create-aws-project 1.4.3 → 1.5.1

package/README.md

@@ -4,6 +4,8 @@ Create a new AWS project from scratch including CloudFront, API Gateway, Lambdas
 
 [![npm version](https://img.shields.io/npm/v/create-aws-project.svg)](https://www.npmjs.com/package/create-aws-project)
 
+![AWS Architecture Diagram](./aws-architecture-diagram.svg)
+
 ## Quick Start
 
 ```bash
@@ -67,6 +69,7 @@ The interactive wizard will ask you about:
    - VS Code workspace configuration
 6. **AWS region** - Where to deploy your infrastructure
 7. **Brand color** - Theme color for your UI (blue, purple, teal, green, orange)
+8. **GitHub repository** *(optional)* - Provide a repo URL to git init, commit, and push automatically. Press Enter to skip.
 
 ## Requirements
 
@@ -82,32 +85,9 @@ After creating your project, you'll set up AWS environments and GitHub deploymen
 
 Before you begin:
 - AWS CLI configured with credentials from your AWS management account
-- GitHub repository created for your project
 - GitHub Personal Access Token with "repo" scope ([create one here](https://github.com/settings/tokens/new))
 
-### Step 1: connect to your .git project
-
-* Initialize the repository
-```
-git init
-```
-
-* Add the remote repository using the git remote add <name> <url> command. A common practice is to name it origin.
-```bash
-git remote add origin <REMOTE_URL>
-```
-
-* Verify the connection by listing your remotes. The -v flag shows the URLs.
-```bash
-git remote -v
-```
-
-* Push your local commits to the remote repository for the first time.
-```bash
-git push -u origin main
-```
-
-### Step 2: Set Up AWS Environments
+### Step 1: Set Up AWS Environments
 
 From your project directory, run:
 
@@ -134,7 +114,7 @@ AWS environment setup complete!
 
 Account IDs are saved to `.aws-starter-config.json` for the next step.
 
-### Step 3: Configure GitHub Environments
+### Step 2: Configure GitHub Environments
 
 For each environment, run:
 

package/dist/aws/iam.d.ts

@@ -19,12 +19,17 @@ export declare function createIAMClient(region?: string): IAMClient;
  */
 export declare function createCrossAccountIAMClient(region: string, targetAccountId: string): IAMClient;
 /**
- * Creates an IAM deployment user with path /deployment/
+ * Creates an IAM deployment user with path /deployment/, or adopts existing tagged user
  * @param client - IAMClient instance
  * @param userName - User name (format: {project}-{environment}-deploy)
- * @throws Error if user already exists or creation fails
+ * @throws Error if user exists but was not created by this tool
  */
-export declare function createDeploymentUser(client: IAMClient, userName: string): Promise<void>;
+export declare function createOrAdoptDeploymentUser(client: IAMClient, userName: string): Promise<void>;
+/**
+ * Legacy function for backward compatibility
+ * @deprecated Use createOrAdoptDeploymentUser instead
+ */
+export declare const createDeploymentUser: typeof createOrAdoptDeploymentUser;
 /**
  * Creates a customer managed policy with minimal CDK deployment permissions
  * @param client - IAMClient instance
@@ -48,11 +53,19 @@ export interface AccessKeyCredentials {
     accessKeyId: string;
     secretAccessKey: string;
 }
+/**
+ * Gets the count of access keys for an IAM user
+ * @param client - IAMClient instance
+ * @param userName - IAM user name
+ * @returns Number of access keys (active + inactive)
+ */
+export declare function getAccessKeyCount(client: IAMClient, userName: string): Promise<number>;
 /**
  * Creates access key credentials for an IAM user
  * @param client - IAMClient instance
  * @param userName - IAM user name
  * @returns Access key ID and secret access key
+ * @throws Error if user already has 2 access keys (AWS maximum)
  * @note The secret access key is ONLY available at creation time
  */
 export declare function createAccessKey(client: IAMClient, userName: string): Promise<AccessKeyCredentials>;

package/dist/aws/iam.js

@@ -1,4 +1,4 @@
-import { IAMClient, CreateUserCommand, GetUserCommand, CreatePolicyCommand, GetPolicyCommand, AttachUserPolicyCommand, CreateAccessKeyCommand, NoSuchEntityException, } from '@aws-sdk/client-iam';
+import { IAMClient, CreateUserCommand, GetUserCommand, CreatePolicyCommand, GetPolicyCommand, AttachUserPolicyCommand, CreateAccessKeyCommand, ListUserTagsCommand, ListAccessKeysCommand, NoSuchEntityException, } from '@aws-sdk/client-iam';
 import { fromTemporaryCredentials } from '@aws-sdk/credential-providers';
 import pc from 'picocolors';
 /**
@@ -73,16 +73,45 @@ async function policyExists(client, policyArn) {
     }
 }
 /**
- * Creates an IAM deployment user with path /deployment/
+ * Checks if an IAM user has a specific tag
