cdk-factory 0.15.23__tar.gz → 0.16.4__tar.gz

{cdk_factory-0.15.23 → cdk_factory-0.16.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cdk_factory
-Version: 0.15.23
+Version: 0.16.4
 Summary: CDK Factory. A QuickStarter and best practices setup for CDK projects
 Author-email: Eric Wilson <eric.wilson@geekcafe.com>
 License: MIT License

{cdk_factory-0.15.23 → cdk_factory-0.16.4}/pyproject.toml

@@ -33,7 +33,7 @@ markers = [
 [project]
 
 name = "cdk_factory"
-version = "0.15.23"
+version = "0.16.4"
 authors = [
   { name="Eric Wilson", email="eric.wilson@geekcafe.com" }
 ]

cdk_factory-0.16.4/src/cdk_factory/configurations/resources/acm.py

@@ -0,0 +1,78 @@
+"""
+AcmConfig - supports ACM (AWS Certificate Manager) settings for AWS CDK.
+Maintainers: Eric Wilson
+MIT License. See Project Root for license information.
+"""
+
+from typing import Any, Dict, List, Optional
+
+
+class AcmConfig:
+    """
+    ACM Configuration - supports AWS Certificate Manager settings.
+    Each property reads from the config dict and provides a sensible default if not set.
+    """
+
+    def __init__(self, config: dict = None, deployment=None) -> None:
+        self.__config = config or {}
+        self.__deployment = deployment
+
+    @property
+    def name(self) -> str:
+        """Certificate configuration name"""
+        return self.__config.get("name", "certificate")
+
+    @property
+    def domain_name(self) -> str:
+        """Primary domain name for the certificate"""
+        domain = self.__config.get("domain_name")
+        if not domain:
+            raise ValueError("domain_name is required for ACM certificate")
+        return domain
+
+    @property
+    def subject_alternative_names(self) -> List[str]:
+        """Subject alternative names (SANs) for the certificate"""
+        sans = self.__config.get("subject_alternative_names", [])
+        # Also check for alternate_names for backward compatibility
+        if not sans:
+            sans = self.__config.get("alternate_names", [])
+        return sans
+
+    @property
+    def hosted_zone_id(self) -> Optional[str]:
+        """Route53 hosted zone ID for DNS validation"""
+        return self.__config.get("hosted_zone_id")
+
+    @property
+    def hosted_zone_name(self) -> Optional[str]:
+        """Route53 hosted zone name (used for looking up zone)"""
+        return self.__config.get("hosted_zone_name")
+
+    @property
+    def validation_method(self) -> str:
+        """Certificate validation method (DNS or EMAIL)"""
+        return self.__config.get("validation_method", "DNS")
+
+    @property
+    def certificate_transparency_logging_preference(self) -> Optional[str]:
+        """Certificate transparency logging preference (ENABLED or DISABLED)"""
+        return self.__config.get("certificate_transparency_logging_preference")
+
+    @property
+    def ssm_exports(self) -> Dict[str, str]:
+        """SSM parameter paths to export certificate details"""
+        exports = self.__config.get("ssm_exports", {})
+        
+        # Provide default SSM export path if not specified
+        if not exports and self.__deployment:
+            exports = {
+                "certificate_arn": f"/{self.__deployment.environment}/{self.__deployment.workload_name}/certificate/arn"
+            }
+        
+        return exports
+
+    @property
+    def tags(self) -> Dict[str, str]:
+        """Tags to apply to the certificate"""
+        return self.__config.get("tags", {})

{cdk_factory-0.15.23 → cdk_factory-0.16.4}/src/cdk_factory/configurations/resources/load_balancer.py

@@ -151,3 +151,17 @@ class LoadBalancerConfig(EnhancedBaseConfig):
         if "ssm" in self.__config and "imports" in self.__config["ssm"]:
             return self.__config["ssm"]["imports"]
         return self.__config.get("ssm_imports", {})
+    
+    @property
+    def ssm_exports(self) -> Dict[str, Any]:
+        """SSM parameter exports for the Load Balancer"""
+        # Check both nested and flat structures for backwards compatibility
+        if "ssm" in self.__config and "exports" in self.__config["ssm"]:
+            return self.__config["ssm"]["exports"]
+        return self.__config.get("ssm_exports", {})
+    
+    @property
+    def ssm_parameters(self) -> Dict[str, Any]:
+        """SSM parameters for the Load Balancer (only exports, not imports)"""
+        # For LoadBalancer, only return exports to prevent trying to export imported values
+        return self.ssm_exports

{cdk_factory-0.15.23 → cdk_factory-0.16.4}/src/cdk_factory/configurations/resources/rds.py

@@ -155,6 +155,12 @@ class RdsConfig(EnhancedBaseConfig):
         """Allocated storage in GB"""
         # Ensure we return an integer
         return int(self.__config.get("allocated_storage", 20))
+    
+    @property
+    def max_allocated_storage(self) -> Optional[int]:
+        """Maximum storage for auto-scaling in GB (enables storage auto-scaling if set)"""
+        max_storage = self.__config.get("max_allocated_storage")
+        return int(max_storage) if max_storage is not None else None
 
