cdk-factory 0.15.3__py3-none-any.whl → 0.15.4__py3-none-any.whl

cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py

@@ -78,10 +78,87 @@ class CloudFrontDistributionConstruct(Construct):
         """
         return CloudFrontDistributionConstruct.AWS_HOSTED_ZONE_ID
 
+    def __validate_function_associations(self):
+        """
+        Validate CloudFront function association configuration.
+        Provides clear error messages for common misconfigurations.
+        
+        CloudFront limits:
+        - 1 CloudFront Function (JavaScript) per event type
+        - 1 Lambda@Edge (Python/Node) per event type
+        - Different types CAN coexist at same event type
+        """
+        if not self.stack_config or not isinstance(self.stack_config, StackConfig):
+            return  # No config to validate
+        
+        cloudfront_config = self.stack_config.dictionary.get("cloudfront", {})
+        
+        # Get configuration flags
+        enable_url_rewrite = cloudfront_config.get("enable_url_rewrite", False)
+        enable_ip_gating = cloudfront_config.get("enable_ip_gating", False)
+        restrict_to_known_hosts = cloudfront_config.get("restrict_to_known_hosts", self.restrict_to_known_hosts)
+        
+        # Count CloudFront Functions at viewer-request
+        cloudfront_functions_at_viewer_request = 0
+        if enable_url_rewrite:
+            cloudfront_functions_at_viewer_request += 1
+        if restrict_to_known_hosts and self.aliases:
+            cloudfront_functions_at_viewer_request += 1
+        
+        # Note: Multiple CloudFront Functions are OK - we combine them automatically
+        if cloudfront_functions_at_viewer_request > 1:
+            logger.info(
+                f"Multiple CloudFront Functions at viewer-request detected. "
+                f"Will combine into single function. "
+                f"Features: enable_url_rewrite={enable_url_rewrite}, "
+                f"restrict_to_known_hosts={restrict_to_known_hosts}"
+            )
+        
+        # Check for manual Lambda@Edge associations that might conflict
+        lambda_edge_associations = cloudfront_config.get("lambda_edge_associations", [])
+        manual_viewer_request = any(
+            assoc.get("event_type") == "viewer-request" 
+            for assoc in lambda_edge_associations
+        )
+        
+        # ERROR: Manual Lambda@Edge + enable_ip_gating both at viewer-request
+        if enable_ip_gating and manual_viewer_request:
+            raise ValueError(
+                "Configuration conflict: Cannot use both 'enable_ip_gating: true' "
+                "and manual 'lambda_edge_associations' with 'event_type: viewer-request'. "
+                "\n\nSolution 1 (Recommended): Use only 'enable_ip_gating: true' "
+                "and remove manual lambda_edge_associations."
+                "\n\nSolution 2: Use only manual lambda_edge_associations "
+                "and set 'enable_ip_gating: false'."
+                "\n\nCurrent config:"
+                f"\n  enable_ip_gating: {enable_ip_gating}"
+                f"\n  lambda_edge_associations with viewer-request: {manual_viewer_request}"
+            )
+        
+        # WARNING: Both Lambda@Edge IP gating and CloudFront Functions enabled
+        # This is VALID but might indicate misconfiguration
+        if enable_ip_gating and cloudfront_functions_at_viewer_request > 0:
+            features = []
+            if enable_url_rewrite:
+                features.append("URL rewrite")
+            if restrict_to_known_hosts:
+                features.append("Host restrictions")
+            
+            logger.info(
+                f"✓ CloudFront configuration at viewer-request:"
+                f"\n  - CloudFront Function: {', '.join(features)}"
+                f"\n  - Lambda@Edge: IP gating"
+                f"\nThis is valid: CloudFront Functions and Lambda@Edge can coexist "
+                f"at the same event type."
+            )
+
     def __setup(self):
         """
         Any setup / init logic goes here
         """
+        # Validate CloudFront function association configuration
+        self.__validate_function_associations()
+        
         self.oai = cloudfront.OriginAccessIdentity(
             self, "OAI", comment="OAI for accessing S3 bucket content securely"
         )

cdk_factory/stack_library/websites/static_website_stack.py

@@ -135,6 +135,10 @@ class StaticWebSiteStack(IStack):
         version = self.__get_version_number(assets_path)
         logger.info(f"👉 WEBSITE VERSION NUMBER: {version}")
 
+        # Get cloudfront config options
+        cloudfront_config = stack_config.dictionary.get("cloudfront", {})
+        restrict_to_known_hosts = cloudfront_config.get("restrict_to_known_hosts", True)
+
         cloudfront_distribution = CloudFrontDistributionConstruct(
             scope=self,
             id=deployment.build_resource_name("CloudFrontDistribution"),
@@ -142,6 +146,7 @@ class StaticWebSiteStack(IStack):
             aliases=aliases,
             source_bucket_sub_directory=version,
             certificate=certificate,
+            restrict_to_known_hosts=restrict_to_known_hosts,
             stack_config=stack_config,
         )
 

cdk_factory/version.py

@@ -1 +1 @@
-__version__ = "0.15.3"
+__version__ = "0.15.4"

{cdk_factory-0.15.3.dist-info → cdk_factory-0.15.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cdk_factory
-Version: 0.15.3
+Version: 0.15.4
 Summary: CDK Factory. A QuickStarter and best practices setup for CDK projects
 Author-email: Eric Wilson <eric.wilson@geekcafe.com>
 License: MIT License

