@friggframework/devtools 2.0.0--canary.464.f9d3fc0.0 → 2.0.0--canary.454.25d396a.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/frigg-cli/__tests__/unit/commands/db-setup.test.js +1 -1
  2. package/frigg-cli/db-setup-command/index.js +1 -1
  3. package/infrastructure/POSTGRES-CONFIGURATION.md +630 -0
  4. package/infrastructure/README.md +51 -0
  5. package/infrastructure/__tests__/postgres-config.test.js +914 -0
  6. package/infrastructure/aws-discovery.js +504 -2
  7. package/infrastructure/aws-discovery.test.js +447 -1
  8. package/infrastructure/scripts/build-prisma-layer.js +394 -0
  9. package/infrastructure/serverless-template.js +437 -48
  10. package/infrastructure/serverless-template.test.js +91 -0
  11. package/package.json +8 -6
  12. package/frigg-cli/__tests__/unit/utils/prisma-runner.test.js +0 -486
  13. package/frigg-cli/utils/prisma-runner.js +0 -280
package/infrastructure/aws-discovery.js CHANGED
@@ -8,6 +8,8 @@ let EC2Client,
8
8
  DescribeInternetGatewaysCommand;
9
9
  let KMSClient, ListKeysCommand, DescribeKeyCommand;
10
10
  let STSClient, GetCallerIdentityCommand;
11
+ let RDSClient, DescribeDBClustersCommand, DescribeDBSubnetGroupsCommand;
12
+ let SecretsManagerClient, ListSecretsCommand, DescribeSecretCommand;
11
13
 
12
14
  function loadEC2() {
13
15
  if (!EC2Client) {
@@ -30,6 +32,7 @@ function loadKMS() {
30
32
  KMSClient,
31
33
  ListKeysCommand,
32
34
  DescribeKeyCommand,
35
+ ListAliasesCommand,
33
36
  } = require('@aws-sdk/client-kms'));
34
37
  }
35
38
  }
@@ -43,15 +46,121 @@ function loadSTS() {
43
46
  }
44
47
  }
45
48
 
49
+ function loadRDS() {
50
+ if (!RDSClient) {
51
+ ({
52
+ RDSClient,
53
+ DescribeDBClustersCommand,
54
+ DescribeDBSubnetGroupsCommand,
55
+ } = require('@aws-sdk/client-rds'));
56
+ }
57
+ }
58
+
59
+ function loadSecretsManager() {
60
+ if (!SecretsManagerClient) {
61
+ ({
62
+ SecretsManagerClient,
63
+ ListSecretsCommand,
64
+ DescribeSecretCommand,
65
+ } = require('@aws-sdk/client-secrets-manager'));
66
+ }
67
+ }
68
+
46
69
  class AWSDiscovery {
47
70
  constructor(region = 'us-east-1') {
71
+ console.log('[AWSDiscovery] Initializing AWSDiscovery...');
72
+ console.log('[AWSDiscovery] Region:', region);
73
+ console.log('[AWSDiscovery] System time:', new Date().toISOString());
74
+ console.log('[AWSDiscovery] AWS_PROFILE:', process.env.AWS_PROFILE);
75
+ console.log('[AWSDiscovery] AWS_ACCESS_KEY_ID:', process.env.AWS_ACCESS_KEY_ID ? 'SET (hidden)' : 'NOT SET');
76
+ console.log('[AWSDiscovery] AWS_SECRET_ACCESS_KEY:', process.env.AWS_SECRET_ACCESS_KEY ? 'SET (hidden)' : 'NOT SET');
77
+ console.log('[AWSDiscovery] NODE_TLS_REJECT_UNAUTHORIZED:', process.env.NODE_TLS_REJECT_UNAUTHORIZED);
78
+
48
79
  this.region = region;
49
80
  loadEC2();
50
81
  loadKMS();
51
82
  loadSTS();
83
+ loadRDS();
84
+ loadSecretsManager();
52
85
  this.ec2Client = new EC2Client({ region });
53
86
  this.kmsClient = new KMSClient({ region });
54
87
  this.stsClient = new STSClient({ region });
88
+ this.rdsClient = new RDSClient({ region });
89
+ this.secretsManagerClient = new SecretsManagerClient({ region });
90
+
91
+ console.log('[AWSDiscovery] AWS clients initialized successfully');