     @property
     def storage_encrypted(self) -> bool:
@@ -180,6 +186,11 @@ class RdsConfig(EnhancedBaseConfig):
     def enable_performance_insights(self) -> bool:
         """Whether to enable Performance Insights"""
         return self.__config.get("enable_performance_insights", True)
+    
+    @property
+    def allow_major_version_upgrade(self) -> bool:
+        """Whether to allow major version upgrades"""
+        return self.__config.get("allow_major_version_upgrade", False)
 
     @property
     def subnet_group_name(self) -> str:

cdk_factory-0.16.4/src/cdk_factory/stack_library/acm/__init__.py

@@ -0,0 +1,6 @@
+"""
+ACM Stack Module
+"""
+from .acm_stack import AcmStack
+
+__all__ = ["AcmStack"]

cdk_factory-0.16.4/src/cdk_factory/stack_library/acm/acm_stack.py

@@ -0,0 +1,169 @@
+"""
+ACM (AWS Certificate Manager) Stack Pattern for CDK-Factory
+Maintainers: Eric Wilson
+MIT License. See Project Root for the license information.
+"""
+
+from typing import Dict, Any, List, Optional
+
+import aws_cdk as cdk
+from aws_cdk import aws_certificatemanager as acm
+from aws_cdk import aws_route53 as route53
+from aws_lambda_powertools import Logger
+from constructs import Construct
+
+from cdk_factory.configurations.deployment import DeploymentConfig
+from cdk_factory.configurations.stack import StackConfig
+from cdk_factory.configurations.resources.acm import AcmConfig
+from cdk_factory.interfaces.istack import IStack
+from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import EnhancedSsmParameterMixin
+from cdk_factory.stack.stack_module_registry import register_stack
+from cdk_factory.workload.workload_factory import WorkloadConfig
+
+logger = Logger(service="AcmStack")
+
+
+@register_stack("acm_stack")
+@register_stack("certificate_stack")
+class AcmStack(IStack, EnhancedSsmParameterMixin):
+    """
+    Reusable stack for AWS Certificate Manager.
+    Supports creating ACM certificates with DNS validation via Route53.
+    """
+
+    def __init__(self, scope: Construct, id: str, **kwargs) -> None:
+        super().__init__(scope, id, **kwargs)
+        self.acm_config = None
+        self.stack_config = None
+        self.deployment = None
+        self.workload = None
+        self.certificate = None
+        self.hosted_zone = None
+
+    def build(
+        self,
+        stack_config: StackConfig,
+        deployment: DeploymentConfig,
+        workload: WorkloadConfig,
+    ) -> None:
+        """Build the ACM Certificate stack"""
+        self._build(stack_config, deployment, workload)
+
+    def _build(
+        self,
+        stack_config: StackConfig,
+        deployment: DeploymentConfig,
+        workload: WorkloadConfig,
+    ) -> None:
+        """Internal build method for the ACM Certificate stack"""
+        self.stack_config = stack_config
+        self.deployment = deployment
+        self.workload = workload
+        self.acm_config = AcmConfig(
+            stack_config.dictionary.get("certificate", {}), deployment
+        )
+        
+        cert_name = deployment.build_resource_name(self.acm_config.name)
+
+        # Get or import hosted zone for DNS validation
+        if self.acm_config.hosted_zone_id:
+            self.hosted_zone = self._get_hosted_zone()
+        
+        # Create the certificate
+        self.certificate = self._create_certificate(cert_name)
+
+        # Export certificate ARN to SSM
+        self._export_certificate_arn(cert_name)
+
+        # Add outputs
+        self._add_outputs(cert_name)
+
+    def _get_hosted_zone(self) -> route53.IHostedZone:
+        """Get the Route53 hosted zone for DNS validation"""
+        if self.acm_config.hosted_zone_id:
+            return route53.HostedZone.from_hosted_zone_attributes(
+                self,
+                "HostedZone",
+                hosted_zone_id=self.acm_config.hosted_zone_id,
+                zone_name=self.acm_config.domain_name,
+            )
+        else:
+            raise ValueError(
+                "hosted_zone_id is required for DNS validation. "
+                "Provide it in the certificate configuration."
+            )
+
+    def _create_certificate(self, cert_name: str) -> acm.Certificate:
+        """Create an ACM certificate with DNS validation"""
+        
+        # Prepare certificate properties
+        cert_props = {
+            "domain_name": self.acm_config.domain_name,
+        }
+        
+        # Add DNS validation if hosted zone is available
+        if self.hosted_zone:
+            cert_props["validation"] = acm.CertificateValidation.from_dns(
+                self.hosted_zone
+            )
+        
+        # Add subject alternative names if provided
+        if self.acm_config.subject_alternative_names:
+            cert_props["subject_alternative_names"] = (
+                self.acm_config.subject_alternative_names
+            )
+
+        certificate = acm.Certificate(
+            self,
+            cert_name,
+            **cert_props
+        )
+
+        # Add tags
+        for key, value in self.acm_config.tags.items():
+            cdk.Tags.of(certificate).add(key, value)
+
+        logger.info(f"Created certificate for domain: {self.acm_config.domain_name}")
+        
+        return certificate
+
+    def _export_certificate_arn(self, cert_name: str) -> None:
+        """Export certificate ARN to SSM Parameter Store"""
+        ssm_exports = self.acm_config.ssm_exports
+        
+        if not ssm_exports:
+            logger.debug("No SSM exports configured for certificate")
+            return
+        
+        # Export certificate ARN
+        if "certificate_arn" in ssm_exports:
+            param_name = ssm_exports["certificate_arn"]
+            if not param_name.startswith("/"):
+                param_name = f"/{param_name}"
+            
+            self.export_ssm_parameter(
+                scope=self,
+                id=f"{cert_name}-cert-arn-param",
+                value=self.certificate.certificate_arn,
+                parameter_name=param_name,
+                description=f"Certificate ARN for {self.acm_config.domain_name}",
+            )
+            logger.info(f"Exported certificate ARN to SSM: {param_name}")
+
+    def _add_outputs(self, cert_name: str) -> None:
+        """Add CloudFormation outputs"""
+        cdk.CfnOutput(
+            self,
+            "CertificateArn",
+            value=self.certificate.certificate_arn,
+            description=f"Certificate ARN for {self.acm_config.domain_name}",
+            export_name=f"{cert_name}-arn",
+        )
+        
+        cdk.CfnOutput(
+            self,
+            "DomainName",
+            value=self.acm_config.domain_name,
+            description="Primary domain name for the certificate",
+            export_name=f"{cert_name}-domain",
+        )

