npm - @intentius/chant-lexicon-aws - Versions diffs - 0.0.6 → 0.0.9 - Mend

@intentius/chant-lexicon-aws 0.0.6 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (128) hide show

package/dist/integrity.json +25 -10
package/dist/manifest.json +1 -1
package/dist/meta.json +9444 -4597
package/dist/rules/cf-refs.ts +99 -0
package/dist/rules/ext001.ts +32 -25
package/dist/rules/hardcoded-region.ts +1 -0
package/dist/rules/iam-wildcard.ts +1 -0
package/dist/rules/s3-encryption.ts +3 -3
package/dist/rules/waw016.ts +86 -0
package/dist/rules/waw017.ts +53 -0
package/dist/rules/waw018.ts +71 -0
package/dist/rules/waw019.ts +82 -0
package/dist/rules/waw020.ts +64 -0
package/dist/rules/waw021.ts +53 -0
package/dist/rules/waw022.ts +43 -0
package/dist/rules/waw023.ts +47 -0
package/dist/rules/waw024.ts +54 -0
package/dist/rules/waw025.ts +43 -0
package/dist/rules/waw026.ts +46 -0
package/dist/rules/waw027.ts +50 -0
package/dist/rules/waw028.ts +47 -0
package/dist/rules/waw029.ts +62 -0
package/dist/rules/waw030.ts +246 -0
package/dist/skills/chant-aws.md +430 -0
package/dist/types/index.d.ts +58525 -58501
package/package.json +2 -2
package/src/actions/actions.test.ts +75 -0
package/src/actions/dynamodb.ts +36 -0
package/src/actions/ecr.ts +9 -0
package/src/actions/ecs.ts +5 -0
package/src/actions/iam.ts +3 -0
package/src/actions/index.ts +9 -0
package/src/actions/lambda.ts +11 -0
package/src/actions/logs.ts +4 -0
package/src/actions/s3.ts +34 -0
package/src/actions/sns.ts +5 -0
package/src/actions/sqs.ts +15 -0
package/src/codegen/__snapshots__/snapshot.test.ts.snap +20 -20
package/src/codegen/docs-links.test.ts +143 -0
package/src/codegen/docs.ts +294 -124
package/src/codegen/generate-lexicon.ts +8 -0
package/src/codegen/generate-typescript.ts +25 -1
package/src/codegen/generate.ts +1 -13
package/src/codegen/package.ts +2 -0
package/src/codegen/typecheck.test.ts +1 -1
package/src/composites/composites.test.ts +442 -0
package/src/composites/fargate-alb.ts +253 -0
package/src/composites/index.ts +20 -0
package/src/composites/lambda-api.ts +20 -0
package/src/composites/lambda-dynamodb.ts +64 -0
package/src/composites/lambda-eventbridge.ts +36 -0
package/src/composites/lambda-function.ts +76 -0
package/src/composites/lambda-s3.ts +72 -0
package/src/composites/lambda-sns.ts +30 -0
package/src/composites/lambda-sqs.ts +44 -0
package/src/composites/scheduled-lambda.ts +37 -0
package/src/composites/vpc-default.ts +148 -0
package/src/default-tags.test.ts +38 -0
package/src/default-tags.ts +77 -0
package/src/generated/index.d.ts +58525 -58501
package/src/generated/index.ts +1351 -1351
package/src/generated/lexicon-aws.json +9444 -4597
package/src/import/generator.test.ts +5 -5
package/src/import/generator.ts +4 -4
package/src/import/roundtrip-fixtures.test.ts +2 -1
package/src/import/roundtrip.test.ts +5 -5
package/src/index.ts +21 -0
package/src/integration.test.ts +92 -21
package/src/intrinsics.ts +24 -13
package/src/lint/post-synth/cf-refs.ts +99 -0
package/src/lint/post-synth/ext001.test.ts +214 -31
package/src/lint/post-synth/ext001.ts +32 -25
package/src/lint/post-synth/waw013.test.ts +120 -0
package/src/lint/post-synth/waw014.test.ts +121 -0
package/src/lint/post-synth/waw015.test.ts +147 -0
package/src/lint/post-synth/waw016.test.ts +141 -0
package/src/lint/post-synth/waw016.ts +86 -0
package/src/lint/post-synth/waw017.test.ts +130 -0
package/src/lint/post-synth/waw017.ts +53 -0
package/src/lint/post-synth/waw018.test.ts +109 -0
package/src/lint/post-synth/waw018.ts +71 -0
package/src/lint/post-synth/waw019.test.ts +138 -0
package/src/lint/post-synth/waw019.ts +82 -0
package/src/lint/post-synth/waw020.test.ts +125 -0
package/src/lint/post-synth/waw020.ts +64 -0
package/src/lint/post-synth/waw021.test.ts +81 -0
package/src/lint/post-synth/waw021.ts +53 -0
