cdk-factory 0.16.15__py3-none-any.whl → 0.20.0__py3-none-any.whl

cdk_factory/configurations/base_config.py

@@ -17,14 +17,19 @@ class BaseConfig:
     SSM parameter paths can be customized with prefixes and templates at different levels:
     1. Global level: In the workload or deployment config
     2. Stack level: In the stack config
-    3. Resource level: In the resource config (ssm_exports/ssm_imports)
+    3. Resource level: In the resource config (ssm.exports/ssm.imports)
     
     Example configurations:
     ```json
     {
-        "ssm_prefix_template": "/{environment}/{resource_type}/{attribute}",
-        "ssm_exports": {
-            "vpc_id_path": "my-vpc-id"
+        "ssm": {
+            "prefix_template": "/{environment}/{resource_type}/{attribute}",
+            "exports": {
+                "vpc_id": "my-vpc-id"
+            },
+            "imports": {
+                "security_group_id": "/my-app/security-group/id"
+            }
         }
     }
     ```
@@ -57,6 +62,16 @@ class BaseConfig:
         """
         return self.__config
         
+    @property
+    def ssm(self) -> Dict[str, Any]:
+        """
+        Get the SSM configuration for this resource.
+        
+        Returns:
+            Dictionary containing SSM configuration with imports/exports
+        """
+        return self.__config.get("ssm", {})
+        
     @property
     def ssm_prefix_template(self) -> str:
         """
@@ -68,7 +83,7 @@ class BaseConfig:
         Returns:
             The SSM parameter prefix template string
         """
-        return self.__config.get("ssm_prefix_template", "/{deployment_name}/{resource_type}/{attribute}")
+        return self.ssm.get("prefix_template", "/{deployment_name}/{resource_type}/{attribute}")
     
     @property
     def ssm_exports(self) -> Dict[str, str]:
@@ -87,7 +102,7 @@ class BaseConfig:
         Returns:
             Dictionary mapping attribute names to SSM parameter paths for export
         """
-        return self.__config.get("ssm_exports", {})
+        return self.ssm.get("exports", {})
     
     @property
     def ssm_imports(self) -> Dict[str, str]:
@@ -106,25 +121,9 @@ class BaseConfig:
         Returns:
             Dictionary mapping attribute names to SSM parameter paths for import
         """
-        return self.__config.get("ssm_imports", {})
-        
-    @property
-    def ssm_parameters(self) -> Dict[str, str]:
-        """
-        Get all SSM parameter path mappings (both exports and imports).
-        
-        This is provided for backward compatibility.
-        New code should use ssm_exports and ssm_imports instead.
-        
-        Returns:
-            Dictionary mapping attribute names to SSM parameter paths
-        """
-        # Merge exports and imports, with exports taking precedence
-        combined = {**self.ssm_imports, **self.ssm_exports}
-        # Also include any parameters directly under ssm_parameters for backward compatibility
-        combined.update(self.__config.get("ssm_parameters", {}))
-        return combined
+        return self.ssm.get("imports", {})
         
+            
     def get(self, key: str, default: Any = None) -> Any:
         """
         Get a configuration value by key.

cdk_factory/configurations/cdk_config.py

@@ -189,7 +189,7 @@ class CdkConfig:
         if not os.path.exists(Path(path).parent):
             os.makedirs(Path(path).parent)
         cdk = config.get("cdk", {})
-        if replacements and len(replacements) > 0:
+        if replacements:
             config = JsonLoadingUtility.recursive_replace(config, replacements)
             print(f"📀 Saving config to {path}")
             # add the original cdk back

cdk_factory/configurations/deployment.py

@@ -28,6 +28,18 @@ class DeploymentConfig:
         self.__load()
 
     def __load(self):
+        # Validate environment consistency
+        deployment_env = self.__deployment.get("environment")
+        workload_env = self.__workload.get("environment")
+        
+        if deployment_env and workload_env and deployment_env != workload_env:
+            from aws_lambda_powertools import Logger
+            logger = Logger()
+            logger.warning(
+                f"Environment mismatch: deployment.environment='{deployment_env}' != workload.environment='{workload_env}'. "
+                f"Using workload.environment for consistency."
+            )
+        
         self.__load_pipeline()
         self.__load_stacks()
 

cdk_factory/configurations/devops.py

@@ -64,7 +64,7 @@ class DevOps:
             )
             if (
                 not self.__code_repository.repository
-                or len(self.__code_repository.repository) == 0
+                or not self.__code_repository.repository
             ):
                 raise ValueError(
                     "Code Repository is not defined in the configuration "

cdk_factory/configurations/resources/acm.py

@@ -59,15 +59,22 @@ class AcmConfig:
         """Certificate transparency logging preference (ENABLED or DISABLED)"""
         return self.__config.get("certificate_transparency_logging_preference")
 
