PyPI - BuzzerboyAWSLightsail - Versions diffs - 0.331.1__py3-none-any.whl → 0.333.1__py3-none-any.whl - Mend

BuzzerboyAWSLightsail 0.331.1py3-none-any.whl → 0.333.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

BuzzerboyAWSLightsailStack/LightsailBaseStandalone.py ADDED Viewed

@@ -0,0 +1,154 @@
+"""
+AWS Lightsail Base Standalone Infrastructure Stack
+==================================================
+This module provides a standalone base class for AWS Lightsail infrastructure
+stacks using CDKTF. It avoids AWSArchitectureBase and its compliance bootstrap
+resources, while keeping IAM/Secrets/post-apply helpers used by Lightsail stacks.
+"""
+import os
+from cdktf import TerraformStack
+from cdktf_cdktf_provider_aws.provider import AwsProvider
+from cdktf_cdktf_provider_aws import (
+    iam_group,
+    iam_user,
+    iam_access_key,
+    iam_user_group_membership,
+    iam_group_policy,
+)
+from cdktf_cdktf_provider_random.provider import RandomProvider
+from cdktf_cdktf_provider_null.provider import NullProvider
+from .LightsailFlags import BaseLightsailArchitectureFlags
+from .LightsailMixins import LightsailBaseMixin
+class LightsailBaseStandalone(LightsailBaseMixin, TerraformStack):
+    """
+    Standalone base class for Lightsail stacks without AWSArchitectureBase.
+    """
+    resources = {}
+    default_post_apply_scripts = []
+    @staticmethod
+    def get_architecture_flags():
+        return BaseLightsailArchitectureFlags
+    def __init__(self, scope, id, **kwargs):
+        self.region = kwargs.get("region", "us-east-1")
+        self.environment = kwargs.get("environment", "dev")
+        self.project_name = kwargs.get("project_name")
+        self.profile = kwargs.get("profile", "default")
+        if not self.project_name:
+            raise ValueError("project_name is required and cannot be empty")
+        super().__init__(scope, id)
+        self.flags = kwargs.get("flags", [])
+        self.post_apply_scripts = kwargs.get("postApplyScripts", []) or []
+        default_secret_name = f"{self.project_name}/{self.environment}/credentials"
+        self.secret_name = kwargs.get("secret_name", default_secret_name)
+        self.default_signature_version = kwargs.get("default_signature_version", "s3v4")
+        self.default_extra_secret_env = kwargs.get("default_extra_secret_env", "SECRET_STRING")
+        default_bucket_name = self.properize_s3_bucketname(f"{self.region}-{self.project_name}-tfstate")
+        self.state_bucket_name = kwargs.get("state_bucket_name", default_bucket_name)
+        self.secrets = {}
+        self.post_terraform_messages = []
+        self._post_plan_guidance: list[str] = []
+        self._initialize_providers()
+        self._set_default_post_apply_scripts()
+        self._create_infrastructure_components()
+    def _initialize_providers(self):
+        aws = AwsProvider(self, "aws", region=self.region, profile=self.profile)
+        self.resources["aws"] = aws
+        RandomProvider(self, "random")
+        self.resources["random"] = RandomProvider
+        NullProvider(self, "null")
