PyPI - cdk-factory - Versions diffs - 0.15.7__py3-none-any.whl → 0.15.9__py3-none-any.whl - Mend

cdk-factory 0.15.7py3-none-any.whl → 0.15.9py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of cdk-factory might be problematic. Click here for more details.

Files changed (11) hide show

cdk_factory/configurations/resources/security_group_full_stack.py CHANGED Viewed

@@ -69,3 +69,16 @@ class SecurityGroupFullStackConfig:
         if "ssm" in self.__config and "imports" in self.__config["ssm"]:
             return self.__config["ssm"]["imports"]
         return self.__config.get("ssm_imports", {})
+    @property
+    def ssm_exports(self) -> Dict[str, str]:
+        """SSM parameter exports for the Security Group"""
+        # Check both nested and flat structures for backwards compatibility
+        if "ssm" in self.__config and "exports" in self.__config["ssm"]:
+            return self.__config["ssm"]["exports"]
+        return self.__config.get("ssm_exports", {})
+    @property
+    def security_groups(self) -> List[Dict[str, Any]]:
+        """List of security groups to create"""
+        return self.__config.get("security_groups", [])

cdk_factory/lambdas/edge/ip_gate/handler.py CHANGED Viewed

@@ -113,7 +113,7 @@ def lambda_handler(event, context):
     Configuration (fetched from SSM Parameter Store):
     - GATE_ENABLED: Whether IP gating is enabled (true/false)
     - ALLOW_CIDRS: Comma-separated list of allowed CIDR ranges
-    - MAINT_CF_HOST: CloudFront domain for maintenance/lockout page
+    - DNS_ALIAS: CloudFront domain for backup/lockout page
     Runtime configuration is bundled in runtime_config.json by CDK.
     SSM parameter paths are auto-generated by CDK as:
@@ -172,9 +172,9 @@ def lambda_handler(event, context):
             print(f"IP gating is disabled (GATE_ENABLED={gate_enabled or 'NONE'})")
             return request
-        # Get allowed CIDRs and maintenance host
+        # Get allowed CIDRs and backup host
         allow_cidrs_str = get_ssm_parameter(f'/{env}/{function_name}/allow-cidrs', 'us-east-1')
-        maint_cf_host = get_ssm_parameter(f'/{env}/{function_name}/maint-cf-host', 'us-east-1')
+        dns_alias = get_ssm_parameter(f'/{env}/{function_name}/dns-alias', 'us-east-1')
         # Parse allowed CIDRs (empty string results in empty list)
         allowed_cidrs = [cidr.strip() for cidr in allow_cidrs_str.split(',') if cidr.strip()]
@@ -188,35 +188,35 @@ def lambda_handler(event, context):
             print(f"IP {client_ip} is allowed")
             return request
-        # IP not allowed - either redirect or proxy maintenance page
+        # IP not allowed - either redirect or proxy backup page
         # Check response mode from SSM (default: redirect for backward compatibility)
         response_mode_param = f"/{env}/{function_name}/response-mode"
         response_mode = get_ssm_parameter(response_mode_param, 'us-east-1', default='redirect')
         if response_mode == 'proxy':
-            # Proxy mode: Fetch and return maintenance content (keeps URL the same)
-            print(f"IP {client_ip} is NOT allowed, proxying content from {maint_cf_host}")
+            # Proxy mode: Fetch and return backup content (keeps URL the same)
+            print(f"IP {client_ip} is NOT allowed, proxying content from {dns_alias}")
             try:
                 import urllib3
                 http = urllib3.PoolManager()
-                # Fetch the maintenance page
-                maint_response = http.request(
+                # Fetch the backup page - always request /index.html
+                alias_response = http.request(
                     'GET',
-                    f'https://{maint_cf_host}',
+                    f'https://{dns_alias}/index.html',
                     headers={'User-Agent': 'CloudFront-IP-Gate-Proxy'},
                     timeout=3.0
                 )
-                # Return the maintenance content
+                # Return the backup content
                 response = {
-                    'status': str(maint_response.status),
-                    'statusDescription': 'OK' if maint_response.status == 200 else 'Service Unavailable',
+                    'status': str(alias_response.status),
+                    'statusDescription': 'OK' if alias_response.status == 200 else 'Service Unavailable',
                     'headers': {
                         'content-type': [{
                             'key': 'Content-Type',
-                            'value': maint_response.headers.get('Content-Type', 'text/html')
+                            'value': alias_response.headers.get('Content-Type', 'text/html')
                         }],
                         'cache-control': [{
                             'key': 'Cache-Control',
@@ -227,20 +227,20 @@ def lambda_handler(event, context):
                             'value': 'proxy'
                         }]
                     },
-                    'body': maint_response.data.decode('utf-8')
+                    'body': alias_response.data.decode('utf-8')
                 }
-                print(f"Successfully proxied maintenance page (status {maint_response.status})")
+                print(f"Successfully proxied backup page (status {alias_response.status})")
                 return response
             except Exception as proxy_error:
-                print(f"Error proxying maintenance content: {str(proxy_error)}")
+                print(f"Error proxying backup content: {str(proxy_error)}")
                 # Fall back to redirect if proxy fails
                 print(f"Falling back to redirect mode")
                 response_mode = 'redirect'
-        # Redirect mode (default): HTTP 302 redirect to maintenance site
-        print(f"IP {client_ip} is NOT allowed, redirecting to {maint_cf_host}")
+        # Redirect mode (default): HTTP 302 redirect to backup site
+        print(f"IP {client_ip} is NOT allowed, redirecting to {dns_alias}")
         response = {
             'status': '302',
@@ -248,7 +248,7 @@ def lambda_handler(event, context):
             'headers': {
                 'location': [{
                     'key': 'Location',
-                    'value': f'https://{maint_cf_host}'
+                    'value': f'https://{dns_alias}'
                 }],
                 'cache-control': [{
                     'key': 'Cache-Control',

