PyPI - cdk-factory - Versions diffs - 0.15.0__py3-none-any.whl → 0.15.2__py3-none-any.whl - Mend

cdk-factory 0.15.0py3-none-any.whl → 0.15.2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of cdk-factory might be problematic. Click here for more details.

Files changed (13) hide show

cdk_factory/configurations/resources/rds.py CHANGED Viewed

@@ -130,3 +130,8 @@ class RdsConfig(EnhancedBaseConfig):
     def vpc_id(self, value: str):
         """Sets the VPC ID for the Security Group"""
         self.__config["vpc_id"] = value
+    @property
+    def ssm_imports(self) -> Dict[str, str]:
+        """SSM parameter imports for the RDS instance"""
+        return self.__config.get("ssm_imports", {})

cdk_factory/configurations/resources/route53.py CHANGED Viewed

@@ -26,11 +26,16 @@ class Route53Config:
     def hosted_zone_id(self) -> Optional[str]:
         """Hosted zone ID"""
         return self.__config.get("hosted_zone_id")
+    @property
+    def existing_hosted_zone_id(self) -> Optional[str]:
+        """Existing hosted zone ID (alias for hosted_zone_id)"""
+        return self.__config.get("existing_hosted_zone_id") or self.__config.get("hosted_zone_id")
     @property
     def domain_name(self) -> Optional[str]:
-        """Domain name"""
-        return self.__config.get("domain_name")
+        """Domain name (also checks hosted_zone_name)"""
+        return self.__config.get("domain_name") or self.__config.get("hosted_zone_name")
     @property
     def record_names(self) -> List[str]:

cdk_factory/configurations/resources/security_group_full_stack.py CHANGED Viewed

@@ -61,3 +61,8 @@ class SecurityGroupFullStackConfig:
     def tags(self) -> Dict[str, str]:
         """Tags to apply to the Security Group"""
         return self.__config.get("tags", {})
+    @property
+    def ssm_imports(self) -> Dict[str, str]:
+        """SSM parameter imports for the Security Group"""
+        return self.__config.get("ssm_imports", {})

