cdk-factory 0.16.15__py3-none-any.whl → 0.20.0__py3-none-any.whl

cdk_factory/stack_library/rum/rum_stack.py

@@ -16,7 +16,7 @@ from cdk_factory.configurations.deployment import DeploymentConfig
 from cdk_factory.configurations.resources.rum import RumConfig
 from cdk_factory.configurations.stack import StackConfig
 from cdk_factory.interfaces.istack import IStack
-from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import EnhancedSsmParameterMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.workload.workload_factory import WorkloadConfig
 
@@ -25,7 +25,7 @@ logger = Logger(__name__)
 
 @register_stack("rum_library_module")
 @register_stack("rum_stack")
-class RumStack(IStack, EnhancedSsmParameterMixin):
+class RumStack(IStack, StandardizedSsmMixin):
     """
     RUM Stack - Creates a CloudWatch RUM app monitor with optional Cognito integration.
     Can either use existing Cognito resources or create new ones if not provided.
@@ -51,17 +51,37 @@ class RumStack(IStack, EnhancedSsmParameterMixin):
         self.stack_config = stack_config
         self.deployment = deployment
         self.rum_config = RumConfig(stack_config.dictionary.get("rum", {}))
-        
+
         logger.info(f"Building RUM stack: {self.rum_config.name}")
 
         # Setup enhanced SSM integration
-        self.setup_enhanced_ssm_integration(
+        rum_config = stack_config.dictionary.get("rum", {}).copy()
+
+        # Configure SSM imports for cognito resources if needed
+        if not self.rum_config.cognito_identity_pool_id:
+            # Only add SSM imports if we have the required template variables
+            # Check if deployment has organization info for template resolution
+            if (hasattr(deployment, 'organization') and deployment.organization and
+                hasattr(deployment, 'environment') and deployment.environment):
+                # Add explicit import path for cognito identity pool using new pattern
+                if "ssm" not in rum_config:
+                    rum_config["ssm"] = {}
+                if "imports" not in rum_config["ssm"]:
+                    rum_config["ssm"]["imports"] = {}
+                rum_config["ssm"]["imports"][
+                    "cognito_identity_pool_id"
+                ] = "/{{ORGANIZATION}}/{{ENVIRONMENT}}/cognito/user-pool/identity-pool-id"
+
+        self.setup_ssm_integration(
             scope=self,
-            config=stack_config.dictionary.get("rum", {}),
+            config=rum_config,
             resource_type="rum",
-            resource_name=self.rum_config.name
+            resource_name=self.rum_config.name,
         )
 
+        # Process SSM imports using standardized method
+        self.process_ssm_imports()
+
         # Import or create Cognito resources
         identity_pool_id, guest_role_arn = self._setup_cognito_integration()
 
@@ -84,14 +104,14 @@ class RumStack(IStack, EnhancedSsmParameterMixin):
             identity_pool_id = self.rum_config.cognito_identity_pool_id
             logger.info(f"Using existing Cognito Identity Pool: {identity_pool_id}")
         else:
-            # Try to import from SSM using enhanced SSM pattern
-            imported_values = self.auto_import_resources({
-                "cognito_identity_pool_id": "auto"
-            })
-            
-            if imported_values.get("cognito_identity_pool_id"):
-                identity_pool_id = imported_values["cognito_identity_pool_id"]
-                logger.info(f"Imported Cognito Identity Pool from SSM: {identity_pool_id}")
+            # Try to import from SSM using standardized approach
+            cognito_identity_pool_id = self.get_ssm_imported_value("cognito_identity_pool_id")
+
+            if cognito_identity_pool_id:
+                identity_pool_id = cognito_identity_pool_id
+                logger.info(
+                    f"Imported Cognito Identity Pool from SSM: {identity_pool_id}"
+                )
 
         # If no existing identity pool found, create new Cognito resources
         if not identity_pool_id and self.rum_config.create_cognito_identity_pool:
@@ -107,17 +127,21 @@ class RumStack(IStack, EnhancedSsmParameterMixin):
         """Create new Cognito User Pool and Identity Pool for RUM"""
         logger.info("Creating new Cognito resources for RUM")
 
