 2. Verify profile exists: aws configure list-profiles');
145
+ console.error('[AWSDiscovery] 3. Test credentials: aws sts get-caller-identity --profile', process.env.AWS_PROFILE || 'default');
146
+ } else if (error.message.includes('Could not load credentials')) {
147
+ console.error('\n[AWSDiscovery] 🔍 DIAGNOSIS: No Credentials Found');
148
+ console.error('[AWSDiscovery] AWS SDK cannot find any credentials.');
149
+ console.error('\n[AWSDiscovery] 💡 SOLUTIONS:');
150
+ console.error('[AWSDiscovery] 1. Set AWS_PROFILE: export AWS_PROFILE=your-profile');
151
+ console.error('[AWSDiscovery] 2. Or configure default profile: aws configure');
152
+ console.error('[AWSDiscovery] 3. Or use AWS SSO: aws sso login');
153
+ } else {
154
+ console.error('\n[AWSDiscovery] 💡 GENERAL TROUBLESHOOTING:');
155
+ console.error('[AWSDiscovery] 1. Test credentials manually: aws sts get-caller-identity');
156
+ console.error('[AWSDiscovery] 2. Check ~/.aws/credentials file exists');
157
+ console.error('[AWSDiscovery] 3. Verify network connectivity to AWS');
158
+ }
159
+
160
+ console.error('\n[AWSDiscovery] ⛔ Cannot proceed with AWS discovery until credentials are valid.\n');
161
+
162
+ throw new Error(`AWS credential validation failed: ${error.message}. See detailed guidance above.`);
163
+ }
55
164
  }
56
165
 
57
166
  async getAccountId() {
@@ -67,6 +176,10 @@ class AWSDiscovery {
67
176
 
68
177
  async findDefaultVpc() {
69
178
  try {
179
+ console.log('[AWSDiscovery.findDefaultVpc] Starting VPC discovery...');
180
+ console.log('[AWSDiscovery.findDefaultVpc] Request timestamp:', new Date().toISOString());
181
+ console.log('[AWSDiscovery.findDefaultVpc] Region:', this.region);
182
+
70
183
  const command = new DescribeVpcsCommand({
71
184
  Filters: [
72
185
  {
@@ -76,23 +189,54 @@ class AWSDiscovery {
76
189
  ],
77
190
  });
78
191
 
192
+ console.log('[AWSDiscovery.findDefaultVpc] Sending DescribeVpcsCommand (default VPC)...');
193
+ console.log('[AWSDiscovery.findDefaultVpc] Request time before send:', new Date().toISOString());
194
+
195
+ const requestStart = Date.now();
79
196
  const response = await this.ec2Client.send(command);
197
+ const requestDuration = Date.now() - requestStart;
198
+
199
+ console.log('[AWSDiscovery.findDefaultVpc] Request completed in', requestDuration, 'ms');
200
+ console.log('[AWSDiscovery.findDefaultVpc] Response time:', new Date().toISOString());
201
+ console.log('[AWSDiscovery.findDefaultVpc] Found', response.Vpcs?.length || 0, 'default VPC(s)');
80
202
 
81
203
  if (response.Vpcs && response.Vpcs.length > 0) {
204
+ console.log('[AWSDiscovery.findDefaultVpc] Using default VPC:', response.Vpcs[0].VpcId);
82
205
  return response.Vpcs[0];
83
206
  }
84
207
 
208
+ console.log('[AWSDiscovery.findDefaultVpc] No default VPC found, fetching all VPCs...');
85
209
  const allVpcsCommand = new DescribeVpcsCommand({});
210
+
211
+ console.log('[AWSDiscovery.findDefaultVpc] Sending DescribeVpcsCommand (all VPCs)...');
212
+ const allVpcsRequestStart = Date.now();
86
213
  const allVpcsResponse = await this.ec2Client.send(allVpcsCommand);
214
+ const allVpcsRequestDuration = Date.now() - allVpcsRequestStart;
215
+
216
+ console.log('[AWSDiscovery.findDefaultVpc] All VPCs request completed in', allVpcsRequestDuration, 'ms');
217
+ console.log('[AWSDiscovery.findDefaultVpc] Found', allVpcsResponse.Vpcs?.length || 0, 'VPC(s)');
87
218
 