cdk_factory/stack_library/security_group/security_group_full_stack.py CHANGED Viewed

@@ -225,6 +225,18 @@ class SecurityGroupsStack(IStack):
             export_name=f"{self.deployment.environment}-{self.workload.name}-WebMonitoringSecurityGroup",
         )
+        # =========================================================
+        # SSM Parameter Store Exports
+        # =========================================================
+        self._export_ssm_parameters(
+            security_groups_map={
+                "alb": alb_sg,
+                "ecs": web_fleet_sg,
+                "rds": mysql_sg,
+                "monitoring": monitoring_sg,
+            }
+        )
     def _process_ssm_imports(self) -> None:
         """
         Process SSM imports from configuration.
@@ -287,3 +299,64 @@ class SecurityGroupsStack(IStack):
             raise ValueError("VPC ID is not defined in the configuration or SSM imports.")
         return self._vpc
+    def _export_ssm_parameters(self, security_groups_map: Dict[str, ec2.CfnSecurityGroup]) -> None:
+        """
+        Export security group IDs to SSM Parameter Store based on configuration.
+        Args:
+            security_groups_map: Dictionary mapping security group types to their CDK resources
+        """
+        # Get the security groups configuration list from the config
+        security_groups_config = self.sg_config.security_groups
+        if not security_groups_config:
+            logger.debug("No security groups configuration found for SSM exports")
+            return
+        logger.info(f"Processing SSM exports for {len(security_groups_config)} security groups")
+        # Process each security group configuration
+        for sg_config in security_groups_config:
+            # Get the security group name and SSM exports
+            sg_name = sg_config.get("name", "")
+            ssm_config = sg_config.get("ssm", {})
+            ssm_exports = ssm_config.get("exports", {})
+            if not ssm_exports:
+                logger.debug(f"No SSM exports configured for security group: {sg_name}")
+                continue
+            # Determine which security group this config refers to based on the name pattern
+            # The config uses patterns like "{{WORKLOAD_NAME}}-{{ENVIRONMENT}}-rds-sg"
+            sg_resource = None
+            sg_type = None
+            if "-rds-sg" in sg_name or "-rds" in sg_name:
+                sg_resource = security_groups_map.get("rds")
+                sg_type = "rds"
+            elif "-ecs-sg" in sg_name or "instances" in sg_name:
+                sg_resource = security_groups_map.get("ecs")
+                sg_type = "ecs"
+            elif "-alb-sg" in sg_name or "alb" in sg_name:
+                sg_resource = security_groups_map.get("alb")
+                sg_type = "alb"
+            elif "monitoring" in sg_name:
+                sg_resource = security_groups_map.get("monitoring")
+                sg_type = "monitoring"
+            if not sg_resource:
+                logger.warning(f"Could not map security group configuration to resource: {sg_name}")
+                continue
+            # Export the security group ID if configured
+            security_group_id_path = ssm_exports.get("security_group_id")
+            if security_group_id_path:
+                self.export_ssm_parameter(
+                    scope=self,
+                    id=f"SsmExport{sg_type.upper()}SecurityGroupId",
+                    value=sg_resource.ref,
+                    parameter_name=security_group_id_path,
+                    description=f"Security Group ID for {sg_type} ({sg_name})",
+                )
+                logger.info(f"Exported SSM parameter: {security_group_id_path} for {sg_type} security group")

