cdk-factory 0.15.10__py3-none-any.whl → 0.18.9__py3-none-any.whl

cdk_factory/stack_library/auto_scaling/auto_scaling_stack.py

@@ -1,5 +1,5 @@
 """
-Auto Scaling Group Stack Pattern for CDK-Factory
+Auto Scaling Group Stack Pattern for CDK-Factory (Standardized SSM Version)
 Maintainers: Eric Wilson
 MIT License.  See Project Root for the license information.
 """
@@ -12,7 +12,8 @@ from aws_cdk import aws_autoscaling as autoscaling
 from aws_cdk import aws_cloudwatch as cloudwatch
 from aws_cdk import aws_iam as iam
 from aws_cdk import aws_ssm as ssm
-from aws_cdk import Duration
+from aws_cdk import aws_ecs as ecs
+from aws_cdk import Duration, Stack
 from aws_lambda_powertools import Logger
 from constructs import Construct
 
@@ -20,23 +21,39 @@ from cdk_factory.configurations.deployment import DeploymentConfig
 from cdk_factory.configurations.stack import StackConfig
 from cdk_factory.configurations.resources.auto_scaling import AutoScalingConfig
 from cdk_factory.interfaces.istack import IStack
-from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import EnhancedSsmParameterMixin
+from cdk_factory.interfaces.vpc_provider_mixin import VPCProviderMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.workload.workload_factory import WorkloadConfig
 
-logger = Logger(service="AutoScalingStack")
+logger = Logger(service="AutoScalingStackStandardized")
 
 
 @register_stack("auto_scaling_library_module")
 @register_stack("auto_scaling_stack")
-class AutoScalingStack(IStack, EnhancedSsmParameterMixin):
+class AutoScalingStack(IStack, VPCProviderMixin, StandardizedSsmMixin):
     """
-    Reusable stack for AWS Auto Scaling Groups.
-    Supports creating EC2 Auto Scaling Groups with customizable configurations.
+    Reusable stack for AWS Auto Scaling Groups with standardized SSM integration.
+    
+    This version uses the StandardizedSsmMixin to provide consistent SSM parameter
+    handling across all CDK Factory modules.
+    
+    Key Features:
+    - Standardized SSM import/export patterns
+    - Template variable resolution
+    - Comprehensive validation
+    - Clear error handling
+    - Backward compatibility
     """
 
     def __init__(self, scope: Construct, id: str, **kwargs) -> None:
+        # Initialize parent classes properly
         super().__init__(scope, id, **kwargs)
+        
+        # Initialize VPC cache from mixin
+        self._initialize_vpc_cache()
+        
+        # Initialize module attributes
         self.asg_config = None
         self.stack_config = None
         self.deployment = None
@@ -46,7 +63,8 @@ class AutoScalingStack(IStack, EnhancedSsmParameterMixin):
         self.launch_template = None
         self.instance_role = None
         self.user_data = None
-        self._vpc = None
+        self.user_data_commands = []  # Store raw commands for ECS cluster detection
+        self.ecs_cluster = None
 
     def build(
         self,
@@ -73,111 +91,133 @@ class AutoScalingStack(IStack, EnhancedSsmParameterMixin):
         )
         asg_name = deployment.build_resource_name(self.asg_config.name)
 
-        # Get VPC and security groups
+        # Setup standardized SSM integration
+        self.setup_ssm_integration(
+            scope=self,
+            config=self.asg_config,
+            resource_type="auto_scaling",
+            resource_name=asg_name,
+            deployment=deployment,
+            workload=workload
+        )
+
+        # Process SSM imports using standardized method
+        self.process_ssm_imports()
+
+        # Get security groups using standardized approach
         self.security_groups = self._get_security_groups()
 
         # Create IAM role for instances
         self.instance_role = self._create_instance_role(asg_name)
 
-        # Create user data
+        # Create VPC once to be reused by both ECS cluster and ASG
+        self._vpc = None  # Store VPC for reuse
+
+        # Create ECS cluster if ECS configuration is detected
+        self.ecs_cluster = self._create_ecs_cluster_if_needed()
+
+        # Create user data (after ECS cluster so it can reference it)
         self.user_data = self._create_user_data()
 
         # Create launch template
         self.launch_template = self._create_launch_template(asg_name)
 
-        # Create auto scaling group
+        # Create Auto Scaling Group
         self.auto_scaling_group = self._create_auto_scaling_group(asg_name)
 