+        def _resource_name(name: str) -> str:
+            """Helper to generate resource names"""
+            return f"{self.rum_config.name}-{name}"
+
         # Create User Pool if needed
         user_pool_id = self.rum_config.cognito_user_pool_id
         if not user_pool_id and self.rum_config.create_cognito_user_pool:
             self.user_pool = cognito.UserPool(
                 self,
-                id=self.deployment.build_resource_name(f"{self.rum_config.name}-user-pool"),
+                id=_resource_name("user-pool"),
                 user_pool_name=self.rum_config.cognito_user_pool_name,
                 self_sign_up_enabled=True,
                 sign_in_aliases=cognito.SignInAliases(email=True),
                 auto_verify=cognito.AutoVerifiedAttrs(email=True),
-                removal_policy=cdk.RemovalPolicy.DESTROY
+                removal_policy=cdk.RemovalPolicy.DESTROY,
             )
             user_pool_id = self.user_pool.user_pool_id
             logger.info(f"Created Cognito User Pool: {user_pool_id}")
@@ -128,33 +152,34 @@ class RumStack(IStack, EnhancedSsmParameterMixin):
             # Create User Pool Client for Identity Pool integration
             user_pool_client = cognito.UserPoolClient(
                 self,
-                id=self.deployment.build_resource_name(f"{self.rum_config.name}-user-pool-client"),
+                id=_resource_name("user-pool-client"),
                 user_pool=self.user_pool,
                 generate_secret=False,
-                auth_flows=cognito.AuthFlow(
-                    user_srp=True,
-                    user_password=True
-                )
+                auth_flows=cognito.AuthFlow(user_srp=True, user_password=True),
+            )
+
+            identity_pool_providers.append(
+                {
+                    "providerName": f"cognito-idp.{self.region}.amazonaws.com/{user_pool_id}",
+                    "providerType": "COGNITO_USER_POOLS",
+                    "clientId": user_pool_client.user_pool_client_id,
+                }
             )
-            
-            identity_pool_providers.append({
-                "providerName": f"cognito-idp.{self.region}.amazonaws.com/{user_pool_id}",
-                "providerType": "COGNITO_USER_POOLS",
-                "clientId": user_pool_client.user_pool_client_id
-            })
 
         self.identity_pool = cognito.CfnIdentityPool(
             self,
-            id=self.deployment.build_resource_name(f"{self.rum_config.name}-identity-pool"),
+            id=_resource_name("identity-pool"),
             identity_pool_name=self.rum_config.cognito_identity_pool_name,
             allow_unauthenticated_identities=True,
-            cognito_identity_providers=identity_pool_providers if identity_pool_providers else None
+            cognito_identity_providers=(
+                identity_pool_providers if identity_pool_providers else None
+            ),
         )
 
         # Create IAM role for unauthenticated users (guest role)
         guest_role = iam.Role(
             self,
-            id=self.deployment.build_resource_name(f"{self.rum_config.name}-guest-role"),
+            id=_resource_name("guest-role"),
             assumed_by=iam.FederatedPrincipal(
                 "cognito-identity.amazonaws.com",
                 conditions={
@@ -163,52 +188,55 @@ class RumStack(IStack, EnhancedSsmParameterMixin):
                     },
                     "ForAnyValue:StringLike": {
                         "cognito-identity.amazonaws.com:amr": "unauthenticated"
-                    }
-                }
+                    },
+                },
             ),
             inline_policies={
                 "RUMPolicy": iam.PolicyDocument(
                     statements=[
                         iam.PolicyStatement(
                             effect=iam.Effect.ALLOW,
-                            actions=[
-                                "rum:PutRumEvents"
+                            actions=["rum:PutRumEvents"],
+                            resources=[
+                                f"arn:aws:rum:{self.region}:{self.account}:appmonitor/{self.rum_config.name}"
                             ],
-                            resources=[f"arn:aws:rum:{self.region}:{self.account}:appmonitor/{self.rum_config.name}"]
                         )
                     ]
                 )
-            }
+            },
         )
 