package/src/lint/post-synth/waw022.test.ts +54 -0
package/src/lint/post-synth/waw022.ts +43 -0
package/src/lint/post-synth/waw023.test.ts +53 -0
package/src/lint/post-synth/waw023.ts +47 -0
package/src/lint/post-synth/waw024.test.ts +64 -0
package/src/lint/post-synth/waw024.ts +54 -0
package/src/lint/post-synth/waw025.test.ts +42 -0
package/src/lint/post-synth/waw025.ts +43 -0
package/src/lint/post-synth/waw026.test.ts +54 -0
package/src/lint/post-synth/waw026.ts +46 -0
package/src/lint/post-synth/waw027.test.ts +63 -0
package/src/lint/post-synth/waw027.ts +50 -0
package/src/lint/post-synth/waw028.test.ts +68 -0
package/src/lint/post-synth/waw028.ts +47 -0
package/src/lint/post-synth/waw029.test.ts +179 -0
package/src/lint/post-synth/waw029.ts +62 -0
package/src/lint/post-synth/waw030.test.ts +800 -0
package/src/lint/post-synth/waw030.ts +246 -0
package/src/lint/rules/hardcoded-region.ts +1 -0
package/src/lint/rules/iam-wildcard.ts +1 -0
package/src/lint/rules/rules.test.ts +8 -8
package/src/lint/rules/s3-encryption.ts +3 -3
package/src/lsp/completions.ts +2 -0
package/src/lsp/hover.ts +17 -0
package/src/nested-stack-integration.test.ts +100 -0
package/src/nested-stack.ts +2 -2
package/src/plugin.test.ts +13 -15
package/src/plugin.ts +552 -114
package/src/serializer.test.ts +370 -43
package/src/serializer.ts +69 -17
package/src/spec/fetch.ts +10 -0
package/src/spec/parse.test.ts +141 -0
package/src/spec/parse.ts +40 -0
package/src/taggable.ts +44 -0
package/src/testdata/nested-stacks/app.ts +26 -0
package/src/testdata/nested-stacks/network/outputs.ts +17 -0
package/src/testdata/nested-stacks/network/security.ts +17 -0
package/src/testdata/nested-stacks/network/vpc.ts +54 -0
package/dist/skills/aws-cloudformation.md +0 -41
package/src/codegen/rollback.test.ts +0 -80
package/src/codegen/rollback.ts +0 -20

package/src/lint/post-synth/waw030.test.ts ADDED Viewed

@@ -0,0 +1,800 @@
+import { describe, test, expect } from "bun:test";
+import { createPostSynthContext } from "@intentius/chant-test-utils";
+import { waw030, checkMissingDependsOn } from "./waw030";
+function makeCtx(template: object) {
+  return createPostSynthContext({ aws: template });
+}
+describe("WAW030: Missing DependsOn for Known Patterns", () => {
+  test("check metadata", () => {
+    expect(waw030.id).toBe("WAW030");
+    expect(waw030.description).toContain("DependsOn");
+  });
+  // --- ECS Service + Listener pattern ---
+  test("ECS Service with LoadBalancers, no Listener DependsOn → warning", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyListener: {
+          Type: "AWS::ElasticLoadBalancingV2::Listener",
+          Properties: {},
+        },
+        MyService: {
+          Type: "AWS::ECS::Service",
+          Properties: {
+            LoadBalancers: [{ TargetGroupArn: { Ref: "MyTG" } }],
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].checkId).toBe("WAW030");
+    expect(diags[0].severity).toBe("warning");
+    expect(diags[0].message).toContain("MyService");
+    expect(diags[0].message).toContain("Listener");
+    expect(diags[0].entity).toBe("MyService");
+    expect(diags[0].lexicon).toBe("aws");
+  });
+  test("ECS Service with LoadBalancers and Listener DependsOn → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyListener: {
+          Type: "AWS::ElasticLoadBalancingV2::Listener",
+          Properties: {},
+        },
+        MyService: {
+          Type: "AWS::ECS::Service",
+          DependsOn: "MyListener",
+          Properties: {
+            LoadBalancers: [{ TargetGroupArn: { Ref: "MyTG" } }],
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("ECS Service with LoadBalancers and Listener DependsOn (array) → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyListener: {
+          Type: "AWS::ElasticLoadBalancingV2::Listener",
+          Properties: {},