{cdk_factory-0.15.23 → cdk_factory-0.16.4}/src/cdk_factory/stack_library/load_balancer/load_balancer_stack.py

@@ -447,8 +447,19 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
     def _get_certificates(self) -> List[elbv2.ListenerCertificate]:
         """Get certificates for HTTPS listeners"""
         certificates = []
-        for cert_arn in self.lb_config.certificate_arns:
-            certificates.append(elbv2.ListenerCertificate.from_arn(cert_arn))
+        
+        # Check SSM imported values first (takes priority)
+        if "certificate_arns" in self.ssm_imported_values:
+            cert_arns = self.ssm_imported_values["certificate_arns"]
+            if not isinstance(cert_arns, list):
+                cert_arns = [cert_arns]
+            for cert_arn in cert_arns:
+                certificates.append(elbv2.ListenerCertificate.from_arn(cert_arn))
+            logger.info(f"Using {len(cert_arns)} certificate(s) from SSM")
+        else:
+            # Fall back to config values
+            for cert_arn in self.lb_config.certificate_arns:
+                certificates.append(elbv2.ListenerCertificate.from_arn(cert_arn))
 
         if self.ssl_certificate:
             certificates.append(

{cdk_factory-0.15.23 → cdk_factory-0.16.4}/src/cdk_factory/stack_library/rds/rds_stack.py

@@ -244,9 +244,18 @@ class RdsStack(IStack, EnhancedSsmParameterMixin):
             "backup_retention": Duration.days(self.rds_config.backup_retention),
             "cloudwatch_logs_exports": self.rds_config.cloudwatch_logs_exports,
             "enable_performance_insights": self.rds_config.enable_performance_insights,
+            "allow_major_version_upgrade": self.rds_config.allow_major_version_upgrade,
             "removal_policy": removal_policy,
         }
         
+        # Add storage auto-scaling if max_allocated_storage is configured
+        if self.rds_config.max_allocated_storage:
+            db_props["max_allocated_storage"] = self.rds_config.max_allocated_storage
+            logger.info(
+                f"Storage auto-scaling enabled: {self.rds_config.allocated_storage}GB "
+                f"-> {self.rds_config.max_allocated_storage}GB"
+            )
+        
         # Use either subnet group or vpc_subnets depending on what's available
         if db_subnet_group:
             db_props["subnet_group"] = rds.SubnetGroup.from_subnet_group_name(

{cdk_factory-0.15.23 → cdk_factory-0.16.4}/src/cdk_factory/stack_library/route53/route53_stack.py

@@ -58,8 +58,13 @@ class Route53Stack(IStack, EnhancedSsmParameterMixin):
         # Get or create hosted zone
         self.hosted_zone = self._get_or_create_hosted_zone()
         
-        # Create certificate if needed
+        # Create certificate if needed (DEPRECATED - use dedicated ACM stack)
         if self.route53_config.create_certificate:
+            logger.warning(
+                "Creating certificates in Route53Stack is deprecated. "
+                "Please use the dedicated 'acm_stack' module for certificate management. "
+                "This feature will be maintained for backward compatibility."
+            )
             self.certificate = self._create_certificate()
             
         # Create DNS records

cdk_factory-0.16.4/src/cdk_factory/version.py

@@ -0,0 +1 @@
+__version__ = "0.16.4"

cdk_factory-0.15.23/src/cdk_factory/version.py

@@ -1 +0,0 @@
-__version__ = "0.15.23"