92
+ }
93
+
94
+ async validateCredentials() {
95
+ console.log('[AWSDiscovery] Validating AWS credentials...');
96
+
97
+ try {
98
+ const command = new GetCallerIdentityCommand({});
99
+ const startTime = Date.now();
100
+ const response = await this.stsClient.send(command);
101
+ const duration = Date.now() - startTime;
102
+
103
+ console.log('[AWSDiscovery] ✅ Credentials are VALID');
104
+ console.log('[AWSDiscovery] Account ID:', response.Account);
105
+ console.log('[AWSDiscovery] User ARN:', response.Arn);
106
+ console.log('[AWSDiscovery] User ID:', response.UserId);
107
+ console.log('[AWSDiscovery] Validation took', duration, 'ms');
108
+
109
+ return {
110
+ valid: true,
111
+ accountId: response.Account,
112
+ arn: response.Arn,
113
+ userId: response.UserId
114
+ };
115
+ } catch (error) {
116
+ console.error('[AWSDiscovery] ❌ CREDENTIAL VALIDATION FAILED');
117
+ console.error('[AWSDiscovery] Error:', error.message);
118
+ console.error('[AWSDiscovery] Error Code:', error.Code || error.code);
119
+
120
+ // Provide specific guidance based on error type
121
+ if (error.Code === 'RequestExpired' || error.message.includes('expired')) {
122
+ console.error('\n[AWSDiscovery] 🔍 DIAGNOSIS: Expired Credentials');
123
+ console.error('[AWSDiscovery] Your AWS credentials have expired.');
124
+ console.error('[AWSDiscovery] This commonly happens with:');
125
+ console.error('[AWSDiscovery] - Temporary STS credentials (AWS_ACCESS_KEY_ID starting with "ASIA")');
126
+ console.error('[AWSDiscovery] - AWS SSO sessions that have timed out');
127
+ console.error('[AWSDiscovery] - Hardcoded credentials in .env files');
128
+ console.error('\n[AWSDiscovery] 💡 SOLUTIONS:');
129
+ if (process.env.AWS_ACCESS_KEY_ID?.startsWith('ASIA')) {
130
+ console.error('[AWSDiscovery] 1. Comment out AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in your .env file');
131
+ console.error('[AWSDiscovery] 2. Use AWS_PROFILE instead: AWS_PROFILE=your-profile npm run deploy');
132
+ } else if (process.env.AWS_PROFILE) {
133
+ console.error('[AWSDiscovery] 1. Refresh your AWS SSO login: aws sso login --profile', process.env.AWS_PROFILE);
134
+ console.error('[AWSDiscovery] 2. Or regenerate credentials if using IAM user');
135
+ } else {
136
+ console.error('[AWSDiscovery] 1. Set up AWS profile: aws configure --profile your-profile');
137
+ console.error('[AWSDiscovery] 2. Or use AWS SSO: aws sso login');
138
+ }
139
+ } else if (error.Code === 'InvalidClientTokenId' || error.Code === 'SignatureDoesNotMatch') {
140
+ console.error('\n[AWSDiscovery] 🔍 DIAGNOSIS: Invalid Credentials');
141
+ console.error('[AWSDiscovery] Your AWS credentials are not recognized or incorrect.');
142
+ console.error('\n[AWSDiscovery] 💡 SOLUTIONS:');
143
+ console.error('[AWSDiscovery] 1. Check AWS credentials file: cat ~/.aws/credentials');
144
+ console.error('[AWSDiscovery] 2. Verify profile exists: aws configure list-profiles');
145
+ console.error('[AWSDiscovery] 3. Test credentials: aws sts get-caller-identity --profile', process.env.AWS_PROFILE || 'default');
146
+ } else if (error.message.includes('Could not load credentials')) {
147
