@friggframework/devtools 2.0.0--canary.487.63ed8db.0 → 2.0.0--canary.490.eec7dcd.0

package/infrastructure/domains/shared/cloudformation-discovery.js

@@ -216,6 +216,27 @@ class CloudFormationDiscovery {
                 discovered.natGatewayId = PhysicalResourceId;
             }
 
+            // Route Table (Lambda route table for external VPC pattern)
+            if (LogicalResourceId === 'FriggLambdaRouteTable' && ResourceType === 'AWS::EC2::RouteTable') {
+                discovered.routeTableId = PhysicalResourceId;
+                discovered.privateRouteTableId = PhysicalResourceId;
+                console.log(`  ✓ Found route table in stack: ${PhysicalResourceId}`);
+            }
+
+            // NAT Route (proves NAT configuration exists)
+            if (LogicalResourceId === 'FriggNATRoute' && ResourceType === 'AWS::EC2::Route') {
+                discovered.natRoute = PhysicalResourceId;
+                console.log(`  ✓ Found NAT route in stack`);
+            }
+
+            // Route Table Associations (links subnets to route table)
+            if (LogicalResourceId.includes('RouteAssociation') && ResourceType === 'AWS::EC2::SubnetRouteTableAssociation') {
+                if (!discovered.routeTableAssociations) {
+                    discovered.routeTableAssociations = [];
+                }
+                discovered.routeTableAssociations.push(PhysicalResourceId);
+            }
+
             // VPC - direct extraction (primary method)
             if (LogicalResourceId === 'FriggVPC' && ResourceType === 'AWS::EC2::VPC') {
                 discovered.defaultVpcId = PhysicalResourceId;
@@ -278,21 +299,46 @@ class CloudFormationDiscovery {
                 discovered.vpcEndpointSecurityGroupId = PhysicalResourceId;
             }
 
-            // VPC Endpoints
-            if (LogicalResourceId === 'FriggS3VPCEndpoint' && ResourceType === 'AWS::EC2::VPCEndpoint') {
+            // VPC Endpoints - support both old and new naming conventions
+            // Initialize vpcEndpoints object for structured access
+            if (!discovered.vpcEndpoints) {
+                discovered.vpcEndpoints = {};
+            }
+
+            // S3 Endpoint (both naming patterns)
+            if ((LogicalResourceId === 'FriggS3VPCEndpoint' || LogicalResourceId === 'VPCEndpointS3') && 
+                ResourceType === 'AWS::EC2::VPCEndpoint') {
                 discovered.s3VpcEndpointId = PhysicalResourceId;
+                discovered.vpcEndpoints.s3 = PhysicalResourceId;
+                console.log(`  ✓ Found S3 VPC endpoint in stack: ${PhysicalResourceId}`);
             }
-            if (LogicalResourceId === 'FriggDynamoDBVPCEndpoint' && ResourceType === 'AWS::EC2::VPCEndpoint') {
+            
+            // DynamoDB Endpoint (both naming patterns)
+            if ((LogicalResourceId === 'FriggDynamoDBVPCEndpoint' || LogicalResourceId === 'VPCEndpointDynamoDB') && 
+                ResourceType === 'AWS::EC2::VPCEndpoint') {
                 discovered.dynamoDbVpcEndpointId = PhysicalResourceId;
+                discovered.vpcEndpoints.dynamodb = PhysicalResourceId;
+                console.log(`  ✓ Found DynamoDB VPC endpoint in stack: ${PhysicalResourceId}`);
             }
-            if (LogicalResourceId === 'FriggKMSVPCEndpoint' && ResourceType === 'AWS::EC2::VPCEndpoint') {
+            
+            // KMS Endpoint (both naming patterns)
+            if ((LogicalResourceId === 'FriggKMSVPCEndpoint' || LogicalResourceId === 'VPCEndpointKMS') && 
+                ResourceType === 'AWS::EC2::VPCEndpoint') {
                 discovered.kmsVpcEndpointId = PhysicalResourceId;
+                discovered.vpcEndpoints.kms = PhysicalResourceId;
+                console.log(`  ✓ Found KMS VPC endpoint in stack: ${PhysicalResourceId}`);
             }
+            
+            // Secrets Manager Endpoint
             if (LogicalResourceId === 'FriggSecretsManagerVPCEndpoint' && ResourceType === 'AWS::EC2::VPCEndpoint') {
                 discovered.secretsManagerVpcEndpointId = PhysicalResourceId;
+                discovered.vpcEndpoints.secretsManager = PhysicalResourceId;
             }
+            
+            // SQS Endpoint
             if (LogicalResourceId === 'FriggSQSVPCEndpoint' && ResourceType === 'AWS::EC2::VPCEndpoint') {
                 discovered.sqsVpcEndpointId = PhysicalResourceId;
+                discovered.vpcEndpoints.sqs = PhysicalResourceId;
             }
         }
 