+        },
+        MyService: {
+          Type: "AWS::ECS::Service",
+          DependsOn: ["MyListener"],
+          Properties: {
+            LoadBalancers: [{ TargetGroupArn: { Ref: "MyTG" } }],
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("ECS Service without LoadBalancers → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyListener: {
+          Type: "AWS::ElasticLoadBalancingV2::Listener",
+          Properties: {},
+        },
+        MyService: {
+          Type: "AWS::ECS::Service",
+          Properties: { Cluster: "my-cluster" },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("no ECS Service → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyListener: {
+          Type: "AWS::ElasticLoadBalancingV2::Listener",
+          Properties: {},
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  // --- EC2 Route + VPCGatewayAttachment pattern ---
+  test("Route with GatewayId, no VPCGatewayAttachment dependency → warning", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyAttachment: {
+          Type: "AWS::EC2::VPCGatewayAttachment",
+          Properties: {},
+        },
+        MyRoute: {
+          Type: "AWS::EC2::Route",
+          Properties: {
+            GatewayId: { Ref: "MyIGW" },
+            RouteTableId: { Ref: "MyRT" },
+            DestinationCidrBlock: "0.0.0.0/0",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].checkId).toBe("WAW030");
+    expect(diags[0].severity).toBe("warning");
+    expect(diags[0].message).toContain("MyRoute");
+    expect(diags[0].message).toContain("VPCGatewayAttachment");
+    expect(diags[0].entity).toBe("MyRoute");
+  });
+  test("Route with GatewayId and VPCGatewayAttachment DependsOn → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyAttachment: {
+          Type: "AWS::EC2::VPCGatewayAttachment",
+          Properties: {},
+        },
+        MyRoute: {
+          Type: "AWS::EC2::Route",
+          DependsOn: "MyAttachment",
+          Properties: {
+            GatewayId: { Ref: "MyIGW" },
+            RouteTableId: { Ref: "MyRT" },
+            DestinationCidrBlock: "0.0.0.0/0",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("Route with GatewayId and property Ref to VPCGatewayAttachment → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyAttachment: {
+          Type: "AWS::EC2::VPCGatewayAttachment",
+          Properties: {},
+        },
+        MyRoute: {
+          Type: "AWS::EC2::Route",
+          Properties: {
+            GatewayId: { Ref: "MyAttachment" },
+            RouteTableId: { Ref: "MyRT" },
+            DestinationCidrBlock: "0.0.0.0/0",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("Route without GatewayId → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyAttachment: {
+          Type: "AWS::EC2::VPCGatewayAttachment",
+          Properties: {},
+        },
+        MyRoute: {
+          Type: "AWS::EC2::Route",
+          Properties: {
+            NatGatewayId: { Ref: "MyNAT" },
+            RouteTableId: { Ref: "MyRT" },
+            DestinationCidrBlock: "0.0.0.0/0",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  // --- Edge cases ---
+  test("ECS Service with empty LoadBalancers array → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyListener: {
+          Type: "AWS::ElasticLoadBalancingV2::Listener",
+          Properties: {},
+        },
+        MyService: {
+          Type: "AWS::ECS::Service",
+          Properties: { LoadBalancers: [] },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("ECS Service with LoadBalancers but no Listener in template → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyService: {
+          Type: "AWS::ECS::Service",
+          Properties: {
+            LoadBalancers: [{ TargetGroupArn: { Ref: "MyTG" } }],