+        self.resources["null"] = NullProvider
+    def _set_default_post_apply_scripts(self):
+        self.default_post_apply_scripts = [
+            "echo '============================================='",
+            "echo '✅ Deployment Completed Successfully'",
+            "echo '============================================='",
+            f"echo '🏗️  Project: {self.project_name}'",
+            f"echo '🌍 Environment: {self.environment}'",
+            f"echo '📍 Region: {self.region}'",
+            "echo '============================================='",
+            "echo '💻 System Information:'",
+            "echo '   - OS: '$(uname -s)",
+            "echo '   - Architecture: '$(uname -m)",
+            "echo '   - User: '$(whoami)",
+            "echo '   - Working Directory: '$(pwd)",
+            "echo '============================================='",
+            "echo '✅ Post-deployment scripts execution started'",
+        ]
+        if BaseLightsailArchitectureFlags.SKIP_DEFAULT_POST_APPLY_SCRIPTS.value in self.flags:
+            return
+        self.post_apply_scripts = self.default_post_apply_scripts + self.post_apply_scripts
+    def _create_infrastructure_components(self):
+        self.create_iam_resources()
+        self.create_lightsail_resources()
+        self.create_security_resources()
+        self.execute_post_apply_scripts()
+        self.create_outputs()
+    def create_lightsail_resources(self):
+        raise NotImplementedError("create_lightsail_resources must be implemented by subclasses")
+    def create_outputs(self):
+        raise NotImplementedError("create_outputs must be implemented by subclasses")
+    def create_iam_resources(self):
+        user_name = f"{self.project_name}-service-user"
+        group_name = f"{self.project_name}-group"
+        self.service_group = iam_group.IamGroup(self, "service_group", name=group_name)
+        self.service_user = iam_user.IamUser(self, "service_user", name=user_name)
+        iam_user_group_membership.IamUserGroupMembership(
+            self,
+            "service_user_group_membership",
+            user=self.service_user.name,
+            groups=[self.service_group.name],
+        )
+        self.service_key = iam_access_key.IamAccessKey(
+            self, "service_key", user=self.service_user.name
+        )
+        try:
+            self.service_policy = self.create_iam_policy_from_file()
+            self.resources["iam_policy"] = self.service_policy
+        except FileNotFoundError:
+            pass
+    def create_iam_policy_from_file(self, file_path="iam_policy.json"):
+        file_to_open = os.path.join(os.path.dirname(__file__), file_path)
+        with open(file_to_open, "r") as f:
+            policy = f.read()
+        return iam_group_policy.IamGroupPolicy(
+            self,
+            f"{self.project_name}-{self.environment}-service-policy",
+            name=f"{self.project_name}-{self.environment}-service-policy",
+            group=self.service_group.name,
+            policy=policy,
+        )