package/infrastructure/domains/shared/cloudformation-discovery.test.js

@@ -586,5 +586,113 @@ describe('CloudFormationDiscovery', () => {
             expect(mockProvider.describeKmsKey).toHaveBeenCalledWith('alias/test-service-dev-frigg-kms');
         });
     });
+
+    describe('External VPC with routing infrastructure pattern', () => {
+        it('should discover routing resources when VPC is external', async () => {
+            // This tests the Frontify pattern: external VPC/subnets/KMS,
+            // but stack creates routing infrastructure (route table, NAT route, VPC endpoints)
+            const mockStack = {
+                StackName: 'create-frigg-app-production',
+                Outputs: [],
+            };
+
+            const mockResources = [
+                {
+                    LogicalResourceId: 'FriggLambdaRouteTable',
+                    PhysicalResourceId: 'rtb-0b83aca77ccde20a6',
+                    ResourceType: 'AWS::EC2::RouteTable',
+                    ResourceStatus: 'UPDATE_COMPLETE',
+                },
+                {
+                    LogicalResourceId: 'FriggNATRoute',
+                    PhysicalResourceId: 'rtb-0b83aca77ccde20a6|0.0.0.0/0',
+                    ResourceType: 'AWS::EC2::Route',
+                    ResourceStatus: 'UPDATE_COMPLETE',
+                },
+                {
+                    LogicalResourceId: 'FriggSubnet1RouteAssociation',
+                    PhysicalResourceId: 'rtbassoc-07245da0b447ca469',
+                    ResourceType: 'AWS::EC2::SubnetRouteTableAssociation',
+                    ResourceStatus: 'CREATE_COMPLETE',
+                },
+                {
+                    LogicalResourceId: 'FriggSubnet2RouteAssociation',
+                    PhysicalResourceId: 'rtbassoc-0806f9783c4ea181f',
+                    ResourceType: 'AWS::EC2::SubnetRouteTableAssociation',
+                    ResourceStatus: 'CREATE_COMPLETE',
+                },
+                {
+                    LogicalResourceId: 'VPCEndpointS3',
+                    PhysicalResourceId: 'vpce-0352ceac2124c14be',
+                    ResourceType: 'AWS::EC2::VPCEndpoint',
+                    ResourceStatus: 'CREATE_COMPLETE',
+                },
+                {
+                    LogicalResourceId: 'VPCEndpointDynamoDB',
+                    PhysicalResourceId: 'vpce-0b06c4f631199ea68',
+                    ResourceType: 'AWS::EC2::VPCEndpoint',
+                    ResourceStatus: 'CREATE_COMPLETE',
+                },
+            ];
+
+            mockProvider.describeStack.mockResolvedValue(mockStack);
+            mockProvider.listStackResources.mockResolvedValue(mockResources);
+
+            const result = await cfDiscovery.discoverFromStack('create-frigg-app-production');
+
+            // Verify routing infrastructure was discovered
+            expect(result.routeTableId).toBe('rtb-0b83aca77ccde20a6');
+            expect(result.privateRouteTableId).toBe('rtb-0b83aca77ccde20a6');
+            expect(result.natRoute).toBe('rtb-0b83aca77ccde20a6|0.0.0.0/0');
+            expect(result.routeTableAssociations).toEqual([
+                'rtbassoc-07245da0b447ca469',
+                'rtbassoc-0806f9783c4ea181f',
+            ]);
+
+            // Verify VPC endpoints were discovered (both naming conventions)
+            expect(result.vpcEndpoints).toBeDefined();
+            expect(result.vpcEndpoints.s3).toBe('vpce-0352ceac2124c14be');
+            expect(result.vpcEndpoints.dynamodb).toBe('vpce-0b06c4f631199ea68');
+            expect(result.s3VpcEndpointId).toBe('vpce-0352ceac2124c14be');
+            expect(result.dynamoDbVpcEndpointId).toBe('vpce-0b06c4f631199ea68');
+
+            // Verify NO VPC/KMS resources (they're external)
+            expect(result.defaultVpcId).toBeUndefined();
+            expect(result.defaultKmsKeyId).toBeUndefined();
+        });
+
+        it('should work with legacy VPC endpoint naming (FriggS3VPCEndpoint)', async () => {
+            const mockStack = {
+                StackName: 'test-stack',
+                Outputs: [],
+            };
+
+            const mockResources = [
+                {
+                    LogicalResourceId: 'FriggS3VPCEndpoint',
+                    PhysicalResourceId: 'vpce-legacy-s3',
+                    ResourceType: 'AWS::EC2::VPCEndpoint',
+                    ResourceStatus: 'CREATE_COMPLETE',
+                },
+                {
+                    LogicalResourceId: 'FriggDynamoDBVPCEndpoint',
+                    PhysicalResourceId: 'vpce-legacy-ddb',
+                    ResourceType: 'AWS::EC2::VPCEndpoint',
+                    ResourceStatus: 'CREATE_COMPLETE',
+                },
+            ];
+
+            mockProvider.describeStack.mockResolvedValue(mockStack);
+            mockProvider.listStackResources.mockResolvedValue(mockResources);
+
+            const result = await cfDiscovery.discoverFromStack('test-stack');
+
+            // Both naming conventions should work
+            expect(result.vpcEndpoints.s3).toBe('vpce-legacy-s3');
+            expect(result.vpcEndpoints.dynamodb).toBe('vpce-legacy-ddb');
+            expect(result.s3VpcEndpointId).toBe('vpce-legacy-s3');
+            expect(result.dynamoDbVpcEndpointId).toBe('vpce-legacy-ddb');
+        });
+    });
 });
 