+    @property
+    def ssm(self) -> Dict[str, Any]:
+        """SSM configuration for importing/exporting resources"""
+        return self.__config.get("ssm", {})
+
     @property
     def ssm_exports(self) -> Dict[str, str]:
         """SSM parameter paths to export certificate details"""
-        exports = self.__config.get("ssm_exports", {})
+        exports = self.ssm.get("exports", {})
         
         # Provide default SSM export path if not specified
         if not exports and self.__deployment:
+            workload_env = self.__deployment.workload.get("environment", self.__deployment.environment)
+            workload_name = self.__deployment.workload.get("name", self.__deployment.workload_name)
             exports = {
-                "certificate_arn": f"/{self.__deployment.environment}/{self.__deployment.workload_name}/certificate/arn"
+                "certificate_arn": f"/{workload_env}/{workload_name}/certificate/arn"
             }
         
         return exports

cdk_factory/configurations/resources/auto_scaling.py

@@ -70,12 +70,14 @@ class AutoScalingConfig(EnhancedBaseConfig):
         return self.__config.get("termination_policies", ["DEFAULT"])
 
     @property
-    def update_policy(self) -> Dict[str, Any]:
+    def update_policy(self) -> Optional[Dict[str, Any]]:
         """Update policy configuration"""
-        return self.__config.get(
-            "update_policy",
-            {"min_instances_in_service": 1, "max_batch_size": 1, "pause_time": 300},
-        )
+        return self.__config.get("update_policy")
+
+    @property
+    def instance_refresh(self) -> Optional[Dict[str, Any]]:
+        """Instance refresh configuration for rolling updates"""
+        return self.__config.get("instance_refresh")
 
     @property
     def user_data_commands(self) -> List[str]:

cdk_factory/configurations/resources/cloudfront.py

@@ -102,15 +102,20 @@ class CloudFrontConfig(EnhancedBaseConfig):
         """Resource tags"""
         return self._config.get("tags", {})
 
+    @property
+    def ssm(self) -> Dict[str, Any]:
+        """SSM configuration"""
+        return self._config.get("ssm", {})
+
     @property
     def ssm_exports(self) -> Dict[str, str]:
         """SSM parameter exports"""
-        return self._config.get("ssm_exports", {})
+        return self.ssm.get("exports", {})
 
     @property
     def ssm_imports(self) -> Dict[str, str]:
         """SSM parameter imports"""
-        return self._config.get("ssm_imports", {})
+        return self.ssm.get("imports", {})
 
     @property
     def hosted_zone_id(self) -> str:

cdk_factory/configurations/resources/ecr.py

@@ -128,7 +128,7 @@ class ECRConfig(EnhancedBaseConfig):
         Example:
         {
             "enabled": true,
-            "accounts": ["123456789012", "987654321098"],
+            "accounts": [os.environ.get("ECR_ALLOWED_ACCOUNT_1"), os.environ.get("ECR_ALLOWED_ACCOUNT_2")],
             "services": [
                 {
                     "name": "lambda",

cdk_factory/configurations/resources/ecs_cluster.py

@@ -18,6 +18,11 @@ class EcsClusterConfig:
     def __init__(self, config: Dict[str, Any]) -> None:
         self._config = config or {}
     
+    @property
+    def dictionary(self) -> Dict[str, Any]:
+        """Access to the underlying configuration dictionary (for compatibility with SSM mixin)"""
+        return self._config
+    
     @property
     def name(self) -> str:
         """Name of the ECS cluster. Supports template variables like {{WORKLOAD_NAME}}-{{ENVIRONMENT}}-cluster"""
@@ -87,15 +92,17 @@ class EcsClusterConfig:
         return self._config.get("export_ssm_parameters", True)
 