88
219
  if (allVpcsResponse.Vpcs && allVpcsResponse.Vpcs.length > 0) {
89
220
  console.log('No default VPC found, using first available VPC');
221
+ console.log('[AWSDiscovery.findDefaultVpc] Using VPC:', allVpcsResponse.Vpcs[0].VpcId);
90
222
  return allVpcsResponse.Vpcs[0];
91
223
  }
92
224
 
93
225
  throw new Error('No VPC found in the account');
94
226
  } catch (error) {
95
- console.error('Error finding default VPC:', error.message);
227
+ console.error('[AWSDiscovery.findDefaultVpc] ERROR occurred at:', new Date().toISOString());
228
+ console.error('[AWSDiscovery.findDefaultVpc] Error type:', error.constructor.name);
229
+ console.error('[AWSDiscovery.findDefaultVpc] Error code:', error.Code || error.code);
230
+ console.error('[AWSDiscovery.findDefaultVpc] Error message:', error.message);
231
+ console.error('[AWSDiscovery.findDefaultVpc] Error $fault:', error.$fault);
232
+ console.error('[AWSDiscovery.findDefaultVpc] Error $metadata:', JSON.stringify(error.$metadata, null, 2));
233
+
234
+ if (error.$response) {
235
+ console.error('[AWSDiscovery.findDefaultVpc] Response status:', error.$response.statusCode);
236
+ console.error('[AWSDiscovery.findDefaultVpc] Response headers:', JSON.stringify(error.$response.headers, null, 2));
237
+ }
238
+
239
+ console.error('[AWSDiscovery.findDefaultVpc] Full error object:', JSON.stringify(error, Object.getOwnPropertyNames(error), 2));
96
240
  throw error;
97
241
  }
98
242
  }
@@ -510,6 +654,341 @@ class AWSDiscovery {
510
654
  }
511
655
  }
512
656
 