+ console.error('\n[AWSDiscovery] 🔍 DIAGNOSIS: No Credentials Found');
148
+ console.error('[AWSDiscovery] AWS SDK cannot find any credentials.');
149
+ console.error('\n[AWSDiscovery] 💡 SOLUTIONS:');
150
+ console.error('[AWSDiscovery] 1. Set AWS_PROFILE: export AWS_PROFILE=your-profile');
151
+ console.error('[AWSDiscovery] 2. Or configure default profile: aws configure');
152
+ console.error('[AWSDiscovery] 3. Or use AWS SSO: aws sso login');
153
+ } else {
154
+ console.error('\n[AWSDiscovery] 💡 GENERAL TROUBLESHOOTING:');
155
+ console.error('[AWSDiscovery] 1. Test credentials manually: aws sts get-caller-identity');
156
+ console.error('[AWSDiscovery] 2. Check ~/.aws/credentials file exists');
157
+ console.error('[AWSDiscovery] 3. Verify network connectivity to AWS');
158
+ }
159
+
160
+ console.error('\n[AWSDiscovery] ⛔ Cannot proceed with AWS discovery until credentials are valid.\n');
161
+
162
+ throw new Error(`AWS credential validation failed: ${error.message}. See detailed guidance above.`);
163
+ }
55
164
  }
56
165
 
57
166
  async getAccountId() {
@@ -67,6 +176,10 @@ class AWSDiscovery {
67
176
 
68
177
  async findDefaultVpc() {
69
178
  try {
179
+ console.log('[AWSDiscovery.findDefaultVpc] Starting VPC discovery...');
180
+ console.log('[AWSDiscovery.findDefaultVpc] Request timestamp:', new Date().toISOString());
181
+ console.log('[AWSDiscovery.findDefaultVpc] Region:', this.region);
182
+
70
183
  const command = new DescribeVpcsCommand({
71
184
  Filters: [
72
185
  {
@@ -76,23 +189,54 @@ class AWSDiscovery {
76
189
  ],
77
190
  });
78
191
 
192
+ console.log('[AWSDiscovery.findDefaultVpc] Sending DescribeVpcsCommand (default VPC)...');
193
+ console.log('[AWSDiscovery.findDefaultVpc] Request time before send:', new Date().toISOString());
194
+
195
+ const requestStart = Date.now();
79
196
  const response = await this.ec2Client.send(command);
197
+ const requestDuration = Date.now() - requestStart;
198
+
199
+ console.log('[AWSDiscovery.findDefaultVpc] Request completed in', requestDuration, 'ms');
200
+ console.log('[AWSDiscovery.findDefaultVpc] Response time:', new Date().toISOString());
201
+ console.log('[AWSDiscovery.findDefaultVpc] Found', response.Vpcs?.length || 0, 'default VPC(s)');
80
202
 
81
203
  if (response.Vpcs && response.Vpcs.length > 0) {
204
+ console.log('[AWSDiscovery.findDefaultVpc] Using default VPC:', response.Vpcs[0].VpcId);
82
205
  return response.Vpcs[0];
83
206
  }
84
207
 
208
+ console.log('[AWSDiscovery.findDefaultVpc] No default VPC found, fetching all VPCs...');
85
209
  const allVpcsCommand = new DescribeVpcsCommand({});
210
+
211
+ console.log('[AWSDiscovery.findDefaultVpc] Sending DescribeVpcsCommand (all VPCs)...');
212
+ const allVpcsRequestStart = Date.now();
86
213
  const allVpcsResponse = await this.ec2Client.send(allVpcsCommand);
214
+ const allVpcsRequestDuration = Date.now() - allVpcsRequestStart;
215
+
216
+ console.log('[AWSDiscovery.findDefaultVpc] All VPCs request completed in', allVpcsRequestDuration, 'ms');
217
+ console.log('[AWSDiscovery.findDefaultVpc] Found', allVpcsResponse.Vpcs?.length || 0, 'VPC(s)');
87
218
 
88
219
  if (allVpcsResponse.Vpcs && allVpcsResponse.Vpcs.length > 0) {
89