     
+    @property
+    def ssm(self) -> Dict[str, Any]:
+        """SSM configuration"""
+        return self._config.get("ssm", {})
+    
     @property
     def ssm_exports(self) -> Dict[str, str]:
         """SSM parameter exports"""
-        return self._config.get("ssm_exports", {})
+        return self.ssm.get("exports", {})
 
     @property
     def ssm_imports(self) -> Dict[str, Any]:
         """SSM parameter imports"""
-        # Check both nested and flat structures for backwards compatibility
-        if "ssm" in self._config and "imports" in self._config["ssm"]:
-            return self._config["ssm"]["imports"]
-        return self._config.get("ssm_imports", {})
+        return self.ssm.get("imports", {})

cdk_factory/configurations/resources/ecs_service.py

@@ -83,14 +83,27 @@ class EcsServiceConfig:
         """Whether to assign public IP addresses"""
         return self._config.get("assign_public_ip", False)
 
+    @property
+    def load_balancer_config(self) -> Dict[str, Any]:
+        """Load balancer configuration"""
+        return self._config.get("load_balancer", {})
+
     @property
     def target_group_arns(self) -> List[str]:
         """Target group ARNs for load balancing"""
+        # Check if load_balancer config has target_group_arn
+        if self.load_balancer_config and self.load_balancer_config.get("target_group_arn"):
+            arn = self.load_balancer_config["target_group_arn"]
+            if arn and arn != "arn:aws:elasticloadbalancing:placeholder":
+                return [arn]
         return self._config.get("target_group_arns", [])
 
     @property
     def container_port(self) -> int:
         """Container port for load balancer"""
+        # Check load_balancer config first
+        if self.load_balancer_config and self.load_balancer_config.get("container_port"):
+            return self.load_balancer_config["container_port"]
         return self._config.get("container_port", 80)
 
     @property
@@ -123,18 +136,32 @@ class EcsServiceConfig:
         """Resource tags"""
         return self._config.get("tags", {})
 
+    @property
+    def ssm(self) -> Dict[str, Any]:
+        """SSM configuration"""
+        return self._config.get("ssm", {})
+
     @property
     def ssm_exports(self) -> Dict[str, str]:
         """SSM parameter exports"""
-        return self._config.get("ssm_exports", {})
+        return self.ssm.get("exports", {})
 
     @property
     def ssm_imports(self) -> Dict[str, Any]:
         """SSM parameter imports"""
         # Check both nested and flat structures for backwards compatibility
         if "ssm" in self._config and "imports" in self._config["ssm"]:
-            return self._config["ssm"]["imports"]
-        return self._config.get("ssm_imports", {})
+            imports = self._config["ssm"]["imports"]
+        else:
+            imports = self.ssm.get("imports", {})
+        
+        # Add load_balancer SSM imports if they exist
+        if self.load_balancer_config and "ssm" in self.load_balancer_config:
+            lb_ssm = self.load_balancer_config["ssm"]
+            if "imports" in lb_ssm:
+                imports.update(lb_ssm["imports"])
+        
+        return imports
 
     @property
     def deployment_type(self) -> str:

cdk_factory/configurations/resources/lambda_edge.py

@@ -49,16 +49,30 @@ class LambdaEdgeConfig(EnhancedBaseConfig):
 
     @property
     def timeout(self) -> int:
-        """Timeout in seconds (max 5 for origin-request)"""
+        """Timeout in seconds
+        viewer-request: 5s
+        viewer-response: 5s
+        ---
+        origin-request: 30s
+        origin-response: 30s
+        
+        
+        """
         timeout = int(self._config.get("timeout", 5))
-        if timeout > 5:
-            raise ValueError("Lambda@Edge origin-request timeout cannot exceed 5 seconds")
+
+        event_type = self.event_type
+        if event_type == "viewer-request" or event_type == "viewer-response":
+            if timeout > 5:
+                raise ValueError("Lambda@Edge viewer timeout cannot exceed 5 seconds. Value was set to {}".format(timeout))
+        else:
+            if timeout > 30:
+                raise ValueError("Lambda@Edge origin timeout cannot exceed 30 seconds. Value was set to {}".format(timeout))
         return timeout
 