BuzzerboyAWSLightsailStack/LightsailContainer.py CHANGED Viewed

@@ -22,30 +22,22 @@ The stack includes:
 #region specific imports
-import os
-import json
-from enum import Enum
 from constructs import Construct
-from cdktf import TerraformOutput
 # Import the base class
-from .LightsailBase import LightsailBase, BaseLightsailArchitectureFlags
+from .LightsailBase import LightsailBase
+from .LightsailFlags import ContainerArchitectureFlags
+from .LightsailMixins import LightsailContainerMixin
 #endregion
 #region AWS Provider and Resources
 from cdktf_cdktf_provider_aws.provider import AwsProvider
 from cdktf_cdktf_provider_aws import (
-    lightsail_container_service,
-    lightsail_database,
     cloudfront_distribution,
-    s3_bucket,
 )
 #endregion
-#region Random Provider and Resources
-from cdktf_cdktf_provider_random import password
 # AWS WAF (currently unused but imported for future use)
 from cdktf_cdktf_provider_aws.wafv2_web_acl import (
     Wafv2WebAcl,
@@ -65,36 +57,10 @@ from cdktf_cdktf_provider_aws.wafv2_rule_group import Wafv2RuleGroupRuleVisibili
-#region ArchitectureFlags
-class ArchitectureFlags(Enum):
-    """
-    Architecture configuration flags for optional components.
-    Includes both base flags and container-specific flags.
-    Base flags:
-    :param SKIP_DEFAULT_POST_APPLY_SCRIPTS: Skip default post-apply scripts
-    :param PRESERVE_EXISTING_SECRETS: Don't overwrite existing secret versions (smart detection)
-    :param IGNORE_SECRET_CHANGES: Ignore all changes to secret after initial creation
-    Container-specific flags:
-    :param SKIP_DATABASE: Skip database creation
-    :param SKIP_DOMAIN: Skip domain and DNS configuration
-    """
-    # Base flags from BaseLightsailArchitectureFlags
-    SKIP_DEFAULT_POST_APPLY_SCRIPTS = "skip_default_post_apply_scripts"
-    PRESERVE_EXISTING_SECRETS = "preserve_existing_secrets"
-    IGNORE_SECRET_CHANGES = "ignore_secret_changes"
-    # Container-specific flags
-    SKIP_DATABASE = "skip_database"
-    SKIP_DOMAIN = "skip_domain"
-#endregion
+ArchitectureFlags = ContainerArchitectureFlags
-class LightsailContainerStack(LightsailBase):
+class LightsailContainerStack(LightsailContainerMixin, LightsailBase):
     """
     AWS Lightsail Mini Infrastructure Stack.
@@ -128,7 +94,7 @@ class LightsailContainerStack(LightsailBase):
         :returns: ArchitectureFlags enum class
         :rtype: type[ArchitectureFlags]
         """
-        return ArchitectureFlags
+        return ContainerArchitectureFlags
     def __init__(self, scope, id, **kwargs):
         """
@@ -177,205 +143,3 @@ class LightsailContainerStack(LightsailBase):
             self, "aws_domain", region="us-east-1", profile=self.profile, alias="domain"
         )
         self.resources["aws_domain"] = self.aws_domain_provider
-    def _set_default_post_apply_scripts(self):
-        """
-        Set default post-apply scripts specific to container deployments.
-        """
-        # Call parent method for base scripts
-        super()._set_default_post_apply_scripts()
-        # Skip if flag is set
-        if BaseLightsailArchitectureFlags.SKIP_DEFAULT_POST_APPLY_SCRIPTS.value in self.flags:
-            return
-        # Add container-specific scripts
-        container_scripts = [
-            f"echo '🚀 Container Service URL: https://{self.project_name}.{self.region}.cs.amazonlightsail.com'",
-        ]
-        # Insert container-specific scripts before the final "execution started" message
-        if self.post_apply_scripts:
-            # Find the index of the last script and insert before it
-            insert_index = len(self.post_apply_scripts) - 1
-            for script in reversed(container_scripts):
-                self.post_apply_scripts.insert(insert_index, script)
-    def create_lightsail_resources(self):
-        """
-        Create core Lightsail resources.
-        Creates:
-            * Lightsail Container Service with nano power and scale of 1
-            * Random password for database authentication (if database not skipped)
-        .. note::
-           Custom domains are configured separately through DNS records and
-           post-deployment automation rather than the public_domain_names parameter
-           due to CDKTF type complexity.
-        """
-        # Lightsail Container Service
-        self.container_service = lightsail_container_service.LightsailContainerService(
-            self,
-            "app_container",
-            name=f"{self.project_name}",
-            power="nano",
-            region=self.region,
-            scale=1,
-            is_disabled=False,
-            # Note: Custom domains are configured separately via DNS records
-            # The public_domain_names parameter has complex type requirements
-            tags={"Environment": self.environment, "Project": self.project_name, "Stack": self.__class__.__name__},
-        )
-        self.container_service_url = self.get_lightsail_container_service_domain()
-        # Create Lightsail database if not skipped
-        if not self.has_flag(ArchitectureFlags.SKIP_DATABASE.value):
-            self.create_lightsail_database()
-        # Create S3 bucket for application data
-        self.create_s3_bucket()
-        self.resources["lightsail_container_service"] = self.container_service
-    def create_lightsail_database(self):
-        """
