cdk-factory 0.16.15__py3-none-any.whl → 0.20.0__py3-none-any.whl

cdk_factory/stack_library/auto_scaling/auto_scaling_stack.py

@@ -1,5 +1,5 @@
 """
-Auto Scaling Group Stack Pattern for CDK-Factory
+Auto Scaling Group Stack Pattern for CDK-Factory (Standardized SSM Version)
 Maintainers: Eric Wilson
 MIT License.  See Project Root for the license information.
 """
@@ -9,11 +9,11 @@ from typing import Dict, Any, List, Optional
 import aws_cdk as cdk
 from aws_cdk import aws_ec2 as ec2
 from aws_cdk import aws_autoscaling as autoscaling
-from aws_cdk import aws_cloudwatch as cloudwatch
 from aws_cdk import aws_iam as iam
-from aws_cdk import aws_ssm as ssm
 from aws_cdk import aws_ecs as ecs
-from aws_cdk import Duration, Stack
+from aws_cdk import Duration
+
+from aws_cdk.aws_autoscaling import HealthChecks, AdditionalHealthCheckType
 from aws_lambda_powertools import Logger
 from constructs import Construct
 
@@ -22,29 +22,38 @@ from cdk_factory.configurations.stack import StackConfig
 from cdk_factory.configurations.resources.auto_scaling import AutoScalingConfig
 from cdk_factory.interfaces.istack import IStack
 from cdk_factory.interfaces.vpc_provider_mixin import VPCProviderMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.workload.workload_factory import WorkloadConfig
 
-logger = Logger(service="AutoScalingStack")
+logger = Logger(service="AutoScalingStackStandardized")
 
 
 @register_stack("auto_scaling_library_module")
 @register_stack("auto_scaling_stack")
-class AutoScalingStack(IStack, VPCProviderMixin):
+class AutoScalingStack(IStack, VPCProviderMixin, StandardizedSsmMixin):
     """
-    Reusable stack for AWS Auto Scaling Groups.
-    Supports creating EC2 Auto Scaling Groups with customizable configurations.
-    
-    Uses enhanced SsmParameterMixin (via IStack) to eliminate SSM code duplication.
+    Reusable stack for AWS Auto Scaling Groups with standardized SSM integration.
+
+    This version uses the StandardizedSsmMixin to provide consistent SSM parameter
+    handling across all CDK Factory modules.
+
+    Key Features:
+    - Standardized SSM import/export patterns
+    - Template variable resolution
+    - Comprehensive validation
+    - Clear error handling
+    - Backward compatibility
     """
 
     def __init__(self, scope: Construct, id: str, **kwargs) -> None:
-        # Initialize parent class properly - IStack inherits from enhanced SsmParameterMixin
+        # Initialize parent classes properly
         super().__init__(scope, id, **kwargs)
-        
+
         # Initialize VPC cache from mixin
         self._initialize_vpc_cache()
-        
+
+        # Initialize module attributes
         self.asg_config = None
         self.stack_config = None
         self.deployment = None
@@ -56,9 +65,6 @@ class AutoScalingStack(IStack, VPCProviderMixin):
         self.user_data = None
         self.user_data_commands = []  # Store raw commands for ECS cluster detection
         self.ecs_cluster = None
-        
-        # SSM imports storage is now handled by the enhanced SsmParameterMixin via IStack
-        # VPC caching is now handled by VPCProviderMixin
 
     def build(
         self,
@@ -85,21 +91,33 @@ class AutoScalingStack(IStack, VPCProviderMixin):
         )
         asg_name = deployment.build_resource_name(self.asg_config.name)
 
-        # Process SSM imports using enhanced SsmParameterMixin
-        self.process_ssm_imports(self.asg_config, deployment, "Auto Scaling Group")
+        # Setup standardized SSM integration
+        self.setup_ssm_integration(
+            scope=self,
+            config=self.asg_config,
+            resource_type="auto_scaling",
+            resource_name=asg_name,
+            deployment=deployment,
+            workload=workload,
+        )
+
+        # Process SSM imports using standardized method
+        self.process_ssm_imports()
 
-        # Get security groups
+        # Get security groups using standardized approach
         self.security_groups = self._get_security_groups()
 
         # Create IAM role for instances
         self.instance_role = self._create_instance_role(asg_name)
 
-        # Create user data
-        self.user_data = self._create_user_data()
+        # Create VPC once to be reused by both ECS cluster and ASG
+        self._vpc = None  # Store VPC for reuse
 
         # Create ECS cluster if ECS configuration is detected
-        # This must happen before launch template creation so user data can be updated
-        self._create_ecs_cluster_if_needed(asg_name)
+        self.ecs_cluster = self._create_ecs_cluster_if_needed()
+
+        # Create user data (after ECS cluster so it can reference it)
+        self.user_data = self._create_user_data()
 