cdk_factory/stack_library/cloudfront/cloudfront_stack.py CHANGED Viewed

@@ -22,6 +22,8 @@ from constructs import Construct
 from cdk_factory.interfaces.istack import IStack
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.configurations.stack import StackConfig
+from cdk_factory.configurations.deployment import DeploymentConfig
+from cdk_factory.configurations.workload import WorkloadConfig
 from cdk_factory.configurations.resources.cloudfront import CloudFrontConfig
 logger = logging.getLogger(__name__)
@@ -39,110 +41,153 @@ class CloudFrontStack(IStack):
     - Custom error responses
     """
-    def __init__(
-        self,
-        scope: Construct,
-        id: str,
-        stack_config: StackConfig,
-        deployment,
-        **kwargs,
-    ) -> None:
+    def __init__(self, scope: Construct, id: str, **kwargs) -> None:
         super().__init__(scope, id, **kwargs)
-        self.stack_config = stack_config
-        self.deployment = deployment
-        # CloudFront config
-        cloudfront_dict = stack_config.dictionary.get("cloudfront", {})
-        self.cf_config = CloudFrontConfig(cloudfront_dict, deployment)
+        self.stack_config = None
+        self.deployment = None
+        self.cf_config = None
         # Resources
         self.distribution: Optional[cloudfront.Distribution] = None
         self.certificate: Optional[acm.ICertificate] = None
         self.origins_map: Dict[str, cloudfront.IOrigin] = {}
+        # SSM imported values
+        self.ssm_imported_values: Dict[str, str] = {}
     def build(
         self,
+        stack_config: StackConfig,
+        deployment: DeploymentConfig,
+        workload: WorkloadConfig,
         vpc=None,
         target_groups=None,
         security_groups=None,
         shared=None,
     ):
         """Build the CloudFront distribution"""
+        self.stack_config = stack_config
+        self.deployment = deployment
+        # CloudFront config
+        cloudfront_dict = stack_config.dictionary.get("cloudfront", {})
+        self.cf_config = CloudFrontConfig(cloudfront_dict, deployment)
         logger.info(f"Building CloudFront distribution: {self.cf_config.name}")
+        # Process SSM imports first
+        self._process_ssm_imports()
         # Create certificate if needed
         if self.cf_config.certificate and self.cf_config.aliases:
             self._create_certificate()
         # Create origins
         self._create_origins()
         # Create distribution
         self._create_distribution()
         # Export SSM parameters
         self._export_ssm_parameters()
         # Create CloudFormation outputs
         self._create_outputs()
         return self
+    def _process_ssm_imports(self) -> None:
+        """
+        Process SSM imports from configuration.
+        Follows the same pattern as API Gateway stack - imports SSM parameters as CDK tokens.
+        """
+        ssm_imports = self.cf_config.ssm_imports
+        if not ssm_imports:
+            logger.debug("No SSM imports configured for CloudFront")
+            return
+        logger.info(f"Processing {len(ssm_imports)} SSM imports for CloudFront")
+        for param_key, param_path in ssm_imports.items():
+            try:
+                # Ensure parameter path starts with /
+                if not param_path.startswith("/"):
+                    param_path = f"/{param_path}"
+                # Create unique construct ID from parameter path
+                construct_id = f"ssm-import-{param_key}-{hash(param_path) % 10000}"
+                # Import SSM parameter - this creates a CDK token that resolves at deployment time
+                param = ssm.StringParameter.from_string_parameter_name(
+                    self, construct_id, param_path
+                )
+                # Store the token value for use in configuration
+                self.ssm_imported_values[param_key] = param.string_value
+                logger.info(f"Imported SSM parameter: {param_key} from {param_path}")
+            except Exception as e:
+                logger.error(
+                    f"Failed to import SSM parameter {param_key} from {param_path}: {e}"
+                )
+                raise
     def _create_certificate(self) -> None:
         """Create or import ACM certificate for CloudFront (must be in us-east-1)"""
         cert_config = self.cf_config.certificate
         if not cert_config:
             return
         # Check if certificate ARN is provided
         cert_arn = cert_config.get("arn")
         if cert_arn:
             self.certificate = acm.Certificate.from_certificate_arn(
-                self,
-                "Certificate",
-                certificate_arn=cert_arn
+                self, "Certificate", certificate_arn=cert_arn
             )
             logger.info(f"Using existing certificate: {cert_arn}")
             return
         # Check if we should import from SSM
         ssm_param = cert_config.get("ssm_parameter")
         if ssm_param:
             cert_arn = ssm.StringParameter.value_from_lookup(self, ssm_param)
             self.certificate = acm.Certificate.from_certificate_arn(
-                self,
-                "Certificate",
-                certificate_arn=cert_arn
+                self, "Certificate", certificate_arn=cert_arn
             )
             logger.info(f"Using certificate from SSM: {ssm_param}")
             return
-        logger.warning("No certificate ARN provided - CloudFront will use default certificate")
+        logger.warning(
+            "No certificate ARN provided - CloudFront will use default certificate"
+        )
     def _create_origins(self) -> None:
         """Create CloudFront origins (custom, S3, etc.)"""
         origins_config = self.cf_config.origins
         if not origins_config:
-            raise ValueError("At least one origin is required for CloudFront distribution")
+            raise ValueError(
+                "At least one origin is required for CloudFront distribution"
+            )
         for origin_config in origins_config:
             origin_id = origin_config.get("id")
             origin_type = origin_config.get("type", "custom")
             if not origin_id:
                 raise ValueError("Origin ID is required")
             if origin_type == "custom":
                 origin = self._create_custom_origin(origin_config)
             elif origin_type == "s3":
                 origin = self._create_s3_origin(origin_config)
             else:
                 raise ValueError(f"Unsupported origin type: {origin_type}")
             self.origins_map[origin_id] = origin
             logger.info(f"Created {origin_type} origin: {origin_id}")
@@ -150,30 +195,41 @@ class CloudFrontStack(IStack):
         """Create custom origin (ALB, API Gateway, etc.)"""
         domain_name = config.get("domain_name")
         origin_id = config.get("id")
         if not domain_name:
             raise ValueError("domain_name is required for custom origin")
-        # Check if domain name is an SSM parameter reference
-        if domain_name.startswith("{{ssm:") and domain_name.endswith("}}"):
+        # Check if domain name is a placeholder from ssm_imports
+        if domain_name.startswith("{{") and domain_name.endswith("}}"):
+            placeholder_key = domain_name[2:-2]  # Remove {{ and }}
+            if placeholder_key in self.ssm_imported_values:
+                domain_name = self.ssm_imported_values[placeholder_key]
+                logger.info(f"Resolved domain from SSM import: {placeholder_key}")
+            else:
+                logger.warning(f"Placeholder {domain_name} not found in SSM imports")
+        # Legacy support: Check if domain name is an SSM parameter reference
+        elif domain_name.startswith("{{ssm:") and domain_name.endswith("}}"):
             # Extract SSM parameter name
             ssm_param = domain_name[6:-2]  # Remove {{ssm: and }}
             domain_name = ssm.StringParameter.value_from_lookup(self, ssm_param)
-            logger.info(f"Resolved domain from SSM {ssm_param}: {domain_name}")
+            logger.info(f"Resolved domain from SSM lookup {ssm_param}: {domain_name}")
         # Build custom headers (e.g., X-Origin-Secret)
         custom_headers = {}
         custom_headers_config = config.get("custom_headers", {})
         for header_name, header_value in custom_headers_config.items():
             # Check if value is from Secrets Manager
             if isinstance(header_value, str) and header_value.startswith("{{secrets:"):
                 # For now, just log a warning - Secrets Manager integration needs IAM permissions
-                logger.warning(f"Secrets Manager references not yet supported in custom headers: {header_value}")
+                logger.warning(
+                    f"Secrets Manager references not yet supported in custom headers: {header_value}"
+                )
                 continue
             custom_headers[header_name] = header_value
         # Protocol policy
         protocol_policy_str = config.get("protocol_policy", "https-only")
         protocol_policy_map = {
@@ -181,12 +237,18 @@ class CloudFrontStack(IStack):
             "https-only": cloudfront.OriginProtocolPolicy.HTTPS_ONLY,
             "match-viewer": cloudfront.OriginProtocolPolicy.MATCH_VIEWER,
         }
-        protocol_policy = protocol_policy_map.get(protocol_policy_str, cloudfront.OriginProtocolPolicy.HTTPS_ONLY)
+        protocol_policy = protocol_policy_map.get(
+            protocol_policy_str, cloudfront.OriginProtocolPolicy.HTTPS_ONLY
+        )
         # SSL protocols
         origin_ssl_protocols_list = config.get("origin_ssl_protocols", ["TLSv1.2"])
-        ssl_protocols = [cloudfront.OriginSslPolicy.TLS_V1_2] if "TLSv1.2" in origin_ssl_protocols_list else []
+        ssl_protocols = (
+            [cloudfront.OriginSslPolicy.TLS_V1_2]
+            if "TLSv1.2" in origin_ssl_protocols_list
+            else []
+        )
         # Create custom origin with explicit origin ID
         return origins.HttpOrigin(
             domain_name,
@@ -207,37 +269,41 @@ class CloudFrontStack(IStack):
         """Create S3 origin"""
         # S3 origin implementation
         # This would use origins.S3Origin
-        raise NotImplementedError("S3 origin support - use existing static_website_stack for S3")
+        raise NotImplementedError(
+            "S3 origin support - use existing static_website_stack for S3"
+        )
     def _create_distribution(self) -> None:
         """Create CloudFront distribution"""
         # Get default origin
         default_behavior_config = self.cf_config.default_cache_behavior
         target_origin_id = default_behavior_config.get("target_origin_id")
         if not target_origin_id or target_origin_id not in self.origins_map:
             raise ValueError(f"Default cache behavior must reference a valid origin ID")
         default_origin = self.origins_map[target_origin_id]
         # Build default behavior
-        default_behavior = self._build_cache_behavior(default_behavior_config, default_origin)
+        default_behavior = self._build_cache_behavior(
+            default_behavior_config, default_origin
+        )
         # Build additional behaviors
         additional_behaviors = {}
         for behavior_config in self.cf_config.cache_behaviors:
             path_pattern = behavior_config.get("path_pattern")
             origin_id = behavior_config.get("target_origin_id")
             if not path_pattern or not origin_id or origin_id not in self.origins_map:
                 logger.warning(f"Invalid cache behavior config, skipping")
                 continue
             origin = self.origins_map[origin_id]
             behavior = self._build_cache_behavior_options(behavior_config)
             additional_behaviors[path_pattern] = behavior
         # Build error responses
         error_responses = []
         for error_config in self.cf_config.custom_error_responses:
@@ -248,10 +314,12 @@ class CloudFrontStack(IStack):
                         http_status=error_code,
                         response_http_status=error_config.get("response_http_status"),
                         response_page_path=error_config.get("response_page_path"),
-                        ttl=Duration.seconds(error_config.get("error_caching_min_ttl", 10)),
+                        ttl=Duration.seconds(
+                            error_config.get("error_caching_min_ttl", 10)
+                        ),
                     )
                 )
         # HTTP version
         http_version_map = {
             "http1_1": cloudfront.HttpVersion.HTTP1_1,
@@ -265,12 +333,11 @@ class CloudFrontStack(IStack):
         except AttributeError:
             # Fall back to HTTP2 if HTTP2_AND_3/HTTP3 not available in this CDK version
             default_version = cloudfront.HttpVersion.HTTP2
         http_version = http_version_map.get(
-            self.cf_config.http_version.lower(),
-            default_version
+            self.cf_config.http_version.lower(), default_version
         )
         # Price class
         price_class_map = {
             "PriceClass_100": cloudfront.PriceClass.PRICE_CLASS_100,
@@ -278,10 +345,9 @@ class CloudFrontStack(IStack):
             "PriceClass_All": cloudfront.PriceClass.PRICE_CLASS_ALL,
         }
         price_class = price_class_map.get(
-            self.cf_config.price_class,
-            cloudfront.PriceClass.PRICE_CLASS_100
+            self.cf_config.price_class, cloudfront.PriceClass.PRICE_CLASS_100
         )
         # Create distribution
         self.distribution = cloudfront.Distribution(
             self,
@@ -298,16 +364,16 @@ class CloudFrontStack(IStack):
             default_root_object=self.cf_config.default_root_object,
             web_acl_id=self.cf_config.waf_web_acl_id,
         )
-        logger.info(f"Created CloudFront distribution: {self.distribution.distribution_id}")
+        logger.info(
+            f"Created CloudFront distribution: {self.distribution.distribution_id}"
+        )
     def _build_cache_behavior(
-        self,
-        config: Dict[str, Any],
-        origin: cloudfront.IOrigin
+        self, config: Dict[str, Any], origin: cloudfront.IOrigin
     ) -> cloudfront.BehaviorOptions:
         """Build cache behavior with origin"""
         # Viewer protocol policy
         viewer_protocol_str = config.get("viewer_protocol_policy", "redirect-to-https")
         viewer_protocol_map = {
@@ -316,35 +382,43 @@ class CloudFrontStack(IStack):
             "https-only": cloudfront.ViewerProtocolPolicy.HTTPS_ONLY,
         }
         viewer_protocol_policy = viewer_protocol_map.get(
-            viewer_protocol_str,
-            cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS
+            viewer_protocol_str, cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS
         )
         # Allowed methods
         allowed_methods_str = config.get("allowed_methods", ["GET", "HEAD"])
-        if "DELETE" in allowed_methods_str or "PUT" in allowed_methods_str or "PATCH" in allowed_methods_str or "POST" in allowed_methods_str:
+        if (
+            "DELETE" in allowed_methods_str
+            or "PUT" in allowed_methods_str
+            or "PATCH" in allowed_methods_str
+            or "POST" in allowed_methods_str
+        ):
             allowed_methods = cloudfront.AllowedMethods.ALLOW_ALL
         elif "OPTIONS" in allowed_methods_str:
             allowed_methods = cloudfront.AllowedMethods.ALLOW_GET_HEAD_OPTIONS
         else:
             allowed_methods = cloudfront.AllowedMethods.ALLOW_GET_HEAD
         # Cached methods
         cached_methods_str = config.get("cached_methods", ["GET", "HEAD"])
         if "OPTIONS" in cached_methods_str:
             cached_methods = cloudfront.CachedMethods.CACHE_GET_HEAD_OPTIONS
         else:
             cached_methods = cloudfront.CachedMethods.CACHE_GET_HEAD
         # Cache policy
         cache_policy = self._build_cache_policy(config.get("cache_policy", {}))
         # Origin request policy
-        origin_request_policy = self._build_origin_request_policy(config.get("origin_request_policy", {}))
+        origin_request_policy = self._build_origin_request_policy(
+            config.get("origin_request_policy", {})
+        )
         # Lambda@Edge associations
-        edge_lambdas = self._build_lambda_edge_associations(config.get("lambda_edge_associations", []))
+        edge_lambdas = self._build_lambda_edge_associations(
+            config.get("lambda_edge_associations", [])
+        )
         return cloudfront.BehaviorOptions(
             origin=origin,
             viewer_protocol_policy=viewer_protocol_policy,
@@ -362,24 +436,26 @@ class CloudFrontStack(IStack):
         # For now, return basic structure
         return {}
-    def _build_cache_policy(self, config: Dict[str, Any]) -> Optional[cloudfront.ICachePolicy]:
+    def _build_cache_policy(
+        self, config: Dict[str, Any]
+    ) -> Optional[cloudfront.ICachePolicy]:
         """Build or reference cache policy"""
         if not config:
             # Use managed caching disabled policy for dynamic content
             return cloudfront.CachePolicy.CACHING_DISABLED
         policy_name = config.get("name")
         # Check for managed policies
         managed_policies = {
             "CachingOptimized": cloudfront.CachePolicy.CACHING_OPTIMIZED,
             "CachingDisabled": cloudfront.CachePolicy.CACHING_DISABLED,
             "CachingOptimizedForUncompressedObjects": cloudfront.CachePolicy.CACHING_OPTIMIZED_FOR_UNCOMPRESSED_OBJECTS,
         }
         if policy_name in managed_policies:
             return managed_policies[policy_name]
         # Create custom cache policy
         return cloudfront.CachePolicy(
             self,
@@ -390,47 +466,65 @@ class CloudFrontStack(IStack):
             min_ttl=Duration.seconds(config.get("min_ttl", 0)),
             max_ttl=Duration.seconds(config.get("max_ttl", 31536000)),
             enable_accept_encoding_gzip=config.get("enable_accept_encoding_gzip", True),
-            enable_accept_encoding_brotli=config.get("enable_accept_encoding_brotli", True),
-            header_behavior=self._build_cache_header_behavior(config.get("headers_config", {})),
-            query_string_behavior=self._build_cache_query_string_behavior(config.get("query_strings_config", {})),
-            cookie_behavior=self._build_cache_cookie_behavior(config.get("cookies_config", {})),
+            enable_accept_encoding_brotli=config.get(
+                "enable_accept_encoding_brotli", True
+            ),
+            header_behavior=self._build_cache_header_behavior(
+                config.get("headers_config", {})
+            ),
+            query_string_behavior=self._build_cache_query_string_behavior(
+                config.get("query_strings_config", {})
+            ),
+            cookie_behavior=self._build_cache_cookie_behavior(
+                config.get("cookies_config", {})
+            ),
         )
-    def _build_origin_request_policy(self, config: Dict[str, Any]) -> Optional[cloudfront.IOriginRequestPolicy]:
+    def _build_origin_request_policy(
+        self, config: Dict[str, Any]
+    ) -> Optional[cloudfront.IOriginRequestPolicy]:
         """Build or reference origin request policy"""
         if not config:
             # Use managed all viewer policy
             return cloudfront.OriginRequestPolicy.ALL_VIEWER
         policy_name = config.get("name")
         # Check for managed policies
         managed_policies = {
             "AllViewer": cloudfront.OriginRequestPolicy.ALL_VIEWER,
             "AllViewerExceptHostHeader": cloudfront.OriginRequestPolicy.ALL_VIEWER_EXCEPT_HOST_HEADER,
-            "AllViewerAndCloudFrontHeaders2022": cloudfront.OriginRequestPolicy.ALL_VIEWER_AND_CLOUDFRONT_HEADERS_2022,
+            "AllViewerAndCloudFrontHeaders2022": cloudfront.OriginRequestPolicy.ALL_VIEWER_AND_CLOUDFRONT_2022,
             "CORS-CustomOrigin": cloudfront.OriginRequestPolicy.CORS_CUSTOM_ORIGIN,
             "CORS-S3Origin": cloudfront.OriginRequestPolicy.CORS_S3_ORIGIN,
         }
         if policy_name in managed_policies:
             return managed_policies[policy_name]
         # Create custom origin request policy
         return cloudfront.OriginRequestPolicy(
             self,
             f"OriginRequestPolicy-{policy_name}",
             origin_request_policy_name=policy_name,
             comment=config.get("comment", ""),
-            header_behavior=self._build_origin_header_behavior(config.get("headers_config", {})),
-            query_string_behavior=self._build_origin_query_string_behavior(config.get("query_strings_config", {})),
-            cookie_behavior=self._build_origin_cookie_behavior(config.get("cookies_config", {})),
+            header_behavior=self._build_origin_header_behavior(
+                config.get("headers_config", {})
+            ),
+            query_string_behavior=self._build_origin_query_string_behavior(