220
  console.log('No default VPC found, using first available VPC');
221
+ console.log('[AWSDiscovery.findDefaultVpc] Using VPC:', allVpcsResponse.Vpcs[0].VpcId);
90
222
  return allVpcsResponse.Vpcs[0];
91
223
  }
92
224
 
93
225
  throw new Error('No VPC found in the account');
94
226
  } catch (error) {
95
- console.error('Error finding default VPC:', error.message);
227
+ console.error('[AWSDiscovery.findDefaultVpc] ERROR occurred at:', new Date().toISOString());
228
+ console.error('[AWSDiscovery.findDefaultVpc] Error type:', error.constructor.name);
229
+ console.error('[AWSDiscovery.findDefaultVpc] Error code:', error.Code || error.code);
230
+ console.error('[AWSDiscovery.findDefaultVpc] Error message:', error.message);
231
+ console.error('[AWSDiscovery.findDefaultVpc] Error $fault:', error.$fault);
232
+ console.error('[AWSDiscovery.findDefaultVpc] Error $metadata:', JSON.stringify(error.$metadata, null, 2));
233
+
234
+ if (error.$response) {
235
+ console.error('[AWSDiscovery.findDefaultVpc] Response status:', error.$response.statusCode);
236
+ console.error('[AWSDiscovery.findDefaultVpc] Response headers:', JSON.stringify(error.$response.headers, null, 2));
237
+ }
238
+
239
+ console.error('[AWSDiscovery.findDefaultVpc] Full error object:', JSON.stringify(error, Object.getOwnPropertyNames(error), 2));
96
240
  throw error;
97
241
  }
98
242
  }
@@ -510,6 +654,338 @@ class AWSDiscovery {
510
654
  }
511
655
  }
512
656
 
657
+ async findKmsAlias(aliasName) {
658
+ try {
659
+ console.log(`[KMS Alias Discovery] Checking for alias: ${aliasName}`);
660
+ const command = new ListAliasesCommand({});
661
+ const response = await this.kmsClient.send(command);
662
+
663
+ if (!response.Aliases || response.Aliases.length === 0) {
664
+ console.log('[KMS Alias Discovery] No aliases found in account');
665
+ return null;
666
+ }
667
+
668
+ const targetAlias = response.Aliases.find(
669
+ alias => alias.AliasName === aliasName
670
+ );
671
+
672
+ if (targetAlias) {
673
+ console.log(`[KMS Alias Discovery] ✅ Found existing alias: ${aliasName}`);
674
+ console.log(`[KMS Alias Discovery] Target Key: ${targetAlias.TargetKeyId}`);
675
+ return targetAlias;
676
+ }
677
+
678
+ console.log(`[KMS Alias Discovery] Alias ${aliasName} does not exist`);
679
+ return null;
680
+ } catch (error) {
681
+ console.warn(
682
+ `[KMS Alias Discovery] Error checking for alias ${aliasName}:`,
683
+ error.message
684
+ );
685
+ return null;
686
+ }
687
+ }
688
+
689
+ async findAuroraCluster(clusterIdentifier = null, serviceName = null, stage = null) {
690
+ try {
691
+ console.log('[AWSDiscovery.findAuroraCluster] Starting Aurora cluster discovery...');
692
+
693
+ const command = new DescribeDBClustersCommand({});
694
+ const response = await this.rdsClient.send(command);
695
+
696
+ if (!response.DBClusters || response.DBClusters.length === 0) {
697
+ console.log('[AWSDiscovery.findAuroraCluster] No Aurora clusters found');
698
+ return null;
699
+ }
700
+
701
+ console.log(`[AWSDiscovery.findAuroraCluster] Found ${response.DBClusters.length} Aurora cluster(s)`);
702
+
703
+ // Filter for Aurora PostgreSQL clusters
704
+ const postgresClusters = response.DBClusters.filter(