-        # Configure scaling policies
-        self._configure_scaling_policies()
-
-        # Add outputs
-        self._add_outputs(asg_name)
-
-    @property
-    def vpc(self) -> ec2.IVpc:
-        """Get the VPC for the Auto Scaling Group"""
-        # Assuming VPC is provided by the workload
-
-        if self._vpc:
-            return self._vpc
-
-        elif self.asg_config.vpc_id:
-            self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.asg_config.vpc_id)
-        elif self.workload.vpc_id:
-            self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.workload.vpc_id)
-        else:
-            # Use default VPC if not provided
-            raise ValueError(
-                "VPC is not defined in the configuration.  "
-                "You can provide it a the auto_scaling.vpc_id in the configuration "
-                "or a top level workload.vpc_id in the workload configuration."
-            )
-
-        return self._vpc
-
-    def _get_target_group_arns(self) -> List[str]:
-        """Get target group ARNs from SSM imports"""
-        target_group_arns = []
-
-        # Import target group ARNs using the SSM import pattern
-        imported_values = self.import_resources_from_ssm(
-            scope=self,
-            config=self.asg_config,
-            resource_name=self.asg_config.name,
-            resource_type="auto-scaling",
-        )
+        # Add scaling policies
+        self._add_scaling_policies()
+        
+        # Add update policy
+        self._add_update_policy()
 
-        # Look for target group ARN imports
-        for key, value in imported_values.items():
-            if "target_group" in key and "arn" in key:
-                target_group_arns.append(value)
+        # Export SSM parameters
+        self._export_ssm_parameters()
 
-        # see if we have any directly defined in the config
-        if self.asg_config.target_group_arns:
-            for arn in self.asg_config.target_group_arns:
-                logger.info(f"Adding target group ARN: {arn}")
-                target_group_arns.append(arn)
+        logger.info(f"Auto Scaling Group {asg_name} built successfully")
 
-        return target_group_arns
-
-    def _attach_target_groups(self, asg: autoscaling.AutoScalingGroup) -> None:
-        """Attach the Auto Scaling Group to target groups"""
-        target_group_arns = self._get_target_group_arns()
-
-        if not target_group_arns:
-            logger.warning("No target group ARNs found for Auto Scaling Group")
-            print(
-                "⚠️ No target group ARNs found for Auto Scaling Group.  Nothing will be attached."
-            )
-            return
-
-        # Get the underlying CloudFormation resource to add target group ARNs
-        cfn_asg = asg.node.default_child
-        cfn_asg.add_property_override("TargetGroupARNs", target_group_arns)
+    def _get_ssm_imports(self) -> Dict[str, Any]:
+        """Get SSM imports from standardized mixin processing"""
+        return self.get_all_ssm_imports()
 
     def _get_security_groups(self) -> List[ec2.ISecurityGroup]:
-        """Get security groups for the Auto Scaling Group"""
+        """
+        Get security groups for the Auto Scaling Group using standardized SSM imports.
+        
+        Returns:
+            List of security group references
+        """
         security_groups = []
-        for sg_id in self.asg_config.security_group_ids:
-            # if the security group id contains a comma, it is a list of security group ids
-            if "," in sg_id:
-                blocks = sg_id.split(",")
-                for block in blocks:
+        
+        # Primary method: Use standardized SSM imports
+        ssm_imports = self._get_ssm_imports()
+        if "security_group_ids" in ssm_imports:
+            imported_sg_ids = ssm_imports["security_group_ids"]
+            if isinstance(imported_sg_ids, list):
+                for idx, sg_id in enumerate(imported_sg_ids):
                     security_groups.append(
                         ec2.SecurityGroup.from_security_group_id(
-                            self, f"SecurityGroup-{block}", block
+                            self, f"SecurityGroup-SSM-{idx}", sg_id
                         )
                     )
+                logger.info(f"Added {len(imported_sg_ids)} security groups from SSM imports")
             else:
-                # TODO: add some additional checks to make it more robust
                 security_groups.append(
                     ec2.SecurityGroup.from_security_group_id(
-                        self, f"SecurityGroup-{sg_id}", sg_id
+                        self, f"SecurityGroup-SSM-0", imported_sg_ids
                     )
                 )
+                logger.info(f"Added security group from SSM imports")
+        
+        # Fallback: Check for direct configuration (backward compatibility)
+        elif self.asg_config.security_group_ids:
+            logger.warning("Using direct security group configuration - consider migrating to SSM imports")
+            for idx, sg_id in enumerate(self.asg_config.security_group_ids):
+                logger.info(f"Adding security group from direct config: {sg_id}")
+                # Handle comma-separated security group IDs
+                if "," in sg_id:
+                    blocks = sg_id.split(",")
+                    for block_idx, block in enumerate(blocks):
+                        security_groups.append(
+                            ec2.SecurityGroup.from_security_group_id(
+                                self, f"SecurityGroup-Direct-{idx}-{block_idx}", block.strip()
+                            )
+                        )
+                else:
+                    security_groups.append(
+                        ec2.SecurityGroup.from_security_group_id(
+                            self, f"SecurityGroup-Direct-{idx}", sg_id
+                        )
+                    )
+        else:
+            logger.warning("No security groups found from SSM imports or direct configuration")
+        
         return security_groups
 