+                config.get("query_strings_config", {})
+            ),
+            cookie_behavior=self._build_origin_cookie_behavior(
+                config.get("cookies_config", {})
+            ),
         )
-    def _build_cache_header_behavior(self, config: Dict[str, Any]) -> cloudfront.CacheHeaderBehavior:
+    def _build_cache_header_behavior(
+        self, config: Dict[str, Any]
+    ) -> cloudfront.CacheHeaderBehavior:
         """Build cache header behavior"""
         behavior = config.get("behavior", "none")
         if behavior == "none":
             return cloudfront.CacheHeaderBehavior.none()
         elif behavior == "whitelist":
@@ -439,10 +533,12 @@ class CloudFrontStack(IStack):
         else:
             return cloudfront.CacheHeaderBehavior.none()
-    def _build_cache_query_string_behavior(self, config: Dict[str, Any]) -> cloudfront.CacheQueryStringBehavior:
+    def _build_cache_query_string_behavior(
+        self, config: Dict[str, Any]
+    ) -> cloudfront.CacheQueryStringBehavior:
         """Build cache query string behavior"""
         behavior = config.get("behavior", "none")
         if behavior == "none":
             return cloudfront.CacheQueryStringBehavior.none()
         elif behavior == "all":
@@ -456,10 +552,12 @@ class CloudFrontStack(IStack):
         else:
             return cloudfront.CacheQueryStringBehavior.none()
-    def _build_cache_cookie_behavior(self, config: Dict[str, Any]) -> cloudfront.CacheCookieBehavior:
+    def _build_cache_cookie_behavior(
+        self, config: Dict[str, Any]
+    ) -> cloudfront.CacheCookieBehavior:
         """Build cache cookie behavior"""
         behavior = config.get("behavior", "none")
         if behavior == "none":
             return cloudfront.CacheCookieBehavior.none()
         elif behavior == "all":
@@ -473,44 +571,52 @@ class CloudFrontStack(IStack):
         else:
             return cloudfront.CacheCookieBehavior.none()
-    def _build_origin_header_behavior(self, config: Dict[str, Any]) -> cloudfront.OriginRequestHeaderBehavior:
+    def _build_origin_header_behavior(
+        self, config: Dict[str, Any]
+    ) -> cloudfront.OriginRequestHeaderBehavior:
         """Build origin request header behavior"""
         behavior = config.get("behavior", "none")
         if behavior == "none":
             return cloudfront.OriginRequestHeaderBehavior.none()
         elif behavior == "all":
-            return cloudfront.OriginRequestHeaderBehavior.all_viewer()
+            return cloudfront.OriginRequestHeaderBehavior.all()
         elif behavior == "whitelist":
             headers = config.get("headers", [])
             return cloudfront.OriginRequestHeaderBehavior.allow_list(*headers)
         elif behavior == "allViewerAndWhitelistCloudFront":
-            headers = config.get("headers", [])
-            return cloudfront.OriginRequestHeaderBehavior.all_viewer_and_whitelist_cloud_front(*headers)
+            # For now, just forward all headers - this matches the intent
+            return cloudfront.OriginRequestHeaderBehavior.all()
         else:
             return cloudfront.OriginRequestHeaderBehavior.none()
-    def _build_origin_query_string_behavior(self, config: Dict[str, Any]) -> cloudfront.OriginRequestQueryStringBehavior:
+    def _build_origin_query_string_behavior(
+        self, config: Dict[str, Any]
+    ) -> cloudfront.OriginRequestQueryStringBehavior:
         """Build origin request query string behavior"""
         behavior = config.get("behavior", "none")
         if behavior == "none":
             return cloudfront.OriginRequestQueryStringBehavior.none()
         elif behavior == "all":
             return cloudfront.OriginRequestQueryStringBehavior.all()
         elif behavior == "whitelist":
             query_strings = config.get("query_strings", [])
-            return cloudfront.OriginRequestQueryStringBehavior.allow_list(*query_strings)
+            return cloudfront.OriginRequestQueryStringBehavior.allow_list(
+                *query_strings
+            )
         elif behavior == "allExcept":
             query_strings = config.get("query_strings", [])
             return cloudfront.OriginRequestQueryStringBehavior.deny_list(*query_strings)
         else:
             return cloudfront.OriginRequestQueryStringBehavior.none()
-    def _build_origin_cookie_behavior(self, config: Dict[str, Any]) -> cloudfront.OriginRequestCookieBehavior:
+    def _build_origin_cookie_behavior(
+        self, config: Dict[str, Any]
+    ) -> cloudfront.OriginRequestCookieBehavior:
         """Build origin request cookie behavior"""
         behavior = config.get("behavior", "none")
         if behavior == "none":
             return cloudfront.OriginRequestCookieBehavior.none()
         elif behavior == "all":
@@ -521,26 +627,39 @@ class CloudFrontStack(IStack):
         else:
             return cloudfront.OriginRequestCookieBehavior.none()
-    def _build_lambda_edge_associations(self, associations: List[Dict[str, Any]]) -> Optional[List[cloudfront.EdgeLambda]]:
+    def _build_lambda_edge_associations(
+        self, associations: List[Dict[str, Any]]
+    ) -> Optional[List[cloudfront.EdgeLambda]]:
         """Build Lambda@Edge associations"""
         if not associations:
             return None
         edge_lambdas = []
         for assoc in associations:
             event_type_str = assoc.get("event_type", "origin-request")
             lambda_arn = assoc.get("lambda_arn")
             if not lambda_arn:
                 continue
-            # Check if ARN is an SSM parameter reference
-            if lambda_arn.startswith("{{ssm:") and lambda_arn.endswith("}}"):
+            # Check if ARN is a placeholder from ssm_imports
+            if lambda_arn.startswith("{{") and lambda_arn.endswith("}}"):
+                placeholder_key = lambda_arn[2:-2]  # Remove {{ and }}
+                if placeholder_key in self.ssm_imported_values:
+                    lambda_arn = self.ssm_imported_values[placeholder_key]
+                    logger.info(
+                        f"Resolved Lambda ARN from SSM import: {placeholder_key}"
+                    )
+                else:
+                    logger.warning(f"Placeholder {lambda_arn} not found in SSM imports")
+            # Legacy support: Check if ARN is an SSM parameter reference
+            elif lambda_arn.startswith("{{ssm:") and lambda_arn.endswith("}}"):
                 ssm_param = lambda_arn[6:-2]
                 lambda_arn = ssm.StringParameter.value_from_lookup(self, ssm_param)
-                logger.info(f"Resolved Lambda ARN from SSM {ssm_param}")
+                logger.info(f"Resolved Lambda ARN from SSM lookup {ssm_param}")
             # Map event type
             event_type_map = {
                 "viewer-request": cloudfront.LambdaEdgeEventType.VIEWER_REQUEST,
@@ -548,56 +667,65 @@ class CloudFrontStack(IStack):
                 "origin-response": cloudfront.LambdaEdgeEventType.ORIGIN_RESPONSE,
                 "viewer-response": cloudfront.LambdaEdgeEventType.VIEWER_RESPONSE,
             }
-            event_type = event_type_map.get(event_type_str, cloudfront.LambdaEdgeEventType.ORIGIN_REQUEST)
+            event_type = event_type_map.get(
+                event_type_str, cloudfront.LambdaEdgeEventType.ORIGIN_REQUEST
+            )
             # Import Lambda version
             lambda_version = _lambda.Version.from_version_arn(
-                self,
-                f"LambdaEdge-{event_type_str}",
-                version_arn=lambda_arn
+                self, f"LambdaEdge-{event_type_str}", version_arn=lambda_arn
             )
             edge_lambdas.append(
                 cloudfront.EdgeLambda(
                     function_version=lambda_version,
                     event_type=event_type,
-                    include_body=assoc.get("include_body", False)
+                    include_body=assoc.get("include_body", False),
                 )
             )
         return edge_lambdas if edge_lambdas else None
     def _export_ssm_parameters(self) -> None:
         """Export distribution info to SSM Parameter Store"""
         ssm_exports = self.cf_config.ssm_exports
         if not ssm_exports:
             return
         if "distribution_id" in ssm_exports:
+            param_name = ssm_exports["distribution_id"]
+            if not param_name.startswith("/"):
+                param_name = f"/{param_name}"
             ssm.StringParameter(
                 self,
                 "DistributionIdParam",
-                parameter_name=ssm_exports["distribution_id"],
+                parameter_name=param_name,
                 string_value=self.distribution.distribution_id,
                 description=f"CloudFront Distribution ID for {self.cf_config.name}",
             )
         if "distribution_domain" in ssm_exports:
+            param_name = ssm_exports["distribution_domain"]
+            if not param_name.startswith("/"):
+                param_name = f"/{param_name}"
             ssm.StringParameter(
                 self,
                 "DistributionDomainParam",
-                parameter_name=ssm_exports["distribution_domain"],
+                parameter_name=param_name,
                 string_value=self.distribution.distribution_domain_name,
                 description=f"CloudFront Distribution Domain for {self.cf_config.name}",
             )
         if "distribution_arn" in ssm_exports:
+            param_name = ssm_exports["distribution_arn"]
+            if not param_name.startswith("/"):
+                param_name = f"/{param_name}"
             ssm.StringParameter(
                 self,
                 "DistributionArnParam",
-                parameter_name=ssm_exports["distribution_arn"],
+                parameter_name=param_name,
                 string_value=f"arn:aws:cloudfront::{self.account}:distribution/{self.distribution.distribution_id}",
                 description=f"CloudFront Distribution ARN for {self.cf_config.name}",
             )
@@ -610,14 +738,14 @@ class CloudFrontStack(IStack):
             value=self.distribution.distribution_id,
             description="CloudFront Distribution ID",
         )
         CfnOutput(
             self,
             "DistributionDomain",
             value=self.distribution.distribution_domain_name,
             description="CloudFront Distribution Domain Name",
         )
         if self.cf_config.aliases:
             CfnOutput(
                 self,

