cdk-factory 0.14.1__py3-none-any.whl → 0.15.0__py3-none-any.whl

cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py

@@ -292,8 +292,9 @@ class CloudFrontDistributionConstruct(Construct):
                 logger.info(f"Using IP gate Lambda ARN from SSM: {ip_gate_ssm_path}")
                 
                 # Add the IP gating Lambda@Edge association
+                # MUST use viewer-request to run BEFORE cache check!
                 lambda_edge_associations = [{
-                    "event_type": "origin-request",
+                    "event_type": "viewer-request",
                     "lambda_arn": f"{{{{ssm:{ip_gate_ssm_path}}}}}",
                     "include_body": False
                 }]

cdk_factory/lambdas/edge/ip_gate/handler.py

@@ -178,7 +178,58 @@ def lambda_handler(event, context):
             print(f"IP {client_ip} is allowed")
             return request
         
-        # IP not allowed - redirect to maintenance page
+        # IP not allowed - either redirect or proxy maintenance page
+        # Check response mode from SSM (default: redirect for backward compatibility)
+        response_mode_param = f"/{function_name}/response-mode"
+        response_mode = get_ssm_parameter(response_mode_param, default='redirect')
+        
+        if response_mode == 'proxy':
+            # Proxy mode: Fetch and return maintenance content (keeps URL the same)
+            print(f"IP {client_ip} is NOT allowed, proxying content from {maint_cf_host}")
+            
+            try:
+                import urllib3
+                http = urllib3.PoolManager()
+                
+                # Fetch the maintenance page
+                maint_response = http.request(
+                    'GET', 
+                    f'https://{maint_cf_host}',
+                    headers={'User-Agent': 'CloudFront-IP-Gate-Proxy'},
+                    timeout=3.0
+                )
+                
+                # Return the maintenance content
+                response = {
+                    'status': str(maint_response.status),
+                    'statusDescription': 'OK' if maint_response.status == 200 else 'Service Unavailable',
+                    'headers': {
+                        'content-type': [{
+                            'key': 'Content-Type',
+                            'value': maint_response.headers.get('Content-Type', 'text/html')
+                        }],
+                        'cache-control': [{
+                            'key': 'Cache-Control',
+                            'value': 'no-cache, no-store, must-revalidate, max-age=0'
+                        }],
+                        'x-ip-gate-mode': [{
+                            'key': 'X-IP-Gate-Mode',
+                            'value': 'proxy'
+                        }]
+                    },
+                    'body': maint_response.data.decode('utf-8')
+                }
+                
+                print(f"Successfully proxied maintenance page (status {maint_response.status})")
+                return response
+                
+            except Exception as proxy_error:
+                print(f"Error proxying maintenance content: {str(proxy_error)}")
+                # Fall back to redirect if proxy fails
+                print(f"Falling back to redirect mode")
+                response_mode = 'redirect'
+        
+        # Redirect mode (default): HTTP 302 redirect to maintenance site
         print(f"IP {client_ip} is NOT allowed, redirecting to {maint_cf_host}")
         
         response = {
@@ -192,6 +243,10 @@ def lambda_handler(event, context):
                 'cache-control': [{
                     'key': 'Cache-Control',
                     'value': 'no-cache, no-store, must-revalidate'
+                }],
+                'x-ip-gate-mode': [{
+                    'key': 'X-IP-Gate-Mode',
+                    'value': 'redirect'
                 }]
             }
         }

cdk_factory/version.py

@@ -1 +1 @@
-__version__ = "0.14.1"
+__version__ = "0.15.0"

{cdk_factory-0.14.1.dist-info → cdk_factory-0.15.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cdk_factory
-Version: 0.14.1
+Version: 0.15.0
 Summary: CDK Factory. A QuickStarter and best practices setup for CDK projects
 Author-email: Eric Wilson <eric.wilson@geekcafe.com>
 License: MIT License