         # Create launch template
         self.launch_template = self._create_launch_template(asg_name)
@@ -110,82 +128,101 @@ class AutoScalingStack(IStack, VPCProviderMixin):
         # Add scaling policies
         self._add_scaling_policies()
 
-        # Add scheduled actions
-        self._add_scheduled_actions()
-
-        # Export resources
-        self._export_resources(asg_name)
-
-    @property
-    def vpc(self) -> ec2.IVpc:
-        """Get the VPC for the Auto Scaling Group using VPCProviderMixin"""
-        if not self.asg_config:
-            raise AttributeError("AutoScalingStack not properly initialized. Call build() first.")
-
-        # Use VPCProviderMixin to resolve VPC with proper subnet handling
-        return self.resolve_vpc(
-            config=self.asg_config,
-            deployment=self.deployment,
-            workload=self.workload
-        )
-
-    def _get_target_group_arns(self) -> List[str]:
-        """Get target group ARNs from SSM imports using enhanced SsmParameterMixin"""
-        target_group_arns = []
-
-        # Check if we have SSM imports for target groups using enhanced mixin
-        if self.has_ssm_import("target_group_arns"):
-            imported_tg_arns = self.get_ssm_imported_value("target_group_arns", [])
-            if isinstance(imported_tg_arns, list):
-                target_group_arns.extend(imported_tg_arns)
-            else:
-                target_group_arns.append(imported_tg_arns)
-
-        # see if we have any directly defined in the config
-        if self.asg_config.target_group_arns:
-            for arn in self.asg_config.target_group_arns:
-                logger.info(f"Adding target group ARN: {arn}")
-                target_group_arns.append(arn)
+        # Add update policy
+        self._add_update_policy()
 
-        return target_group_arns
-
-    def _attach_target_groups(self, asg: autoscaling.AutoScalingGroup) -> None:
-        """Attach the Auto Scaling Group to target groups"""
-        target_group_arns = self._get_target_group_arns()
+        # Export SSM parameters
+        self._export_ssm_parameters()
 
-        if not target_group_arns:
-            logger.warning("No target group ARNs found for Auto Scaling Group")
-            print(
-                "⚠️ No target group ARNs found for Auto Scaling Group.  Nothing will be attached."
-            )
-            return
+        logger.info(f"Auto Scaling Group {asg_name} built successfully")
 
-        # Get the underlying CloudFormation resource to add target group ARNs
-        cfn_asg = asg.node.default_child
-        cfn_asg.add_property_override("TargetGroupARNs", target_group_arns)
+    def _get_ssm_imports(self) -> Dict[str, Any]:
+        """Get SSM imports from standardized mixin processing"""
+        return self.get_all_ssm_imports()
 
     def _get_security_groups(self) -> List[ec2.ISecurityGroup]:
-        """Get security groups for the Auto Scaling Group"""
+        """
+        Get security groups for the Auto Scaling Group using standardized SSM imports.
+
+        Returns:
+            List of security group references
+        """
         security_groups = []
-        for sg_id in self.asg_config.security_group_ids:
-            # if the security group id contains a comma, it is a list of security group ids
-            if "," in sg_id:
-                blocks = sg_id.split(",")
-                for block in blocks:
+
+        # Primary method: Use standardized SSM imports
+        ssm_imports = self._get_ssm_imports()
+        if "security_group_ids" in ssm_imports:
+            imported_sg_ids = ssm_imports["security_group_ids"]
+            if isinstance(imported_sg_ids, list):
+                for idx, sg_id in enumerate(imported_sg_ids):
                     security_groups.append(
                         ec2.SecurityGroup.from_security_group_id(
-                            self, f"SecurityGroup-{block}", block
+                            self, f"SecurityGroup-SSM-{idx}", sg_id
                         )
                     )
+                logger.info(
+                    f"Added {len(imported_sg_ids)} security groups from SSM imports"
+                )
             else:
-                # TODO: add some additional checks to make it more robust
                 security_groups.append(
                     ec2.SecurityGroup.from_security_group_id(
-                        self, f"SecurityGroup-{sg_id}", sg_id
+                        self, f"SecurityGroup-SSM-0", imported_sg_ids
                     )
                 )
+                logger.info(f"Added security group from SSM imports")
+
+        # Fallback: Check for direct configuration (backward compatibility)
+        elif self.asg_config.security_group_ids:
+            logger.warning(
+                "Using direct security group configuration - consider migrating to SSM imports"
+            )
+            for idx, sg_id in enumerate(self.asg_config.security_group_ids):
+                logger.info(f"Adding security group from direct config: {sg_id}")
+                # Handle comma-separated security group IDs
+                if "," in sg_id:
+                    blocks = sg_id.split(",")
+                    for block_idx, block in enumerate(blocks):
+                        security_groups.append(
+                            ec2.SecurityGroup.from_security_group_id(
+                                self,
+                                f"SecurityGroup-Direct-{idx}-{block_idx}",
+                                block.strip(),
+                            )
+                        )
+                else:
+                    security_groups.append(
+                        ec2.SecurityGroup.from_security_group_id(
+                            self, f"SecurityGroup-Direct-{idx}", sg_id
+                        )
+                    )
+        else:
+            logger.warning(
+                "No security groups found from SSM imports or direct configuration"
+            )
+
         return security_groups
 