657
+ async findKmsAlias(aliasName) {
658
+ try {
659
+ console.log(`[KMS Alias Discovery] Checking for alias: ${aliasName}`);
660
+ const command = new ListAliasesCommand({});
661
+ const response = await this.kmsClient.send(command);
662
+
663
+ if (!response.Aliases || response.Aliases.length === 0) {
664
+ console.log('[KMS Alias Discovery] No aliases found in account');
665
+ return null;
666
+ }
667
+
668
+ const targetAlias = response.Aliases.find(
669
+ alias => alias.AliasName === aliasName
670
+ );
671
+
672
+ if (targetAlias) {
673
+ console.log(`[KMS Alias Discovery] ✅ Found existing alias: ${aliasName}`);
674
+ console.log(`[KMS Alias Discovery] Target Key: ${targetAlias.TargetKeyId}`);
675
+ return targetAlias;
676
+ }
677
+
678
+ console.log(`[KMS Alias Discovery] Alias ${aliasName} does not exist`);
679
+ return null;
680
+ } catch (error) {
681
+ console.warn(
682
+ `[KMS Alias Discovery] Error checking for alias ${aliasName}:`,
683
+ error.message
684
+ );
685
+ return null;
686
+ }
687
+ }
688
+
689
+ async findAuroraCluster(clusterIdentifier = null, serviceName = null, stage = null) {
690
+ try {
691
+ console.log('[AWSDiscovery.findAuroraCluster] Starting Aurora cluster discovery...');
692
+
693
+ const command = new DescribeDBClustersCommand({});
694
+ const response = await this.rdsClient.send(command);
695
+
696
+ if (!response.DBClusters || response.DBClusters.length === 0) {
697
+ console.log('[AWSDiscovery.findAuroraCluster] No Aurora clusters found');
698
+ return null;
699
+ }
700
+
701
+ console.log(`[AWSDiscovery.findAuroraCluster] Found ${response.DBClusters.length} Aurora cluster(s)`);
702
+
703
+ // Filter for Aurora PostgreSQL clusters
704
+ const postgresClusters = response.DBClusters.filter(
705
+ cluster => cluster.Engine === 'aurora-postgresql' && cluster.Status === 'available'
706
+ );
707
+
708
+ if (postgresClusters.length === 0) {
709
+ console.log('[AWSDiscovery.findAuroraCluster] No available Aurora PostgreSQL clusters found');
710
+ return null;
711
+ }
712
+
713
+ // Priority 1: User-specified cluster identifier
714
+ if (clusterIdentifier) {
715
+ const targetCluster = postgresClusters.find(
716
+ cluster => cluster.DBClusterIdentifier === clusterIdentifier
717
+ );
718
+ if (targetCluster) {
719
+ console.log(`[AWSDiscovery.findAuroraCluster] Found specified cluster: ${clusterIdentifier}`);
720
+ return this._formatAuroraCluster(targetCluster);
721
+ }
722
+ console.warn(`[AWSDiscovery.findAuroraCluster] Specified cluster ${clusterIdentifier} not found`);
723
+ return null;
724
+ }
725
+
726
+ // Priority 2: Frigg-managed cluster with matching service and stage tags
727
+ if (serviceName && stage) {
728
+ const friggCluster = postgresClusters.find(cluster => {
729
+ const tags = cluster.TagList || [];
730
+ const isFrigg = this._isFriggManaged(tags);
731
+ const matchesService = tags.some(tag => tag.Key === 'Service' && tag.Value === serviceName);
732
+ const matchesStage = tags.some(tag => tag.Key === 'Stage' && tag.Value === stage);
733
+ return isFrigg && matchesService && matchesStage;
734
+ });
735
+
736
+ if (friggCluster) {
737
+ console.log(`[AWSDiscovery.findAuroraCluster] Found Frigg-managed cluster: ${friggCluster.DBClusterIdentifier}`);
738
+ return this._formatAuroraCluster(friggCluster);
739
+ }
740
+ }
741
+
742
+ // Priority 3: Any Frigg-managed cluster
743
+ const anyFriggCluster = postgresClusters.find(cluster =>
744
+ this._isFriggManaged(cluster.TagList || [])
745
+ );
746
+
747
+ if (anyFriggCluster) {
748
+ console.log(`[AWSDiscovery.findAuroraCluster] Found Frigg-managed cluster: ${anyFriggCluster.DBClusterIdentifier}`);
749
+ return this._formatAuroraCluster(anyFriggCluster);
750
+ }
751
+
752
+ // Priority 4: First available cluster
753
+ console.log(`[AWSDiscovery.findAuroraCluster] Using first available cluster: ${postgresClusters[0].DBClusterIdentifier}`);
754
+ return this._formatAuroraCluster(postgresClusters[0]);
755
+
756
+ } catch (error) {
757
+ console.error('[AWSDiscovery.findAuroraCluster] Error finding Aurora cluster:', error.message);
758
+ return null;
759
+ }
760
+ }
761
+
762
+ async findDBSubnetGroup(vpcId) {