-        Create Lightsail PostgreSQL database (optional).
-        Creates a micro PostgreSQL 14 database instance if the SKIP_DATABASE flag
-        is not set. Also populates the secrets dictionary with database connection
-        information for use in Secrets Manager.
-        Database Configuration:
-            * Engine: PostgreSQL 14
-            * Size: micro_2_0
-            * Final snapshot: Disabled (skip_final_snapshot=True)
-        .. note::
-           Database creation can be skipped by including ArchitectureFlags.SKIP_DATABASE
-           in the flags parameter during stack initialization.
-        """
-        # Database Password Generation
-        self.db_password = password.Password(
-            self, "db_password", length=16, special=True, override_special="!#$%&*()-_=+[]{}<>:?"
-        )
-        self.database = lightsail_database.LightsailDatabase(
-            self,
-            "app_database",
-            relational_database_name=f"{self.project_name}-db",
-            blueprint_id="postgres_14",
-            bundle_id="micro_2_0",
-            master_database_name=self.clean_hyphens(f"{self.project_name}"),
-            master_username=self.default_db_username,
-            master_password=self.db_password.result,
-            skip_final_snapshot=True,
-            tags={"Environment": self.environment, "Project": self.project_name, "Stack": self.__class__.__name__},
-        )
-        # Populate secrets for database connection
-        self.secrets.update(
-            {
-                "password": self.db_password.result,
-                "username": self.default_db_username,
-                "dbname": self.default_db_name,
-                "host": self.database.master_endpoint_address,
-                "port": self.database.master_endpoint_port,
-            }
-        )
-    def create_s3_bucket(self, bucket_name=None):
-        """
-        Create S3 bucket for application data storage.
-        Creates a private S3 bucket with proper tagging for application data storage
-        and security configurations:
-        - Bucket versioning enabled
-        - Server-side encryption with Amazon S3 managed keys (SSE-S3)
-        - Bucket key enabled to reduce encryption costs
-        - Private ACL
-        The bucket name follows the pattern: {project_name}-s3
-        .. note::
-           The ACL parameter is deprecated in favor of aws_s3_bucket_acl resource
-           but is retained for backwards compatibility.
-        """
-        if bucket_name is None:
-            bucket_name = self.properize_s3_bucketname(f"{self.project_name}-s3")
-        self.s3_bucket = s3_bucket.S3Bucket(
-            self,
-            "app_data_bucket",
-            bucket=bucket_name,
-            acl="private",
-            versioning={"enabled": True},
-            server_side_encryption_configuration=({
-                "rule": ({
-                    "apply_server_side_encryption_by_default": {
-                        "sse_algorithm": "AES256"
-                    },
-                    "bucket_key_enabled": True
-                })
-            }),
-            tags={"Environment": self.environment, "Project": self.project_name, "Stack": self.__class__.__name__},
-        )
-        # Store the S3 bucket in resources registry
-        self.resources["s3_bucket"] = self.s3_bucket
-        self.bucket_name = bucket_name
-    def get_lightsail_container_service_domain(self):
-        """
-        Retrieve the actual Lightsail container service domain from AWS.
-        Returns a default format domain since we cannot query AWS at synthesis time.
-        :returns: The public domain URL for the container service
-        :rtype: str
-        """
-        return f"{self.project_name}.{self.region}.cs.amazonlightsail.com"
-    def create_outputs(self):
-        """
-        Create Terraform outputs for important resource information.
-        Generates outputs for:
-            * Container service public URL
-            * Database endpoint (if database is enabled)
-            * Database password (sensitive, if database is enabled)
-            * IAM access keys (sensitive)
-        .. note::
-           Sensitive outputs are marked as such and will be hidden in
-           Terraform output unless explicitly requested.
-        """
-        # Container service public URL
-        TerraformOutput(
-            self,
-            "container_service_url",
-            value=self.container_service_url,
-            description="Public URL of the Lightsail container service",
-        )
-        # Database outputs (if database is enabled)
-        if not self.has_flag(ArchitectureFlags.SKIP_DATABASE.value) and hasattr(self, 'database'):
-            TerraformOutput(
-                self,
-                "database_endpoint",
-                value=f"{self.database.master_endpoint_address}:{self.database.master_endpoint_port}",
-                description="Database connection endpoint",
-            )
-            TerraformOutput(
-                self,
-                "database_password",
-                value=self.database.master_password,
-                sensitive=True,
-                description="Database master password (sensitive)",
-            )
-        # Use the shared IAM output helper
-        self.create_iam_outputs()
-        """Placeholder for networking resources creation."""
-        pass