cdk_factory/stack_library/websites/static_website_stack.py CHANGED Viewed

@@ -261,6 +261,18 @@ class StaticWebSiteStack(IStack):
                 description=f"CloudFront distribution ID for {stack_config.name}",
             )
+        # Export DNS alias (first alias) if configured
+        if "dns_alias" in ssm_exports and cloudfront_distribution.aliases:
+            # Export the first alias (primary domain)
+            primary_alias = cloudfront_distribution.aliases[0] if isinstance(cloudfront_distribution.aliases, list) else cloudfront_distribution.aliases
+            self.export_ssm_parameter(
+                scope=self,
+                id="SsmExportDnsAlias",
+                value=primary_alias,
+                parameter_name=ssm_exports["dns_alias"],
+                description=f"Primary DNS alias for {stack_config.name}",
+            )
         logger.info(f"Exported {len(ssm_exports)} SSM parameters for stack {stack_config.name}")
     def __get_version_number(self, assets_path: str) -> str:

cdk_factory/utilities/api_gateway_integration_utility.py CHANGED Viewed

@@ -1425,7 +1425,9 @@ class ApiGatewayIntegrationUtility:
                 f"   2. Add 'allow_public_override': true to explicitly allow public access\n"
                 f"   3. Remove 'authorization_type': 'NONE' to use secure Cognito auth\n\n"
                 f"🔒 This prevents accidental public endpoints when authentication is available.\n\n"
-                f"👉 ApiGatewayIntegrationUtility documentation for more details: https://github.com/your-repo/api-gateway-stack"
+                f"👉 ApiGatewayIntegrationUtility documentation for more details: \n\n "
+                "\t https://github.com/geekcafe/cdk-factory/blob/main/src/cdk_factory/utilities/api_gateway_integration_utility.py \n\n"
+                "\t and https://github.com/geekcafe/cdk-factory/blob/main/src/cdk_factory/stack_library/api_gateway/api_gateway_stack.py"
             )
             raise ValueError(error_msg)

cdk_factory/version.py CHANGED Viewed

	@@ -1 +1 @@
1	- __version__ = "0.15.7"
1	+ __version__ = "0.15.9"

{cdk_factory-0.15.7.dist-info → cdk_factory-0.15.9.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cdk_factory
-Version: 0.15.7
+Version: 0.15.9
 Summary: CDK Factory. A QuickStarter and best practices setup for CDK projects
 Author-email: Eric Wilson <eric.wilson@geekcafe.com>
 License: MIT License

{cdk_factory-0.15.7.dist-info → cdk_factory-0.15.9.dist-info}/RECORD RENAMED Viewed