+ * @param client - IAMClient instance
+ * @param userName - User name to check
+ * @param tagKey - Tag key to check for
+ * @param tagValue - Expected tag value
+ * @returns true if user has the tag with the specified value
+ */
+async function userHasTag(client, userName, tagKey, tagValue) {
+    try {
+        const command = new ListUserTagsCommand({ UserName: userName });
+        const response = await client.send(command);
+        return response.Tags?.some((tag) => tag.Key === tagKey && tag.Value === tagValue) ?? false;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Creates an IAM deployment user with path /deployment/, or adopts existing tagged user
  * @param client - IAMClient instance
  * @param userName - User name (format: {project}-{environment}-deploy)
- * @throws Error if user already exists or creation fails
+ * @throws Error if user exists but was not created by this tool
  */
-export async function createDeploymentUser(client, userName) {
+export async function createOrAdoptDeploymentUser(client, userName) {
     // Check if user already exists
     if (await userExists(client, userName)) {
-        throw new Error(`IAM user "${userName}" already exists. Delete manually before retrying.`);
+        // Check if user was created by this tool (has ManagedBy tag)
+        const isManagedByUs = await userHasTag(client, userName, 'ManagedBy', 'create-aws-starter-kit');
+        if (isManagedByUs) {
+            // Adopt existing user - this is idempotent re-run
+            console.log(pc.yellow(`  Adopting existing deployment user: ${userName}`));
+            return;
+        }
+        else {
+            // User exists but not managed by us - error
+            throw new Error(`IAM user "${userName}" exists but was not created by this tool. Delete it or use a different project name.`);
+        }
     }
+    // User doesn't exist - create it
     const command = new CreateUserCommand({
         UserName: userName,
         Path: '/deployment/',
@@ -94,6 +123,11 @@ export async function createDeploymentUser(client, userName) {
     await client.send(command);
     console.log(pc.green(`  Created IAM user: ${userName}`));
 }
+/**
+ * Legacy function for backward compatibility
+ * @deprecated Use createOrAdoptDeploymentUser instead
+ */
+export const createDeploymentUser = createOrAdoptDeploymentUser;
 /**
  * CDK deployment policy document with minimal permissions
  * @param accountId - AWS account ID for resource ARNs
@@ -226,14 +260,36 @@ export async function attachPolicyToUser(client, userName, policyArn) {
     await client.send(command);
     console.log(pc.green(`  Attached policy to user ${userName}`));
 }
+/**
+ * Gets the count of access keys for an IAM user
+ * @param client - IAMClient instance
+ * @param userName - IAM user name
+ * @returns Number of access keys (active + inactive)
+ */
+export async function getAccessKeyCount(client, userName) {
+    try {
+        const command = new ListAccessKeysCommand({ UserName: userName });
+        const response = await client.send(command);
+        return response.AccessKeyMetadata?.length ?? 0;
+    }
+    catch {
+        return 0;
+    }
+}
 /**
  * Creates access key credentials for an IAM user
  * @param client - IAMClient instance
  * @param userName - IAM user name
  * @returns Access key ID and secret access key
+ * @throws Error if user already has 2 access keys (AWS maximum)
  * @note The secret access key is ONLY available at creation time
  */
 export async function createAccessKey(client, userName) {
+    // Check access key limit before attempting creation
+    const keyCount = await getAccessKeyCount(client, userName);
+    if (keyCount >= 2) {
+        throw new Error(`IAM user ${userName} already has 2 access keys (AWS maximum). Delete an existing key in AWS Console > IAM > Users > ${userName} > Security credentials before retrying.`);
+    }
     const command = new CreateAccessKeyCommand({
         UserName: userName,
     });

package/dist/cli.js

@@ -7,6 +7,7 @@ import { generateProject } from './generator/index.js';
 import { showDeprecationNotice } from './commands/setup-github.js';
 import { runSetupAwsEnvs } from './commands/setup-aws-envs.js';
 import { runInitializeGitHub } from './commands/initialize-github.js';
+import { promptGitSetup, setupGitRepository } from './git/setup.js';
 /**
  * Write project configuration file for downstream commands
  */
@@ -40,7 +41,7 @@ function getVersion() {
  */
 function printHelp() {
     console.log(`
-create-aws-starter-kit [command] [options]
+create-aws-project [command] [options]
 
 Scaffold a new AWS Starter Kit project with React, Lambda, and CDK infrastructure.