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("Route with GatewayId but no VPCGatewayAttachment in template → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyRoute: {
+          Type: "AWS::EC2::Route",
+          Properties: {
+            GatewayId: { Ref: "MyIGW" },
+            RouteTableId: { Ref: "MyRT" },
+            DestinationCidrBlock: "0.0.0.0/0",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("Route with Fn::GetAtt (dot-delimited) referencing VPCGatewayAttachment → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyAttachment: {
+          Type: "AWS::EC2::VPCGatewayAttachment",
+          Properties: {},
+        },
+        MyRoute: {
+          Type: "AWS::EC2::Route",
+          Properties: {
+            GatewayId: { "Fn::GetAtt": "MyAttachment.InternetGatewayId" },
+            RouteTableId: { Ref: "MyRT" },
+            DestinationCidrBlock: "0.0.0.0/0",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("multiple ECS Services — only flags those missing DependsOn", () => {
+    const ctx = makeCtx({
+      Resources: {
+        Listener: {
+          Type: "AWS::ElasticLoadBalancingV2::Listener",
+          Properties: {},
+        },
+        GoodService: {
+          Type: "AWS::ECS::Service",
+          DependsOn: "Listener",
+          Properties: {
+            LoadBalancers: [{ TargetGroupArn: { Ref: "TG" } }],
+          },
+        },
+        BadService: {
+          Type: "AWS::ECS::Service",
+          Properties: {
+            LoadBalancers: [{ TargetGroupArn: { Ref: "TG2" } }],
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].entity).toBe("BadService");
+  });
+  test("ECS Service DependsOn includes one of multiple listeners → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        HttpListener: {
+          Type: "AWS::ElasticLoadBalancingV2::Listener",
+          Properties: {},
+        },
+        HttpsListener: {
+          Type: "AWS::ElasticLoadBalancingV2::Listener",
+          Properties: {},
+        },
+        MyService: {
+          Type: "AWS::ECS::Service",
+          DependsOn: "HttpsListener",
+          Properties: {
+            LoadBalancers: [{ TargetGroupArn: { Ref: "TG" } }],
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("empty Resources → no diagnostic", () => {
+    const ctx = makeCtx({ Resources: {} });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("both patterns fire in same template", () => {
+    const ctx = makeCtx({
+      Resources: {
+        Listener: {
+          Type: "AWS::ElasticLoadBalancingV2::Listener",
+          Properties: {},
+        },
+        Service: {
+          Type: "AWS::ECS::Service",
+          Properties: {
+            LoadBalancers: [{ TargetGroupArn: { Ref: "TG" } }],
+          },
+        },
+        Attachment: {
+          Type: "AWS::EC2::VPCGatewayAttachment",
+          Properties: {},
+        },
+        Route: {
+          Type: "AWS::EC2::Route",
+          Properties: {
+            GatewayId: { Ref: "MyIGW" },
+            DestinationCidrBlock: "0.0.0.0/0",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(2);
+    const entities = diags.map((d) => d.entity).sort();
+    expect(entities).toEqual(["Route", "Service"]);
+  });
+  // --- API Gateway Deployment + Method pattern ---
+  test("API Gateway Deployment + Method, no DependsOn → warning", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyMethod: {
+          Type: "AWS::ApiGateway::Method",
+          Properties: { RestApiId: { Ref: "MyApi" } },
+        },
+        MyDeployment: {
+          Type: "AWS::ApiGateway::Deployment",
+          Properties: { RestApiId: { Ref: "MyApi" } },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].checkId).toBe("WAW030");
+    expect(diags[0].severity).toBe("warning");
+    expect(diags[0].message).toContain("MyDeployment");
