npm - @friggframework/devtools - Versions diffs - 2.0.0-next.32 → 2.0.0-next.34 - Mend

@friggframework/devtools 2.0.0-next.32 → 2.0.0-next.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/frigg-cli/deploy-command/index.js +6 -3
package/infrastructure/AWS-IAM-CREDENTIAL-NEEDS.md +442 -411
package/infrastructure/GENERATE-IAM-DOCS.md +91 -66
package/infrastructure/frigg-deployment-iam-stack.yaml +22 -0
package/infrastructure/iam-generator.js +212 -229
package/infrastructure/iam-policy-basic.json +2 -0
package/infrastructure/iam-policy-full.json +2 -0
package/infrastructure/serverless-template.js +412 -243
package/package.json +6 -6

package/infrastructure/iam-generator.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const fs = require('fs-extra');
 const path = require('path');
 /**
@@ -11,11 +10,8 @@ const path = require('path');
  * @returns {string} CloudFormation YAML template
  */
 function generateIAMCloudFormation(appDefinition, options = {}) {
-    const {
-        deploymentUserName = 'frigg-deployment-user',
-        stackName = 'frigg-deployment-iam',
-        mode = 'auto'
-    } = options;
+    const { deploymentUserName = 'frigg-deployment-user', mode = 'auto' } =
+        options;
     // Determine which features are enabled based on mode
     let features;
@@ -24,62 +20,77 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
             vpc: false,
             kms: false,
             ssm: false,
-            websockets: appDefinition.websockets?.enable === true
+            websockets: appDefinition.websockets?.enable === true,
         };
     } else if (mode === 'full') {
         features = {
             vpc: true,
             kms: true,
             ssm: true,
-            websockets: appDefinition.websockets?.enable === true
+            websockets: appDefinition.websockets?.enable === true,
         };
-    } else { // mode === 'auto'
+    } else {
+        // mode === 'auto'
         features = {
             vpc: appDefinition.vpc?.enable === true,
-            kms: appDefinition.encryption?.useDefaultKMSForFieldLevelEncryption === true,
+            kms:
+                appDefinition.encryption
+                    ?.useDefaultKMSForFieldLevelEncryption === true,
             ssm: appDefinition.ssm?.enable === true,
-            websockets: appDefinition.websockets?.enable === true
+            websockets: appDefinition.websockets?.enable === true,
         };
     }
     // Build the CloudFormation template
     const template = {
         AWSTemplateFormatVersion: '2010-09-09',
-        Description: `IAM roles and policies for ${appDefinition.name || 'Frigg'} application deployment pipeline`,
+        Description: `IAM roles and policies for ${
+            appDefinition.name || 'Frigg'
+        } application deployment pipeline`,
         Parameters: {
             DeploymentUserName: {
                 Type: 'String',
                 Default: deploymentUserName,
-                Description: 'Name for the IAM user that will deploy Frigg applications'
+                Description:
+                    'Name for the IAM user that will deploy Frigg applications',
             },
             EnableVPCSupport: {
                 Type: 'String',
                 Default: features.vpc ? 'true' : 'false',
                 AllowedValues: ['true', 'false'],
-                Description: 'Enable VPC-related permissions for Frigg applications'
+                Description:
+                    'Enable VPC-related permissions for Frigg applications',
             },
             EnableKMSSupport: {
                 Type: 'String',
                 Default: features.kms ? 'true' : 'false',
                 AllowedValues: ['true', 'false'],
-                Description: 'Enable KMS encryption permissions for Frigg applications'
+                Description:
+                    'Enable KMS encryption permissions for Frigg applications',
             },
             EnableSSMSupport: {
                 Type: 'String',
                 Default: features.ssm ? 'true' : 'false',
                 AllowedValues: ['true', 'false'],
-                Description: 'Enable SSM Parameter Store permissions for Frigg applications'
-            }
+                Description:
+                    'Enable SSM Parameter Store permissions for Frigg applications',
+            },
         },
         Conditions: {
-            CreateVPCPermissions: { 'Fn::Equals': [{ Ref: 'EnableVPCSupport' }, 'true'] },
-            CreateKMSPermissions: { 'Fn::Equals': [{ Ref: 'EnableKMSSupport' }, 'true'] },