     @property
     def code_path(self) -> str:
         """Path to Lambda function code directory"""
-        return self._config.get("code_path", "./lambdas/edge/ip_gate")
+        return self._config.get("code_path", "./lambdas/cloudfront/ip_gate")
 
     @property
     def environment(self) -> Dict[str, str]:

cdk_factory/configurations/resources/load_balancer.py

@@ -144,21 +144,20 @@ class LoadBalancerConfig(EnhancedBaseConfig):
             "block_response", default_response
         )
 
+    @property
+    def ssm(self) -> Dict[str, Any]:
+        """SSM configuration"""
+        return self.__config.get("ssm", {})
+
     @property
     def ssm_imports(self) -> Dict[str, Any]:
         """SSM parameter imports for the Load Balancer"""
-        # Check both nested and flat structures for backwards compatibility
-        if "ssm" in self.__config and "imports" in self.__config["ssm"]:
-            return self.__config["ssm"]["imports"]
-        return self.__config.get("ssm_imports", {})
-    
+        return self.ssm.get("imports", {})
+
     @property
     def ssm_exports(self) -> Dict[str, Any]:
         """SSM parameter exports for the Load Balancer"""
-        # Check both nested and flat structures for backwards compatibility
-        if "ssm" in self.__config and "exports" in self.__config["ssm"]:
-            return self.__config["ssm"]["exports"]
-        return self.__config.get("ssm_exports", {})
+        return self.ssm.get("exports", {})
     
     @property
     def ssm_parameters(self) -> Dict[str, Any]:

cdk_factory/configurations/resources/monitoring.py

@@ -18,7 +18,7 @@ class MonitoringConfig(EnhancedBaseConfig):
         super().__init__(
             config or {},
             resource_type="monitoring",
-            resource_name=config.get("name", "monitoring") if config else "monitoring"
+            resource_name=config.get("name", "monitoring") if config else "monitoring",
         )
         self._config = config or {}
         self._deployment = deployment
@@ -63,12 +63,17 @@ class MonitoringConfig(EnhancedBaseConfig):
         """Resource tags"""
         return self._config.get("tags", {})
 
+    @property
+    def ssm(self) -> Dict[str, Any]:
+        """SSM configuration"""
+        return self._config.get("ssm", {})
+
     @property
     def ssm_exports(self) -> Dict[str, str]:
         """SSM parameter exports"""
-        return self._config.get("ssm_exports", {})
+        return self.ssm.get("exports", {})
 
     @property
     def ssm_imports(self) -> Dict[str, str]:
         """SSM parameter imports for resource ARNs"""
-        return self._config.get("ssm_imports", {})
+        return self.ssm.get("imports", {})

cdk_factory/configurations/resources/rds.py

@@ -29,7 +29,7 @@ class RdsConfig(EnhancedBaseConfig):
     @property
     def name(self) -> str:
         """RDS instance name"""
-        return self.__config.get("name", "database")
+        return self.__config.get("name", self.database_name)
     
     @property
     def identifier(self) -> str:
@@ -261,21 +261,20 @@ class RdsConfig(EnhancedBaseConfig):
         """Sets the VPC ID for the Security Group"""
         self.__config["vpc_id"] = value
 
+    @property
+    def ssm(self) -> Dict[str, Any]:
+        """SSM configuration"""
+        return self.__config.get("ssm", {})
+
     @property
     def ssm_imports(self) -> Dict[str, str]:
         """SSM parameter imports for the RDS instance"""
-        # Check both nested and flat structures for backwards compatibility
-        if "ssm" in self.__config and "imports" in self.__config["ssm"]:
-            return self.__config["ssm"]["imports"]
-        return self.__config.get("ssm_imports", {})
+        return self.ssm.get("imports", {})
 