 
@@ -55,15 +56,15 @@ Options:
   --version, -v       Show version number
 
 Usage:
-  create-aws-starter-kit                         Run interactive wizard
-  create-aws-starter-kit setup-aws-envs          Create AWS accounts
-  create-aws-starter-kit initialize-github dev   Configure dev environment
+  create-aws-project                         Run interactive wizard
+  create-aws-project setup-aws-envs          Create AWS accounts
+  create-aws-project initialize-github dev   Configure dev environment
 
 Examples:
-  create-aws-starter-kit my-app
-  create-aws-starter-kit setup-aws-envs
-  create-aws-starter-kit initialize-github dev
-  create-aws-starter-kit --help
+  create-aws-project my-app
+  create-aws-project setup-aws-envs
+  create-aws-project initialize-github dev
+  create-aws-project --help
 `.trim());
 }
 /**
@@ -73,7 +74,7 @@ function printWelcome() {
     console.log(`
 ╔═══════════════════════════════════════════════════════╗
 ║                                                       ║
-║            create-aws-starter-kit                     ║
+║            create-aws-project                     ║
 ║       AWS Starter Kit Project Generator               ║
 ║                                                       ║
 ╚═══════════════════════════════════════════════════════╝
@@ -113,10 +114,12 @@ function printNextSteps(projectName, platforms) {
  * Run the create project wizard flow
  * This is the default command when no subcommand is specified
  */
-async function runCreate(_args) {
+async function runCreate(args) {
     printWelcome();
     console.log(''); // blank line after banner
-    const config = await runWizard();
+    // Extract project name from CLI args (first non-flag argument)
+    const nameArg = args.find(arg => !arg.startsWith('-'));
+    const config = await runWizard(nameArg ? { defaultName: nameArg } : undefined);
     if (!config) {
         console.log('\nProject creation cancelled.');
         process.exit(1);
@@ -137,6 +140,11 @@ async function runCreate(_args) {
     await generateProject(config, outputDir);
     // Write config file for downstream commands
     writeConfigFile(outputDir, config);
+    // Optional: GitHub repository setup
+    const gitResult = await promptGitSetup();
+    if (gitResult) {
+        await setupGitRepository(outputDir, gitResult.repoUrl, gitResult.pat);
+    }
     // Success message and next steps
     console.log('');
     console.log(pc.green('✔') + ` Created ${pc.bold(config.projectName)} successfully!`);

package/dist/commands/initialize-github.js

@@ -10,7 +10,7 @@ import prompts from 'prompts';
 import pc from 'picocolors';
 import { execSync } from 'node:child_process';
 import { requireProjectContext } from '../utils/project-context.js';
-import { createCrossAccountIAMClient, createDeploymentUserWithCredentials, } from '../aws/iam.js';
+import { createCrossAccountIAMClient, createDeploymentUserWithCredentials, createAccessKey, } from '../aws/iam.js';
 import { createGitHubClient, setEnvironmentCredentials, parseGitHubUrl, } from '../github/secrets.js';
 const VALID_ENVIRONMENTS = ['dev', 'stage', 'prod'];
 /**
@@ -283,9 +283,24 @@ export async function runInitializeGitHub(args) {
         // Step 1: Create cross-account IAM client
         spinner.text = `Assuming role in ${env} account (${accountId})...`;
         const iamClient = createCrossAccountIAMClient(awsRegion, accountId);
-        // Step 2: Create deployment user and credentials
-        spinner.text = `Creating IAM deployment user...`;
-        const credentials = await createDeploymentUserWithCredentials(iamClient, projectName, env, accountId);
+        // Step 2: Get deployment user credentials
+        // If setup-aws-envs already created the user, just create an access key.