cdk_factory/stack_library/rds/rds_stack.py CHANGED Viewed

@@ -9,6 +9,7 @@ from typing import Dict, Any, List, Optional
 import aws_cdk as cdk
 from aws_cdk import aws_rds as rds
 from aws_cdk import aws_ec2 as ec2
+from aws_cdk import aws_ssm as ssm
 from aws_cdk import Duration
 from aws_lambda_powertools import Logger
 from constructs import Construct
@@ -41,6 +42,8 @@ class RdsStack(IStack, EnhancedSsmParameterMixin):
         self.db_instance = None
         self.security_groups = []
         self._vpc = None
+        # SSM imported values
+        self.ssm_imported_values: Dict[str, str] = {}
     def build(
         self,
@@ -65,6 +68,9 @@ class RdsStack(IStack, EnhancedSsmParameterMixin):
         self.rds_config = RdsConfig(stack_config.dictionary.get("rds", {}), deployment)
         db_name = deployment.build_resource_name(self.rds_config.name)
+        # Process SSM imports first
+        self._process_ssm_imports()
         # Get VPC and security groups
         self.security_groups = self._get_security_groups()
@@ -77,18 +83,58 @@ class RdsStack(IStack, EnhancedSsmParameterMixin):
         # Add outputs
         self._add_outputs(db_name)
+    def _process_ssm_imports(self) -> None:
+        """Process SSM imports from configuration"""
+        ssm_imports = self.rds_config.ssm_imports
+        if not ssm_imports:
+            logger.debug("No SSM imports configured for RDS")
+            return
+        logger.info(f"Processing {len(ssm_imports)} SSM imports for RDS")
+        for param_key, param_path in ssm_imports.items():
+            try:
+                if not param_path.startswith('/'):
+                    param_path = f"/{param_path}"
+                construct_id = f"ssm-import-{param_key}-{hash(param_path) % 10000}"
+                param = ssm.StringParameter.from_string_parameter_name(
+                    self, construct_id, param_path
+                )
+                self.ssm_imported_values[param_key] = param.string_value
+                logger.info(f"Imported SSM parameter: {param_key} from {param_path}")
+            except Exception as e:
+                logger.error(f"Failed to import SSM parameter {param_key} from {param_path}: {e}")
+                raise
     @property
     def vpc(self) -> ec2.IVpc:
         """Get the VPC for the RDS instance"""
-        # Assuming VPC is provided by the workload
         if self._vpc:
             return self._vpc
-        if self.rds_config.vpc_id:
+        # Check SSM imported values first (tokens from SSM parameters)
+        if "vpc_id" in self.ssm_imported_values:
+            vpc_id = self.ssm_imported_values["vpc_id"]
+            # When using tokens, we can't provide subnet lists to from_vpc_attributes
+            # because CDK validates subnet count against AZ count at synthesis time
+            # We'll create a DB subnet group separately instead
+            vpc_attrs = {
+                "vpc_id": vpc_id,
+                "availability_zones": ["us-east-1a", "us-east-1b"]
+            }
+            # Use from_vpc_attributes() for SSM tokens
+            self._vpc = ec2.Vpc.from_vpc_attributes(self, "VPC", **vpc_attrs)
+        elif self.rds_config.vpc_id:
             self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.rds_config.vpc_id)
-        if self.workload.vpc_id:
+        elif self.workload.vpc_id:
             self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.workload.vpc_id)
         else:
-            # Use default VPC if not provided
             raise ValueError(
                 "VPC is not defined in the configuration.  "
                 "You can provide it a the rds.vpc_id in the configuration "
@@ -99,19 +145,47 @@ class RdsStack(IStack, EnhancedSsmParameterMixin):
     def _get_security_groups(self) -> List[ec2.ISecurityGroup]:
         """Get security groups for the RDS instance"""
         security_groups = []
-        for sg_id in self.rds_config.security_group_ids:
+        # Check SSM imports first for security group ID
+        if "security_group_rds_id" in self.ssm_imported_values:
+            sg_id = self.ssm_imported_values["security_group_rds_id"]
+            security_groups.append(
+                ec2.SecurityGroup.from_security_group_id(
+                    self, "RDSSecurityGroup", sg_id
+                )
+            )
+        # Also check config for any additional security group IDs
+        for idx, sg_id in enumerate(self.rds_config.security_group_ids):
             security_groups.append(
                 ec2.SecurityGroup.from_security_group_id(
-                    self, f"SecurityGroup-{sg_id}", sg_id
+                    self, f"SecurityGroup-{idx}", sg_id
                 )
             )
         return security_groups
     def _create_db_instance(self, db_name: str) -> rds.DatabaseInstance:
         """Create a new RDS instance"""
-        # Configure subnet selection
-        # Use private subnets for database placement
-        subnets = ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS)
+        # Configure subnet group
+        # If we have subnet IDs from SSM, create a DB subnet group explicitly
+        db_subnet_group = None
+        if "subnet_ids" in self.ssm_imported_values:
+            subnet_ids_str = self.ssm_imported_values["subnet_ids"]
+            # Split the comma-separated token into a list
+            subnet_ids_list = cdk.Fn.split(",", subnet_ids_str)
+            # Create DB subnet group with the token-based subnet list
+            db_subnet_group = rds.CfnDBSubnetGroup(
+                self,
+                "DBSubnetGroup",
+                db_subnet_group_description=f"Subnet group for {db_name}",
+                subnet_ids=subnet_ids_list,
+                db_subnet_group_name=f"{db_name}-subnet-group"
+            )
+        # Configure subnet selection for VPC (when not using SSM imports)
+        subnets = None if db_subnet_group else ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_ISOLATED)
         # Configure engine
         engine_version = None
@@ -147,28 +221,36 @@ class RdsStack(IStack, EnhancedSsmParameterMixin):
             removal_policy = cdk.RemovalPolicy.RETAIN
         # Create the database instance
-        db_instance = rds.DatabaseInstance(
-            self,
-            db_name,
-            engine=engine,
-            vpc=self.vpc,
-            vpc_subnets=subnets,
-            instance_type=instance_type,
-            credentials=rds.Credentials.from_generated_secret(
+        # Build common properties
+        db_props = {
+            "engine": engine,
+            "vpc": self.vpc,
+            "instance_type": instance_type,
+            "credentials": rds.Credentials.from_generated_secret(
                 username=self.rds_config.username,
                 secret_name=self.rds_config.secret_name,
             ),
-            database_name=self.rds_config.database_name,
-            multi_az=self.rds_config.multi_az,
-            allocated_storage=self.rds_config.allocated_storage,
-            storage_encrypted=self.rds_config.storage_encrypted,
-            security_groups=self.security_groups if self.security_groups else None,
-            deletion_protection=self.rds_config.deletion_protection,
-            backup_retention=Duration.days(self.rds_config.backup_retention),
-            cloudwatch_logs_exports=self.rds_config.cloudwatch_logs_exports,
-            enable_performance_insights=self.rds_config.enable_performance_insights,
-            removal_policy=removal_policy,
-        )
+            "database_name": self.rds_config.database_name,
+            "multi_az": self.rds_config.multi_az,
+            "allocated_storage": self.rds_config.allocated_storage,
+            "storage_encrypted": self.rds_config.storage_encrypted,
+            "security_groups": self.security_groups if self.security_groups else None,
+            "deletion_protection": self.rds_config.deletion_protection,
+            "backup_retention": Duration.days(self.rds_config.backup_retention),
+            "cloudwatch_logs_exports": self.rds_config.cloudwatch_logs_exports,
+            "enable_performance_insights": self.rds_config.enable_performance_insights,
+            "removal_policy": removal_policy,
+        }
+        # Use either subnet group or vpc_subnets depending on what's available
+        if db_subnet_group:
+            db_props["subnet_group"] = rds.SubnetGroup.from_subnet_group_name(
+                self, "ImportedSubnetGroup", db_subnet_group.ref
+            )
+        else:
+            db_props["vpc_subnets"] = subnets
+        db_instance = rds.DatabaseInstance(self, db_name, **db_props)
         # Add tags
         for key, value in self.rds_config.tags.items():