     @property
     def ssm_exports(self) -> Dict[str, str]:
         """SSM parameter exports for the RDS instance"""
-        # Check both nested and flat structures for backwards compatibility
-        if "ssm" in self.__config and "exports" in self.__config["ssm"]:
-            return self.__config["ssm"]["exports"]
-        return self.__config.get("ssm_exports", {})
+        return self.ssm.get("exports", {})
     
     def _sanitize_database_name(self, name: str) -> str:
         """

cdk_factory/configurations/resources/route53.py

@@ -106,3 +106,8 @@ class Route53Config:
     def tags(self) -> Dict[str, str]:
         """Tags to apply to the Route53 resources"""
         return self.__config.get("tags", {})
+    
+    @property
+    def records(self) -> List[Dict[str, Any]]:
+        """Records to create"""
+        return self.__config.get("records", [])

cdk_factory/configurations/resources/rum.py

@@ -125,11 +125,16 @@ class RumConfig(EnhancedBaseConfig):
 
     # SSM Integration
     @property
+    def ssm(self) -> Dict[str, Any]:
+        """SSM configuration for importing/exporting resources"""
+        return self.__config.get("ssm", {})
+
+    @property 
     def ssm_exports(self) -> Dict[str, str]:
         """SSM parameter paths for exporting RUM resources"""
-        return self.__config.get("ssm_exports", {})
+        return self.ssm.get("exports", {})
 
     @property
     def ssm_imports(self) -> Dict[str, str]:
         """SSM parameter paths for importing external resources"""
-        return self.__config.get("ssm_imports", {})
+        return self.ssm.get("imports", {})

cdk_factory/configurations/resources/s3.py

@@ -30,7 +30,7 @@ class S3BucketConfig(EnhancedBaseConfig):
                 "S3 Bucket Configuration must be a dictionary. Found: "
                 f"{type(self.__config)}"
             )
-        if len(self.__config.keys()) == 0:
+        if not self.__config.keys():
             raise ValueError("S3 Bucket Configuration cannot be empty")
 
     @property
@@ -158,7 +158,15 @@ class S3BucketConfig(EnhancedBaseConfig):
             value = self.__config.get("block_public_access")
 
         if value and isinstance(value, str):
-            if value.lower() == "block_acls":
+            if value.lower() == "disabled":
+                # For public website hosting, disable block public access
+                return s3.BlockPublicAccess(
+                    block_public_acls=False,
+                    block_public_policy=False,
+                    ignore_public_acls=False,
+                    restrict_public_buckets=False
+                )
+            elif value.lower() == "block_acls":
                 return s3.BlockPublicAccess.BLOCK_ACLS
             # elif value.lower() == "block_public_acls":
             #     return s3.BlockPublicAccess.block_public_acls

cdk_factory/configurations/resources/security_group_full_stack.py

@@ -62,21 +62,20 @@ class SecurityGroupFullStackConfig:
         """Tags to apply to the Security Group"""
         return self.__config.get("tags", {})
 
+    @property
+    def ssm(self) -> Dict[str, Any]:
+        """SSM configuration"""
+        return self.__config.get("ssm", {})
+
     @property
     def ssm_imports(self) -> Dict[str, str]:
         """SSM parameter imports for the Security Group"""
-        # Check both nested and flat structures for backwards compatibility
-        if "ssm" in self.__config and "imports" in self.__config["ssm"]:
-            return self.__config["ssm"]["imports"]
-        return self.__config.get("ssm_imports", {})
+        return self.ssm.get("imports", {})
 
     @property
     def ssm_exports(self) -> Dict[str, str]:
         """SSM parameter exports for the Security Group"""
-        # Check both nested and flat structures for backwards compatibility
-        if "ssm" in self.__config and "exports" in self.__config["ssm"]:
-            return self.__config["ssm"]["exports"]
-        return self.__config.get("ssm_exports", {})
+        return self.ssm.get("exports", {})
 
     @property
     def security_groups(self) -> List[Dict[str, Any]]:

cdk_factory/configurations/resources/vpc.py

@@ -122,3 +122,22 @@ class VpcConfig(EnhancedBaseConfig):
     def isolated_subnet_name(self) -> str:
         """Custom name for isolated subnets"""
         return self.get("isolated_subnet_name", "isolated")
+
+    @property
+    def subnets(self) -> Dict[str, Any]:
+        """Subnet configuration for the VPC"""
+        return self.get("subnets", {
+            "public": {
+                "enabled": self.public_subnets,
+                "cidr_mask": self.public_subnet_mask,
+                "map_public_ip": True
+            },
+            "private": {
+                "enabled": self.private_subnets,
+                "cidr_mask": self.private_subnet_mask
+            },
+            "isolated": {
+                "enabled": self.isolated_subnets,
+                "cidr_mask": self.isolated_subnet_mask
+            }
+        })

cdk_factory/configurations/workload.py

@@ -5,6 +5,7 @@ MIT License.  See Project Root for the license information.
 """
 
 import os
+import copy
 from typing import Any, Dict, List
 
 from aws_lambda_powertools import Logger
@@ -66,13 +67,42 @@ class WorkloadConfig:
         if self.__app_config is None:
             raise ValueError("Configuration is not defined.")
 
