cdk-factory 0.13.2__py3-none-any.whl → 0.13.5__py3-none-any.whl

cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py

@@ -118,11 +118,17 @@ class CloudFrontDistributionConstruct(Construct):
                 origin_access_identity=self.oai,
             )
 
+        # Get comment from config, or use default
+        comment = "CloudFront Distribution generated via the CDK Factory"
+        if self.stack_config and isinstance(self.stack_config, StackConfig):
+            cloudfront_config = self.stack_config.dictionary.get("cloudfront", {})
+            comment = cloudfront_config.get("comment", comment)
+        
         distribution = cloudfront.Distribution(
             self,
             "cloudfront-dist",
             domain_names=self.aliases,
-            comment="CloudFront Distribution generated via the CDK Factory",
+            comment=comment,
             certificate=self.certificate,
             default_behavior=cloudfront.BehaviorOptions(
                 origin=origin,
@@ -228,6 +234,15 @@ class CloudFrontDistributionConstruct(Construct):
         """
         Get the Lambda@Edge associations for the distribution from config.
         
+        Supports two configuration methods:
+        1. Convenience flag: "enable_ip_gating": true
+           - Automatically adds Lambda@Edge IP gating function
+           - Uses auto-derived SSM parameter path: /{env}/{workload}/lambda-edge/version-arn
+        
+        2. Manual configuration: "lambda_edge_associations": [...]
+           - Full control over Lambda@Edge associations
+           - Can specify custom ARNs, event types, etc.
+        
         Returns:
             List[cloudfront.EdgeLambda] or None: list of Lambda@Edge associations
         """
@@ -235,7 +250,33 @@ class CloudFrontDistributionConstruct(Construct):
         
         if self.stack_config and isinstance(self.stack_config, StackConfig):
             cloudfront_config = self.stack_config.dictionary.get("cloudfront", {})
-            lambda_edge_associations = cloudfront_config.get("lambda_edge_associations", [])
+            
+            # Check for convenience IP gating flag
+            enable_ip_gating = cloudfront_config.get("enable_ip_gating", False)
+            if enable_ip_gating:
+                logger.info("IP gating enabled via convenience flag - adding Lambda@Edge association")
+                
+                # Extract environment and workload name from config
+                # These come from the workload/deployment configuration
+                workload_dict = self.stack_config.workload
+                environment = workload_dict.get("deployment", {}).get("environment", "dev")
+                workload_name = workload_dict.get("name", "workload")
+                
+                # Auto-derive SSM parameter path or use override
+                default_ssm_path = f"/{environment}/{workload_name}/lambda-edge/version-arn"
+                ip_gate_ssm_path = cloudfront_config.get("ip_gate_function_ssm_path", default_ssm_path)
+                
+                logger.info(f"Using IP gate Lambda ARN from SSM: {ip_gate_ssm_path}")
+                
+                # Add the IP gating Lambda@Edge association
+                lambda_edge_associations = [{
+                    "event_type": "origin-request",
+                    "lambda_arn": f"{{{{ssm:{ip_gate_ssm_path}}}}}",
+                    "include_body": False
+                }]
+            else:
+                # Use manual configuration
+                lambda_edge_associations = cloudfront_config.get("lambda_edge_associations", [])
             
             for association in lambda_edge_associations:
                 event_type_str = association.get("event_type", "origin-request")

cdk_factory/lambdas/edge/ip_gate/handler.py

@@ -20,12 +20,14 @@ def get_ssm_parameter(parameter_name: str, region: str = 'us-east-1') -> str:
     Fetch SSM parameter with caching.
     Lambda@Edge cannot use environment variables, so we fetch from SSM.
     