cdk_factory/stack_library/security_group/security_group_full_stack.py CHANGED Viewed

@@ -1,7 +1,7 @@
 from typing import Dict, Any, List, Optional
 import aws_cdk as cdk
-from aws_cdk import aws_ec2 as ec2
+from aws_cdk import aws_ec2 as ec2, aws_ssm as ssm
 from aws_lambda_powertools import Logger
 from constructs import Construct
@@ -31,6 +31,8 @@ class SecurityGroupsStack(IStack):
         # Flag to determine if we're in test mode
         self._test_mode = False
         self._vpc = None
+        # SSM imported values
+        self.ssm_imported_values: Dict[str, str] = {}
     def build(
         self,
@@ -57,6 +59,9 @@ class SecurityGroupsStack(IStack):
             deployment=deployment,
         )
+        # Process SSM imports first
+        self._process_ssm_imports()
         env_name = self.deployment.environment
         # =========================================================
@@ -220,17 +225,65 @@ class SecurityGroupsStack(IStack):
             export_name=f"{self.deployment.environment}-{self.workload.name}-WebMonitoringSecurityGroup",
         )
+    def _process_ssm_imports(self) -> None:
+        """
+        Process SSM imports from configuration.
+        Follows the same pattern as API Gateway and CloudFront stacks.
+        """
+        ssm_imports = self.sg_config.ssm_imports
+        if not ssm_imports:
+            logger.debug("No SSM imports configured for Security Groups")
+            return
+        logger.info(f"Processing {len(ssm_imports)} SSM imports for Security Groups")
+        for param_key, param_path in ssm_imports.items():
+            try:
+                # Ensure parameter path starts with /
+                if not param_path.startswith('/'):
+                    param_path = f"/{param_path}"
+                # Create unique construct ID from parameter path
+                construct_id = f"ssm-import-{param_key}-{hash(param_path) % 10000}"
+                # Import SSM parameter - this creates a CDK token that resolves at deployment time
+                param = ssm.StringParameter.from_string_parameter_name(
+                    self, construct_id, param_path
+                )
+                # Store the token value for use in configuration
+                self.ssm_imported_values[param_key] = param.string_value
+                logger.info(f"Imported SSM parameter: {param_key} from {param_path}")
+            except Exception as e:
+                logger.error(f"Failed to import SSM parameter {param_key} from {param_path}: {e}")
+                raise
     @property
     def vpc(self) -> ec2.IVpc:
         """Get the VPC for the Security Group"""
         if self._vpc:
             return self._vpc
-        if self.sg_config.vpc_id:
+        # Check SSM imported values first (tokens from SSM parameters)
+        if "vpc_id" in self.ssm_imported_values:
+            vpc_id = self.ssm_imported_values["vpc_id"]
+            # Build VPC attributes
+            vpc_attrs = {
+                "vpc_id": vpc_id,
+                "availability_zones": ["us-east-1a", "us-east-1b"]
+            }
+            # Use from_vpc_attributes() instead of from_lookup() because SSM imports return tokens
+            # from_lookup() requires concrete values and queries AWS during synthesis
+            self._vpc = ec2.Vpc.from_vpc_attributes(self, "VPC", **vpc_attrs)
+        elif self.sg_config.vpc_id:
             self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.sg_config.vpc_id)
         elif self.workload.vpc_id:
             self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.workload.vpc_id)
         else:
-            raise ValueError("VPC ID is not defined in the configuration.")
+            raise ValueError("VPC ID is not defined in the configuration or SSM imports.")
         return self._vpc