+    def _get_vpc_id(self) -> str:
+        """
+        Get VPC ID using the centralized VPC provider mixin.
+        """
+        # Use the centralized VPC resolution from VPCProviderMixin
+        vpc = self.resolve_vpc(
+            config=self.asg_config, deployment=self.deployment, workload=self.workload
+        )
+        return vpc.vpc_id
+
+    def _get_subnet_ids(self) -> List[str]:
+        """
+        Get subnet IDs using standardized SSM approach.
+        """
+        # Primary method: Use standardized SSM imports
+        # ssm_imports = self._get_ssm_imports()
+
+        subnet_ids = self.get_subnet_ids(self.asg_config)
+
+        return subnet_ids
+
     def _create_instance_role(self, asg_name: str) -> iam.Role:
         """Create IAM role for EC2 instances"""
         role = iam.Role(
@@ -201,521 +238,401 @@ class AutoScalingStack(IStack, VPCProviderMixin):
                 iam.ManagedPolicy.from_aws_managed_policy_name(policy_name)
             )
 
-        # Add inline policies (for custom permissions like S3 bucket access)
-        for policy_config in self.asg_config.iam_inline_policies:
-            policy_name = policy_config.get("name", "CustomPolicy")
-            statements = policy_config.get("statements", [])
-            
-            if not statements:
-                logger.warning(f"No statements found for inline policy {policy_name}, skipping")
-                continue
-            
-            # Build policy statements
-            policy_statements = []
-            for stmt in statements:
-                effect = iam.Effect.ALLOW if stmt.get("effect", "Allow") == "Allow" else iam.Effect.DENY
-                actions = stmt.get("actions", [])
-                resources = stmt.get("resources", [])
-                
-                if not actions or not resources:
-                    logger.warning(f"Incomplete statement in policy {policy_name}, skipping")
-                    continue
-                
-                policy_statements.append(
-                    iam.PolicyStatement(
-                        effect=effect,
-                        actions=actions,
-                        resources=resources
-                    )
-                )
-            
-            if policy_statements:
-                role.add_to_principal_policy(policy_statements[0])
-                for stmt in policy_statements[1:]:
-                    role.add_to_principal_policy(stmt)
-                
-                logger.info(f"Added inline policy {policy_name} with {len(policy_statements)} statements")
-
+        logger.info(f"Created instance role: {role.role_name}")
         return role
 
     def _create_user_data(self) -> ec2.UserData:
         """Create user data for EC2 instances"""
         user_data = ec2.UserData.for_linux()
 
-        # Store raw commands for ECS cluster detection
-        self.user_data_commands = ["set -euxo pipefail"]
-
-        # Add base commands
-        user_data.add_commands("set -euxo pipefail")
-
-        # Add custom commands from config (with variable substitution)
-        for command in self.asg_config.user_data_commands:
-            # Perform variable substitution on the command
-            substituted_command = self._substitute_variables(command)
-            user_data.add_commands(substituted_command)
-            self.user_data_commands.append(substituted_command)
+        # Add basic setup commands
+        # this will break amazon linux 2023 which uses dnf instead of yum
+        # user_data.add_commands(
+        #     "#!/bin/bash",
+        #     "yum update -y",
+        #     "yum install -y aws-cfn-bootstrap",
+        # )
+
+        # Add user data commands from configuration
+        if self.asg_config.user_data_commands:
+            # Process template variables in user data commands
+            processed_commands = []
+            ssm_imports = self._get_ssm_imports()
+            for command in self.asg_config.user_data_commands:
+                processed_command = command
+                # Substitute SSM-imported values
+                if "cluster_name" in ssm_imports and "{{cluster_name}}" in command:
+                    cluster_name = ssm_imports["cluster_name"]
+                    processed_command = command.replace(
+                        "{{cluster_name}}", cluster_name
+                    )
+                processed_commands.append(processed_command)
+
+            user_data.add_commands(*processed_commands)
+            self.user_data_commands = processed_commands
+
+        # Add ECS cluster configuration if needed
+        if self.ecs_cluster:
+            # Use the SSM-imported cluster name if available, otherwise fallback to default format
+            ssm_imports = self._get_ssm_imports()
+            if "cluster_name" in ssm_imports:
+                cluster_name = ssm_imports["cluster_name"]
+                ecs_commands = [
+                    f"echo 'ECS_CLUSTER={cluster_name}' >> /etc/ecs/ecs.config",
+                    "systemctl restart ecs",
+                ]
+            else:
+                # Fallback to default naming pattern
+                ecs_commands = [
+                    "echo 'ECS_CLUSTER={}{}' >> /etc/ecs/ecs.config".format(
+                        self.deployment.workload_name, self.deployment.environment
+                    ),
+                    "systemctl restart ecs",
+                ]
+            user_data.add_commands(*ecs_commands)
 