{cdk_factory-0.14.1.dist-info → cdk_factory-0.15.0.dist-info}/RECORD

@@ -2,7 +2,7 @@ cdk_factory/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cdk_factory/app.py,sha256=RnX0-pwdTAPAdKJK_j13Zl8anf9zYKBwboR0KA8K8xM,10346
 cdk_factory/cdk.json,sha256=SKZKhJ2PBpFH78j-F8S3VDYW-lf76--Q2I3ON-ZIQfw,3106
 cdk_factory/cli.py,sha256=FGbCTS5dYCNsfp-etshzvFlGDCjC28r6rtzYbe7KoHI,6407
-cdk_factory/version.py,sha256=DcrUHmqhXJJz-Sh-CsHfn9W6Q5OL-VL2FalGEX5hy6E,23
+cdk_factory/version.py,sha256=wGIgxINRfcIKyk0LjIbc9UF9UwuclyCQZv_axTUzwNw,23
 cdk_factory/builds/README.md,sha256=9BBWd7bXpyKdMU_g2UljhQwrC9i5O_Tvkb6oPvndoZk,90
 cdk_factory/commands/command_loader.py,sha256=QbLquuP_AdxtlxlDy-2IWCQ6D-7qa58aphnDPtp_uTs,3744
 cdk_factory/configurations/base_config.py,sha256=JKjhNsy0RCUZy1s8n5D_aXXI-upR9izaLtCTfKYiV9k,9624
@@ -50,7 +50,7 @@ cdk_factory/configurations/resources/security_group.py,sha256=8kQtaaRVEn2aDm8XoC
 cdk_factory/configurations/resources/security_group_full_stack.py,sha256=x5MIMCa_olO7prFBKx9zVOfvsVdKo-2mWyhrCy27dFw,2031
 cdk_factory/configurations/resources/sqs.py,sha256=fAh2dqttJ6PX46enFRULuiLEu3TEj0Vb2xntAOgUpYE,4346
 cdk_factory/configurations/resources/vpc.py,sha256=sNn6w76bHFwmt6N76gZZhqpsuNB9860C1SZu6tebaXY,3835
-cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py,sha256=Co3pQ5NQVd5mXzPeGNN4UabvQVWyWL44xDyscNGAXUQ,21967
+cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py,sha256=gFQw96rfSX7n3-YaK4AWyF2NNzJezgZpmnAcxZpmgxs,22036
 cdk_factory/constructs/ecr/ecr_construct.py,sha256=JLz3gWrsjlM0XghvbgxuoGlF-VIo_7IYxtgX7mTkidE,10660
 cdk_factory/constructs/lambdas/lambda_function_construct.py,sha256=SQ5SEXn4kezVAzXuv_A_JB3o_svyBXOMi-htvfB9HQs,4516
 cdk_factory/constructs/lambdas/lambda_function_docker_construct.py,sha256=O8aiHpNQ59eE3qEttEHVxbvp06v4byXOeYCVTAOI_Cg,9993
@@ -66,7 +66,7 @@ cdk_factory/interfaces/istack.py,sha256=bhTBs-o9FgKwvJMSuwxjUV6D3nUlvZHVzfm27jP9
 cdk_factory/interfaces/live_ssm_resolver.py,sha256=3FIr9a02SXqZmbFs3RT0WxczWEQR_CF7QSt7kWbDrVE,8163
 cdk_factory/interfaces/ssm_parameter_mixin.py,sha256=uA2j8HmAOpuEA9ynRj51s0WjUHMVLsbLQN-QS9NKyHA,12089
 cdk_factory/lambdas/health_handler.py,sha256=dd40ykKMxWCFEIyp2ZdQvAGNjw_ylI9CSm1N24Hp2ME,196
-cdk_factory/lambdas/edge/ip_gate/handler.py,sha256=I1LN7vuz8qZ7vhgG91yxCEm4uFqqOghsJzurT0DngcI,7396
+cdk_factory/lambdas/edge/ip_gate/handler.py,sha256=pQzCK3r8Hc_XhR2A5FW5nlShi5c9z7By8Czd9Uqd3ws,9935
 cdk_factory/pipeline/path_utils.py,sha256=fvWdrcb4onmpIu1APkHLhXg8zWfK74HcW3Ra2ynxfXM,2586
 cdk_factory/pipeline/pipeline_factory.py,sha256=rvtkdlTPJG477nTVRN8S2ksWt4bwpd9eVLFd9WO02pM,17248
 cdk_factory/pipeline/stage.py,sha256=Be7ExMB9A-linRM18IQDOzQ-cP_I2_ThRNzlT4FIrUg,437
@@ -129,8 +129,8 @@ cdk_factory/utilities/lambda_function_utilities.py,sha256=S1GvBsY_q2cyUiaud3HORJ
 cdk_factory/utilities/os_execute.py,sha256=5Op0LY_8Y-pUm04y1k8MTpNrmQvcLmQHPQITEP7EuSU,1019
 cdk_factory/utils/api_gateway_utilities.py,sha256=If7Xu5s_UxmuV-kL3JkXxPLBdSVUKoLtohm0IUFoiV8,4378
 cdk_factory/workload/workload_factory.py,sha256=mM8GU_5mKq_0OyK060T3JrUSUiGAcKf0eqNlT9mfaws,6028
-cdk_factory-0.14.1.dist-info/METADATA,sha256=CeDWK6i4lTujrWo11UnQ49_HrdhmIsOSilsQppIGE_o,2451
-cdk_factory-0.14.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-cdk_factory-0.14.1.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
-cdk_factory-0.14.1.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
-cdk_factory-0.14.1.dist-info/RECORD,,
+cdk_factory-0.15.0.dist-info/METADATA,sha256=Da_9MBQTbK6XRX6OrC1ooR-ixBJLcfuTqmyg-dqQeVc,2451
+cdk_factory-0.15.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+cdk_factory-0.15.0.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
+cdk_factory-0.15.0.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
+cdk_factory-0.15.0.dist-info/RECORD,,