cdk_factory/stack_library/vpc/vpc_stack.py CHANGED Viewed

@@ -88,6 +88,23 @@ class VpcStack(IStack, EnhancedSsmParameterMixin):
         # Configure NAT gateways
         nat_gateway_count = self.vpc_config.nat_gateways.get("count", 1)
+        # Get explicit availability zones to avoid dummy AZs in pipeline synthesis
+        # When CDK synthesizes in a pipeline context, it doesn't have access to real AZs
+        # So we explicitly specify them based on the deployment region
+        availability_zones = None
+        if self.deployment:
+            region = self.deployment.region or "us-east-1"
+            # Explicitly list AZs for the region to avoid dummy values
+            max_azs = self.vpc_config.max_azs or 2
+            if region == "us-east-1":
+                availability_zones = [f"us-east-1{chr(97+i)}" for i in range(max_azs)]  # us-east-1a, us-east-1b, etc.
+            elif region == "us-east-2":
+                availability_zones = [f"us-east-2{chr(97+i)}" for i in range(max_azs)]
+            elif region == "us-west-1":
+                availability_zones = [f"us-west-1{chr(97+i)}" for i in range(max_azs)]
+            elif region == "us-west-2":
+                availability_zones = [f"us-west-2{chr(97+i)}" for i in range(max_azs)]
         # Create the VPC
         vpc = ec2.Vpc(
             self,
@@ -95,6 +112,7 @@ class VpcStack(IStack, EnhancedSsmParameterMixin):
             vpc_name=vpc_name,
             cidr=self.vpc_config.cidr,
             max_azs=self.vpc_config.max_azs,
+            availability_zones=availability_zones,  # Explicitly specify AZs
             nat_gateways=nat_gateway_count,
             subnet_configuration=subnet_configuration,
             enable_dns_hostnames=self.vpc_config.enable_dns_hostnames,

cdk_factory/version.py CHANGED Viewed

	@@ -1 +1 @@
1	- __version__ = "0.15.0"
1	+ __version__ = "0.15.2"

{cdk_factory-0.15.0.dist-info → cdk_factory-0.15.2.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cdk_factory
-Version: 0.15.0
+Version: 0.15.2
 Summary: CDK Factory. A QuickStarter and best practices setup for CDK projects
 Author-email: Eric Wilson <eric.wilson@geekcafe.com>
 License: MIT License

{cdk_factory-0.15.0.dist-info → cdk_factory-0.15.2.dist-info}/RECORD RENAMED Viewed