         # Attach the role to the identity pool
         cognito.CfnIdentityPoolRoleAttachment(
             self,
-            id=self.deployment.build_resource_name(f"{self.rum_config.name}-role-attachment"),
+            id=_resource_name("role-attachment"),
             identity_pool_id=self.identity_pool.ref,
-            roles={
-                "unauthenticated": guest_role.role_arn
-            }
+            roles={"unauthenticated": guest_role.role_arn},
         )
 
         logger.info(f"Created Cognito Identity Pool: {self.identity_pool.ref}")
         return self.identity_pool.ref, guest_role.role_arn
 
     def _create_minimal_identity_pool(self) -> tuple[str, str]:
-        """Create a minimal identity pool for RUM when no Cognito resources are provided"""
+        """Create a minimal Identity Pool with just a guest role for RUM"""
         logger.info("Creating minimal Cognito Identity Pool for RUM")
 
-        self.identity_pool = cognito.CfnIdentityPool(
+        def _resource_name(name: str) -> str:
+            """Helper to generate resource names"""
+            return f"{self.rum_config.name}-{name}"
+
+        # Create minimal Identity Pool
+        minimal_identity_pool = cognito.CfnIdentityPool(
             self,
-            id=self.deployment.build_resource_name(f"{self.rum_config.name}-minimal-identity-pool"),
+            id=_resource_name("minimal-identity-pool"),
             identity_pool_name=f"{self.rum_config.name}_minimal_identity_pool",
-            allow_unauthenticated_identities=True
+            allow_unauthenticated_identities=True,
         )
 
         # Create minimal IAM role for unauthenticated users
         guest_role = iam.Role(
             self,
-            id=self.deployment.build_resource_name(f"{self.rum_config.name}-minimal-guest-role"),
+            id=_resource_name("minimal-guest-role"),
             assumed_by=iam.FederatedPrincipal(
                 "cognito-identity.amazonaws.com",
                 conditions={
@@ -217,85 +245,74 @@ class RumStack(IStack, EnhancedSsmParameterMixin):
                     },
                     "ForAnyValue:StringLike": {
                         "cognito-identity.amazonaws.com:amr": "unauthenticated"
-                    }
-                }
+                    },
+                },
             ),
             inline_policies={
                 "RUMPolicy": iam.PolicyDocument(
                     statements=[
                         iam.PolicyStatement(
                             effect=iam.Effect.ALLOW,
-                            actions=[
-                                "rum:PutRumEvents"
+                            actions=["rum:PutRumEvents"],
+                            resources=[
+                                f"arn:aws:rum:{self.region}:{self.account}:appmonitor/{self.rum_config.name}"
                             ],
-                            resources=[f"arn:aws:rum:{self.region}:{self.account}:appmonitor/{self.rum_config.name}"]
                         )
                     ]
                 )
-            }
+            },
         )
 
         # Attach the role to the identity pool
         cognito.CfnIdentityPoolRoleAttachment(
             self,
-            id=self.deployment.build_resource_name(f"{self.rum_config.name}-minimal-role-attachment"),
+            id=_resource_name("minimal-role-attachment"),
             identity_pool_id=self.identity_pool.ref,
-            roles={
-                "unauthenticated": guest_role.role_arn
-            }
+            roles={"unauthenticated": guest_role.role_arn},
         )
 
         return self.identity_pool.ref, guest_role.role_arn
 
-    def _create_app_monitor(self, identity_pool_id: str, guest_role_arn: Optional[str]) -> None:
+    def _create_app_monitor(
+        self, identity_pool_id: str, guest_role_arn: Optional[str]
+    ) -> None:
         """Create the CloudWatch RUM app monitor"""
-        logger.info(f"Creating RUM app monitor: {self.rum_config.name}")
+        logger.info("Creating CloudWatch RUM app monitor")
+
+        def _resource_name(name: str) -> str:
+            """Helper to generate resource names"""
+            return f"{self.rum_config.name}-{name}"
 