763
+ try {
764
+ console.log(`[AWSDiscovery.findDBSubnetGroup] Looking for DB subnet groups in VPC ${vpcId}...`);
765
+
766
+ const command = new DescribeDBSubnetGroupsCommand({});
767
+ const response = await this.rdsClient.send(command);
768
+
769
+ if (!response.DBSubnetGroups || response.DBSubnetGroups.length === 0) {
770
+ console.log('[AWSDiscovery.findDBSubnetGroup] No DB subnet groups found');
771
+ return null;
772
+ }
773
+
774
+ // Filter by VPC ID
775
+ const vpcSubnetGroups = response.DBSubnetGroups.filter(
776
+ group => group.VpcId === vpcId
777
+ );
778
+
779
+ if (vpcSubnetGroups.length === 0) {
780
+ console.log(`[AWSDiscovery.findDBSubnetGroup] No DB subnet groups found in VPC ${vpcId}`);
781
+ return null;
782
+ }
783
+
784
+ // Priority 1: Frigg-managed subnet group
785
+ const friggSubnetGroup = vpcSubnetGroups.find(group =>
786
+ this._isFriggManaged(group.Tags || [])
787
+ );
788
+
789
+ if (friggSubnetGroup) {
790
+ console.log(`[AWSDiscovery.findDBSubnetGroup] Found Frigg-managed subnet group: ${friggSubnetGroup.DBSubnetGroupName}`);
791
+ return {
792
+ name: friggSubnetGroup.DBSubnetGroupName,
793
+ vpcId: friggSubnetGroup.VpcId,
794
+ subnets: friggSubnetGroup.Subnets.map(s => s.SubnetIdentifier),
795
+ description: friggSubnetGroup.DBSubnetGroupDescription
796
+ };
797
+ }
798
+
799
+ // Priority 2: First available subnet group
800
+ const subnetGroup = vpcSubnetGroups[0];
801
+ console.log(`[AWSDiscovery.findDBSubnetGroup] Found subnet group: ${subnetGroup.DBSubnetGroupName}`);
802
+ return {
803
+ name: subnetGroup.DBSubnetGroupName,
804
+ vpcId: subnetGroup.VpcId,
805
+ subnets: subnetGroup.Subnets.map(s => s.SubnetIdentifier),
806
+ description: subnetGroup.DBSubnetGroupDescription
807
+ };
808
+
809
+ } catch (error) {
810
+ console.error('[AWSDiscovery.findDBSubnetGroup] Error finding DB subnet group:', error.message);
811
+ return null;
812
+ }
813
+ }
814
+
815
+ async findDatabaseSecret(serviceName, stage) {
816
+ try {
817
+ console.log(`[AWSDiscovery.findDatabaseSecret] Looking for database secret (service: ${serviceName}, stage: ${stage})...`);
818
+
819
+ const command = new ListSecretsCommand({
820
+ Filters: [
821
+ {
822
+ Key: 'tag-key',
823
+ Values: ['ManagedBy']
824
+ }
825
+ ]
826
+ });
827
+ const response = await this.secretsManagerClient.send(command);
828
+
829
+ if (!response.SecretList || response.SecretList.length === 0) {
830
+ console.log('[AWSDiscovery.findDatabaseSecret] No secrets found');
831
+ return null;
832
+ }
833
+
834
+ // Filter for Frigg-managed database secrets
835
+ const friggSecrets = response.SecretList.filter(secret => {
836
+ const tags = secret.Tags || [];
837
+ const isFrigg = this._isFriggManaged(tags);
838
+ const isDatabase = secret.Name?.includes('aurora') || secret.Name?.includes('database');
839
+ return isFrigg && isDatabase;
840
+ });
841
+
842
+ if (friggSecrets.length === 0) {
843
+ console.log('[AWSDiscovery.findDatabaseSecret] No Frigg-managed database secrets found');
844
+ return null;
845
+ }
846
+
847
+ // Priority 1: Secret with matching service and stage tags
848
+ if (serviceName && stage) {
849
+ const matchingSecret = friggSecrets.find(secret => {
850
+ const tags = secret.Tags || [];
851
+ const matchesService = tags.some(tag => tag.Key === 'Service' && tag.Value === serviceName);
852
+ const matchesStage = tags.some(tag => tag.Key === 'Stage' && tag.Value === stage);
853
+ return matchesService && matchesStage;
854
+ });
855
+
856
+ if (matchingSecret) {
857
+ console.log(`[AWSDiscovery.findDatabaseSecret] Found matching secret: ${matchingSecret.Name}`);
858
+ return {
859
+ arn: matchingSecret.ARN,
860
+ name: matchingSecret.Name
861
+ };
862
+ }
863
+ }
864
+
865
+ // Priority 2: First Frigg-managed database secret
866
+ const secret = friggSecrets[0];
867
+ console.log(`[AWSDiscovery.findDatabaseSecret] Found Frigg-managed secret: ${secret.Name}`);
868
+ return {
869
+ arn: secret.ARN,
870
+ name: secret.Name
871
+ };
872
+
873
+ } catch (error) {
874
+ console.error('[AWSDiscovery.findDatabaseSecret] Error finding database secret:', error.message);
875
+ return null;
876
+ }
877
+ }