705
+ cluster => cluster.Engine === 'aurora-postgresql' && cluster.Status === 'available'
706
+ );
707
+
708
+ if (postgresClusters.length === 0) {
709
+ console.log('[AWSDiscovery.findAuroraCluster] No available Aurora PostgreSQL clusters found');
710
+ return null;
711
+ }
712
+
713
+ // Priority 1: User-specified cluster identifier
714
+ if (clusterIdentifier) {
715
+ const targetCluster = postgresClusters.find(
716
+ cluster => cluster.DBClusterIdentifier === clusterIdentifier
717
+ );
718
+ if (targetCluster) {
719
+ console.log(`[AWSDiscovery.findAuroraCluster] Found specified cluster: ${clusterIdentifier}`);
720
+ return this._formatAuroraCluster(targetCluster);
721
+ }
722
+ console.warn(`[AWSDiscovery.findAuroraCluster] Specified cluster ${clusterIdentifier} not found`);
723
+ return null;
724
+ }
725
+
726
+ // Priority 2: Frigg-managed cluster with matching service and stage tags
727
+ if (serviceName && stage) {
728
+ const friggCluster = postgresClusters.find(cluster => {
729
+ const tags = cluster.TagList || [];
730
+ const isFrigg = this._isFriggManaged(tags);
731
+ const matchesService = tags.some(tag => tag.Key === 'Service' && tag.Value === serviceName);
732
+ const matchesStage = tags.some(tag => tag.Key === 'Stage' && tag.Value === stage);
733
+ return isFrigg && matchesService && matchesStage;
734
+ });
735
+
736
+ if (friggCluster) {
737
+ console.log(`[AWSDiscovery.findAuroraCluster] Found Frigg-managed cluster: ${friggCluster.DBClusterIdentifier}`);
738
+ return this._formatAuroraCluster(friggCluster);
739
+ }
740
+ }
741
+
742
+ // Priority 3: Any Frigg-managed cluster
743
+ const anyFriggCluster = postgresClusters.find(cluster =>
744
+ this._isFriggManaged(cluster.TagList || [])
745
+ );
746
+
747
+ if (anyFriggCluster) {
748
+ console.log(`[AWSDiscovery.findAuroraCluster] Found Frigg-managed cluster: ${anyFriggCluster.DBClusterIdentifier}`);
749
+ return this._formatAuroraCluster(anyFriggCluster);
750
+ }
751
+
752
+ // Priority 4: First available cluster
753
+ console.log(`[AWSDiscovery.findAuroraCluster] Using first available cluster: ${postgresClusters[0].DBClusterIdentifier}`);
754
+ return this._formatAuroraCluster(postgresClusters[0]);
755
+
756
+ } catch (error) {
757
+ console.error('[AWSDiscovery.findAuroraCluster] Error finding Aurora cluster:', error.message);
758
+ return null;
759
+ }
760
+ }
761
+
762
+ async findDBSubnetGroup(vpcId) {
763
+ try {
764
+ console.log(`[AWSDiscovery.findDBSubnetGroup] Looking for DB subnet groups in VPC ${vpcId}...`);
765
+
766
+ const command = new DescribeDBSubnetGroupsCommand({});
767
+ const response = await this.rdsClient.send(command);
768
+
769
+ if (!response.DBSubnetGroups || response.DBSubnetGroups.length === 0) {
770
+ console.log('[AWSDiscovery.findDBSubnetGroup] No DB subnet groups found');
771
+ return null;
772
+ }
773
+
774
+ // Filter by VPC ID
775
+ const vpcSubnetGroups = response.DBSubnetGroups.filter(
776
+ group => group.VpcId === vpcId
777
+ );
778
+
779
+ if (vpcSubnetGroups.length === 0) {
780
+ console.log(`[AWSDiscovery.findDBSubnetGroup] No DB subnet groups found in VPC ${vpcId}`);
781
+ return null;
782
+ }
783
+
784