{cdk_factory-0.15.3.dist-info → cdk_factory-0.15.4.dist-info}/RECORD

@@ -2,7 +2,7 @@ cdk_factory/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cdk_factory/app.py,sha256=RnX0-pwdTAPAdKJK_j13Zl8anf9zYKBwboR0KA8K8xM,10346
 cdk_factory/cdk.json,sha256=SKZKhJ2PBpFH78j-F8S3VDYW-lf76--Q2I3ON-ZIQfw,3106
 cdk_factory/cli.py,sha256=FGbCTS5dYCNsfp-etshzvFlGDCjC28r6rtzYbe7KoHI,6407
-cdk_factory/version.py,sha256=WbcBdqaNCRHsRqs6rGd3pRLP4kQSII2td9dR0Fl6HcU,23
+cdk_factory/version.py,sha256=Ypoj4dM4zqbnGvYnOqiUlHcf_l1wO2M39u5_-ECRTQU,23
 cdk_factory/builds/README.md,sha256=9BBWd7bXpyKdMU_g2UljhQwrC9i5O_Tvkb6oPvndoZk,90
 cdk_factory/commands/command_loader.py,sha256=QbLquuP_AdxtlxlDy-2IWCQ6D-7qa58aphnDPtp_uTs,3744
 cdk_factory/configurations/base_config.py,sha256=JKjhNsy0RCUZy1s8n5D_aXXI-upR9izaLtCTfKYiV9k,9624
@@ -50,7 +50,7 @@ cdk_factory/configurations/resources/security_group.py,sha256=8kQtaaRVEn2aDm8XoC
 cdk_factory/configurations/resources/security_group_full_stack.py,sha256=J56ui5cR4ULcT-20LdK43UNXhcicB2M45Wl8Y9SIWCA,2202
 cdk_factory/configurations/resources/sqs.py,sha256=fAh2dqttJ6PX46enFRULuiLEu3TEj0Vb2xntAOgUpYE,4346
 cdk_factory/configurations/resources/vpc.py,sha256=sNn6w76bHFwmt6N76gZZhqpsuNB9860C1SZu6tebaXY,3835
-cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py,sha256=gFQw96rfSX7n3-YaK4AWyF2NNzJezgZpmnAcxZpmgxs,22036
+cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py,sha256=LHgjvTNghCMTpHh90VWl7AbE100Er-S9EgyEVt12J_c,25809
 cdk_factory/constructs/ecr/ecr_construct.py,sha256=JLz3gWrsjlM0XghvbgxuoGlF-VIo_7IYxtgX7mTkidE,10660
 cdk_factory/constructs/lambdas/lambda_function_construct.py,sha256=SQ5SEXn4kezVAzXuv_A_JB3o_svyBXOMi-htvfB9HQs,4516
 cdk_factory/constructs/lambdas/lambda_function_docker_construct.py,sha256=O8aiHpNQ59eE3qEttEHVxbvp06v4byXOeYCVTAOI_Cg,9993
@@ -112,7 +112,7 @@ cdk_factory/stack_library/security_group/security_group_stack.py,sha256=2zxd5ozg
 cdk_factory/stack_library/simple_queue_service/sqs_stack.py,sha256=jJksWrvrvgZUMM01RZ317DOIxqIJbkYYSYu38w0jHpc,6039
 cdk_factory/stack_library/vpc/__init__.py,sha256=7pIqP97Gf2AJbv9Ebp1WbQGHYhgEbWJ52L1MzeXBybA,42
 cdk_factory/stack_library/vpc/vpc_stack.py,sha256=UZuzb5uSOi4ghuLGPvsKqc3gwe6XI89jHV4WHX8MelA,11472
-cdk_factory/stack_library/websites/static_website_stack.py,sha256=hcdZQxyhupCy7n7UpNaX8egc2oI9TrssyOufj-oJuo8,10343
+cdk_factory/stack_library/websites/static_website_stack.py,sha256=XtrqJaMnrs1XvSz5-8LFaohtY68mtprIOrrizyjnS0w,10608
 cdk_factory/stages/websites/static_website_stage.py,sha256=X4fpKXkhb0zIbSHx3QyddBhVSLBryb1vf1Cg2fMTqog,755
 cdk_factory/templates/README.md,sha256=ATBEjG6beYvbEAdLtZ_8xnxgFD5X0cgZoI_6pToqH90,2679
 cdk_factory/templates/app.py.template,sha256=aM60x0nNV80idtCL8jm1EddY63F5tDITYOlavg-BPMU,1069
@@ -129,8 +129,8 @@ cdk_factory/utilities/lambda_function_utilities.py,sha256=S1GvBsY_q2cyUiaud3HORJ
 cdk_factory/utilities/os_execute.py,sha256=5Op0LY_8Y-pUm04y1k8MTpNrmQvcLmQHPQITEP7EuSU,1019
 cdk_factory/utils/api_gateway_utilities.py,sha256=If7Xu5s_UxmuV-kL3JkXxPLBdSVUKoLtohm0IUFoiV8,4378
 cdk_factory/workload/workload_factory.py,sha256=mM8GU_5mKq_0OyK060T3JrUSUiGAcKf0eqNlT9mfaws,6028
-cdk_factory-0.15.3.dist-info/METADATA,sha256=lsyCL4kq-zec5qwMBoMGoK5UWnJw3J1Gqri5Gg7ffLY,2451
-cdk_factory-0.15.3.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-cdk_factory-0.15.3.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
-cdk_factory-0.15.3.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
-cdk_factory-0.15.3.dist-info/RECORD,,
+cdk_factory-0.15.4.dist-info/METADATA,sha256=f7hhvfGsvbMtz0P6ahc_dLgJQyMEZz-VOTZ38w9MQIM,2451
+cdk_factory-0.15.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+cdk_factory-0.15.4.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
+cdk_factory-0.15.4.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
+cdk_factory-0.15.4.dist-info/RECORD,,