@@ -2,7 +2,7 @@ cdk_factory/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cdk_factory/app.py,sha256=RnX0-pwdTAPAdKJK_j13Zl8anf9zYKBwboR0KA8K8xM,10346
 cdk_factory/cdk.json,sha256=SKZKhJ2PBpFH78j-F8S3VDYW-lf76--Q2I3ON-ZIQfw,3106
 cdk_factory/cli.py,sha256=FGbCTS5dYCNsfp-etshzvFlGDCjC28r6rtzYbe7KoHI,6407
-cdk_factory/version.py,sha256=wGIgxINRfcIKyk0LjIbc9UF9UwuclyCQZv_axTUzwNw,23
+cdk_factory/version.py,sha256=BOC5JUFbzkhCG96hrOtH7kEDXF3aNOg4kZ97OzGzruI,23
 cdk_factory/builds/README.md,sha256=9BBWd7bXpyKdMU_g2UljhQwrC9i5O_Tvkb6oPvndoZk,90
 cdk_factory/commands/command_loader.py,sha256=QbLquuP_AdxtlxlDy-2IWCQ6D-7qa58aphnDPtp_uTs,3744
 cdk_factory/configurations/base_config.py,sha256=JKjhNsy0RCUZy1s8n5D_aXXI-upR9izaLtCTfKYiV9k,9624
@@ -38,16 +38,16 @@ cdk_factory/configurations/resources/lambda_layers.py,sha256=gVeP_-LC3Eq0lkPaG_J
 cdk_factory/configurations/resources/lambda_triggers.py,sha256=MD7cdMNKEulNBhtMLIFnWJuJ5R-yyIqa0LHUgbSQerA,834
 cdk_factory/configurations/resources/load_balancer.py,sha256=DHVKuEDaTfbB0UKYBt7UQQCPCM4FY-ThT1T52lcwg_E,4897
 cdk_factory/configurations/resources/monitoring.py,sha256=zsfDMa7yph33Ql8iP7lIqqLAyixh-Mesi0imtZJFdcE,2310
-cdk_factory/configurations/resources/rds.py,sha256=-ccbd_rcOBIcI1ipZz2W3aRVRGyjQ-MSOaoznPNl_UI,4459
+cdk_factory/configurations/resources/rds.py,sha256=NhXOPTqjfOZhJWyNd0yhBnkk1J0VOPgNLe6VldaJe6k,4628
 cdk_factory/configurations/resources/resource_mapping.py,sha256=cwv3n63RJ6E59ErsmSTdkW4i-g8huhHtKI0ExbRhJxA,2182
 cdk_factory/configurations/resources/resource_naming.py,sha256=VE9S2cpzp11qqPL2z1sX79wXH0o1SntO2OG74nEmWC8,5508
 cdk_factory/configurations/resources/resource_types.py,sha256=1WQHyDoErb-M-tETZZzyLDtbq_jdC85-I403dM48pgE,2317
-cdk_factory/configurations/resources/route53.py,sha256=hmKKjn1Elyj1iz58cnhgMBPPN4d0RKUuz9dNwFFuwik,3142
+cdk_factory/configurations/resources/route53.py,sha256=FwfAL90amoQqn7DSGcIprlfNhbJ08T80joplxLg99Ko,3453
 cdk_factory/configurations/resources/route53_hosted_zone.py,sha256=qjEYPCSxSOx5blr9EULv892ezxkCs--yrLa1ngWbyXM,880
 cdk_factory/configurations/resources/rum.py,sha256=5aNLhyJEl97spby2gEV59RsMIQpUto2hGh1DeSyIp_I,5149
 cdk_factory/configurations/resources/s3.py,sha256=LBwTOZ4tOxNbgiu1fFGHOTyF5jlzeVphc_9VAqNw8zA,6042
 cdk_factory/configurations/resources/security_group.py,sha256=8kQtaaRVEn2aDm8XoC7QFh2mDOFbPbgobmssIuqU8MA,2259
-cdk_factory/configurations/resources/security_group_full_stack.py,sha256=x5MIMCa_olO7prFBKx9zVOfvsVdKo-2mWyhrCy27dFw,2031
+cdk_factory/configurations/resources/security_group_full_stack.py,sha256=J56ui5cR4ULcT-20LdK43UNXhcicB2M45Wl8Y9SIWCA,2202
 cdk_factory/configurations/resources/sqs.py,sha256=fAh2dqttJ6PX46enFRULuiLEu3TEj0Vb2xntAOgUpYE,4346
 cdk_factory/configurations/resources/vpc.py,sha256=sNn6w76bHFwmt6N76gZZhqpsuNB9860C1SZu6tebaXY,3835
 cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py,sha256=gFQw96rfSX7n3-YaK4AWyF2NNzJezgZpmnAcxZpmgxs,22036
@@ -86,7 +86,7 @@ cdk_factory/stack_library/aws_lambdas/lambda_stack.py,sha256=SFbBPvvCopbyiuYtq-O
 cdk_factory/stack_library/buckets/README.md,sha256=XkK3UNVtRLE7NtUvbhCOBBYUYi8hlrrSaI1s3GJVrqI,78
 cdk_factory/stack_library/buckets/bucket_stack.py,sha256=SLoZqSffAqmeBBEVUQg54D_8Ad5UKdkjEAmKAVgAqQo,1778
 cdk_factory/stack_library/cloudfront/__init__.py,sha256=Zfx50q4xIJ4ZEoVIzUBDTKbRE9DKDM6iyVIFhtQXvww,153
-cdk_factory/stack_library/cloudfront/cloudfront_stack.py,sha256=-mw24FbvwLUzAa1NNKCKGFILZpNXtsuSdxNSNtEz6D8,26804
+cdk_factory/stack_library/cloudfront/cloudfront_stack.py,sha256=kBMWxHlB48aRcFGIX71mRso0tEuEaQxcTBr3YCJOr4s,30210
 cdk_factory/stack_library/code_artifact/code_artifact_stack.py,sha256=vySYIjWGTdVfMcUOyJdW6gTL1maHWq9ThzfrN_rVL5A,6290
 cdk_factory/stack_library/cognito/cognito_stack.py,sha256=zEHkKVCIeyZywPs_GIMXCXyCux9RAKdl5kba3wy8wtQ,24608
 cdk_factory/stack_library/dynamodb/dynamodb_stack.py,sha256=TVyOrUhgaSuN8uymkpaQcpOaSA0lkYJ8QUMgakTCKus,6771
@@ -101,17 +101,17 @@ cdk_factory/stack_library/load_balancer/load_balancer_stack.py,sha256=t5JUe5lMUb
 cdk_factory/stack_library/monitoring/__init__.py,sha256=k1G_KDx47Aw0UugaL99PN_TKlyLK4nkJVApCaAK7GJg,153
 cdk_factory/stack_library/monitoring/monitoring_stack.py,sha256=N_1YvEXE7fboH_S3kv_dSKZsufxMuPdFMjGzlNFpuSo,19283
 cdk_factory/stack_library/rds/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cdk_factory/stack_library/rds/rds_stack.py,sha256=-IQFmacO_UgedAN72Uo0ZGlcmqGcDinr3tquBdhQZXw,8559
+cdk_factory/stack_library/rds/rds_stack.py,sha256=jvG3mcz5CQHv2NV-KwjGX8XgxtPiixRQTdBtaLb6sw4,12161
 cdk_factory/stack_library/route53/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cdk_factory/stack_library/route53/route53_stack.py,sha256=R-6DW7gIjeg25uBT5ZMLNDiQUOSZMipc-Tw6f8POVvI,8081
 cdk_factory/stack_library/rum/__init__.py,sha256=gUrWQdzd4rZ2J0YzAQC8PsEGAS7QgyYjB2ZCUKWasy4,90
 cdk_factory/stack_library/rum/rum_stack.py,sha256=OvQ6tsjYcXS8adqU_Xh0A_VKdnPtQnij4cG67nNqSVo,13611
 cdk_factory/stack_library/security_group/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cdk_factory/stack_library/security_group/security_group_full_stack.py,sha256=x3gpSi-DzV8aOqFYpPVDWqpCk-236xX2RVKCANpaNLI,8530
+cdk_factory/stack_library/security_group/security_group_full_stack.py,sha256=zu-xrz2KuojJGoN4-sTzD14sT9DwYaJpgwFl3wPiNXw,10907
 cdk_factory/stack_library/security_group/security_group_stack.py,sha256=2zxd5ozgQ4GP0xi-Ni7SyChtEAOzC0nXeGz78DPXwPg,14445
 cdk_factory/stack_library/simple_queue_service/sqs_stack.py,sha256=jJksWrvrvgZUMM01RZ317DOIxqIJbkYYSYu38w0jHpc,6039
 cdk_factory/stack_library/vpc/__init__.py,sha256=7pIqP97Gf2AJbv9Ebp1WbQGHYhgEbWJ52L1MzeXBybA,42
-cdk_factory/stack_library/vpc/vpc_stack.py,sha256=zdDiGilf03esxuya5Z8zVYSVMAIuZBeD-ZKgfnEd6aw,10077
+cdk_factory/stack_library/vpc/vpc_stack.py,sha256=xZj_CzEF-41qgAIdHwsc_PUZaYPDuA6ZKY_rHumUMXY,11187
 cdk_factory/stack_library/websites/static_website_stack.py,sha256=hcdZQxyhupCy7n7UpNaX8egc2oI9TrssyOufj-oJuo8,10343
 cdk_factory/stages/websites/static_website_stage.py,sha256=X4fpKXkhb0zIbSHx3QyddBhVSLBryb1vf1Cg2fMTqog,755
 cdk_factory/templates/README.md,sha256=ATBEjG6beYvbEAdLtZ_8xnxgFD5X0cgZoI_6pToqH90,2679
@@ -129,8 +129,8 @@ cdk_factory/utilities/lambda_function_utilities.py,sha256=S1GvBsY_q2cyUiaud3HORJ
 cdk_factory/utilities/os_execute.py,sha256=5Op0LY_8Y-pUm04y1k8MTpNrmQvcLmQHPQITEP7EuSU,1019
 cdk_factory/utils/api_gateway_utilities.py,sha256=If7Xu5s_UxmuV-kL3JkXxPLBdSVUKoLtohm0IUFoiV8,4378
 cdk_factory/workload/workload_factory.py,sha256=mM8GU_5mKq_0OyK060T3JrUSUiGAcKf0eqNlT9mfaws,6028
-cdk_factory-0.15.0.dist-info/METADATA,sha256=Da_9MBQTbK6XRX6OrC1ooR-ixBJLcfuTqmyg-dqQeVc,2451
-cdk_factory-0.15.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-cdk_factory-0.15.0.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
-cdk_factory-0.15.0.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
-cdk_factory-0.15.0.dist-info/RECORD,,
+cdk_factory-0.15.2.dist-info/METADATA,sha256=JZqZG24TGyyJmJ6pWhDVifi1pONKJD38RAxFS4V6WTc,2451
+cdk_factory-0.15.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+cdk_factory-0.15.2.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
+cdk_factory-0.15.2.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
+cdk_factory-0.15.2.dist-info/RECORD,,

{cdk_factory-0.15.0.dist-info → cdk_factory-0.15.2.dist-info}/WHEEL RENAMED Viewed

File without changes

{cdk_factory-0.15.0.dist-info → cdk_factory-0.15.2.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{cdk_factory-0.15.0.dist-info → cdk_factory-0.15.2.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

cdk-factory 0.15.0__py3-none-any.whl → 0.15.2__py3-none-any.whl

Potentially problematic release.

cdk-factory 0.15.0py3-none-any.whl → 0.15.2py3-none-any.whl