+        // Otherwise fall back to full user creation (backward compat with older projects).
+        const existingUserName = config.deploymentUsers?.[env];
+        let userName;
+        let credentials;
+        if (existingUserName) {
+            spinner.text = `Using existing deployment user: ${existingUserName}`;
+            userName = existingUserName;
+            credentials = await createAccessKey(iamClient, userName);
+            spinner.succeed(`Created access key for ${userName}`);
+        }
+        else {
+            spinner.text = `Creating IAM deployment user...`;
+            const fullCredentials = await createDeploymentUserWithCredentials(iamClient, projectName, env, accountId);
+            userName = fullCredentials.userName;
+            credentials = fullCredentials;
+        }
         // Step 3: Configure GitHub
         const githubEnvName = GITHUB_ENV_NAMES[env];
         spinner.text = `Configuring GitHub Environment "${githubEnvName}"...`;
@@ -297,8 +312,13 @@ export async function runInitializeGitHub(args) {
         console.log(pc.green(`${env} environment setup complete!`));
         console.log('');
         console.log('Resources created:');
-        console.log(`  IAM User: ${pc.cyan(`arn:aws:iam::${accountId}:user/deployment/${credentials.userName}`)}`);
+        console.log(`  Deployment User: ${pc.cyan(userName)}`);
         console.log(`  GitHub Environment: ${pc.cyan(githubEnvName)}`);
+        // Add note if using existing user from setup-aws-envs
+        if (existingUserName) {
+            console.log('');
+            console.log(pc.dim('Note: Deployment user was created by setup-aws-envs. Access key created for GitHub.'));
+        }
         console.log('');
         console.log('View secrets at:');
         console.log(`  ${pc.cyan(`https://github.com/${repoInfo.owner}/${repoInfo.repo}/settings/environments`)}`);

package/dist/commands/setup-aws-envs.js

@@ -10,6 +10,7 @@ import pc from 'picocolors';
 import { readFileSync, writeFileSync } from 'node:fs';
 import { requireProjectContext } from '../utils/project-context.js';
 import { createOrganizationsClient, checkExistingOrganization, createOrganization, createAccount, waitForAccountCreation, } from '../aws/organizations.js';
+import { createCrossAccountIAMClient, createOrAdoptDeploymentUser, createCDKDeploymentPolicy, attachPolicyToUser, } from '../aws/iam.js';
 /**
  * Environment names for account creation
  */
@@ -101,14 +102,18 @@ async function collectEmails(projectName) {
     };
 }
 /**
- * Updates the config file with account IDs
+ * Updates the config file with account IDs and optionally deployment user names
  * @param configPath Path to the config file
  * @param accounts Record of environment to account ID
+ * @param deploymentUsers Optional record of environment to deployment user name
  */
-function updateConfigAccounts(configPath, accounts) {
+function updateConfig(configPath, accounts, deploymentUsers) {
     const content = readFileSync(configPath, 'utf-8');
     const config = JSON.parse(content);
     config.accounts = { ...config.accounts, ...accounts };
+    if (deploymentUsers) {
+        config.deploymentUsers = { ...config.deploymentUsers, ...deploymentUsers };
+    }
     writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
 }
 /**
@@ -174,14 +179,16 @@ export async function runSetupAwsEnvs(_args) {
     const { config, configPath } = context;
     // 2. Check if already configured (warn but don't abort - allows retry after partial failure)
     const existingAccounts = config.accounts ?? {};
+    const existingUsers = config.deploymentUsers ?? {};
     if (Object.keys(existingAccounts).length > 0) {
         console.log('');
         console.log(pc.yellow('Warning:') + ' AWS accounts already configured in this project:');
         for (const [env, id] of Object.entries(existingAccounts)) {
-            console.log(`  ${env}: ${id}`);
+            const userInfo = existingUsers[env] ? ` (user: ${existingUsers[env]})` : '';
+            console.log(`  ${env}: ${id}${userInfo}`);
         }
         console.log('');
-        console.log(pc.dim('Continuing will create additional accounts...'));
+        console.log(pc.dim('Continuing will skip existing accounts and create any missing ones...'));
     }
     // 3. Collect emails (all input before any AWS calls - per research pitfall #6)
     const emails = await collectEmails(config.projectName);
@@ -202,8 +209,13 @@ export async function runSetupAwsEnvs(_args) {
             spinner.succeed(`Using existing AWS Organization: ${orgId}`);
         }
         // Create accounts sequentially (per research - AWS rate limits require sequential)
-        const accounts = {};