-            CreateSSMPermissions: { 'Fn::Equals': [{ Ref: 'EnableSSMSupport' }, 'true'] }
+            CreateVPCPermissions: {
+                'Fn::Equals': [{ Ref: 'EnableVPCSupport' }, 'true'],
+            },
+            CreateKMSPermissions: {
+                'Fn::Equals': [{ Ref: 'EnableKMSSupport' }, 'true'],
+            },
+            CreateSSMPermissions: {
+                'Fn::Equals': [{ Ref: 'EnableSSMSupport' }, 'true'],
+            },
         },
-        Resources: {}
+        Resources: {},
     };
     // Add IAM User
@@ -89,34 +100,52 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
             UserName: { Ref: 'DeploymentUserName' },
             ManagedPolicyArns: [
                 { Ref: 'FriggDiscoveryPolicy' },
-                { Ref: 'FriggCoreDeploymentPolicy' }
-            ]
-        }
+                { Ref: 'FriggCoreDeploymentPolicy' },
+            ],
+        },
     };
     // Conditionally add feature-specific policies
     if (features.vpc) {
-        template.Resources.FriggDeploymentUser.Properties.ManagedPolicyArns.push({
-            'Fn::If': ['CreateVPCPermissions', { Ref: 'FriggVPCPolicy' }, { Ref: 'AWS::NoValue' }]
-        });
+        template.Resources.FriggDeploymentUser.Properties.ManagedPolicyArns.push(
+            {
+                'Fn::If': [
+                    'CreateVPCPermissions',
+                    { Ref: 'FriggVPCPolicy' },
+                    { Ref: 'AWS::NoValue' },
+                ],
+            }
+        );
     }
     if (features.kms) {
-        template.Resources.FriggDeploymentUser.Properties.ManagedPolicyArns.push({
-            'Fn::If': ['CreateKMSPermissions', { Ref: 'FriggKMSPolicy' }, { Ref: 'AWS::NoValue' }]
-        });
+        template.Resources.FriggDeploymentUser.Properties.ManagedPolicyArns.push(
+            {
+                'Fn::If': [
+                    'CreateKMSPermissions',
+                    { Ref: 'FriggKMSPolicy' },
+                    { Ref: 'AWS::NoValue' },
+                ],
+            }
+        );
     }
     if (features.ssm) {
-        template.Resources.FriggDeploymentUser.Properties.ManagedPolicyArns.push({
-            'Fn::If': ['CreateSSMPermissions', { Ref: 'FriggSSMPolicy' }, { Ref: 'AWS::NoValue' }]
-        });
+        template.Resources.FriggDeploymentUser.Properties.ManagedPolicyArns.push(
+            {
+                'Fn::If': [
+                    'CreateSSMPermissions',
+                    { Ref: 'FriggSSMPolicy' },
+                    { Ref: 'AWS::NoValue' },
+                ],
+            }
+        );
     }
     // Add Access Key
     template.Resources.FriggDeploymentAccessKey = {
         Type: 'AWS::IAM::AccessKey',
         Properties: {
-            UserName: { Ref: 'FriggDeploymentUser' }
-        }
+            UserName: { Ref: 'FriggDeploymentUser' },
+        },
     };
     // Add Discovery Policy (always needed)
@@ -124,7 +153,8 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
         Type: 'AWS::IAM::ManagedPolicy',
         Properties: {
             ManagedPolicyName: 'FriggDiscoveryPolicy',
-            Description: 'Permissions for AWS resource discovery during Frigg build process',
+            Description:
+                'Permissions for AWS resource discovery during Frigg build process',
             PolicyDocument: {
                 Version: '2012-10-17',
                 Statement: [
@@ -140,122 +170,16 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                             'ec2:DescribeNatGateways',
                             'ec2:DescribeAddresses',
                             'kms:ListKeys',
-                            'kms:DescribeKey'
+                            'kms:DescribeKey',
                         ],
-                        Resource: '*'
-                    }
-                ]
-            }
-        }
+                        Resource: '*',
+                    },
+                ],
+            },
+        },
     };
     // Add Core Deployment Policy (always needed)
-    const coreActions = [
-        // CloudFormation permissions
-        'cloudformation:CreateStack',
-        'cloudformation:UpdateStack',
-        'cloudformation:DeleteStack',
-        'cloudformation:DescribeStacks',
-        'cloudformation:DescribeStackEvents',
-        'cloudformation:DescribeStackResources',
-        'cloudformation:DescribeStackResource',
-        'cloudformation:ListStackResources',
-        'cloudformation:GetTemplate',
-        'cloudformation:DescribeChangeSet',
-        'cloudformation:CreateChangeSet',
-        'cloudformation:DeleteChangeSet',