@@ -2,7 +2,7 @@ cdk_factory/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cdk_factory/app.py,sha256=RnX0-pwdTAPAdKJK_j13Zl8anf9zYKBwboR0KA8K8xM,10346
 cdk_factory/cdk.json,sha256=SKZKhJ2PBpFH78j-F8S3VDYW-lf76--Q2I3ON-ZIQfw,3106
 cdk_factory/cli.py,sha256=FGbCTS5dYCNsfp-etshzvFlGDCjC28r6rtzYbe7KoHI,6407
-cdk_factory/version.py,sha256=MAPfkctPEvU6tygJmfGoOx7ZrEBKkfDrKqpCja4D-yM,23
+cdk_factory/version.py,sha256=k-GJzgMV-c2ATHbR4wgw0IKwlkANiQ4VvTZ6xMxt9UA,23
 cdk_factory/builds/README.md,sha256=9BBWd7bXpyKdMU_g2UljhQwrC9i5O_Tvkb6oPvndoZk,90
 cdk_factory/commands/command_loader.py,sha256=QbLquuP_AdxtlxlDy-2IWCQ6D-7qa58aphnDPtp_uTs,3744
 cdk_factory/configurations/base_config.py,sha256=JKjhNsy0RCUZy1s8n5D_aXXI-upR9izaLtCTfKYiV9k,9624
@@ -47,7 +47,7 @@ cdk_factory/configurations/resources/route53_hosted_zone.py,sha256=qjEYPCSxSOx5b
 cdk_factory/configurations/resources/rum.py,sha256=5aNLhyJEl97spby2gEV59RsMIQpUto2hGh1DeSyIp_I,5149
 cdk_factory/configurations/resources/s3.py,sha256=LBwTOZ4tOxNbgiu1fFGHOTyF5jlzeVphc_9VAqNw8zA,6042
 cdk_factory/configurations/resources/security_group.py,sha256=8kQtaaRVEn2aDm8XoC7QFh2mDOFbPbgobmssIuqU8MA,2259
-cdk_factory/configurations/resources/security_group_full_stack.py,sha256=3LHIJw4BEsagb0EMnc8C2_g4OQxUe0kQTn3XqQltUIE,2402
+cdk_factory/configurations/resources/security_group_full_stack.py,sha256=OzcQF5UMqIVAtDAlGY1kf1IWxq2x_gmnwAUTIZ5ITzY,2947
 cdk_factory/configurations/resources/sqs.py,sha256=fAh2dqttJ6PX46enFRULuiLEu3TEj0Vb2xntAOgUpYE,4346
 cdk_factory/configurations/resources/vpc.py,sha256=sNn6w76bHFwmt6N76gZZhqpsuNB9860C1SZu6tebaXY,3835
 cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py,sha256=LHgjvTNghCMTpHh90VWl7AbE100Er-S9EgyEVt12J_c,25809
@@ -66,7 +66,7 @@ cdk_factory/interfaces/istack.py,sha256=bhTBs-o9FgKwvJMSuwxjUV6D3nUlvZHVzfm27jP9
 cdk_factory/interfaces/live_ssm_resolver.py,sha256=3FIr9a02SXqZmbFs3RT0WxczWEQR_CF7QSt7kWbDrVE,8163
 cdk_factory/interfaces/ssm_parameter_mixin.py,sha256=uA2j8HmAOpuEA9ynRj51s0WjUHMVLsbLQN-QS9NKyHA,12089
 cdk_factory/lambdas/health_handler.py,sha256=dd40ykKMxWCFEIyp2ZdQvAGNjw_ylI9CSm1N24Hp2ME,196
-cdk_factory/lambdas/edge/ip_gate/handler.py,sha256=5uSpCB8Kii1CDqgb_Gv8EvVeSzA5XtynaNL3t7tXf_M,10507
+cdk_factory/lambdas/edge/ip_gate/handler.py,sha256=YrXO42gEhJoBTaH6jS7EWqjHe9t5Fpt4WLgY8vjtou0,10474
 cdk_factory/pipeline/path_utils.py,sha256=fvWdrcb4onmpIu1APkHLhXg8zWfK74HcW3Ra2ynxfXM,2586
 cdk_factory/pipeline/pipeline_factory.py,sha256=rvtkdlTPJG477nTVRN8S2ksWt4bwpd9eVLFd9WO02pM,17248
 cdk_factory/pipeline/stage.py,sha256=Be7ExMB9A-linRM18IQDOzQ-cP_I2_ThRNzlT4FIrUg,437
@@ -107,17 +107,17 @@ cdk_factory/stack_library/route53/route53_stack.py,sha256=R-6DW7gIjeg25uBT5ZMLND
 cdk_factory/stack_library/rum/__init__.py,sha256=gUrWQdzd4rZ2J0YzAQC8PsEGAS7QgyYjB2ZCUKWasy4,90
 cdk_factory/stack_library/rum/rum_stack.py,sha256=OvQ6tsjYcXS8adqU_Xh0A_VKdnPtQnij4cG67nNqSVo,13611
 cdk_factory/stack_library/security_group/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cdk_factory/stack_library/security_group/security_group_full_stack.py,sha256=zu-xrz2KuojJGoN4-sTzD14sT9DwYaJpgwFl3wPiNXw,10907
+cdk_factory/stack_library/security_group/security_group_full_stack.py,sha256=je6MF6lriSaOMtIZ9hrcFagXObu5SItccpBr9Mp5TMo,14200