-        # Add user data scripts from files (with variable substitution)
-        if self.asg_config.user_data_scripts:
-            self._add_user_data_scripts_from_files(user_data)
+        logger.info(
+            f"Created user data with {len(self.user_data_commands)} custom commands"
+        )
+        return user_data
 
-        # Add container configuration if specified
-        container_config = self.asg_config.container_config
-        if container_config:
-            self._add_container_user_data(user_data, container_config)
+    def _get_or_create_vpc(self) -> ec2.Vpc:
+        """Get or create VPC for reuse across the stack"""
+        if self._vpc is None:
+            vpc_id = self._get_vpc_id()
+            subnet_ids = self._get_subnet_ids()
 
-        return user_data
+            # Create VPC and subnets from imported values
+            self._vpc = ec2.Vpc.from_vpc_attributes(
+                self,
+                "ImportedVPC",
+                vpc_id=vpc_id,
+                availability_zones=[
+                    "us-east-1a",
+                    "us-east-1b",
+                ],  # Add required availability zones
+            )
 
-    def _add_user_data_scripts_from_files(self, user_data: ec2.UserData) -> None:
-        """
-        Add user data scripts from external files with variable substitution.
-        Supports loading shell scripts and injecting them into user data with
-        placeholder replacement.
-        """
-        from pathlib import Path
-        
-        for script_config in self.asg_config.user_data_scripts:
-            script_type = script_config.get("type", "file")
-            
-            if script_type == "file":
-                # Load script from file
-                script_path = script_config.get("path")
-                if not script_path:
-                    logger.warning("Script path not specified, skipping")
-                    continue
-                
-                # Resolve path (relative to project root or absolute)
-                path = Path(script_path)
-                if not path.is_absolute():
-                    # Try relative to current working directory
-                    path = Path.cwd() / script_path
-                
-                if not path.exists():
-                    logger.warning(f"Script file not found: {path}, skipping")
-                    continue
-                
-                # Read script content
-                try:
-                    with open(path, 'r') as f:
-                        script_content = f.read()
-                except Exception as e:
-                    logger.error(f"Failed to read script file {path}: {e}")
-                    continue
-                    
-            elif script_type == "inline":
-                # Use inline script content
-                script_content = script_config.get("content", "")
-                if not script_content:
-                    logger.warning("Inline script content is empty, skipping")
-                    continue
+            # Create and store subnets if we have subnet IDs
+            self._subnets = []
+            if subnet_ids:
+                for i, subnet_id in enumerate(subnet_ids):
+                    subnet = ec2.Subnet.from_subnet_id(
+                        self, f"ImportedSubnet-{i}", subnet_id
+                    )
+                    self._subnets.append(subnet)
             else:
-                logger.warning(f"Unknown script type: {script_type}, skipping")
-                continue
-            
-            # Perform variable substitution
-            variables = script_config.get("variables", {})
-            for var_name, var_value in variables.items():
-                placeholder = f"{{{{{var_name}}}}}"  # {{VAR_NAME}}
-                script_content = script_content.replace(placeholder, str(var_value))
-            
-            # Add script to user data
-            # Split by lines and add each line as a command
-            for line in script_content.split('\n'):
-                if line.strip():  # Skip empty lines
-                    user_data.add_commands(line)
-            
-            logger.info(f"Added user data script from {script_type}: {script_config.get('path', 'inline')}")
-
-    def _substitute_variables(self, command: str) -> str:
-        """
-        Perform variable substitution on a user data command.
-        Uses workload and deployment configuration for substitution.
-        """
-        if not command:
-            return command
-            
-        # Start with the original command
-        substituted_command = command
-        
-        # Define available variables for substitution
-        variables = {}
-        
-        # Add workload variables
-        if self.workload:
-            variables.update({
-                "WORKLOAD_NAME": getattr(self.workload, 'name', ''),
-                "ENVIRONMENT": getattr(self.workload, 'environment', ''),
-                "WORKLOAD": getattr(self.workload, 'name', ''),
-            })
-        
-        # Add deployment variables
-        if self.deployment:
-            variables.update({
-                "DEPLOYMENT_NAME": getattr(self.deployment, 'name', ''),
-                "REGION": getattr(self.deployment, 'region', ''),
-                "ACCOUNT": getattr(self.deployment, 'account', ''),
-            })
-        
-        # Add stack-level variables
-        variables.update({
-            "STACK_NAME": self.stack_name,
-        })
-        
-        # Perform substitution
-        for var_name, var_value in variables.items():
-            if var_value is not None:
-                placeholder = f"{{{{{var_name}}}}}"  # {{VAR_NAME}}
-                substituted_command = substituted_command.replace(placeholder, str(var_value))
-        
-        return substituted_command
-
-    def _add_container_user_data(
-        self, user_data: ec2.UserData, container_config: Dict[str, Any]
-    ) -> None:
-        """Add container-specific user data commands"""
-        # Install Docker
-        user_data.add_commands(
-            "dnf -y update", "dnf -y install docker jq", "systemctl enable --now docker"
-        )
-
-        # ECR configuration
-        if "ecr" in container_config:
-            ecr_config = container_config["ecr"]
-            user_data.add_commands(
-                f"ACCOUNT_ID={ecr_config.get('account_id', self.account)}",
-                f"REGION={ecr_config.get('region', self.region)}",
-                f"REPO={ecr_config.get('repo', 'app')}",
-                f"TAG={ecr_config.get('tag', 'latest')}",
-                "aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com",
-                "docker pull ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:${TAG}",
+                # Use default subnets from VPC
+                self._subnets = self._vpc.public_subnets
+
+        return self._vpc
+
+    def _get_subnets(self) -> List[ec2.Subnet]:
+        """Get the subnets from the shared VPC"""
+        return getattr(self, "_subnets", [])
+
+    def _create_ecs_cluster_if_needed(self) -> Optional[ecs.Cluster]:
+        """Create ECS cluster if ECS configuration is detected"""
+        # Check if user data contains ECS configuration (use raw config since user_data_commands might not be set yet)
+        ecs_detected = False
+        if self.asg_config.user_data_commands:
+            ecs_detected = any(
+                "ECS_CLUSTER" in cmd for cmd in self.asg_config.user_data_commands
             )
 