-        'cloudformation:ExecuteChangeSet',
-        'cloudformation:ValidateTemplate',
-        // Lambda permissions
-        'lambda:CreateFunction',
-        'lambda:UpdateFunctionCode',
-        'lambda:UpdateFunctionConfiguration',
-        'lambda:DeleteFunction',
-        'lambda:GetFunction',
-        'lambda:ListFunctions',
-        'lambda:PublishVersion',
-        'lambda:CreateAlias',
-        'lambda:UpdateAlias',
-        'lambda:DeleteAlias',
-        'lambda:GetAlias',
-        'lambda:AddPermission',
-        'lambda:RemovePermission',
-        'lambda:GetPolicy',
-        'lambda:PutProvisionedConcurrencyConfig',
-        'lambda:DeleteProvisionedConcurrencyConfig',
-        'lambda:PutConcurrency',
-        'lambda:DeleteConcurrency',
-        'lambda:TagResource',
-        'lambda:UntagResource',
-        'lambda:ListVersionsByFunction',
-        // IAM permissions
-        'iam:CreateRole',
-        'iam:DeleteRole',
-        'iam:GetRole',
-        'iam:PassRole',
-        'iam:PutRolePolicy',
-        'iam:DeleteRolePolicy',
-        'iam:GetRolePolicy',
-        'iam:AttachRolePolicy',
-        'iam:DetachRolePolicy',
-        'iam:TagRole',
-        'iam:UntagRole',
-        'iam:ListPolicyVersions',
-        // S3 permissions
-        's3:CreateBucket',
-        's3:PutObject',
-        's3:GetObject',
-        's3:DeleteObject',
-        's3:PutBucketPolicy',
-        's3:PutBucketVersioning',
-        's3:PutBucketPublicAccessBlock',
-        's3:GetBucketLocation',
-        's3:ListBucket',
-        // SQS permissions
-        'sqs:CreateQueue',
-        'sqs:DeleteQueue',
-        'sqs:GetQueueAttributes',
-        'sqs:SetQueueAttributes',
-        'sqs:GetQueueUrl',
-        'sqs:TagQueue',
-        'sqs:UntagQueue',
-        // SNS permissions
-        'sns:CreateTopic',
-        'sns:DeleteTopic',
-        'sns:GetTopicAttributes',
-        'sns:SetTopicAttributes',
-        'sns:Subscribe',
-        'sns:Unsubscribe',
-        'sns:ListSubscriptionsByTopic',
-        'sns:TagResource',
-        'sns:UntagResource',
-        // CloudWatch and Logs permissions
-        'cloudwatch:PutMetricAlarm',
-        'cloudwatch:DeleteAlarms',
-        'cloudwatch:DescribeAlarms',
-        'logs:CreateLogGroup',
-        'logs:CreateLogStream',
-        'logs:DeleteLogGroup',
-        'logs:DescribeLogGroups',
-        'logs:DescribeLogStreams',
-        'logs:FilterLogEvents',
-        'logs:PutLogEvents',
-        'logs:PutRetentionPolicy',
-        // API Gateway permissions
-        'apigateway:POST',
-        'apigateway:PUT',
-        'apigateway:DELETE',
-        'apigateway:GET',
-        'apigateway:PATCH'
-    ];
     const coreStatements = [
         {
             Sid: 'CloudFormationFriggStacks',
@@ -273,17 +197,20 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 'cloudformation:DescribeChangeSet',
                 'cloudformation:CreateChangeSet',
                 'cloudformation:DeleteChangeSet',
-                'cloudformation:ExecuteChangeSet'
+                'cloudformation:ExecuteChangeSet',
             ],
             Resource: [
-                { 'Fn::Sub': 'arn:aws:cloudformation:*:${AWS::AccountId}:stack/*frigg*/*' }
-            ]
+                {
+                    'Fn::Sub':
+                        'arn:aws:cloudformation:*:${AWS::AccountId}:stack/*frigg*/*',
+                },
+            ],
         },
         {
             Sid: 'CloudFormationValidateTemplate',
             Effect: 'Allow',
             Action: ['cloudformation:ValidateTemplate'],
-            Resource: '*'
+            Resource: '*',
         },
         {
             Sid: 'S3DeploymentBucket',
@@ -297,12 +224,12 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 's3:PutBucketVersioning',
                 's3:PutBucketPublicAccessBlock',
                 's3:GetBucketLocation',
-                's3:ListBucket'
+                's3:ListBucket',
             ],
             Resource: [
                 'arn:aws:s3:::*serverless*',
-                'arn:aws:s3:::*serverless*/*'
-            ]
+                'arn:aws:s3:::*serverless*/*',
+            ],
         },
         {
             Sid: 'LambdaFriggFunctions',
@@ -328,11 +255,14 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 'lambda:DeleteConcurrency',
                 'lambda:TagResource',
                 'lambda:UntagResource',
-                'lambda:ListVersionsByFunction'
+                'lambda:ListVersionsByFunction',
             ],
             Resource: [
-                { 'Fn::Sub': 'arn:aws:lambda:*:${AWS::AccountId}:function:*frigg*' }