-        # Build app monitor configuration
+        # Create app monitor configuration
         app_monitor_config = rum.CfnAppMonitor.AppMonitorConfigurationProperty(
-            identity_pool_id=identity_pool_id,
-            guest_role_arn=guest_role_arn,
             allow_cookies=self.rum_config.allow_cookies,
             enable_x_ray=self.rum_config.enable_xray,
+            favorite_pages=self.rum_config.favorite_pages,
+            guest_role_arn=guest_role_arn,
+            identity_pool_id=identity_pool_id,
             session_sample_rate=self.rum_config.session_sample_rate,
-            telemetries=self.rum_config.telemetries
+            telemetries=self.rum_config.telemetries,
         )
 
-        # Add optional properties
-        if self.rum_config.excluded_pages:
-            app_monitor_config.excluded_pages = self.rum_config.excluded_pages
-        
-        if self.rum_config.included_pages:
-            app_monitor_config.included_pages = self.rum_config.included_pages
-            
-        if self.rum_config.favorite_pages:
-            app_monitor_config.favorite_pages = self.rum_config.favorite_pages
-
-        if self.rum_config.metric_destinations:
-            app_monitor_config.metric_destinations = [
-                rum.CfnAppMonitor.MetricDestinationProperty(**dest)
-                for dest in self.rum_config.metric_destinations
-            ]
-
-        # Create custom events configuration if enabled
-        custom_events = None
-        if self.rum_config.custom_events_enabled:
-            custom_events = rum.CfnAppMonitor.CustomEventsProperty(
-                status="ENABLED"
-            )
-
-        # Create the app monitor
         self.app_monitor = rum.CfnAppMonitor(
             self,
-            id=self.deployment.build_resource_name(f"{self.rum_config.name}-app-monitor"),
+            id=_resource_name("app-monitor"),
             name=self.rum_config.name,
-            app_monitor_configuration=app_monitor_config,
             domain=self.rum_config.domain,
-            domain_list=self.rum_config.domain_list,
+            app_monitor_configuration=app_monitor_config,
             cw_log_enabled=self.rum_config.cw_log_enabled,
-            custom_events=custom_events
         )
 
+        logger.info(f"Created CloudWatch RUM app monitor: {self.rum_config.name}")
+
+        # Create custom events configuration if enabled
+        custom_events = None
+        if self.rum_config.custom_events_enabled:
+            custom_events = rum.CfnAppMonitor.CustomEventsProperty(status="ENABLED")
+
+        # Update the app monitor with additional properties
+        # (Note: some properties like custom_events need to be set during creation)
+
         # Add tags if specified
         if self.rum_config.tags:
             for key, value in self.rum_config.tags.items():
@@ -324,8 +341,8 @@ class RumStack(IStack, EnhancedSsmParameterMixin):
             resource_values["user_pool_id"] = self.user_pool.user_pool_id
 
         # Use enhanced SSM parameter export
-        exported_params = self.auto_export_resources(resource_values)
-        
+        exported_params = self.export_ssm_parameters(resource_values)
+
         if exported_params:
             logger.info(f"Exported {len(exported_params)} RUM parameters to SSM")
         else:

cdk_factory/stack_library/security_group/security_group_full_stack.py

@@ -11,6 +11,7 @@ from cdk_factory.configurations.resources.security_group_full_stack import (
     SecurityGroupFullStackConfig,
 )
 from cdk_factory.interfaces.istack import IStack
+from cdk_factory.interfaces.vpc_provider_mixin import VPCProviderMixin
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.workload.workload_factory import WorkloadConfig
 
@@ -19,7 +20,7 @@ logger = Logger(service="SecurityGroupFullStack")
 