+    expect(diags[0].message).toContain("Method");
+    expect(diags[0].entity).toBe("MyDeployment");
+  });
+  test("API Gateway Deployment + Method, with DependsOn → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyMethod: {
+          Type: "AWS::ApiGateway::Method",
+          Properties: { RestApiId: { Ref: "MyApi" } },
+        },
+        MyDeployment: {
+          Type: "AWS::ApiGateway::Deployment",
+          DependsOn: "MyMethod",
+          Properties: { RestApiId: { Ref: "MyApi" } },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("API Gateway Deployment + Method, with property ref to Method → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyMethod: {
+          Type: "AWS::ApiGateway::Method",
+          Properties: { RestApiId: { Ref: "MyApi" } },
+        },
+        MyDeployment: {
+          Type: "AWS::ApiGateway::Deployment",
+          Properties: { RestApiId: { Ref: "MyApi" }, StageName: { Ref: "MyMethod" } },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("API Gateway Deployment without any Methods in template → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyDeployment: {
+          Type: "AWS::ApiGateway::Deployment",
+          Properties: { RestApiId: { Ref: "MyApi" } },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("no API Gateway Deployment → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyMethod: {
+          Type: "AWS::ApiGateway::Method",
+          Properties: { RestApiId: { Ref: "MyApi" } },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  // --- API Gateway V2 Deployment + Route pattern ---
+  test("API Gateway V2 Deployment + Route, no DependsOn → warning", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyRoute: {
+          Type: "AWS::ApiGatewayV2::Route",
+          Properties: { ApiId: { Ref: "MyApi" } },
+        },
+        MyDeployment: {
+          Type: "AWS::ApiGatewayV2::Deployment",
+          Properties: { ApiId: { Ref: "MyApi" } },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].checkId).toBe("WAW030");
+    expect(diags[0].severity).toBe("warning");
+    expect(diags[0].message).toContain("MyDeployment");
+    expect(diags[0].message).toContain("Route");
+    expect(diags[0].entity).toBe("MyDeployment");
+  });
+  test("API Gateway V2 Deployment + Route, with DependsOn → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyRoute: {
+          Type: "AWS::ApiGatewayV2::Route",
+          Properties: { ApiId: { Ref: "MyApi" } },
+        },
+        MyDeployment: {
+          Type: "AWS::ApiGatewayV2::Deployment",
+          DependsOn: "MyRoute",
+          Properties: { ApiId: { Ref: "MyApi" } },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("API Gateway V2 Deployment without Routes in template → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyDeployment: {
+          Type: "AWS::ApiGatewayV2::Deployment",
+          Properties: { ApiId: { Ref: "MyApi" } },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  // --- DynamoDB Table + ScalableTarget pattern ---
+  test("ScalableTarget (dynamodb) + Table, no DependsOn → warning", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyTable: {
+          Type: "AWS::DynamoDB::Table",
+          Properties: { TableName: "my-table" },
+        },
+        MyTarget: {
+          Type: "AWS::ApplicationAutoScaling::ScalableTarget",
+          Properties: {
+            ServiceNamespace: "dynamodb",
+            ScalableDimension: "dynamodb:table:ReadCapacityUnits",
+            ResourceId: "table/my-table",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].checkId).toBe("WAW030");
+    expect(diags[0].severity).toBe("warning");
+    expect(diags[0].message).toContain("MyTarget");
+    expect(diags[0].message).toContain("DynamoDB");
+    expect(diags[0].entity).toBe("MyTarget");
+  });