-        # Database configuration
-        if "database" in container_config:
-            db_config = container_config["database"]
-            secret_arn = db_config.get("secret_arn", "")
-            if secret_arn:
-                user_data.add_commands(
-                    f"DB_SECRET_ARN={secret_arn}",
-                    'if [ -n "$DB_SECRET_ARN" ]; then DB_JSON=$(aws secretsmanager get-secret-value --secret-id $DB_SECRET_ARN --query SecretString --output text --region $REGION); fi',
-                    'if [ -n "$DB_SECRET_ARN" ]; then DB_HOST=$(echo $DB_JSON | jq -r .host); DB_USER=$(echo $DB_JSON | jq -r .username); DB_PASS=$(echo $DB_JSON | jq -r .password); DB_NAME=$(echo $DB_JSON | jq -r .dbname); fi',
+        if ecs_detected:
+            ssm_imports = self._get_ssm_imports()
+            if "cluster_name" in ssm_imports:
+                cluster_name = ssm_imports["cluster_name"]
+
+                # Use the shared VPC
+                vpc = self._get_or_create_vpc()
+
+                self.ecs_cluster = ecs.Cluster.from_cluster_attributes(
+                    self, "ImportedECSCluster", cluster_name=cluster_name, vpc=vpc
                 )
+                logger.info(f"Connected to existing ECS cluster: {cluster_name}")
 
-        # Run container
-        if "run_command" in container_config:
-            user_data.add_commands(container_config["run_command"])
-        elif "ecr" in container_config:
-            port = container_config.get("port", 8080)
-            user_data.add_commands(
-                f"docker run -d --name app -p {port}:{port} "
-                '-e DB_HOST="$DB_HOST" -e DB_USER="$DB_USER" -e DB_PASS="$DB_PASS" -e DB_NAME="$DB_NAME" '
-                "--restart=always ${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com/${REPO}:${TAG}"
-            )
+        return self.ecs_cluster
 