+ // Priority 1: Frigg-managed subnet group
785
+ const friggSubnetGroup = vpcSubnetGroups.find(group =>
786
+ this._isFriggManaged(group.Tags || [])
787
+ );
788
+
789
+ if (friggSubnetGroup) {
790
+ console.log(`[AWSDiscovery.findDBSubnetGroup] Found Frigg-managed subnet group: ${friggSubnetGroup.DBSubnetGroupName}`);
791
+ return {
792
+ name: friggSubnetGroup.DBSubnetGroupName,
793
+ vpcId: friggSubnetGroup.VpcId,
794
+ subnets: friggSubnetGroup.Subnets.map(s => s.SubnetIdentifier),
795
+ description: friggSubnetGroup.DBSubnetGroupDescription
796
+ };
797
+ }
798
+
799
+ // Priority 2: First available subnet group
800
+ const subnetGroup = vpcSubnetGroups[0];
801
+ console.log(`[AWSDiscovery.findDBSubnetGroup] Found subnet group: ${subnetGroup.DBSubnetGroupName}`);
802
+ return {
803
+ name: subnetGroup.DBSubnetGroupName,
804
+ vpcId: subnetGroup.VpcId,
805
+ subnets: subnetGroup.Subnets.map(s => s.SubnetIdentifier),
806
+ description: subnetGroup.DBSubnetGroupDescription
807
+ };
808
+
809
+ } catch (error) {
810
+ console.error('[AWSDiscovery.findDBSubnetGroup] Error finding DB subnet group:', error.message);
811
+ return null;
812
+ }
813
+ }
814
+
815
+ async findDatabaseSecret(serviceName, stage) {
816
+ try {
817
+ console.log(`[AWSDiscovery.findDatabaseSecret] Looking for database secret (service: ${serviceName}, stage: ${stage})...`);
818
+
819
+ const command = new ListSecretsCommand({
820
+ Filters: [
821
+ {
822
+ Key: 'tag-key',
823
+ Values: ['ManagedBy']
824
+ }
825
+ ]
826
+ });
827
+ const response = await this.secretsManagerClient.send(command);
828
+
829
+ if (!response.SecretList || response.SecretList.length === 0) {
830
+ console.log('[AWSDiscovery.findDatabaseSecret] No secrets found');
831
+ return null;
832
+ }
833
+
834
+ // Filter for Frigg-managed database secrets
835
+ const friggSecrets = response.SecretList.filter(secret => {
836
+ const tags = secret.Tags || [];
837
+ const isFrigg = this._isFriggManaged(tags);
838
+ const isDatabase = secret.Name?.includes('aurora') || secret.Name?.includes('database');
839
+ return isFrigg && isDatabase;
840
+ });
841
+
842
+ if (friggSecrets.length === 0) {
843
+ console.log('[AWSDiscovery.findDatabaseSecret] No Frigg-managed database secrets found');
844
+ return null;
845
+ }
846
+
847
+ // Priority 1: Secret with matching service and stage tags
848
+ if (serviceName && stage) {
849
+ const matchingSecret = friggSecrets.find(secret => {
850
+ const tags = secret.Tags || [];
851
+ const matchesService = tags.some(tag => tag.Key === 'Service' && tag.Value === serviceName);
852
+ const matchesStage = tags.some(tag => tag.Key === 'Stage' && tag.Value === stage);
853
+ return matchesService && matchesStage;
854
+ });
855
+
856
+ if (matchingSecret) {
857
+ console.log(`[AWSDiscovery.findDatabaseSecret] Found matching secret: ${matchingSecret.Name}`);
858
+ return {
859
+ arn: matchingSecret.ARN,
860
+ name: matchingSecret.Name
861
+ };
862
+ }
863
+ }
864
+
865
+ // Priority 2: First Frigg-managed database secret
866
+ const secret = friggSecrets[0];
867
+ console.log(`[AWSDiscovery.findDatabaseSecret] Found Frigg-managed secret: ${secret.Name}`);
868
+ return {
869