+    The sentinel value 'NONE' indicates an explicitly unset/disabled parameter.
+    
     Args:
         parameter_name: Name of the SSM parameter
         region: AWS region (default us-east-1)
     
     Returns:
-        Parameter value
+        Parameter value, or empty string if value is 'NONE'
     """
     global ssm
     if ssm is None:
@@ -33,7 +35,14 @@ def get_ssm_parameter(parameter_name: str, region: str = 'us-east-1') -> str:
     
     try:
         response = ssm.get_parameter(Name=parameter_name, WithDecryption=False)
-        return response['Parameter']['Value']
+        value = response['Parameter']['Value']
+        
+        # Treat 'NONE' sentinel as empty/unset
+        if value == 'NONE':
+            print(f"SSM parameter {parameter_name} is set to 'NONE' (explicitly disabled)")
+            return ''
+        
+        return value
     except Exception as e:
         print(f"Error fetching SSM parameter {parameter_name}: {str(e)}")
         raise
@@ -140,15 +149,16 @@ def lambda_handler(event, context):
         gate_enabled = get_ssm_parameter(f'/{env}/{function_name}/gate-enabled', 'us-east-1')
         
         # If gating is disabled, allow all traffic
-        if gate_enabled.lower() not in ('true', '1', 'yes'):
-            print(f"IP gating is disabled (GATE_ENABLED={gate_enabled})")
+        # Empty string (from 'NONE' sentinel) is treated as disabled
+        if not gate_enabled or gate_enabled.lower() not in ('true', '1', 'yes'):
+            print(f"IP gating is disabled (GATE_ENABLED={gate_enabled or 'NONE'})")
             return request
         
         # Get allowed CIDRs and maintenance host
         allow_cidrs_str = get_ssm_parameter(f'/{env}/{function_name}/allow-cidrs', 'us-east-1')
         maint_cf_host = get_ssm_parameter(f'/{env}/{function_name}/maint-cf-host', 'us-east-1')
         
-        # Parse allowed CIDRs
+        # Parse allowed CIDRs (empty string results in empty list)
         allowed_cidrs = [cidr.strip() for cidr in allow_cidrs_str.split(',') if cidr.strip()]
         
         # Get client IP

cdk_factory/stack_library/lambda_edge/lambda_edge_stack.py

@@ -87,7 +87,10 @@ class LambdaEdgeStack(IStack, EnhancedSsmParameterMixin):
             deployment
         )
         
-        function_name = deployment.build_resource_name(self.edge_config.name)
+        # Use the Lambda function name from config (supports template variables)
+        # e.g., "{{WORKLOAD_NAME}}-{{ENVIRONMENT}}-ip-gate" becomes "tech-talk-dev-ip-gate"
+        function_name = self.edge_config.name
+        logger.info(f"Lambda function name: '{function_name}'")
         
         # Create Lambda function
         self._create_lambda_function(function_name)
@@ -181,9 +184,10 @@ class LambdaEdgeStack(IStack, EnhancedSsmParameterMixin):
         
         # Create runtime configuration file for Lambda@Edge
         # Since Lambda@Edge doesn't support environment variables, we bundle a config file
+        # Use the full function_name (e.g., "tech-talk-dev-ip-gate") not just the base name
         runtime_config = {
             'environment': self.deployment.environment,
-            'function_name': self.edge_config.name,
+            'function_name': function_name,
             'region': self.deployment.region
         }
         
@@ -364,10 +368,21 @@ class LambdaEdgeStack(IStack, EnhancedSsmParameterMixin):
             resolved_env = self._resolve_environment_variables()
             for env_key, ssm_path in env_ssm_exports.items():
                 if env_key in resolved_env:
+                    env_value = resolved_env[env_key]
+                    
+                    # Handle empty values - SSM doesn't allow empty strings
+                    # Use sentinel value "NONE" to indicate explicitly unset
+                    if not env_value or (isinstance(env_value, str) and env_value.strip() == ""):
+                        env_value = "NONE"
+                        logger.info(
+                            f"Environment variable {env_key} is empty - setting SSM parameter to 'NONE'. "
+                            f"Lambda function should treat 'NONE' as unset/disabled."
+                        )
+                    
                     self.export_ssm_parameter(
                         self,
                         f"env-{env_key}-param",
-                        resolved_env[env_key],
+                        env_value,
                         ssm_path,
                         description=f"Configuration for Lambda@Edge: {env_key}"
                     )

cdk_factory/version.py

@@ -1 +1 @@
-__version__ = "0.13.2"
+__version__ = "0.13.5"