     def _create_launch_template(self, asg_name: str) -> ec2.LaunchTemplate:
-        """Create launch template for the Auto Scaling Group"""
-        # Get AMI
-        ami = None
+        """Create launch template for Auto Scaling Group"""
+
+        # Use the configured AMI ID or fall back to appropriate lookup
         if self.asg_config.ami_id:
-            ami = ec2.MachineImage.generic_linux({self.region: self.asg_config.ami_id})
-        else:
-            if self.asg_config.ami_type == "amazon-linux-2023":
-                ami = ec2.MachineImage.latest_amazon_linux2023()
-            elif self.asg_config.ami_type == "amazon-linux-2":
-                ami = ec2.MachineImage.latest_amazon_linux2()
-            else:
-                ami = ec2.MachineImage.latest_amazon_linux2023()
-
-        # Parse instance type
-        instance_type_str = self.asg_config.instance_type
-        instance_type = None
-
-        if "." in instance_type_str:
-            parts = instance_type_str.split(".")
-            if len(parts) == 2:
-                try:
-                    instance_class = ec2.InstanceClass[parts[0].upper()]
-                    instance_size = ec2.InstanceSize[parts[1].upper()]
-                    instance_type = ec2.InstanceType.of(instance_class, instance_size)
-                except (KeyError, ValueError):
-                    instance_type = ec2.InstanceType(instance_type_str)
+            # Use explicit AMI ID provided by user
+            machine_image = ec2.MachineImage.lookup(name=self.asg_config.ami_id)
+        elif self.asg_config.ami_type:
+            # Use AMI type for dynamic lookup
+            if self.asg_config.ami_type.upper() == "AMAZON-LINUX-2023":
+                machine_image = ec2.MachineImage.latest_amazon_linux2023()
+            elif self.asg_config.ami_type.upper() == "AMAZON-LINUX-2022":
+                machine_image = ec2.MachineImage.latest_amazon_linux2022()
+            elif self.asg_config.ami_type.upper() == "AMAZON-LINUX-2":
+                machine_image = ec2.MachineImage.latest_amazon_linux2()
+            elif self.asg_config.ami_type.upper() == "ECS_OPTIMIZED":
+                # Use ECS-optimized AMI from SSM parameter
+                from aws_cdk import aws_ssm as ssm
+
+                machine_image = ec2.MachineImage.from_ssm_parameter(
+                    parameter_name="/aws/service/ecs/optimized-ami/amazon-linux-2023/recommended/image_id"
+                )
             else:
-                instance_type = ec2.InstanceType(instance_type_str)
+                # Default to latest Amazon Linux
+                machine_image = ec2.MachineImage.latest_amazon_linux2023()
         else:
-            instance_type = ec2.InstanceType(instance_type_str)
-
-        # Create block device mappings
-        block_devices = []
-        for device in self.asg_config.block_devices:
-            block_devices.append(
-                ec2.BlockDevice(
-                    device_name=device.get("device_name", "/dev/xvda"),
-                    volume=ec2.BlockDeviceVolume.ebs(
-                        volume_size=device.get("volume_size", 8),
-                        volume_type=ec2.EbsDeviceVolumeType(
-                            str(device.get("volume_type", "gp3")).upper()
-                        ),
-                        delete_on_termination=device.get("delete_on_termination", True),
-                        encrypted=device.get("encrypted", True),
-                    ),
-                )
-            )
+            # Default fallback
+            machine_image = ec2.MachineImage.latest_amazon_linux2023()
 
-        # Create launch template
         launch_template = ec2.LaunchTemplate(
             self,
             f"{asg_name}-LaunchTemplate",
-            machine_image=ami,
-            instance_type=instance_type,
+            instance_type=ec2.InstanceType(self.asg_config.instance_type),
+            machine_image=machine_image,
             role=self.instance_role,
-            security_group=self.security_groups[0] if self.security_groups else None,
             user_data=self.user_data,
+            security_group=self.security_groups[0] if self.security_groups else None,
+            key_name=self.asg_config.key_name,
             detailed_monitoring=self.asg_config.detailed_monitoring,
-            block_devices=block_devices if block_devices else None,
+            block_devices=(
+                [
+                    ec2.BlockDevice(
+                        device_name=block_device.get("device_name", "/dev/xvda"),
+                        volume=ec2.BlockDeviceVolume.ebs(
+                            volume_size=block_device.get("volume_size", 8),
+                            volume_type=getattr(
+                                ec2.EbsDeviceVolumeType,
+                                block_device.get("volume_type", "GP3").upper(),
+                            ),
+                            delete_on_termination=block_device.get(
+                                "delete_on_termination", True
+                            ),
+                            encrypted=block_device.get("encrypted", False),
+                        ),
+                    )
+                    for block_device in self.asg_config.block_devices
+                ]
+                if self.asg_config.block_devices
+                else None
+            ),
         )
 
+        logger.info(f"Created launch template: {launch_template.launch_template_name}")
         return launch_template
 
     def _create_auto_scaling_group(self, asg_name: str) -> autoscaling.AutoScalingGroup:
-        """Create the Auto Scaling Group"""
-        # Configure subnet selection
-        subnet_group_name = self.asg_config.subnet_group_name
-        subnets = ec2.SubnetSelection(subnet_group_name=subnet_group_name)
-
-        # Configure health check
-        health_check_type = autoscaling.HealthCheck.ec2()
-        if self.asg_config.health_check_type.upper() == "ELB":
-            health_check_type = autoscaling.HealthCheck.elb(
-                grace=Duration.seconds(self.asg_config.health_check_grace_period)
+        """Create Auto Scaling Group"""
+        # Use the shared VPC and subnets
+        vpc = self._get_or_create_vpc()
+        subnets = self._get_subnets()
+
+        health_checks = (
+            # ELB + EC2 (EC2 is always included; ELB is “additional”)
+            HealthChecks.with_additional_checks(
+                additional_types=[AdditionalHealthCheckType.ELB],
+                grace_period=Duration.seconds(
+                    self.asg_config.health_check_grace_period
+                ),
             )
-
-        # Create Auto Scaling Group
-        asg = autoscaling.AutoScalingGroup(
+            if self.asg_config.health_check_type.upper() == "ELB"
+            # EC2-only
+            else HealthChecks.ec2(
+                grace_period=Duration.seconds(
+                    self.asg_config.health_check_grace_period
+                ),
+            )
+        )
+        auto_scaling_group = autoscaling.AutoScalingGroup(
             self,
-            asg_name,
-            vpc=self.vpc,
-            vpc_subnets=subnets,
+            f"{asg_name}-ASG",
+            vpc=vpc,
+            vpc_subnets=ec2.SubnetSelection(subnets=subnets),
+            launch_template=self.launch_template,
             min_capacity=self.asg_config.min_capacity,
             max_capacity=self.asg_config.max_capacity,
             desired_capacity=self.asg_config.desired_capacity,
-            launch_template=self.launch_template,
-            health_check=health_check_type,
-            cooldown=Duration.seconds(self.asg_config.cooldown),
+            health_checks=health_checks,
+            cooldown=cdk.Duration.seconds(self.asg_config.cooldown),
             termination_policies=[
-                autoscaling.TerminationPolicy(policy)
+                getattr(autoscaling.TerminationPolicy, policy.upper())
                 for policy in self.asg_config.termination_policies
             ],
         )
 