+ arn: secret.ARN,
870
+ name: secret.Name
871
+ };
872
+
873
+ } catch (error) {
874
+ console.error('[AWSDiscovery.findDatabaseSecret] Error finding database secret:', error.message);
875
+ return null;
876
+ }
877
+ }
878
+
879
+ async discoverAuroraResources(options = {}) {
880
+ try {
881
+ console.log('\n🔍 Discovering Aurora PostgreSQL resources...');
882
+ console.log('═'.repeat(60));
883
+
884
+ const {
885
+ vpcId,
886
+ serviceName,
887
+ stage,
888
+ management = 'discover',
889
+ clusterIdentifier = null
890
+ } = options;
891
+
892
+ const result = {
893
+ clusterIdentifier: null,
894
+ endpoint: null,
895
+ port: null,
896
+ engine: null,
897
+ engineVersion: null,
898
+ status: null,
899
+ dbSubnetGroupName: null,
900
+ secretArn: null,
901
+ secretName: null,
902
+ needsCreation: false
903
+ };
904
+
905
+ // For 'use-existing' mode, cluster identifier is required
906
+ if (management === 'use-existing' && !clusterIdentifier) {
907
+ throw new Error('clusterIdentifier is required when management mode is "use-existing"');
908
+ }
909
+
910
+ // For 'create-new' mode, skip discovery
911
+ if (management === 'create-new') {
912
+ console.log('💡 Management mode is "create-new" - will provision new Aurora cluster');
913
+ result.needsCreation = true;
914
+ return result;
915
+ }
916
+
917
+ // Discover Aurora cluster
918
+ const cluster = await this.findAuroraCluster(clusterIdentifier, serviceName, stage);
919
+
920
+ if (!cluster) {
921
+ if (management === 'discover') {
922
+ console.log('⚠️ No Aurora cluster found - will provision new cluster');
923
+ result.needsCreation = true;
924
+ return result;
925
+ }
926
+ throw new Error(`No Aurora cluster found with identifier: ${clusterIdentifier}`);
927
+ }
928
+
929
+ result.clusterIdentifier = cluster.identifier;
930
+ result.endpoint = cluster.endpoint;
931
+ result.port = cluster.port;
932
+ result.engine = cluster.engine;
933
+ result.engineVersion = cluster.engineVersion;
934
+ result.status = cluster.status;
935
+
936
+ console.log(`\n✅ Found Aurora Cluster: ${cluster.identifier}`);
937
+ console.log(` Endpoint: ${cluster.endpoint}:${cluster.port}`);
938
+ console.log(` Engine: ${cluster.engine} ${cluster.engineVersion}`);
939
+ console.log(` Status: ${cluster.status}`);
940
+
941
+ // Discover DB subnet group
942
+ const subnetGroup = await this.findDBSubnetGroup(vpcId);
943
+ if (subnetGroup) {
944
+ result.dbSubnetGroupName = subnetGroup.name;
945
+ console.log(`\n✅ Found DB Subnet Group: ${subnetGroup.name}`);
946
+ console.log(` Subnets: ${subnetGroup.subnets.join(', ')}`);
947
+ }
948
+
949
+ // Discover database secret
950
+ const secret = await this.findDatabaseSecret(serviceName, stage);
951
+ if (secret) {
952
+ result.secretArn = secret.arn;
953
+ result.secretName = secret.name;
954
+ console.log(`\n✅ Found Database Secret: ${secret.name}`);
955
+ }
956
+
957
+ console.log(`\n${'═'.repeat(60)}`);
958
+ console.log('📋 Aurora Discovery Summary:');
959
+ console.log(` Cluster: ${result.clusterIdentifier || 'Not found'}`);
960
+ console.log(` Subnet Group: ${result.dbSubnetGroupName || 'Not found'}`);
961
+ console.log(` Secret: ${result.secretName || 'Not found'}`);