+        const accounts = { ...existingAccounts };
         for (const env of ENVIRONMENTS) {
+            // Skip if account already exists
+            if (existingAccounts[env]) {
+                spinner.succeed(`Using existing ${env} account: ${existingAccounts[env]}`);
+                continue;
+            }
             spinner.start(`Creating ${env} account (this may take several minutes)...`);
             const accountName = `${config.projectName}-${env}`;
             const { requestId } = await createAccount(client, emails[env], accountName);
@@ -211,19 +223,42 @@ export async function runSetupAwsEnvs(_args) {
             const result = await waitForAccountCreation(client, requestId);
             accounts[env] = result.accountId;
             // Save after EACH successful account (per research pitfall #3 - handle partial success)
-            updateConfigAccounts(configPath, accounts);
+            updateConfig(configPath, accounts);
             spinner.succeed(`Created ${env} account: ${result.accountId}`);
         }
-        // Final success
+        // Create IAM deployment users in each account
+        const deploymentUsers = { ...existingUsers };
+        for (const env of ENVIRONMENTS) {
+            // Skip if user already exists in config
+            if (existingUsers[env]) {
+                spinner.succeed(`Using existing deployment user: ${existingUsers[env]}`);
+                continue;
+            }
+            const accountId = accounts[env];
+            const userName = `${config.projectName}-${env}-deploy`;
+            const policyName = `${config.projectName}-${env}-cdk-deploy`;
+            spinner.start(`Creating deployment user in ${env} account...`);
+            const iamClient = createCrossAccountIAMClient(config.awsRegion, accountId);
+            await createOrAdoptDeploymentUser(iamClient, userName);
+            spinner.text = `Creating deployment policy for ${env}...`;
+            const policyArn = await createCDKDeploymentPolicy(iamClient, policyName, accountId);
+            await attachPolicyToUser(iamClient, userName, policyArn);
+            deploymentUsers[env] = userName;
+            // Save after EACH successful user creation
+            updateConfig(configPath, accounts, deploymentUsers);
+            spinner.succeed(`Created deployment user: ${userName}`);
+        }
+        // Final success with summary table
         console.log('');
         console.log(pc.green('AWS environment setup complete!'));
         console.log('');
-        console.log('Account IDs saved to config:');
-        for (const [env, id] of Object.entries(accounts)) {
-            console.log(`  ${env}: ${id}`);
+        console.log('Summary:');
+        console.log(`  ${'Environment'.padEnd(14)}${'Account ID'.padEnd(16)}Deployment User`);
+        for (const env of ENVIRONMENTS) {
+            console.log(`  ${env.padEnd(14)}${accounts[env].padEnd(16)}${deploymentUsers[env]}`);
         }
         console.log('');
-        console.log(pc.bold('Next step:'));
+        console.log('Deployment users created. Next: initialize-github to create access keys and push to GitHub.');
         console.log(`  ${pc.cyan('npx create-aws-project initialize-github dev')}`);
     }
     catch (error) {

package/dist/git/setup.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Git setup module
+ *
+ * Provides optional GitHub repository setup after project generation.
+ * Users can push their generated project to GitHub in the same wizard flow.
+ * Fully optional - pressing Enter skips all git operations.
+ */
+/**
+ * Checks if git is available on the system
+ * @returns true if git is installed and available, false otherwise
+ */
+export declare function isGitAvailable(): boolean;
+/**
+ * Prompts user for optional GitHub repository setup
+ * @returns Repository URL and PAT if user wants git setup, null if skipped
+ */
+export declare function promptGitSetup(): Promise<{
+    repoUrl: string;
+    pat: string;
+} | null>;
+/**
+ * Sets up git repository with initial commit and pushes to GitHub
+ * Creates the remote repository if it doesn't exist
+ * @param projectDir - Path to the project directory
+ * @param repoUrl - GitHub repository URL
+ * @param pat - GitHub Personal Access Token
+ */
+export declare function setupGitRepository(projectDir: string, repoUrl: string, pat: string): Promise<void>;

package/dist/git/setup.js

@@ -0,0 +1,165 @@
+import { execSync } from 'node:child_process';
+import prompts from 'prompts';
+import ora from 'ora';
+import pc from 'picocolors';
+import { parseGitHubUrl, createGitHubClient } from '../github/secrets.js';
+/**
+ * Git setup module
+ *
+ * Provides optional GitHub repository setup after project generation.