{cdk_factory-0.13.2.dist-info → cdk_factory-0.13.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cdk_factory
-Version: 0.13.2
+Version: 0.13.5
 Summary: CDK Factory. A QuickStarter and best practices setup for CDK projects
 Author-email: Eric Wilson <eric.wilson@geekcafe.com>
 License: MIT License

{cdk_factory-0.13.2.dist-info → cdk_factory-0.13.5.dist-info}/RECORD

@@ -2,7 +2,7 @@ cdk_factory/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cdk_factory/app.py,sha256=RnX0-pwdTAPAdKJK_j13Zl8anf9zYKBwboR0KA8K8xM,10346
 cdk_factory/cdk.json,sha256=SKZKhJ2PBpFH78j-F8S3VDYW-lf76--Q2I3ON-ZIQfw,3106
 cdk_factory/cli.py,sha256=FGbCTS5dYCNsfp-etshzvFlGDCjC28r6rtzYbe7KoHI,6407
-cdk_factory/version.py,sha256=blu6md2c3Nnj5gDBi8U36sYO3k8HcND8s7UoQBjfn3g,23
+cdk_factory/version.py,sha256=SPNxRvWdZ_wlG_AeFzA45_LV_z5u-nzgOJwVcknxEJ8,23
 cdk_factory/builds/README.md,sha256=9BBWd7bXpyKdMU_g2UljhQwrC9i5O_Tvkb6oPvndoZk,90
 cdk_factory/commands/command_loader.py,sha256=QbLquuP_AdxtlxlDy-2IWCQ6D-7qa58aphnDPtp_uTs,3744
 cdk_factory/configurations/base_config.py,sha256=JKjhNsy0RCUZy1s8n5D_aXXI-upR9izaLtCTfKYiV9k,9624
@@ -50,7 +50,7 @@ cdk_factory/configurations/resources/security_group.py,sha256=8kQtaaRVEn2aDm8XoC
 cdk_factory/configurations/resources/security_group_full_stack.py,sha256=x5MIMCa_olO7prFBKx9zVOfvsVdKo-2mWyhrCy27dFw,2031
 cdk_factory/configurations/resources/sqs.py,sha256=fAh2dqttJ6PX46enFRULuiLEu3TEj0Vb2xntAOgUpYE,4346
 cdk_factory/configurations/resources/vpc.py,sha256=sNn6w76bHFwmt6N76gZZhqpsuNB9860C1SZu6tebaXY,3835
-cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py,sha256=ZTlRUFhfrkIv95buChJiNh-nd_hmGjUxT5LaPScStgY,17902
+cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py,sha256=MS3xrjm1I4gnUZorh2Orc6oi_fZE_ZPU29czDDhiD_A,20072
 cdk_factory/constructs/ecr/ecr_construct.py,sha256=JLz3gWrsjlM0XghvbgxuoGlF-VIo_7IYxtgX7mTkidE,10660
 cdk_factory/constructs/lambdas/lambda_function_construct.py,sha256=SQ5SEXn4kezVAzXuv_A_JB3o_svyBXOMi-htvfB9HQs,4516
 cdk_factory/constructs/lambdas/lambda_function_docker_construct.py,sha256=aSyn3eh1YnuIahZ7CbZ5WswwPL8u70ZibMoS24QQifc,9907
@@ -66,7 +66,7 @@ cdk_factory/interfaces/istack.py,sha256=bhTBs-o9FgKwvJMSuwxjUV6D3nUlvZHVzfm27jP9
 cdk_factory/interfaces/live_ssm_resolver.py,sha256=3FIr9a02SXqZmbFs3RT0WxczWEQR_CF7QSt7kWbDrVE,8163
 cdk_factory/interfaces/ssm_parameter_mixin.py,sha256=uA2j8HmAOpuEA9ynRj51s0WjUHMVLsbLQN-QS9NKyHA,12089
 cdk_factory/lambdas/health_handler.py,sha256=dd40ykKMxWCFEIyp2ZdQvAGNjw_ylI9CSm1N24Hp2ME,196