962
+ console.log(`${'═'.repeat(60)}\n`);
963
+
964
+ return result;
965
+
966
+ } catch (error) {
967
+ console.error('❌ Aurora resource discovery failed:', error.message);
968
+ throw error;
969
+ }
970
+ }
971
+
972
+ _formatAuroraCluster(cluster) {
973
+ return {
974
+ identifier: cluster.DBClusterIdentifier,
975
+ endpoint: cluster.Endpoint,
976
+ readerEndpoint: cluster.ReaderEndpoint,
977
+ port: cluster.Port,
978
+ engine: cluster.Engine,
979
+ engineVersion: cluster.EngineVersion,
980
+ status: cluster.Status,
981
+ masterUsername: cluster.MasterUsername,
982
+ databaseName: cluster.DatabaseName,
983
+ vpcSecurityGroups: (cluster.VpcSecurityGroups || []).map(sg => sg.VpcSecurityGroupId),
984
+ dbSubnetGroup: cluster.DBSubnetGroup,
985
+ arn: cluster.DBClusterArn
986
+ };
987
+ }
988
+
513
989
  async detectMisconfiguredResources(vpcId) {
514
990
  try {
515
991
  const misconfigurations = {
@@ -649,10 +1125,14 @@ class AWSDiscovery {
649
1125
  );
650
1126
  console.log('═'.repeat(60));
651
1127
 
1128
+ // Validate credentials before attempting any AWS operations
1129
+ await this.validateCredentials();
1130
+ console.log(''); // Add spacing after validation
1131
+
652
1132
  const vpc = await this.findDefaultVpc();
653
1133
  console.log(`\n✅ Found VPC: ${vpc.VpcId}`);
654
1134
 
655
- const autoConvert = options.selfHeal || false;
1135
+ const autoConvert = options.vpc?.selfHeal || false;
656
1136
 
657
1137
  const privateSubnets = await this.findPrivateSubnets(
658
1138
  vpc.VpcId,
@@ -690,6 +1170,26 @@ class AWSDiscovery {
690
1170
  console.log('ℹ️ No KMS key found');
691
1171
  }
692
1172
 
1173
+ // Check if KMS alias already exists
1174
+ let kmsAliasExists = false;
1175
+ if (options.serviceName && options.stage) {
1176
+ const aliasName = `alias/${options.serviceName}-${options.stage}-frigg-kms`;
1177
+ const existingAlias = await this.findKmsAlias(aliasName);
1178
+ kmsAliasExists = existingAlias !== null;
1179
+ }
1180
+
1181
+ // Discover Aurora PostgreSQL resources if enabled
1182
+ let auroraResources = {};
1183
+ if (options.database?.postgres?.enable) {
1184
+ auroraResources = await this.discoverAuroraResources({
1185
+ vpcId: vpc.VpcId,
1186
+ serviceName: options.serviceName,
1187
+ stage: options.stage,
1188
+ management: options.database.postgres.management,
1189
+ clusterIdentifier: options.database.postgres.clusterIdentifier,
1190
+ });
1191
+ }
1192
+
693
1193
  const existingNatGateway = await this.findExistingNatGateway(
694
1194
  vpc.VpcId
695
1195
  );
@@ -789,6 +1289,7 @@ class AWSDiscovery {
789
1289
  publicSubnetId: publicSubnet?.SubnetId || null,
790
1290
  privateRouteTableId: routeTable.RouteTableId,
791
1291
  defaultKmsKeyId: kmsKeyArn,
1292
+ kmsAliasExists: kmsAliasExists,
792
1293
  existingNatGatewayId: natGatewayId,
793
1294
  existingElasticIpAllocationId: elasticIpAllocationId,
794
1295
  natGatewayInPrivateSubnet: natGatewayInPrivateSubnet,
@@ -809,6 +1310,7 @@ class AWSDiscovery {
809
1310
  }
810
1311
  return wrongRoutes;
811
1312
  })(),
1313
+ aurora: auroraResources,
812
1314
  };
813
1315
  } catch (error) {
814
1316
  console.error('Error discovering AWS resources:', error);