 cdk_factory/stack_library/security_group/security_group_stack.py,sha256=2zxd5ozgQ4GP0xi-Ni7SyChtEAOzC0nXeGz78DPXwPg,14445
 cdk_factory/stack_library/simple_queue_service/sqs_stack.py,sha256=jJksWrvrvgZUMM01RZ317DOIxqIJbkYYSYu38w0jHpc,6039
 cdk_factory/stack_library/vpc/__init__.py,sha256=7pIqP97Gf2AJbv9Ebp1WbQGHYhgEbWJ52L1MzeXBybA,42
 cdk_factory/stack_library/vpc/vpc_stack.py,sha256=UZuzb5uSOi4ghuLGPvsKqc3gwe6XI89jHV4WHX8MelA,11472
-cdk_factory/stack_library/websites/static_website_stack.py,sha256=XtrqJaMnrs1XvSz5-8LFaohtY68mtprIOrrizyjnS0w,10608
+cdk_factory/stack_library/websites/static_website_stack.py,sha256=A292BlKDof0JnVewkK_3JiRB04rX7J9Na0a-iz3JWzw,11243
 cdk_factory/stages/websites/static_website_stage.py,sha256=X4fpKXkhb0zIbSHx3QyddBhVSLBryb1vf1Cg2fMTqog,755
 cdk_factory/templates/README.md,sha256=ATBEjG6beYvbEAdLtZ_8xnxgFD5X0cgZoI_6pToqH90,2679
 cdk_factory/templates/app.py.template,sha256=aM60x0nNV80idtCL8jm1EddY63F5tDITYOlavg-BPMU,1069
 cdk_factory/templates/cdk.json.template,sha256=SuGz4Y6kCVMDRpJrA_AJlp0kwdENiJPVngIv1xP5bwI,3526
-cdk_factory/utilities/api_gateway_integration_utility.py,sha256=yblKiMIHGXqKb7JK5IbzGM_TXjX9j893BMqgqBT44DE,63449
+cdk_factory/utilities/api_gateway_integration_utility.py,sha256=Mpyq038ZvL8FafcOwqp2Jj0cNcD_nLfVyTBzMYaUskM,63683
 cdk_factory/utilities/commandline_args.py,sha256=0FiNEJFbWVN8Ct7r0VHnJEx7rhUlaRKT7R7HMNJBSTI,2216
 cdk_factory/utilities/configuration_loader.py,sha256=z0ZdGLNbTO4_yfluB9zUh_i_Poc9qj-7oRyjMRlNkN8,1522
 cdk_factory/utilities/docker_utilities.py,sha256=6ee9KEGsaRJWo6FqvdPtE3_L2Emp3Lc0vu2Ie3VoflI,8280
@@ -129,8 +129,8 @@ cdk_factory/utilities/lambda_function_utilities.py,sha256=S1GvBsY_q2cyUiaud3HORJ
 cdk_factory/utilities/os_execute.py,sha256=5Op0LY_8Y-pUm04y1k8MTpNrmQvcLmQHPQITEP7EuSU,1019
 cdk_factory/utils/api_gateway_utilities.py,sha256=If7Xu5s_UxmuV-kL3JkXxPLBdSVUKoLtohm0IUFoiV8,4378
 cdk_factory/workload/workload_factory.py,sha256=mM8GU_5mKq_0OyK060T3JrUSUiGAcKf0eqNlT9mfaws,6028
-cdk_factory-0.15.7.dist-info/METADATA,sha256=QrtFEH2ROwve6PqWxq6av8hH-oCohgCU0is2F-R2C70,2451
-cdk_factory-0.15.7.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-cdk_factory-0.15.7.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
-cdk_factory-0.15.7.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
-cdk_factory-0.15.7.dist-info/RECORD,,
+cdk_factory-0.15.9.dist-info/METADATA,sha256=3kgTXVxsXzMHhVRR_MSHhTriF9lhRLywzqssUwiThP4,2451
+cdk_factory-0.15.9.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+cdk_factory-0.15.9.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
+cdk_factory-0.15.9.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
+cdk_factory-0.15.9.dist-info/RECORD,,

{cdk_factory-0.15.7.dist-info → cdk_factory-0.15.9.dist-info}/WHEEL RENAMED Viewed

File without changes

{cdk_factory-0.15.7.dist-info → cdk_factory-0.15.9.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{cdk_factory-0.15.7.dist-info → cdk_factory-0.15.9.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

cdk-factory 0.15.7__py3-none-any.whl → 0.15.9__py3-none-any.whl

Potentially problematic release.

cdk-factory 0.15.7py3-none-any.whl → 0.15.9py3-none-any.whl