878
+
879
+ async discoverAuroraResources(options = {}) {
880
+ try {
881
+ console.log('\n🔍 Discovering Aurora PostgreSQL resources...');
882
+ console.log('═'.repeat(60));
883
+
884
+ const {
885
+ vpcId,
886
+ serviceName,
887
+ stage,
888
+ management = 'discover',
889
+ clusterIdentifier = null
890
+ } = options;
891
+
892
+ const result = {
893
+ clusterIdentifier: null,
894
+ endpoint: null,
895
+ port: null,
896
+ engine: null,
897
+ engineVersion: null,
898
+ status: null,
899
+ dbSubnetGroupName: null,
900
+ secretArn: null,
901
+ secretName: null,
902
+ needsCreation: false
903
+ };
904
+
905
+ // For 'use-existing' mode, cluster identifier is required
906
+ if (management === 'use-existing' && !clusterIdentifier) {
907
+ throw new Error('clusterIdentifier is required when management mode is "use-existing"');
908
+ }
909
+
910
+ // For 'create-new' mode, skip discovery
911
+ if (management === 'create-new') {
912
+ console.log('💡 Management mode is "create-new" - will provision new Aurora cluster');
913
+ result.needsCreation = true;
914
+ return result;
915
+ }
916
+
917
+ // Discover Aurora cluster
918
+ const cluster = await this.findAuroraCluster(clusterIdentifier, serviceName, stage);
919
+
920
+ if (!cluster) {
921
+ if (management === 'discover') {
922
+ console.log('⚠️ No Aurora cluster found - will provision new cluster');
923
+ result.needsCreation = true;
924
+ return result;
925
+ }
926
+ throw new Error(`No Aurora cluster found with identifier: ${clusterIdentifier}`);
927
+ }
928
+
929
+ result.clusterIdentifier = cluster.identifier;
930
+ result.endpoint = cluster.endpoint;
931
+ result.port = cluster.port;
932
+ result.engine = cluster.engine;
933
+ result.engineVersion = cluster.engineVersion;
934
+ result.status = cluster.status;
935
+ result.masterUsername = cluster.masterUsername;
936
+ result.isFriggManaged = cluster.isFriggManaged;
937
+
938
+ console.log(`\n✅ Found Aurora Cluster: ${cluster.identifier}`);
939
+ console.log(` Endpoint: ${cluster.endpoint}:${cluster.port}`);
940
+ console.log(` Engine: ${cluster.engine} ${cluster.engineVersion}`);
941
+ console.log(` Status: ${cluster.status}`);
942
+
943
+ // Discover DB subnet group
944
+ const subnetGroup = await this.findDBSubnetGroup(vpcId);
945
+ if (subnetGroup) {
946
+ result.dbSubnetGroupName = subnetGroup.name;
947
+ console.log(`\n✅ Found DB Subnet Group: ${subnetGroup.name}`);
948
+ console.log(` Subnets: ${subnetGroup.subnets.join(', ')}`);
949
+ }
950
+
951
+ // Discover database secret
952
+ const secret = await this.findDatabaseSecret(serviceName, stage);
953
+ if (secret) {
954
+ result.secretArn = secret.arn;
955
+ result.secretName = secret.name;
956
+ console.log(`\n✅ Found Database Secret: ${secret.name}`);
957
+ }
958
+
959
+ console.log(`\n${'═'.repeat(60)}`);
960
+ console.log('📋 Aurora Discovery Summary:');
961
+ console.log(` Cluster: ${result.clusterIdentifier || 'Not found'}`);
962
+ console.log(` Subnet Group: ${result.dbSubnetGroupName || 'Not found'}`);
963
+ console.log(` Secret: ${result.secretName || 'Not found'}`);
964
+ console.log(`${'═'.repeat(60)}\n`);
965
+
966
+ return result;
967
+
968
+ } catch (error) {
969
+ console.error('❌ Aurora resource discovery failed:', error.message);
970
+ throw error;
971
+ }
972
+ }
973
+
974
+ _formatAuroraCluster(cluster) {
975
+ return {
976
+ identifier: cluster.DBClusterIdentifier,
977
+ endpoint: cluster.Endpoint,
978
+ readerEndpoint: cluster.ReaderEndpoint,
979
+ port: cluster.Port,
980
+ engine: cluster.Engine,
981
+ engineVersion: cluster.EngineVersion,
982
+ status: cluster.Status,
983
+ masterUsername: cluster.MasterUsername,
984
+ databaseName: cluster.DatabaseName,
985
+ vpcSecurityGroups: (cluster.VpcSecurityGroups || []).map(sg => sg.VpcSecurityGroupId),
986
+ dbSubnetGroup: cluster.DBSubnetGroup,
987
+ arn: cluster.DBClusterArn,
988
+ isFriggManaged: this._isFriggManaged(cluster.TagList || [])
989
+ };
990
+ }
991
+
513
992
  async detectMisconfiguredResources(vpcId) {
514
993
  try {
515
994
  const misconfigurations = {
@@ -649,10 +1128,14 @@ class AWSDiscovery {
649
1128
  );
650
1129
  console.log('═'.repeat(60));
651
1130
 