+ * Users can push their generated project to GitHub in the same wizard flow.
+ * Fully optional - pressing Enter skips all git operations.
+ */
+/**
+ * Checks if git is available on the system
+ * @returns true if git is installed and available, false otherwise
+ */
+export function isGitAvailable() {
+    try {
+        execSync('git --version', { stdio: 'pipe' });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Prompts user for optional GitHub repository setup
+ * @returns Repository URL and PAT if user wants git setup, null if skipped
+ */
+export async function promptGitSetup() {
+    // Skip if git is not available
+    if (!isGitAvailable()) {
+        return null;
+    }
+    console.log('');
+    console.log(pc.bold('GitHub Repository (optional)'));
+    console.log(pc.dim('Push your project to a GitHub repository. Press Enter to skip.'));
+    console.log('');
+    // Prompt for repo URL
+    const repoResponse = await prompts({
+        type: 'text',
+        name: 'repoUrl',
+        message: 'GitHub repository URL:',
+    });
+    const repoUrl = repoResponse.repoUrl?.trim();
+    if (!repoUrl) {
+        return null; // User skipped
+    }
+    // Validate the URL
+    try {
+        parseGitHubUrl(repoUrl);
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            console.log(pc.red('Error: ') + error.message);
+        }
+        return null;
+    }
+    // Prompt for PAT
+    const patResponse = await prompts({
+        type: 'password',
+        name: 'pat',
+        message: 'GitHub Personal Access Token:',
+        validate: (value) => {
+            if (!value.trim()) {
+                return 'Token is required';
+            }
+            // GitHub tokens start with ghp_ (classic) or github_pat_ (fine-grained)
+            if (!value.startsWith('ghp_') && !value.startsWith('github_pat_')) {
+                return 'Invalid token format. Expected ghp_ or github_pat_ prefix.';
+            }
+            return true;
+        },
+    }, {
+        onCancel: () => {
+            // User cancelled PAT prompt
+            return;
+        },
+    });
+    if (!patResponse.pat) {
+        return null; // User cancelled
+    }
+    return { repoUrl, pat: patResponse.pat };
+}
+/**
+ * Sets up git repository with initial commit and pushes to GitHub
+ * Creates the remote repository if it doesn't exist
+ * @param projectDir - Path to the project directory
+ * @param repoUrl - GitHub repository URL
+ * @param pat - GitHub Personal Access Token
+ */
+export async function setupGitRepository(projectDir, repoUrl, pat) {
+    const spinner = ora();
+    try {
+        // Parse the URL
+        const { owner, repo } = parseGitHubUrl(repoUrl);
+        // Create Octokit client
+        const octokit = createGitHubClient(pat);
+        // Git init
+        spinner.start('Initializing git repository...');
+        execSync('git init -b main', { cwd: projectDir, stdio: 'pipe' });
+        // Check for git user config, set if not configured
+        try {
+            execSync('git config user.name', { cwd: projectDir, stdio: 'pipe' });
+        }
+        catch {
+            // User config not set, use defaults
+            execSync('git config user.name "create-aws-project"', { cwd: projectDir, stdio: 'pipe' });
+            execSync('git config user.email "noreply@create-aws-project"', { cwd: projectDir, stdio: 'pipe' });
+        }
+        execSync('git add .', { cwd: projectDir, stdio: 'pipe' });
+        execSync('git commit -m "Initial commit from create-aws-project"', { cwd: projectDir, stdio: 'pipe' });
+        spinner.succeed('Git repository initialized');
+        // Ensure remote repo exists
+        spinner.start('Checking GitHub repository...');
+        try {
+            await octokit.rest.repos.get({ owner, repo });
+            spinner.succeed(`Repository ${owner}/${repo} found`);
+        }
+        catch (error) {
+            if (error.status === 404) {
+                // Repo doesn't exist, create it
+                const { data: user } = await octokit.rest.users.getAuthenticated();
+                if (owner === user.login) {
+                    // Create in user's account
+                    await octokit.rest.repos.createForAuthenticatedUser({
+                        name: repo,
+                        private: true,