 @register_stack("security_group_full_stack_library_module")
 @register_stack("security_group_full_stack")
-class SecurityGroupsStack(IStack):
+class SecurityGroupsStack(IStack, VPCProviderMixin):
 
     def __init__(self, scope: Construct, id: str, **kwargs) -> None:
         super().__init__(scope, id, **kwargs)
@@ -193,37 +194,7 @@ class SecurityGroupsStack(IStack):
                 description="Uptime Robot",
             )
 
-        # =========================================================
-        # Outputs (exports)
-        # =========================================================
-        cdk.CfnOutput(
-            self,
-            "WebFleetAlbSecurityGroupOut",
-            value=alb_sg.ref,
-            description="Web Fleet Application Load Balancer Security Group",
-            export_name=f"{self.deployment.environment}-{self.workload.name}-WebFleetAlbSecurityGroup",
-        )
-        cdk.CfnOutput(
-            self,
-            "WebFleetInstancesSecurityGroupOut",
-            value=web_fleet_sg.ref,
-            description="Web Fleet Instances Security Group",
-            export_name=f"{self.deployment.environment}-{self.workload.name}-WebFleetInstancesSecurityGroup",
-        )
-        cdk.CfnOutput(
-            self,
-            "MySqlDbSecurityGroupOut",
-            value=mysql_sg.ref,
-            description="MySql Security Group",
-            export_name=f"{self.deployment.environment}-{self.workload.name}-MySqlDbSecurityGroup",
-        )
-        cdk.CfnOutput(
-            self,
-            "WebMonitoringSecurityGroupOut",
-            value=monitoring_sg.ref,
-            description="Web Fleet Application Load Balancer Security Group",
-            export_name=f"{self.deployment.environment}-{self.workload.name}-WebMonitoringSecurityGroup",
-        )
+       
 
         # =========================================================
         # SSM Parameter Store Exports
@@ -274,30 +245,16 @@ class SecurityGroupsStack(IStack):
 
     @property
     def vpc(self) -> ec2.IVpc:
-        """Get the VPC for the Security Group"""
+        """Get the VPC for the Security Group using centralized VPC provider mixin."""
         if self._vpc:
             return self._vpc
         
-        # Check SSM imported values first (tokens from SSM parameters)
-        if "vpc_id" in self.ssm_imported_values:
-            vpc_id = self.ssm_imported_values["vpc_id"]
-            
-            # Build VPC attributes
-            vpc_attrs = {
-                "vpc_id": vpc_id,
-                "availability_zones": ["us-east-1a", "us-east-1b"]
-            }
-            
-            # Use from_vpc_attributes() instead of from_lookup() because SSM imports return tokens
-            # from_lookup() requires concrete values and queries AWS during synthesis
-            self._vpc = ec2.Vpc.from_vpc_attributes(self, "VPC", **vpc_attrs)
-        elif self.sg_config.vpc_id:
-            self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.sg_config.vpc_id)
-        elif self.workload.vpc_id:
-            self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.workload.vpc_id)
-        else:
-            raise ValueError("VPC ID is not defined in the configuration or SSM imports.")
-
+        # Use the centralized VPC resolution from VPCProviderMixin
+        self._vpc = self.resolve_vpc(
+            config=self.sg_config,
+            deployment=self.deployment,
+            workload=self.workload
+        )
         return self._vpc
 
     def _export_ssm_parameters(self, security_groups_map: Dict[str, ec2.CfnSecurityGroup]) -> None:

cdk_factory/stack_library/security_group/security_group_stack.py

@@ -15,7 +15,8 @@ from cdk_factory.configurations.deployment import DeploymentConfig
 from cdk_factory.configurations.stack import StackConfig
 from cdk_factory.configurations.resources.security_group import SecurityGroupConfig
 from cdk_factory.interfaces.istack import IStack
-from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import EnhancedSsmParameterMixin
+from cdk_factory.interfaces.vpc_provider_mixin import VPCProviderMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.workload.workload_factory import WorkloadConfig
 
@@ -24,7 +25,7 @@ logger = Logger(service="SecurityGroupStack")
 