-            ]
+                {
+                    'Fn::Sub':
+                        'arn:aws:lambda:*:${AWS::AccountId}:function:*frigg*',
+                },
+            ],
         },
         {
             Sid: 'IAMRolesForFriggLambda',
@@ -348,18 +278,23 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 'iam:AttachRolePolicy',
                 'iam:DetachRolePolicy',
                 'iam:TagRole',
-                'iam:UntagRole'
+                'iam:UntagRole',
             ],
             Resource: [
                 { 'Fn::Sub': 'arn:aws:iam::${AWS::AccountId}:role/*frigg*' },
-                { 'Fn::Sub': 'arn:aws:iam::${AWS::AccountId}:role/*frigg*LambdaRole*' }
-            ]
+                {
+                    'Fn::Sub':
+                        'arn:aws:iam::${AWS::AccountId}:role/*frigg*LambdaRole*',
+                },
+            ],
         },
         {
             Sid: 'IAMPolicyVersionPermissions',
             Effect: 'Allow',
             Action: ['iam:ListPolicyVersions'],
-            Resource: [{ 'Fn::Sub': 'arn:aws:iam::${AWS::AccountId}:policy/*' }]
+            Resource: [
+                { 'Fn::Sub': 'arn:aws:iam::${AWS::AccountId}:policy/*' },
+            ],
         },
         {
             Sid: 'FriggMessagingServices',
@@ -371,12 +306,15 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 'sqs:SetQueueAttributes',
                 'sqs:GetQueueUrl',
                 'sqs:TagQueue',
-                'sqs:UntagQueue'
+                'sqs:UntagQueue',
             ],
             Resource: [
                 { 'Fn::Sub': 'arn:aws:sqs:*:${AWS::AccountId}:*frigg*' },
-                { 'Fn::Sub': 'arn:aws:sqs:*:${AWS::AccountId}:internal-error-queue-*' }
-            ]
+                {
+                    'Fn::Sub':
+                        'arn:aws:sqs:*:${AWS::AccountId}:internal-error-queue-*',
+                },
+            ],
         },
         {
             Sid: 'FriggSNSTopics',
@@ -390,11 +328,11 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 'sns:Unsubscribe',
                 'sns:ListSubscriptionsByTopic',
                 'sns:TagResource',
-                'sns:UntagResource'
+                'sns:UntagResource',
             ],
             Resource: [
-                { 'Fn::Sub': 'arn:aws:sns:*:${AWS::AccountId}:*frigg*' }
-            ]
+                { 'Fn::Sub': 'arn:aws:sns:*:${AWS::AccountId}:*frigg*' },
+            ],
         },
         {
             Sid: 'FriggMonitoringAndLogs',
@@ -410,13 +348,22 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 'logs:DescribeLogStreams',
                 'logs:FilterLogEvents',
                 'logs:PutLogEvents',
-                'logs:PutRetentionPolicy'
+                'logs:PutRetentionPolicy',
             ],
             Resource: [
-                { 'Fn::Sub': 'arn:aws:logs:*:${AWS::AccountId}:log-group:/aws/lambda/*frigg*' },
-                { 'Fn::Sub': 'arn:aws:logs:*:${AWS::AccountId}:log-group:/aws/lambda/*frigg*:*' },
-                { 'Fn::Sub': 'arn:aws:cloudwatch:*:${AWS::AccountId}:alarm:*frigg*' }
-            ]
+                {
+                    'Fn::Sub':
+                        'arn:aws:logs:*:${AWS::AccountId}:log-group:/aws/lambda/*frigg*',
+                },
+                {
+                    'Fn::Sub':
+                        'arn:aws:logs:*:${AWS::AccountId}:log-group:/aws/lambda/*frigg*:*',
+                },
+                {
+                    'Fn::Sub':
+                        'arn:aws:cloudwatch:*:${AWS::AccountId}:alarm:*frigg*',
+                },
+            ],
         },
         {
             Sid: 'FriggAPIGateway',
@@ -426,15 +373,37 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                 'apigateway:PUT',
                 'apigateway:DELETE',
                 'apigateway:GET',
-                'apigateway:PATCH'
+                'apigateway:PATCH',
             ],
             Resource: [
                 'arn:aws:apigateway:*::/restapis',
                 'arn:aws:apigateway:*::/restapis/*',
                 'arn:aws:apigateway:*::/domainnames',
-                'arn:aws:apigateway:*::/domainnames/*'
-            ]
-        }
+                'arn:aws:apigateway:*::/domainnames/*',
+            ],
+        },
+        {
+            Sid: 'FriggAPIGatewayV2',
+            Effect: 'Allow',
+            Action: [
+                'apigateway:GET',
+                'apigateway:DELETE',
+                'apigateway:PATCH',
+                'apigateway:POST',
+                'apigateway:PUT',