+                        auto_init: false,
+                    });
+                }
+                else {
+                    // Create in organization
+                    await octokit.rest.repos.createInOrg({
+                        org: owner,
+                        name: repo,
+                        private: true,
+                        auto_init: false,
+                    });
+                }
+                spinner.succeed(`Created repository ${owner}/${repo}`);
+            }
+            else {
+                throw error;
+            }
+        }
+        // Push to remote
+        spinner.start('Pushing to GitHub...');
+        const authUrl = `https://${pat}@github.com/${owner}/${repo}.git`;
+        execSync(`git remote add origin ${authUrl}`, { cwd: projectDir, stdio: 'pipe' });
+        execSync('git push -u origin main', { cwd: projectDir, stdio: 'pipe' });
+        // CRITICAL: Remove PAT from .git/config
+        const cleanUrl = `https://github.com/${owner}/${repo}.git`;
+        execSync(`git remote set-url origin ${cleanUrl}`, { cwd: projectDir, stdio: 'pipe' });
+        spinner.succeed(`Pushed to ${owner}/${repo}`);
+    }
+    catch (error) {
+        // Git setup failure should not prevent the user from using their project
+        if (spinner.isSpinning) {
+            spinner.fail();
+        }
+        console.log(pc.yellow('Warning:') + ' Git setup failed: ' + (error instanceof Error ? error.message : 'Unknown error'));
+        console.log(pc.dim('Your project was created successfully. You can set up git manually.'));
+    }
+}

package/dist/utils/project-context.d.ts

@@ -19,6 +19,7 @@ export interface ProjectConfigMinimal {
     awsRegion: string;
     configVersion?: string;
     accounts?: Record<string, string>;
+    deploymentUsers?: Record<string, string>;
 }
 /**
  * Project context containing config path, project root, and parsed config

package/dist/wizard.d.ts

@@ -1,2 +1,5 @@
 import type { ProjectConfig } from './types.js';
-export declare function runWizard(): Promise<ProjectConfig | null>;
+export interface WizardOptions {
+    defaultName?: string;
+}
+export declare function runWizard(options?: WizardOptions): Promise<ProjectConfig | null>;

package/dist/wizard.js

@@ -6,9 +6,13 @@ import { authProviderPrompt, authFeaturesPrompt } from './prompts/auth.js';
 import { featuresPrompt } from './prompts/features.js';
 import { awsRegionPrompt } from './prompts/aws-config.js';
 import { themePrompt } from './prompts/theme.js';
-export async function runWizard() {
+export async function runWizard(options = {}) {
+    // Create name prompt with optional default override
+    const namePrompt = options.defaultName
+        ? { ...projectNamePrompt, initial: options.defaultName }
+        : projectNamePrompt;
     const response = await prompts([
-        projectNamePrompt,
+        namePrompt,
         platformsPrompt,
         authProviderPrompt,
         authFeaturesPrompt,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-aws-project",
-  "version": "1.4.3",
+  "version": "1.5.1",
   "description": "CLI tool to scaffold AWS projects",
   "type": "module",
   "main": "./dist/index.js",

package/templates/apps/api/cdk/static-stack.ts

@@ -3,7 +3,6 @@ import * as s3 from 'aws-cdk-lib/aws-s3';
 import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
 import * as origins from 'aws-cdk-lib/aws-cloudfront-origins';
 import * as apigateway from 'aws-cdk-lib/aws-apigateway';
-import * as opensearchserverless from 'aws-cdk-lib/aws-opensearchserverless';
 import { Construct } from 'constructs';
 
 export interface StaticStackProps extends cdk.StackProps {
@@ -24,7 +23,6 @@ export class StaticStack extends cdk.Stack {
   public readonly bucket: s3.Bucket;
   public readonly api: apigateway.RestApi;
   public readonly distribution: cloudfront.Distribution;
-  public readonly openSearchCollection: opensearchserverless.CfnCollection;
 
   constructor(scope: Construct, id: string, props: StaticStackProps) {
     super(scope, id, props);
@@ -205,94 +203,6 @@ export class StaticStack extends cdk.Stack {
       ],
     });
 
-    // OpenSearch Serverless Collection
-    const collectionName = `{{PROJECT_NAME}}-${environmentName}`;
-
-    // Encryption policy (required for all collections)