-cdk_factory/lambdas/edge/ip_gate/handler.py,sha256=NCa16_B66zIczPb9whf_CaspnetuTYKTFpIX6Z7Wqjw,6393
+cdk_factory/lambdas/edge/ip_gate/handler.py,sha256=4ijbIMdMId-9XQzerejWhizd8r-gm6cKlsnDIwftXow,6879
 cdk_factory/pipeline/path_utils.py,sha256=fvWdrcb4onmpIu1APkHLhXg8zWfK74HcW3Ra2ynxfXM,2586
 cdk_factory/pipeline/pipeline_factory.py,sha256=rvtkdlTPJG477nTVRN8S2ksWt4bwpd9eVLFd9WO02pM,17248
 cdk_factory/pipeline/stage.py,sha256=Be7ExMB9A-linRM18IQDOzQ-cP_I2_ThRNzlT4FIrUg,437
@@ -95,7 +95,7 @@ cdk_factory/stack_library/ecr/ecr_stack.py,sha256=1xA68sxFVyqreYjXrP_7U9I8RF9RtF
 cdk_factory/stack_library/ecs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cdk_factory/stack_library/ecs/ecs_service_stack.py,sha256=zuGdZEP5KmeVDTJb-H47LYhvs-85-Fi4Xb78nsA-lF4,24685
 cdk_factory/stack_library/lambda_edge/__init__.py,sha256=ByBJ_CWdc4UtTmFBZH-6pzBMNkjkdtE65AmnB0Fs6lM,156
-cdk_factory/stack_library/lambda_edge/lambda_edge_stack.py,sha256=fCnS_WFUwe9gyvsqrevevrDcUqZpZgnwM8v9tQVxFzk,15491
+cdk_factory/stack_library/lambda_edge/lambda_edge_stack.py,sha256=CdId_1kcZmYr1lLI9AD3-KqtE6voC3641PIloJmWiNI,16414
 cdk_factory/stack_library/load_balancer/__init__.py,sha256=wZpKw2OecLJGdF5mPayCYAEhu2H3c2gJFFIxwXftGDU,52
 cdk_factory/stack_library/load_balancer/load_balancer_stack.py,sha256=t5JUe5lMUbQCRFZR08k8nO-g-53yWY8gKB9v8ZnedBs,24391
 cdk_factory/stack_library/monitoring/__init__.py,sha256=k1G_KDx47Aw0UugaL99PN_TKlyLK4nkJVApCaAK7GJg,153
@@ -129,8 +129,8 @@ cdk_factory/utilities/lambda_function_utilities.py,sha256=S1GvBsY_q2cyUiaud3HORJ
 cdk_factory/utilities/os_execute.py,sha256=5Op0LY_8Y-pUm04y1k8MTpNrmQvcLmQHPQITEP7EuSU,1019
 cdk_factory/utils/api_gateway_utilities.py,sha256=If7Xu5s_UxmuV-kL3JkXxPLBdSVUKoLtohm0IUFoiV8,4378
 cdk_factory/workload/workload_factory.py,sha256=mM8GU_5mKq_0OyK060T3JrUSUiGAcKf0eqNlT9mfaws,6028
-cdk_factory-0.13.2.dist-info/METADATA,sha256=LyiWwDWEaFep_Koxoo46zUxv3Lza_88v4T45EK7zNeg,2451
-cdk_factory-0.13.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-cdk_factory-0.13.2.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
-cdk_factory-0.13.2.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
-cdk_factory-0.13.2.dist-info/RECORD,,
+cdk_factory-0.13.5.dist-info/METADATA,sha256=nSjC-eYm9AeWwM3ICwdPTJl46PuprLmxIDHsxleN9T0,2451
+cdk_factory-0.13.5.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+cdk_factory-0.13.5.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
+cdk_factory-0.13.5.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
+cdk_factory-0.13.5.dist-info/RECORD,,