+    def _get_vpc_id(self) -> str:
+        """
+        Get VPC ID using the centralized VPC provider mixin.
+        """
+        # Use the centralized VPC resolution from VPCProviderMixin
+        vpc = self.resolve_vpc(
+            config=self.asg_config,
+            deployment=self.deployment,
+            workload=self.workload
+        )
+        return vpc.vpc_id
+
+    def _get_subnet_ids(self) -> List[str]:
+        """
+        Get subnet IDs using standardized SSM approach.
+        """
+        # Primary method: Use standardized SSM imports
+        # ssm_imports = self._get_ssm_imports()
+
+        subnet_ids = self.get_subnet_ids(self.asg_config)
+        
+        return subnet_ids
+       
+
     def _create_instance_role(self, asg_name: str) -> iam.Role:
         """Create IAM role for EC2 instances"""
         role = iam.Role(
@@ -193,380 +233,298 @@ class AutoScalingStack(IStack, EnhancedSsmParameterMixin):
                 iam.ManagedPolicy.from_aws_managed_policy_name(policy_name)
             )
 
-        # Add inline policies (for custom permissions like S3 bucket access)
-        for policy_config in self.asg_config.iam_inline_policies:
-            policy_name = policy_config.get("name", "CustomPolicy")
-            statements = policy_config.get("statements", [])
-            
-            if not statements:
-                logger.warning(f"No statements found for inline policy {policy_name}, skipping")
-                continue
-            
-            # Build policy statements
-            policy_statements = []
-            for stmt in statements:
-                effect = iam.Effect.ALLOW if stmt.get("effect", "Allow") == "Allow" else iam.Effect.DENY
-                actions = stmt.get("actions", [])
-                resources = stmt.get("resources", [])
-                
-                if not actions or not resources:
-                    logger.warning(f"Incomplete statement in policy {policy_name}, skipping")
-                    continue
-                
-                policy_statements.append(
-                    iam.PolicyStatement(
-                        effect=effect,
-                        actions=actions,
-                        resources=resources
-                    )
-                )
-            
-            if policy_statements:
-                role.add_to_principal_policy(policy_statements[0])
-                for stmt in policy_statements[1:]:
-                    role.add_to_principal_policy(stmt)
-                
-                logger.info(f"Added inline policy {policy_name} with {len(policy_statements)} statements")
-
+        logger.info(f"Created instance role: {role.role_name}")
         return role
 
     def _create_user_data(self) -> ec2.UserData:
         """Create user data for EC2 instances"""
         user_data = ec2.UserData.for_linux()
+        
+        # Add basic setup commands
+        user_data.add_commands(
+            "#!/bin/bash",
+            "yum update -y",
+            "yum install -y aws-cfn-bootstrap",
+        )
 
-        # Add base commands
-        user_data.add_commands("set -euxo pipefail")
-
-        # Add custom commands from config
-        for command in self.asg_config.user_data_commands:
-            user_data.add_commands(command)
-
-        # Add user data scripts from files (with variable substitution)
-        if self.asg_config.user_data_scripts:
-            self._add_user_data_scripts_from_files(user_data)
-
-        # Add container configuration if specified
-        container_config = self.asg_config.container_config
-        if container_config:
-            self._add_container_user_data(user_data, container_config)
+        # Add user data commands from configuration
+        if self.asg_config.user_data_commands:
+            # Process template variables in user data commands
+            processed_commands = []
+            ssm_imports = self._get_ssm_imports()
+            for command in self.asg_config.user_data_commands:
+                processed_command = command
+                # Substitute SSM-imported values
+                if "cluster_name" in ssm_imports and "{{cluster_name}}" in command:
+                    cluster_name = ssm_imports["cluster_name"]
+                    processed_command = command.replace("{{cluster_name}}", cluster_name)
+                processed_commands.append(processed_command)
+            
+            user_data.add_commands(*processed_commands)
+            self.user_data_commands = processed_commands
+
+        # Add ECS cluster configuration if needed
+        if self.ecs_cluster:
+            # Use the SSM-imported cluster name if available, otherwise fallback to default format
+            ssm_imports = self._get_ssm_imports()
+            if "cluster_name" in ssm_imports:
+                cluster_name = ssm_imports["cluster_name"]
+                ecs_commands = [
+                    f"echo 'ECS_CLUSTER={cluster_name}' >> /etc/ecs/ecs.config",
+                    "systemctl restart ecs"
+                ]
+            else:
+                # Fallback to default naming pattern
+                ecs_commands = [
+                    "echo 'ECS_CLUSTER={}{}' >> /etc/ecs/ecs.config".format(
+                        self.deployment.workload_name, self.deployment.environment
+                    ),
+                    "systemctl restart ecs"
+                ]
+            user_data.add_commands(*ecs_commands)
 