+            ],
+            Resource: [
+                'arn:aws:apigateway:*::/apis',
+                'arn:aws:apigateway:*::/apis/*',
+                'arn:aws:apigateway:*::/apis/*/stages',
+                'arn:aws:apigateway:*::/apis/*/stages/*',
+                'arn:aws:apigateway:*::/apis/*/mappings',
+                'arn:aws:apigateway:*::/apis/*/mappings/*',
+                'arn:aws:apigateway:*::/domainnames',
+                'arn:aws:apigateway:*::/domainnames/*',
+                'arn:aws:apigateway:*::/domainnames/*/apimappings',
+            ],
+        },
     ];
     template.Resources.FriggCoreDeploymentPolicy = {
@@ -444,9 +413,9 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
             Description: 'Core permissions for deploying Frigg applications',
             PolicyDocument: {
                 Version: '2012-10-17',
-                Statement: coreStatements
-            }
-        }
+                Statement: coreStatements,
+            },
+        },
     };
     // Add feature-specific policies only if needed
@@ -486,13 +455,15 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                                 'ec2:AuthorizeSecurityGroupEgress',
                                 'ec2:AuthorizeSecurityGroupIngress',
                                 'ec2:RevokeSecurityGroupEgress',
-                                'ec2:RevokeSecurityGroupIngress'
+                                'ec2:RevokeSecurityGroupIngress',
+                                'ec2:DetachInternetGateway',
+                                'ec2:DeleteSubnet',
                             ],
-                            Resource: '*'
-                        }
-                    ]
-                }
-            }
+                            Resource: '*',
+                        },
+                    ],
+                },
+            },
         };
     }
@@ -502,32 +473,33 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
             Condition: 'CreateKMSPermissions',
             Properties: {
                 ManagedPolicyName: 'FriggKMSPolicy',
-                Description: 'KMS encryption permissions for Frigg applications',
+                Description:
+                    'KMS encryption permissions for Frigg applications',
                 PolicyDocument: {
                     Version: '2012-10-17',
                     Statement: [
                         {
                             Sid: 'FriggKMSEncryptionRuntime',
                             Effect: 'Allow',
-                            Action: [
-                                'kms:GenerateDataKey',
-                                'kms:Decrypt'
-                            ],
+                            Action: ['kms:GenerateDataKey', 'kms:Decrypt'],
                             Resource: [
-                                { 'Fn::Sub': 'arn:aws:kms:*:${AWS::AccountId}:key/*' }
+                                {
+                                    'Fn::Sub':
+                                        'arn:aws:kms:*:${AWS::AccountId}:key/*',
+                                },
                             ],
                             Condition: {
                                 StringEquals: {
                                     'kms:ViaService': [
                                         'lambda.*.amazonaws.com',
-                                        's3.*.amazonaws.com'
-                                    ]
-                                }
-                            }
-                        }
-                    ]
-                }
-            }
+                                        's3.*.amazonaws.com',
+                                    ],
+                                },
+                            },
+                        },
+                    ],
+                },
+            },
         };
     }
@@ -537,7 +509,8 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
             Condition: 'CreateSSMPermissions',
             Properties: {
                 ManagedPolicyName: 'FriggSSMPolicy',
-                Description: 'SSM Parameter Store permissions for Frigg applications',
+                Description:
+                    'SSM Parameter Store permissions for Frigg applications',
                 PolicyDocument: {
                     Version: '2012-10-17',
                     Statement: [
@@ -547,16 +520,22 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
                             Action: [
                                 'ssm:GetParameter',
                                 'ssm:GetParameters',