+  test("ScalableTarget (dynamodb) + Table, with DependsOn → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyTable: {
+          Type: "AWS::DynamoDB::Table",
+          Properties: { TableName: "my-table" },
+        },
+        MyTarget: {
+          Type: "AWS::ApplicationAutoScaling::ScalableTarget",
+          DependsOn: "MyTable",
+          Properties: {
+            ServiceNamespace: "dynamodb",
+            ScalableDimension: "dynamodb:table:ReadCapacityUnits",
+            ResourceId: "table/my-table",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("ScalableTarget (dynamodb) + Table, with property ref to Table → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyTable: {
+          Type: "AWS::DynamoDB::Table",
+          Properties: { TableName: "my-table" },
+        },
+        MyTarget: {
+          Type: "AWS::ApplicationAutoScaling::ScalableTarget",
+          Properties: {
+            ServiceNamespace: "dynamodb",
+            ScalableDimension: "dynamodb:table:ReadCapacityUnits",
+            ResourceId: { "Fn::Sub": ["table/${TableName}", { TableName: { Ref: "MyTable" } }] },
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("ScalableTarget with non-dynamodb namespace → no diagnostic for dynamodb pattern", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyTable: {
+          Type: "AWS::DynamoDB::Table",
+          Properties: { TableName: "my-table" },
+        },
+        MyTarget: {
+          Type: "AWS::ApplicationAutoScaling::ScalableTarget",
+          Properties: {
+            ServiceNamespace: "ecs",
+            ScalableDimension: "ecs:service:DesiredCount",
+            ResourceId: "service/my-cluster/my-service",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    // Should not fire for dynamodb pattern (no ECS Service in template either)
+    expect(diags).toHaveLength(0);
+  });
+  test("ScalableTarget (dynamodb) but no Table in template → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyTarget: {
+          Type: "AWS::ApplicationAutoScaling::ScalableTarget",
+          Properties: {
+            ServiceNamespace: "dynamodb",
+            ScalableDimension: "dynamodb:table:ReadCapacityUnits",
+            ResourceId: "table/my-table",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  // --- ECS Service + ScalableTarget pattern ---
+  test("ScalableTarget (ecs) + ECS Service, no DependsOn → warning", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyService: {
+          Type: "AWS::ECS::Service",
+          Properties: { Cluster: "my-cluster" },
+        },
+        MyTarget: {
+          Type: "AWS::ApplicationAutoScaling::ScalableTarget",
+          Properties: {
+            ServiceNamespace: "ecs",
+            ScalableDimension: "ecs:service:DesiredCount",
+            ResourceId: "service/my-cluster/my-service",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].checkId).toBe("WAW030");
+    expect(diags[0].severity).toBe("warning");
+    expect(diags[0].message).toContain("MyTarget");
+    expect(diags[0].message).toContain("ECS");
+    expect(diags[0].entity).toBe("MyTarget");
+  });
+  test("ScalableTarget (ecs) + ECS Service, with DependsOn → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyService: {
+          Type: "AWS::ECS::Service",
+          Properties: { Cluster: "my-cluster" },
+        },
+        MyTarget: {
+          Type: "AWS::ApplicationAutoScaling::ScalableTarget",
+          DependsOn: "MyService",
+          Properties: {
+            ServiceNamespace: "ecs",
+            ScalableDimension: "ecs:service:DesiredCount",
+            ResourceId: "service/my-cluster/my-service",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("ScalableTarget (ecs) but no ECS Service in template → no diagnostic", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyTarget: {