 @register_stack("security_group_library_module")
 @register_stack("security_group_stack")
-class SecurityGroupStack(IStack, EnhancedSsmParameterMixin):
+class SecurityGroupStack(IStack, VPCProviderMixin, StandardizedSsmMixin):
     """
     Reusable stack for AWS Security Groups.
     Supports creating security groups with customizable rules.
@@ -82,17 +83,16 @@ class SecurityGroupStack(IStack, EnhancedSsmParameterMixin):
 
     @property
     def vpc(self) -> ec2.IVpc:
-        """Get the VPC for the Security Group"""
+        """Get the VPC for the Security Group using centralized VPC provider mixin."""
         if self._vpc:
             return self._vpc
-        if self.sg_config.vpc_id:
-            self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.sg_config.vpc_id)
-        elif self.workload.vpc_id:
-            self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.workload.vpc_id)
-
-        else:
-            raise ValueError("VPC ID is not defined in the configuration.")
-
+        
+        # Use the centralized VPC resolution from VPCProviderMixin
+        self._vpc = self.resolve_vpc(
+            config=self.sg_config,
+            deployment=self.deployment,
+            workload=self.workload
+        )
         return self._vpc
 
     def _create_security_group(self, sg_name: str) -> ec2.SecurityGroup:
@@ -337,14 +337,7 @@ class SecurityGroupStack(IStack, EnhancedSsmParameterMixin):
 
     def _export_cfn_outputs(self, sg_name: str) -> None:
         """Add CloudFormation outputs for the Security Group"""
-        if self.security_group:
-            # Security Group ID
-            cdk.CfnOutput(
-                self,
-                f"{sg_name}-id",
-                value=self.security_group.security_group_id,
-                export_name=f"{self.deployment.build_resource_name(sg_name)}-id",
-            )
+        return
 
     def _export_ssm_parameters(self, sg_name: str) -> None:
         """Add SSM parameters for the Security Group"""

cdk_factory/stack_library/simple_queue_service/sqs_stack.py

@@ -131,37 +131,4 @@ class SQSStack(IStack):
 
     def _add_outputs(self) -> None:
         """Add CloudFormation outputs for the SQS queues"""
-        for queue_name, queue in self.queues.items():
-            # Queue ARN
-            cdk.CfnOutput(
-                self,
-                f"{queue_name}-arn",
-                value=queue.queue_arn,
-                export_name=f"{self.deployment.build_resource_name(queue_name)}-arn"
-            )
-            
-            # Queue URL
-            cdk.CfnOutput(
-                self,
-                f"{queue_name}-url",
-                value=queue.queue_url,
-                export_name=f"{self.deployment.build_resource_name(queue_name)}-url"
-            )
-        
-        # Also add outputs for DLQs
-        for dlq_name, dlq in self.dead_letter_queues.items():
-            # DLQ ARN
-            cdk.CfnOutput(
-                self,
-                f"{dlq_name}-arn",
-                value=dlq.queue_arn,
-                export_name=f"{self.deployment.build_resource_name(dlq_name)}-arn"
-            )
-            
-            # DLQ URL
-            cdk.CfnOutput(
-                self,
-                f"{dlq_name}-url",
-                value=dlq.queue_url,
-                export_name=f"{self.deployment.build_resource_name(dlq_name)}-url"
-            )
+        return

cdk_factory/stack_library/stack_base.py

@@ -54,6 +54,11 @@ class StackStandards:
         git_hash = GitUtilities.get_git_commit_hash()
         if git_hash:
             aws_cdk.Tags.of(scope).add("ApplicationGitHash", git_hash)
+        
+        # Add CDK Factory version for tracking and debugging
+        from cdk_factory.version import __version__
+        aws_cdk.Tags.of(scope).add("CdkFactoryVersion", __version__)
+        
         aws_cdk.Tags.of(scope).add(
             "DeploymentDateUTC", str(datetime.datetime.now(datetime.UTC))
         )