-        # Attach to target groups after ASG creation
-        self._attach_target_groups(asg)
-
-        # Configure update policy
-        # Only apply update policy if it was explicitly configured
-        if "update_policy" in self.stack_config.dictionary.get("auto_scaling", {}):
-            update_policy = self.asg_config.update_policy
-            # Apply the update policy to the ASG's CloudFormation resource
-            cfn_asg = asg.node.default_child
-            cfn_asg.add_override(
-                "UpdatePolicy",
-                {
-                    "AutoScalingRollingUpdate": {
-                        "MinInstancesInService": update_policy.get(
-                            "min_instances_in_service", 1
-                        ),
-                        "MaxBatchSize": update_policy.get("max_batch_size", 1),
-                        "PauseTime": f"PT{update_policy.get('pause_time', 300) // 60}M",
-                    }
-                },
-            )
-
-        # Add tags
-        for key, value in self.asg_config.tags.items():
-            cdk.Tags.of(asg).add(key, value)
+        # Add instance refresh if configured
+        if self.asg_config.instance_refresh:
+            self._configure_instance_refresh(auto_scaling_group)
 
-        return asg
+        # Attach target groups if configured
+        self._attach_target_groups(auto_scaling_group)
 
-    def _configure_scaling_policies(self) -> None:
-        """Configure scaling policies for the Auto Scaling Group"""
-        for policy in self.asg_config.scaling_policies:
-            policy_type = policy.get("type", "target_tracking")
+        logger.info(f"Created Auto Scaling Group: {asg_name}")
+        return auto_scaling_group
 
-            if policy_type == "target_tracking":
-                self.auto_scaling_group.scale_on_metric(
-                    f"{self.asg_config.name}-{policy.get('name', 'scaling-policy')}",
-                    metric=self._get_metric(policy),
-                    scaling_steps=self._get_scaling_steps(policy),
-                    adjustment_type=autoscaling.AdjustmentType.CHANGE_IN_CAPACITY,
-                )
-            elif policy_type == "step":
-                self.auto_scaling_group.scale_on_metric(
-                    f"{self.asg_config.name}-{policy.get('name', 'scaling-policy')}",
-                    metric=self._get_metric(policy),
-                    scaling_steps=self._get_scaling_steps(policy),
-                    adjustment_type=autoscaling.AdjustmentType.CHANGE_IN_CAPACITY,
-                )
+    def _attach_target_groups(self, asg: autoscaling.AutoScalingGroup) -> None:
+        """Attach the Auto Scaling Group to target groups"""
+        target_group_arns = self._get_target_group_arns()
 
-    def _get_metric(self, policy: Dict[str, Any]) -> cloudwatch.Metric:
-        """Get metric for scaling policy"""
-        # This is a simplified implementation
-        # In a real-world scenario, you would use CloudWatch metrics
-        return cloudwatch.Metric(
-            namespace="AWS/EC2",
-            metric_name=policy.get("metric_name", "CPUUtilization"),
-            dimensions_map={
-                "AutoScalingGroupName": self.auto_scaling_group.auto_scaling_group_name
-            },
-            statistic=policy.get("statistic", "Average"),
-            period=Duration.seconds(policy.get("period", 60)),
-        )
+        if not target_group_arns:
+            logger.warning("No target group ARNs found for Auto Scaling Group")
+            return
 
-    def _get_scaling_steps(
-        self, policy: Dict[str, Any]
-    ) -> List[autoscaling.ScalingInterval]:
-        """Get scaling steps for scaling policy"""
-        steps = policy.get("steps", [])
-        scaling_intervals = []
-
-        for step in steps:
-            # Handle upper bound - if not specified, don't set it (let CDK handle it)
-            interval_kwargs = {
-                "lower": step.get("lower", 0),
-                "change": step.get("change", 1),
-            }
+        # Get the underlying CloudFormation resource to add target group ARNs
+        cfn_asg = asg.node.default_child
+        cfn_asg.add_property_override("TargetGroupARNs", target_group_arns)
 