+          Type: "AWS::ApplicationAutoScaling::ScalableTarget",
+          Properties: {
+            ServiceNamespace: "ecs",
+            ScalableDimension: "ecs:service:DesiredCount",
+            ResourceId: "service/my-cluster/my-service",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(0);
+  });
+  test("ScalableTarget with non-ecs namespace → no diagnostic for ecs pattern", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyService: {
+          Type: "AWS::ECS::Service",
+          Properties: { Cluster: "my-cluster" },
+        },
+        MyTarget: {
+          Type: "AWS::ApplicationAutoScaling::ScalableTarget",
+          Properties: {
+            ServiceNamespace: "dynamodb",
+            ScalableDimension: "dynamodb:table:ReadCapacityUnits",
+            ResourceId: "table/my-table",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    // Should not fire for ECS pattern (no DynamoDB Table in template either)
+    expect(diags).toHaveLength(0);
+  });
+  // --- Cross-pattern edge cases ---
+  test("all patterns missing DependsOn → all fire", () => {
+    const ctx = makeCtx({
+      Resources: {
+        Listener: {
+          Type: "AWS::ElasticLoadBalancingV2::Listener",
+          Properties: {},
+        },
+        EcsService: {
+          Type: "AWS::ECS::Service",
+          Properties: {
+            LoadBalancers: [{ TargetGroupArn: { Ref: "TG" } }],
+          },
+        },
+        Attachment: {
+          Type: "AWS::EC2::VPCGatewayAttachment",
+          Properties: {},
+        },
+        Route: {
+          Type: "AWS::EC2::Route",
+          Properties: {
+            GatewayId: { Ref: "MyIGW" },
+            DestinationCidrBlock: "0.0.0.0/0",
+          },
+        },
+        Method: {
+          Type: "AWS::ApiGateway::Method",
+          Properties: { RestApiId: { Ref: "Api" } },
+        },
+        ApiDeployment: {
+          Type: "AWS::ApiGateway::Deployment",
+          Properties: { RestApiId: { Ref: "Api" } },
+        },
+        V2Route: {
+          Type: "AWS::ApiGatewayV2::Route",
+          Properties: { ApiId: { Ref: "HttpApi" } },
+        },
+        V2Deployment: {
+          Type: "AWS::ApiGatewayV2::Deployment",
+          Properties: { ApiId: { Ref: "HttpApi" } },
+        },
+        MyTable: {
+          Type: "AWS::DynamoDB::Table",
+          Properties: { TableName: "t" },
+        },
+        DynamoTarget: {
+          Type: "AWS::ApplicationAutoScaling::ScalableTarget",
+          Properties: {
+            ServiceNamespace: "dynamodb",
+            ResourceId: "table/t",
+          },
+        },
+        EcsTarget: {
+          Type: "AWS::ApplicationAutoScaling::ScalableTarget",
+          Properties: {
+            ServiceNamespace: "ecs",
+            ResourceId: "service/c/s",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(6);
+    const entities = diags.map((d) => d.entity).sort();
+    expect(entities).toEqual([
+      "ApiDeployment",
+      "DynamoTarget",
+      "EcsService",
+      "EcsTarget",
+      "Route",
+      "V2Deployment",
+    ]);
+  });
+  test("ScalableTarget with ScalableDimension fallback (no ServiceNamespace) → detects namespace", () => {
+    const ctx = makeCtx({
+      Resources: {
+        MyTable: {
+          Type: "AWS::DynamoDB::Table",
+          Properties: { TableName: "my-table" },
+        },
+        MyTarget: {
+          Type: "AWS::ApplicationAutoScaling::ScalableTarget",
+          Properties: {
+            ScalableDimension: "dynamodb:table:ReadCapacityUnits",
+            ResourceId: "table/my-table",
+          },
+        },
+      },
+    });
+    const diags = checkMissingDependsOn(ctx);
+    expect(diags).toHaveLength(1);
+    expect(diags[0].entity).toBe("MyTarget");
+    expect(diags[0].message).toContain("DynamoDB");
+  });
+});