+        # Create a deep copy to avoid mutating the original configuration
         if "workload" in self.__app_config:
-            workload = self.__app_config["workload"]
+            workload = copy.deepcopy(self.__app_config["workload"])
         else:
-            workload = self.__app_config
+            workload = copy.deepcopy(self.__app_config)
 
         self.__workload = workload
 
+        # Handle missing devops section gracefully
+        if "devops" not in workload:
+            logger.warning("Devops configuration not found in workload, using defaults")
+            
+            # Get environment variables for defaults
+            devops_account = os.environ.get("DEVOPS_AWS_ACCOUNT")
+            devops_region = os.environ.get("DEVOPS_REGION")
+            
+            # Validate required environment variables
+            if not devops_account or not devops_region:
+                raise ValueError(
+                    "DEVOPS_AWS_ACCOUNT and DEVOPS_REGION environment variables must be set when devops config is missing"
+                )
+            
+            # Use a separate defaults object instead of mutating the original
+            devops_defaults = {
+                "account": devops_account,
+                "region": devops_region,
+                "code_repository": {
+                    "name": os.environ.get("CODE_REPOSITORY_NAME", "default-repo"),
+                    "type": "connector_arn",
+                    "connector_arn": os.environ.get("CODE_REPOSITORY_ARN", f"arn:aws:codeconnections:{os.environ.get('DEVOPS_REGION', 'us-east-1')}:{os.environ.get('DEVOPS_AWS_ACCOUNT')}:connection/default")
+                },
+                "commands": []
+            }
+            
+            workload["devops"] = devops_defaults
+
         self.__devops = DevOps(workload["devops"])
         self.__management = Management(workload.get("management", {}))
         self.__cloudfront = CloudFrontConfig(workload.get("cloudfront", {}))

cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py

@@ -558,7 +558,7 @@ class CloudFrontDistributionConstruct(Construct):
         """
         bucket_policy = s3.BucketPolicy(
             self,
-            id=f"CloudFrontBucketPolicy-{self.source_bucket.bucket_name}",
+            id="CloudFrontBucketPolicy",
             bucket=self.source_bucket,
         )
 

cdk_factory/constructs/ecr/ecr_construct.py

@@ -14,12 +14,12 @@ from constructs import Construct, IConstruct
 from cdk_factory.configurations.resources.resource_types import ResourceTypes
 from cdk_factory.configurations.resources.ecr import ECRConfig as ECR
 from cdk_factory.configurations.deployment import DeploymentConfig as Deployment
-from cdk_factory.interfaces.ssm_parameter_mixin import SsmParameterMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 
 logger = Logger(__name__)
 
 
-class ECRConstruct(Construct, SsmParameterMixin):
+class ECRConstruct(Construct, StandardizedSsmMixin):
     def __init__(
         self,
         scope: Construct,
@@ -30,6 +30,8 @@ class ECRConstruct(Construct, SsmParameterMixin):
         **kwargs,
     ) -> None:
         super().__init__(scope, id, **kwargs)
+        # Initialize StandardizedSsmMixin explicitly
+        StandardizedSsmMixin.__init__(self, **kwargs)
 
         self.scope = scope
         self.deployment = deployment
@@ -77,6 +79,11 @@ class ECRConstruct(Construct, SsmParameterMixin):
 
         This method uses the new configurable SSM parameter prefix system.
         """
+        # Check if SSM exports are configured
+        if not hasattr(self.repo, 'ssm_exports') or not self.repo.ssm_exports:
+            logger.debug("No SSM exports configured for ECR repository")
+            return
+        
         # Create a dictionary of resource values to export
         resource_values = {
             "name": self.ecr.repository_name,