+        logger.info(f"Created user data with {len(self.user_data_commands)} custom commands")
         return user_data
 
-    def _add_user_data_scripts_from_files(self, user_data: ec2.UserData) -> None:
-        """
-        Add user data scripts from external files with variable substitution.
-        Supports loading shell scripts and injecting them into user data with
-        placeholder replacement.
-        """
-        from pathlib import Path
-        
-        for script_config in self.asg_config.user_data_scripts:
-            script_type = script_config.get("type", "file")
+    def _get_or_create_vpc(self) -> ec2.Vpc:
+        """Get or create VPC for reuse across the stack"""
+        if self._vpc is None:
+            vpc_id = self._get_vpc_id()
+            subnet_ids = self._get_subnet_ids()
             
-            if script_type == "file":
-                # Load script from file
-                script_path = script_config.get("path")
-                if not script_path:
-                    logger.warning("Script path not specified, skipping")
-                    continue
-                
-                # Resolve path (relative to project root or absolute)
-                path = Path(script_path)
-                if not path.is_absolute():
-                    # Try relative to current working directory
-                    path = Path.cwd() / script_path
-                
-                if not path.exists():
-                    logger.warning(f"Script file not found: {path}, skipping")
-                    continue
-                
-                # Read script content
-                try:
-                    with open(path, 'r') as f:
-                        script_content = f.read()
-                except Exception as e:
-                    logger.error(f"Failed to read script file {path}: {e}")
-                    continue
-                    
-            elif script_type == "inline":
-                # Use inline script content
-                script_content = script_config.get("content", "")
-                if not script_content:
-                    logger.warning("Inline script content is empty, skipping")
-                    continue
-            else:
-                logger.warning(f"Unknown script type: {script_type}, skipping")
-                continue
-            
-            # Perform variable substitution
-            variables = script_config.get("variables", {})
-            for var_name, var_value in variables.items():
-                placeholder = f"{{{{{var_name}}}}}"  # {{VAR_NAME}}
-                script_content = script_content.replace(placeholder, str(var_value))
-            
-            # Add script to user data
-            # Split by lines and add each line as a command
-            for line in script_content.split('\n'):
-                if line.strip():  # Skip empty lines
-                    user_data.add_commands(line)
+            # Create VPC and subnets from imported values
+            self._vpc = ec2.Vpc.from_vpc_attributes(
+                self, "ImportedVPC",
+                vpc_id=vpc_id,
+                availability_zones=["us-east-1a", "us-east-1b"]  # Add required availability zones
+            )
             
-            logger.info(f"Added user data script from {script_type}: {script_config.get('path', 'inline')}")
-
-    def _add_container_user_data(
-        self, user_data: ec2.UserData, container_config: Dict[str, Any]
-    ) -> None:
-        """Add container-specific user data commands"""
-        # Install Docker
-        user_data.add_commands(
-            "dnf -y update", "dnf -y install docker jq", "systemctl enable --now docker"
-        )
+            # Create and store subnets if we have subnet IDs
+            self._subnets = []
+            if subnet_ids:
+                for i, subnet_id in enumerate(subnet_ids):
+                    subnet = ec2.Subnet.from_subnet_id(
+                        self, f"ImportedSubnet-{i}", subnet_id
+                    )
+                    self._subnets.append(subnet)
+            else:
+                # Use default subnets from VPC
+                self._subnets = self._vpc.public_subnets
+        
+        return self._vpc
 
-        # ECR configuration
-        if "ecr" in container_config:
-            ecr_config = container_config["ecr"]
-            user_data.add_commands(
-                f"ACCOUNT_ID={ecr_config.get('account_id', self.account)}",
-                f"REGION={ecr_config.get('region', self.region)}",
-                f"REPO={ecr_config.get('repo', 'app')}",
-                f"TAG={ecr_config.get('tag', 'latest')}",
-                "aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com",
-                "docker pull ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:${TAG}",
-            )
+    def _get_subnets(self) -> List[ec2.Subnet]:
+        """Get the subnets from the shared VPC"""
+        return getattr(self, '_subnets', [])
 