-    const encryptionPolicy = new opensearchserverless.CfnSecurityPolicy(this, 'OpenSearchEncryptionPolicy', {
-      name: `${collectionName}-encryption`,
-      type: 'encryption',
-      policy: JSON.stringify({
-        Rules: [
-          {
-            ResourceType: 'collection',
-            Resource: [`collection/${collectionName}`],
-          },
-        ],
-        AWSOwnedKey: true,
-      }),
-    });
-
-    // Network policy - allows public access (adjust for production)
-    const networkPolicy = new opensearchserverless.CfnSecurityPolicy(this, 'OpenSearchNetworkPolicy', {
-      name: `${collectionName}-network`,
-      type: 'network',
-      policy: JSON.stringify([
-        {
-          Rules: [
-            {
-              ResourceType: 'collection',
-              Resource: [`collection/${collectionName}`],
-            },
-            {
-              ResourceType: 'dashboard',
-              Resource: [`collection/${collectionName}`],
-            },
-          ],
-          AllowFromPublic: true,
-        },
-      ]),
-    });
-
-    // Data access policy - grants access to the collection
-    const dataAccessPolicy = new opensearchserverless.CfnAccessPolicy(this, 'OpenSearchDataAccessPolicy', {
-      name: `${collectionName}-access`,
-      type: 'data',
-      policy: JSON.stringify([
-        {
-          Rules: [
-            {
-              ResourceType: 'collection',
-              Resource: [`collection/${collectionName}`],
-              Permission: [
-                'aoss:CreateCollectionItems',
-                'aoss:DeleteCollectionItems',
-                'aoss:UpdateCollectionItems',
-                'aoss:DescribeCollectionItems',
-              ],
-            },
-            {
-              ResourceType: 'index',
-              Resource: [`index/${collectionName}/*`],
-              Permission: [
-                'aoss:CreateIndex',
-                'aoss:DeleteIndex',
-                'aoss:UpdateIndex',
-                'aoss:DescribeIndex',
-                'aoss:ReadDocument',
-                'aoss:WriteDocument',
-              ],
-            },
-          ],
-          Principal: [
-            `arn:aws:iam::${this.account}:root`,
-          ],
-        },
-      ]),
-    });
-
-    // Create the OpenSearch Serverless collection
-    this.openSearchCollection = new opensearchserverless.CfnCollection(this, 'OpenSearchCollection', {
-      name: collectionName,
-      type: 'SEARCH', // SEARCH, TIMESERIES, or VECTORSEARCH
-      description: `OpenSearch Serverless collection for {{PROJECT_NAME_TITLE}} - ${environmentName}`,
-    });
-
-    // Ensure policies are created before the collection
-    this.openSearchCollection.addDependency(encryptionPolicy);
-    this.openSearchCollection.addDependency(networkPolicy);
-    this.openSearchCollection.addDependency(dataAccessPolicy);
-
     // Output important values
     new cdk.CfnOutput(this, 'BucketName', {
       value: this.bucket.bucketName,
@@ -339,23 +249,5 @@ export class StaticStack extends cdk.Stack {
       value: `https://${this.distribution.distributionDomainName}/api`,
       description: 'API URL via CloudFront',
     });
-
-    new cdk.CfnOutput(this, 'OpenSearchCollectionEndpoint', {
-      value: this.openSearchCollection.attrCollectionEndpoint,
-      description: 'OpenSearch Serverless collection endpoint',
-      exportName: `${environmentName}-opensearch-endpoint`,
-    });
-
-    new cdk.CfnOutput(this, 'OpenSearchDashboardEndpoint', {
-      value: this.openSearchCollection.attrDashboardEndpoint,
-      description: 'OpenSearch Serverless dashboard endpoint',
-      exportName: `${environmentName}-opensearch-dashboard`,
-    });
-
-    new cdk.CfnOutput(this, 'OpenSearchCollectionArn', {
-      value: this.openSearchCollection.attrArn,
-      description: 'OpenSearch Serverless collection ARN',
-      exportName: `${environmentName}-opensearch-arn`,
-    });
   }
 }

package/templates/root/README.md

@@ -109,7 +109,7 @@ Push to main to trigger your first deployment:
 git push origin main
 ```
 
-For detailed setup instructions and troubleshooting, see the [create-aws-project documentation](https://www.npmjs.com/package/create-aws-starter-kit).
+For detailed setup instructions and troubleshooting, see the [create-aws-project documentation](https://www.npmjs.com/package/create-aws-project).
 
 ## CI/CD Workflows