package/infrastructure/domains/shared/resource-discovery.js

@@ -95,11 +95,23 @@ async function gatherDiscoveredResources(appDefinition) {
         const cfDiscovery = new CloudFormationDiscovery(provider, { serviceName, stage });
         const stackResources = await cfDiscovery.discoverFromStack(stackName);
 
-        // Validate CF discovery results - only use if contains useful data
-        const hasVpcData = stackResources?.defaultVpcId;
-        const hasKmsData = stackResources?.defaultKmsKeyId;
-        const hasAuroraData = stackResources?.auroraClusterId;
-        const hasSomeUsefulData = hasVpcData || hasKmsData || hasAuroraData;
+        // Validate CF discovery results - check for ANY useful infrastructure
+        const hasVpcData = stackResources?.defaultVpcId;  // VPC resource in stack
+        const hasKmsData = stackResources?.defaultKmsKeyId;  // KMS resource in stack
+        const hasAuroraData = stackResources?.auroraClusterId;  // Aurora in stack
+        
+        // Check for routing infrastructure (proves VPC config exists even with external VPC)
+        const hasRoutingInfra = stackResources?.routeTableId ||  // FriggLambdaRouteTable
+                               stackResources?.natRoute ||        // FriggNATRoute
+                               stackResources?.vpcEndpoints?.s3 || // VPC endpoints
+                               stackResources?.vpcEndpoints?.dynamodb;
+        
+        // Stack is useful if it has EITHER actual resources OR routing infrastructure
+        const hasSomeUsefulData = hasVpcData || hasKmsData || hasAuroraData || hasRoutingInfra;
+        
+        if (hasRoutingInfra && !hasVpcData) {
+            console.log('  ✓ Found VPC routing infrastructure in stack (external VPC pattern)');
+        }
 
         // Check if we're in isolated mode (each stage gets its own VPC/Aurora)
         const isIsolatedMode = appDefinition.managementMode === 'managed' &&

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@friggframework/devtools",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0--canary.487.63ed8db.0",
+  "version": "2.0.0--canary.490.eec7dcd.0",
   "bin": {
     "frigg": "./frigg-cli/index.js"
   },
@@ -16,9 +16,9 @@
     "@babel/eslint-parser": "^7.18.9",
     "@babel/parser": "^7.25.3",
     "@babel/traverse": "^7.25.3",
-    "@friggframework/core": "2.0.0--canary.487.63ed8db.0",
-    "@friggframework/schemas": "2.0.0--canary.487.63ed8db.0",
-    "@friggframework/test": "2.0.0--canary.487.63ed8db.0",
+    "@friggframework/core": "2.0.0--canary.490.eec7dcd.0",
+    "@friggframework/schemas": "2.0.0--canary.490.eec7dcd.0",
+    "@friggframework/test": "2.0.0--canary.490.eec7dcd.0",
     "@hapi/boom": "^10.0.1",
     "@inquirer/prompts": "^5.3.8",
     "axios": "^1.7.2",
@@ -46,8 +46,8 @@
     "validate-npm-package-name": "^5.0.0"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0--canary.487.63ed8db.0",
-    "@friggframework/prettier-config": "2.0.0--canary.487.63ed8db.0",
+    "@friggframework/eslint-config": "2.0.0--canary.490.eec7dcd.0",
+    "@friggframework/prettier-config": "2.0.0--canary.490.eec7dcd.0",
     "aws-sdk-client-mock": "^4.1.0",
     "aws-sdk-client-mock-jest": "^4.1.0",
     "jest": "^30.1.3",
@@ -79,5 +79,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "63ed8db39a59f2be928d8255be6b4afde423123f"
+  "gitHead": "eec7dcdaf12585353103eb99ebc141dfa60a6743"
 }