-        # Database configuration
-        if "database" in container_config:
-            db_config = container_config["database"]
-            secret_arn = db_config.get("secret_arn", "")
-            if secret_arn:
-                user_data.add_commands(
-                    f"DB_SECRET_ARN={secret_arn}",
-                    'if [ -n "$DB_SECRET_ARN" ]; then DB_JSON=$(aws secretsmanager get-secret-value --secret-id $DB_SECRET_ARN --query SecretString --output text --region $REGION); fi',
-                    'if [ -n "$DB_SECRET_ARN" ]; then DB_HOST=$(echo $DB_JSON | jq -r .host); DB_USER=$(echo $DB_JSON | jq -r .username); DB_PASS=$(echo $DB_JSON | jq -r .password); DB_NAME=$(echo $DB_JSON | jq -r .dbname); fi',
+    def _create_ecs_cluster_if_needed(self) -> Optional[ecs.Cluster]:
+        """Create ECS cluster if ECS configuration is detected"""
+        # Check if user data contains ECS configuration (use raw config since user_data_commands might not be set yet)
+        ecs_detected = False
+        if self.asg_config.user_data_commands:
+            ecs_detected = any("ECS_CLUSTER" in cmd for cmd in self.asg_config.user_data_commands)
+        
+        if ecs_detected:
+            ssm_imports = self._get_ssm_imports()
+            if "cluster_name" in ssm_imports:
+                cluster_name = ssm_imports["cluster_name"]
+                
+                # Use the shared VPC
+                vpc = self._get_or_create_vpc()
+                
+                self.ecs_cluster = ecs.Cluster.from_cluster_attributes(
+                    self,
+                    "ImportedECSCluster",
+                    cluster_name=cluster_name,
+                    vpc=vpc
                 )
-
-        # Run container
-        if "run_command" in container_config:
-            user_data.add_commands(container_config["run_command"])
-        elif "ecr" in container_config:
-            port = container_config.get("port", 8080)
-            user_data.add_commands(
-                f"docker run -d --name app -p {port}:{port} "
-                '-e DB_HOST="$DB_HOST" -e DB_USER="$DB_USER" -e DB_PASS="$DB_PASS" -e DB_NAME="$DB_NAME" '
-                "--restart=always ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:${TAG}"
-            )
+                logger.info(f"Connected to existing ECS cluster: {cluster_name}")
+        
+        return self.ecs_cluster
 