1131
+ // Validate credentials before attempting any AWS operations
1132
+ await this.validateCredentials();
1133
+ console.log(''); // Add spacing after validation
1134
+
652
1135
  const vpc = await this.findDefaultVpc();
653
1136
  console.log(`\n✅ Found VPC: ${vpc.VpcId}`);
654
1137
 
655
- const autoConvert = options.selfHeal || false;
1138
+ const autoConvert = options.vpc?.selfHeal || false;
656
1139
 
657
1140
  const privateSubnets = await this.findPrivateSubnets(
658
1141
  vpc.VpcId,
@@ -690,6 +1173,26 @@ class AWSDiscovery {
690
1173
  console.log('ℹ️ No KMS key found');
691
1174
  }
692
1175
 
1176
+ // Check if KMS alias already exists
1177
+ let kmsAliasExists = false;
1178
+ if (options.serviceName && options.stage) {
1179
+ const aliasName = `alias/${options.serviceName}-${options.stage}-frigg-kms`;
1180
+ const existingAlias = await this.findKmsAlias(aliasName);
1181
+ kmsAliasExists = existingAlias !== null;
1182
+ }
1183
+
1184
+ // Discover Aurora PostgreSQL resources if enabled
1185
+ let auroraResources = {};
1186
+ if (options.database?.postgres?.enable) {
1187
+ auroraResources = await this.discoverAuroraResources({
1188
+ vpcId: vpc.VpcId,
1189
+ serviceName: options.serviceName,
1190
+ stage: options.stage,
1191
+ management: options.database.postgres.management,
1192
+ clusterIdentifier: options.database.postgres.clusterIdentifier,
1193
+ });
1194
+ }
1195
+
693
1196
  const existingNatGateway = await this.findExistingNatGateway(
694
1197
  vpc.VpcId
695
1198
  );
@@ -789,6 +1292,7 @@ class AWSDiscovery {
789
1292
  publicSubnetId: publicSubnet?.SubnetId || null,
790
1293
  privateRouteTableId: routeTable.RouteTableId,
791
1294
  defaultKmsKeyId: kmsKeyArn,
1295
+ kmsAliasExists: kmsAliasExists,
792
1296
  existingNatGatewayId: natGatewayId,
793
1297
  existingElasticIpAllocationId: elasticIpAllocationId,
794
1298
  natGatewayInPrivateSubnet: natGatewayInPrivateSubnet,
@@ -809,6 +1313,7 @@ class AWSDiscovery {
809
1313
  }
810
1314
  return wrongRoutes;
811
1315
  })(),
1316
+ aurora: auroraResources,
812
1317
  };
813
1318
  } catch (error) {
814
1319
  console.error('Error discovering AWS resources:', error);