BuzzerboyAWSLightsailStack/LightsailContainerStandalone.py ADDED Viewed

@@ -0,0 +1,149 @@
+"""
+AWS Lightsail Mini Infrastructure Stack
+======================================
+This module provides a comprehensive AWS Lightsail infrastructure deployment stack
+using CDKTF (Cloud Development Kit for Terraform) with Python.
+The stack includes:
+    * Lightsail Container Service with automatic custom domain attachment
+    * PostgreSQL Database (optional)
+    * DNS management with CNAME records
+    * SSL certificate management with automatic validation
+    * IAM resources for service access
+    * S3 bucket for application data
+    * Secrets Manager for credential storage
+:author: Generated with GitHub Copilot
+:version: 1.0.0
+:license: MIT
+"""
+#region specific imports
+from constructs import Construct
+# Import the base class
+from .LightsailBaseStandalone import LightsailBaseStandalone
+from .LightsailFlags import ContainerArchitectureFlags
+from .LightsailMixins import LightsailContainerMixin
+#endregion
+#region AWS Provider and Resources
+from cdktf_cdktf_provider_aws.provider import AwsProvider
+from cdktf_cdktf_provider_aws import (
+    cloudfront_distribution,
+)
+#endregion
+# AWS WAF (currently unused but imported for future use)
+from cdktf_cdktf_provider_aws.wafv2_web_acl import (
+    Wafv2WebAcl,
+    Wafv2WebAclDefaultAction,
+    Wafv2WebAclRule,
+    Wafv2WebAclVisibilityConfig,
+    Wafv2WebAclDefaultActionAllow,
+    Wafv2WebAclRuleOverrideAction,
+    Wafv2WebAclRuleOverrideActionNone,
+    Wafv2WebAclRuleOverrideActionCount,
+    Wafv2WebAclRuleVisibilityConfig,
+)
+from cdktf_cdktf_provider_aws.wafv2_web_acl_association import Wafv2WebAclAssociation
+from cdktf_cdktf_provider_aws.wafv2_rule_group import Wafv2RuleGroupRuleVisibilityConfig
+#endregion
+ArchitectureFlags = ContainerArchitectureFlags
+class LightsailContainerStandaloneStack(LightsailContainerMixin, LightsailBaseStandalone):
+    """
+    AWS Lightsail Mini Infrastructure Stack.
+    A comprehensive infrastructure stack that deploys:
+        * Lightsail Container Service with custom domain support
+        * PostgreSQL database (optional)
+        * IAM resources and S3 storage
+    :param scope: The construct scope
+    :param id: The construct ID
+    :param kwargs: Configuration parameters including region, domains, flags, etc.
+    Example:
+        >>> stack = LightsailContainerStandaloneStack(
+        ...     app, "my-stack",
+        ...     region="ca-central-1",
+        ...     domains=["app.example.com"],
+        ...     project_name="my-app",
+        ...     postApplyScripts=[
+        ...         "echo 'Deployment completed'",
+        ...         "curl -X POST https://webhook.example.com/notify"
+        ...     ]
+        ... )
+    """
+    @staticmethod
+    def get_architecture_flags():
+        """
+        Get the ArchitectureFlags enum for configuration.
+        :returns: ArchitectureFlags enum class
+        :rtype: type[ArchitectureFlags]
+        """
+        return ContainerArchitectureFlags
+    def __init__(self, scope, id, **kwargs):
+        """
+        Initialize the AWS Lightsail Mini Infrastructure Stack.
+        :param scope: The construct scope
+        :param id: Unique identifier for this stack
+        :param kwargs: Configuration parameters
+        **Configuration Parameters:**
+        :param region: AWS region (default: "us-east-1")
+        :param environment: Environment name (default: "dev")
+        :param project_name: Project identifier (default: "bb-aws-lightsail-mini-v1a-app")
+        :param domain_name: Primary domain name
+        :param domains: List of custom domains to configure
+        :param flags: List of ArchitectureFlags to modify behavior
+        :param profile: AWS profile to use (default: "default")
+        :param postApplyScripts: List of shell commands to execute after deployment
+        .. warning::
+           Lightsail domain operations must use us-east-1 region regardless of
+           the main stack region.
+        """
+        # Set container-specific defaults
+        if "project_name" not in kwargs:
+            kwargs["project_name"] = "bb-aws-lightsail-mini-v1a-app"
+        # Set database defaults before base initialization
+        self.default_db_name = kwargs.get("default_db_name", kwargs["project_name"])
+        self.default_db_username = kwargs.get("default_db_username", "dbadmin")
+        # Call parent constructor which handles all the base initialization
+        super().__init__(scope, id, **kwargs)
+        # ===== Container-Specific Configuration =====
+        self.domains = kwargs.get("domains", []) or []
+        # ===== Database Configuration =====
+        self.default_db_name = kwargs.get("default_db_name", self.project_name)
+        self.default_db_username = kwargs.get("default_db_username", "dbadmin")
+    def _initialize_providers(self):
+        """Initialize all required Terraform providers."""
+        # Call parent class to initialize base providers
+        super()._initialize_providers()
+        # Add Lightsail-specific provider for domain operations (must be us-east-1)
+        self.aws_domain_provider = AwsProvider(
+            self, "aws_domain", region="us-east-1", profile=self.profile, alias="domain"
+        )
+        self.resources["aws_domain"] = self.aws_domain_provider

BuzzerboyAWSLightsail 0.331.1__py3-none-any.whl → 0.333.1__py3-none-any.whl

BuzzerboyAWSLightsail 0.331.1py3-none-any.whl → 0.333.1py3-none-any.whl