     def _create_launch_template(self, asg_name: str) -> ec2.LaunchTemplate:
-        """Create launch template for the Auto Scaling Group"""
-        # Get AMI
-        ami = None
+        """Create launch template for Auto Scaling Group"""
+        
+        # Use the configured AMI ID or fall back to appropriate lookup
         if self.asg_config.ami_id:
-            ami = ec2.MachineImage.generic_linux({self.region: self.asg_config.ami_id})
-        else:
-            if self.asg_config.ami_type == "amazon-linux-2023":
-                ami = ec2.MachineImage.latest_amazon_linux2023()
-            elif self.asg_config.ami_type == "amazon-linux-2":
-                ami = ec2.MachineImage.latest_amazon_linux2()
-            else:
-                ami = ec2.MachineImage.latest_amazon_linux2023()
-
-        # Parse instance type
-        instance_type_str = self.asg_config.instance_type
-        instance_type = None
-
-        if "." in instance_type_str:
-            parts = instance_type_str.split(".")
-            if len(parts) == 2:
-                try:
-                    instance_class = ec2.InstanceClass[parts[0].upper()]
-                    instance_size = ec2.InstanceSize[parts[1].upper()]
-                    instance_type = ec2.InstanceType.of(instance_class, instance_size)
-                except (KeyError, ValueError):
-                    instance_type = ec2.InstanceType(instance_type_str)
+            # Use explicit AMI ID provided by user
+            machine_image = ec2.MachineImage.lookup(name=self.asg_config.ami_id)
+        elif self.asg_config.ami_type:
+            # Use AMI type for dynamic lookup
+            if self.asg_config.ami_type.upper() == "AMAZON-LINUX-2023":
+                machine_image = ec2.MachineImage.latest_amazon_linux2023()
+            elif self.asg_config.ami_type.upper() == "AMAZON-LINUX-2022":
+                machine_image = ec2.MachineImage.latest_amazon_linux2022()
+            elif self.asg_config.ami_type.upper() == "AMAZON-LINUX-2":
+                machine_image = ec2.MachineImage.latest_amazon_linux2()
+            elif self.asg_config.ami_type.upper() == "ECS_OPTIMIZED":
+                # Use actual ECS-optimized AMI (Amazon Linux 2 based)
+                machine_image = ec2.MachineImage.lookup(name="amzn2-ami-ecs-hvm-*-x86_64-ebs")
             else:
-                instance_type = ec2.InstanceType(instance_type_str)
+                # Default to latest Amazon Linux
+                machine_image = ec2.MachineImage.latest_amazon_linux2023()
         else:
-            instance_type = ec2.InstanceType(instance_type_str)
-
-        # Create block device mappings
-        block_devices = []
-        for device in self.asg_config.block_devices:
-            block_devices.append(
-                ec2.BlockDevice(
-                    device_name=device.get("device_name", "/dev/xvda"),
-                    volume=ec2.BlockDeviceVolume.ebs(
-                        volume_size=device.get("volume_size", 8),
-                        volume_type=ec2.EbsDeviceVolumeType(
-                            str(device.get("volume_type", "gp3")).upper()
-                        ),
-                        delete_on_termination=device.get("delete_on_termination", True),
-                        encrypted=device.get("encrypted", True),
-                    ),
-                )
-            )
-
-        # Create launch template
+            # Default fallback
+            machine_image = ec2.MachineImage.latest_amazon_linux2023()
+        
         launch_template = ec2.LaunchTemplate(
             self,
             f"{asg_name}-LaunchTemplate",
-            machine_image=ami,
-            instance_type=instance_type,
+            instance_type=ec2.InstanceType(self.asg_config.instance_type),
+            machine_image=machine_image,
             role=self.instance_role,
-            security_group=self.security_groups[0] if self.security_groups else None,
             user_data=self.user_data,
+            security_group=self.security_groups[0] if self.security_groups else None,
+            key_name=self.asg_config.key_name,
             detailed_monitoring=self.asg_config.detailed_monitoring,
-            block_devices=block_devices if block_devices else None,
+            block_devices=[
+                ec2.BlockDevice(
+                    device_name=block_device.get("device_name", "/dev/xvda"),
+                    volume=ec2.BlockDeviceVolume.ebs(
+                        volume_size=block_device.get("volume_size", 8),
+                        volume_type=getattr(ec2.EbsDeviceVolumeType, block_device.get("volume_type", "GP3").upper()),
+                        delete_on_termination=block_device.get("delete_on_termination", True),
+                        encrypted=block_device.get("encrypted", False),
+                    )
+                ) for block_device in self.asg_config.block_devices
+            ] if self.asg_config.block_devices else None,
         )
 
+        logger.info(f"Created launch template: {launch_template.launch_template_name}")
         return launch_template
 
     def _create_auto_scaling_group(self, asg_name: str) -> autoscaling.AutoScalingGroup:
-        """Create the Auto Scaling Group"""
-        # Configure subnet selection
-        subnet_group_name = self.asg_config.subnet_group_name
-        subnets = ec2.SubnetSelection(subnet_group_name=subnet_group_name)
-
-        # Configure health check
-        health_check_type = autoscaling.HealthCheck.ec2()
-        if self.asg_config.health_check_type.upper() == "ELB":
-            health_check_type = autoscaling.HealthCheck.elb(
-                grace=Duration.seconds(self.asg_config.health_check_grace_period)
-            )
+        """Create Auto Scaling Group"""
+        # Use the shared VPC and subnets
+        vpc = self._get_or_create_vpc()
+        subnets = self._get_subnets()
 
-        # Create Auto Scaling Group
-        asg = autoscaling.AutoScalingGroup(
+        auto_scaling_group = autoscaling.AutoScalingGroup(
             self,
-            asg_name,
-            vpc=self.vpc,
-            vpc_subnets=subnets,
+            f"{asg_name}-ASG",
+            vpc=vpc,
+            vpc_subnets=ec2.SubnetSelection(subnets=subnets),
+            launch_template=self.launch_template,
             min_capacity=self.asg_config.min_capacity,
             max_capacity=self.asg_config.max_capacity,
             desired_capacity=self.asg_config.desired_capacity,
-            launch_template=self.launch_template,
-            health_check=health_check_type,
-            cooldown=Duration.seconds(self.asg_config.cooldown),
+            health_check=autoscaling.HealthCheck.elb(
+                grace=cdk.Duration.seconds(self.asg_config.health_check_grace_period)
+            ) if self.asg_config.health_check_type.upper() == "ELB" else autoscaling.HealthCheck.ec2(
+                grace=cdk.Duration.seconds(self.asg_config.health_check_grace_period)
+            ),
+            cooldown=cdk.Duration.seconds(self.asg_config.cooldown),
             termination_policies=[
-                autoscaling.TerminationPolicy(policy)
+                getattr(autoscaling.TerminationPolicy, policy.upper()) 
                 for policy in self.asg_config.termination_policies
             ],
         )
 