-                                'ssm:GetParametersByPath'
+                                'ssm:GetParametersByPath',
                             ],
                             Resource: [
-                                { 'Fn::Sub': 'arn:aws:ssm:*:${AWS::AccountId}:parameter/*frigg*' },
-                                { 'Fn::Sub': 'arn:aws:ssm:*:${AWS::AccountId}:parameter/*frigg*/*' }
-                            ]
-                        }
-                    ]
-                }
-            }
+                                {
+                                    'Fn::Sub':
+                                        'arn:aws:ssm:*:${AWS::AccountId}:parameter/*frigg*',
+                                },
+                                {
+                                    'Fn::Sub':
+                                        'arn:aws:ssm:*:${AWS::AccountId}:parameter/*frigg*/*',
+                                },
+                            ],
+                        },
+                    ],
+                },
+            },
         };
     }
@@ -569,10 +548,11 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
             SecretString: {
                 'Fn::Sub': JSON.stringify({
                     AccessKeyId: '${FriggDeploymentAccessKey}',
-                    SecretAccessKey: '${FriggDeploymentAccessKey.SecretAccessKey}'
-                })
-            }
-        }
+                    SecretAccessKey:
+                        '${FriggDeploymentAccessKey.SecretAccessKey}',
+                }),
+            },
+        },
     };
     // Add Outputs
@@ -581,29 +561,30 @@ function generateIAMCloudFormation(appDefinition, options = {}) {
             Description: 'ARN of the Frigg deployment user',
             Value: { 'Fn::GetAtt': ['FriggDeploymentUser', 'Arn'] },
             Export: {
-                Name: { 'Fn::Sub': '${AWS::StackName}-UserArn' }
-            }
+                Name: { 'Fn::Sub': '${AWS::StackName}-UserArn' },
+            },
         },
         AccessKeyId: {
             Description: 'Access Key ID for the deployment user',
             Value: { Ref: 'FriggDeploymentAccessKey' },
             Export: {
-                Name: { 'Fn::Sub': '${AWS::StackName}-AccessKeyId' }
-            }
+                Name: { 'Fn::Sub': '${AWS::StackName}-AccessKeyId' },
+            },
         },
         SecretAccessKeyCommand: {
             Description: 'Command to retrieve the secret access key',
             Value: {
-                'Fn::Sub': 'aws secretsmanager get-secret-value --secret-id frigg-deployment-credentials --query SecretString --output text | jq -r .SecretAccessKey'
-            }
+                'Fn::Sub':
+                    'aws secretsmanager get-secret-value --secret-id frigg-deployment-credentials --query SecretString --output text | jq -r .SecretAccessKey',
+            },
         },
         CredentialsSecretArn: {
             Description: 'ARN of the secret containing deployment credentials',
             Value: { Ref: 'FriggDeploymentCredentials' },
             Export: {
-                Name: { 'Fn::Sub': '${AWS::StackName}-CredentialsSecretArn' }
-            }
-        }
+                Name: { 'Fn::Sub': '${AWS::StackName}-CredentialsSecretArn' },
+            },
+        },
     };
     // Convert to YAML
@@ -621,7 +602,7 @@ function convertToYAML(obj) {
         indent: 2,
         lineWidth: 120,
         noRefs: true,
-        sortKeys: false
+        sortKeys: false,
     });
 }
@@ -634,9 +615,11 @@ function getFeatureSummary(appDefinition) {
     const features = {
         core: true, // Always enabled
         vpc: appDefinition.vpc?.enable === true,
-        kms: appDefinition.encryption?.useDefaultKMSForFieldLevelEncryption === true,
+        kms:
+            appDefinition.encryption?.useDefaultKMSForFieldLevelEncryption ===
+            true,
         ssm: appDefinition.ssm?.enable === true,
-        websockets: appDefinition.websockets?.enable === true
+        websockets: appDefinition.websockets?.enable === true,
     };
     const integrationCount = appDefinition.integrations?.length || 0;
@@ -644,7 +627,7 @@ function getFeatureSummary(appDefinition) {
     return {
         features,
         integrationCount,
-        appName: appDefinition.name || 'Unnamed Frigg App'
+        appName: appDefinition.name || 'Unnamed Frigg App',
     };
 }
@@ -683,5 +666,5 @@ module.exports = {
     getFeatureSummary,
     generateBasicIAMPolicy,
     generateFullIAMPolicy,
-    generateIAMPolicy
-};
+    generateIAMPolicy,
+};