-        # Attach to target groups after ASG creation
-        self._attach_target_groups(asg)
-
-        # Configure update policy
-        # Only apply update policy if it was explicitly configured
-        if "update_policy" in self.stack_config.dictionary.get("auto_scaling", {}):
-            update_policy = self.asg_config.update_policy
-            # Apply the update policy to the ASG's CloudFormation resource
-            cfn_asg = asg.node.default_child
-            cfn_asg.add_override(
-                "UpdatePolicy",
-                {
-                    "AutoScalingRollingUpdate": {
-                        "MinInstancesInService": update_policy.get(
-                            "min_instances_in_service", 1
-                        ),
-                        "MaxBatchSize": update_policy.get("max_batch_size", 1),
-                        "PauseTime": f"PT{update_policy.get('pause_time', 300) // 60}M",
-                    }
-                },
-            )
+        # Attach target groups if configured
+        self._attach_target_groups(auto_scaling_group)
 
-        # Add tags
-        for key, value in self.asg_config.tags.items():
-            cdk.Tags.of(asg).add(key, value)
+        logger.info(f"Created Auto Scaling Group: {asg_name}")
+        return auto_scaling_group
 
-        return asg
+    def _attach_target_groups(self, asg: autoscaling.AutoScalingGroup) -> None:
+        """Attach the Auto Scaling Group to target groups"""
+        target_group_arns = self._get_target_group_arns()
 
-    def _configure_scaling_policies(self) -> None:
-        """Configure scaling policies for the Auto Scaling Group"""
-        for policy in self.asg_config.scaling_policies:
-            policy_type = policy.get("type", "target_tracking")
+        if not target_group_arns:
+            logger.warning("No target group ARNs found for Auto Scaling Group")
+            return
 
-            if policy_type == "target_tracking":
-                self.auto_scaling_group.scale_on_metric(
-                    f"{self.asg_config.name}-{policy.get('name', 'scaling-policy')}",
-                    metric=self._get_metric(policy),
-                    scaling_steps=self._get_scaling_steps(policy),
-                    adjustment_type=autoscaling.AdjustmentType.CHANGE_IN_CAPACITY,
-                )
-            elif policy_type == "step":
-                self.auto_scaling_group.scale_on_metric(
-                    f"{self.asg_config.name}-{policy.get('name', 'scaling-policy')}",
-                    metric=self._get_metric(policy),
-                    scaling_steps=self._get_scaling_steps(policy),
-                    adjustment_type=autoscaling.AdjustmentType.CHANGE_IN_CAPACITY,
-                )
+        # Get the underlying CloudFormation resource to add target group ARNs
+        cfn_asg = asg.node.default_child
+        cfn_asg.add_property_override("TargetGroupARNs", target_group_arns)
 
-    def _get_metric(self, policy: Dict[str, Any]) -> cloudwatch.Metric:
-        """Get metric for scaling policy"""
-        # This is a simplified implementation
-        # In a real-world scenario, you would use CloudWatch metrics
-        return cloudwatch.Metric(
-            namespace="AWS/EC2",
-            metric_name=policy.get("metric_name", "CPUUtilization"),
-            dimensions_map={
-                "AutoScalingGroupName": self.auto_scaling_group.auto_scaling_group_name
-            },
-            statistic=policy.get("statistic", "Average"),
-            period=Duration.seconds(policy.get("period", 60)),
-        )
+    def _get_target_group_arns(self) -> List[str]:
+        """Get target group ARNs using standardized SSM approach"""
+        target_group_arns = []
+        
+        # Use standardized SSM imports
+        ssm_imports = self._get_ssm_imports()
+        if "target_group_arns" in ssm_imports:
+            imported_arns = ssm_imports["target_group_arns"]
+            if isinstance(imported_arns, list):
+                target_group_arns.extend(imported_arns)
+            else:
+                target_group_arns.append(imported_arns)
+        
+        # Fallback: Direct configuration
+        elif self.asg_config.target_group_arns:
+            target_group_arns.extend(self.asg_config.target_group_arns)
+        
+        return target_group_arns
 
-    def _get_scaling_steps(
-        self, policy: Dict[str, Any]
-    ) -> List[autoscaling.ScalingInterval]:
-        """Get scaling steps for scaling policy"""
-        steps = policy.get("steps", [])
-        scaling_intervals = []
-
-        for step in steps:
-            # Handle upper bound - if not specified, don't set it (let CDK handle it)
-            interval_kwargs = {
-                "lower": step.get("lower", 0),
-                "change": step.get("change", 1),
-            }
+    def _add_scaling_policies(self) -> None:
+        """Add scaling policies to the Auto Scaling Group"""
+        if not self.asg_config.scaling_policies:
+            return
 
-            # Only set upper if it's explicitly provided
-            if "upper" in step:
-                interval_kwargs["upper"] = step["upper"]
+        for policy_config in self.asg_config.scaling_policies:
+            if policy_config.get("type") == "target_tracking":
+                # Create a target tracking scaling policy for CPU utilization
+                scaling_policy = autoscaling.CfnScalingPolicy(
+                    self,
+                    "CPUScalingPolicy",
+                    auto_scaling_group_name=self.auto_scaling_group.auto_scaling_group_name,
+                    policy_type="TargetTrackingScaling",
+                    target_tracking_configuration=autoscaling.CfnScalingPolicy.TargetTrackingConfigurationProperty(
+                        target_value=policy_config.get("target_cpu", 70),
+                        predefined_metric_specification=autoscaling.CfnScalingPolicy.PredefinedMetricSpecificationProperty(
+                            predefined_metric_type="ASGAverageCPUUtilization"
+                        )
+                    )
+                )
+                logger.info("Added CPU utilization scaling policy")
 
-            scaling_intervals.append(autoscaling.ScalingInterval(**interval_kwargs))
+    def _add_update_policy(self) -> None:
+        """Add update policy to the Auto Scaling Group"""
+        update_policy = self.asg_config.update_policy
+        
+        if not update_policy:
+            # No update policy configured, don't add one
+            return
+            
+        # Get the underlying CloudFormation resource to add update policy
+        cfn_asg = self.auto_scaling_group.node.default_child
+        
+        # Get CDK's default policy first (if any)
+        default_policy = getattr(cfn_asg, 'update_policy', {})
+        
+        # Merge with defaults, then use the robust add_override method
+        merged_policy = {
+            **default_policy,  # Preserve CDK defaults
+            "AutoScalingRollingUpdate": {
+                "MinInstancesInService": update_policy.get("min_instances_in_service", 1),
+                "MaxBatchSize": update_policy.get("max_batch_size", 1),
+                "PauseTime": f"PT{update_policy.get('pause_time', 300)}S"
+            }
+        }
+        
+        # Use the robust CDK-documented approach
+        cfn_asg.add_override("UpdatePolicy", merged_policy)
+        
+        logger.info("Added rolling update policy to Auto Scaling Group")
 
-        return scaling_intervals
+    def _export_ssm_parameters(self) -> None:
+        """Export SSM parameters using standardized approach"""
+        if not self.auto_scaling_group:
+            logger.warning("No Auto Scaling Group to export")
+            return
 
-    def _add_outputs(self, asg_name: str) -> None:
-        """Add CloudFormation outputs for the Auto Scaling Group"""
-        if self.auto_scaling_group:
-            # Auto Scaling Group Name
-            cdk.CfnOutput(
-                self,
-                f"{asg_name}-name",
-                value=self.auto_scaling_group.auto_scaling_group_name,
-                export_name=f"{self.deployment.build_resource_name(asg_name)}-name",
-            )
+        # Prepare resource values for export
+        resource_values = {
+            "auto_scaling_group_name": self.auto_scaling_group.auto_scaling_group_name,
+            "auto_scaling_group_arn": self.auto_scaling_group.auto_scaling_group_arn,
+        }
 
-            # Auto Scaling Group ARN
-            cdk.CfnOutput(
-                self,
-                f"{asg_name}-arn",
-                value=self.auto_scaling_group.auto_scaling_group_arn,
-                export_name=f"{self.deployment.build_resource_name(asg_name)}-arn",
-            )
+        # Export using standardized SSM mixin
+        exported_params = self.export_ssm_parameters(resource_values)
+        
+        logger.info(f"Exported SSM parameters: {exported_params}")
 
-            # Launch Template ID
-            if self.launch_template:
-                cdk.CfnOutput(
-                    self,
-                    f"{asg_name}-launch-template-id",
-                    value=self.launch_template.launch_template_id,
-                    export_name=f"{self.deployment.build_resource_name(asg_name)}-launch-template-id",
-                )
 
-            # Instance Role ARN
-            if self.instance_role:
-                cdk.CfnOutput(
-                    self,
-                    f"{asg_name}-instance-role-arn",
-                    value=self.instance_role.role_arn,
-                    export_name=f"{self.deployment.build_resource_name(asg_name)}-instance-role-arn",
-                )
+# Backward compatibility alias
+AutoScalingStackStandardized = AutoScalingStack