-            # Only set upper if it's explicitly provided
-            if "upper" in step:
-                interval_kwargs["upper"] = step["upper"]
+    def _get_target_group_arns(self) -> List[str]:
+        """Get target group ARNs using standardized SSM approach"""
+        target_group_arns = []
 
-            scaling_intervals.append(autoscaling.ScalingInterval(**interval_kwargs))
+        # Use standardized SSM imports
+        ssm_imports = self._get_ssm_imports()
+        if "target_group_arns" in ssm_imports:
+            imported_arns = ssm_imports["target_group_arns"]
+            if isinstance(imported_arns, list):
+                target_group_arns.extend(imported_arns)
+            else:
+                target_group_arns.append(imported_arns)
 
-        return scaling_intervals
+        # Fallback: Direct configuration
+        elif self.asg_config.target_group_arns:
+            target_group_arns.extend(self.asg_config.target_group_arns)
 
-    def _add_outputs(self, asg_name: str) -> None:
-        """Add CloudFormation outputs for the Auto Scaling Group"""
-        if self.auto_scaling_group:
-            # Auto Scaling Group Name
-            cdk.CfnOutput(
-                self,
-                f"{asg_name}-name",
-                value=self.auto_scaling_group.auto_scaling_group_name,
-                export_name=f"{self.deployment.build_resource_name(asg_name)}-name",
-            )
+        return target_group_arns
 
-            # Auto Scaling Group ARN
-            cdk.CfnOutput(
-                self,
-                f"{asg_name}-arn",
-                value=self.auto_scaling_group.auto_scaling_group_arn,
-                export_name=f"{self.deployment.build_resource_name(asg_name)}-arn",
-            )
+    def _add_scaling_policies(self) -> None:
+        """Add scaling policies to the Auto Scaling Group"""
+        if not self.asg_config.scaling_policies:
+            return
 
-            # Launch Template ID
-            if self.launch_template:
-                cdk.CfnOutput(
+        for policy_config in self.asg_config.scaling_policies:
+            if policy_config.get("type") == "target_tracking":
+                # Create a target tracking scaling policy for CPU utilization
+                scaling_policy = autoscaling.CfnScalingPolicy(
                     self,
-                    f"{asg_name}-launch-template-id",
-                    value=self.launch_template.launch_template_id,
-                    export_name=f"{self.deployment.build_resource_name(asg_name)}-launch-template-id",
+                    "CPUScalingPolicy",
+                    auto_scaling_group_name=self.auto_scaling_group.auto_scaling_group_name,
+                    policy_type="TargetTrackingScaling",
+                    target_tracking_configuration=autoscaling.CfnScalingPolicy.TargetTrackingConfigurationProperty(
+                        target_value=policy_config.get("target_cpu", 70),
+                        predefined_metric_specification=autoscaling.CfnScalingPolicy.PredefinedMetricSpecificationProperty(
+                            predefined_metric_type="ASGAverageCPUUtilization"
+                        ),
+                    ),
                 )
+                logger.info("Added CPU utilization scaling policy")
 
-    
-    def _add_scaling_policies(self) -> None:
-        """Add scaling policies to the Auto Scaling Group"""
-        for policy_config in self.asg_config.scaling_policies:
-            # Scaling policy implementation would go here
-            pass
+    def _add_update_policy(self) -> None:
+        """Add update policy to the Auto Scaling Group"""
+        update_policy = self.asg_config.update_policy
 
-    def _add_scheduled_actions(self) -> None:
-        """Add scheduled actions to the Auto Scaling Group"""
-        for action_config in self.asg_config.scheduled_actions:
-            # Scheduled action implementation would go here
-            pass
+        if not update_policy:
+            # No update policy configured, don't add one
+            return
 
-    def _create_ecs_cluster_if_needed(self, asg_name: str):
-        """
-        ECS cluster creation should be handled by the dedicated EcsClusterStack module.
-        This method only handles SSM imports for cluster name injection.
-        """
-        # Check if ECS cluster name is available via SSM imports
-        if self.has_ssm_import("ecs_cluster_name"):
-            logger.info(f"ECS cluster name available via SSM imports")
-            # Inject cluster name into user data if available
-            if self.user_data and self.user_data_commands:
-                self._inject_cluster_name_into_user_data()
+        # Get the underlying CloudFormation resource to add update policy
+        cfn_asg = self.auto_scaling_group.node.default_child
+
+        # Get CDK's default policy first (if any)
+        default_policy = getattr(cfn_asg, "update_policy", {})
+
+        # Merge with defaults, then use the robust add_override method
+        merged_policy = {
+            **default_policy,  # Preserve CDK defaults
+            "AutoScalingRollingUpdate": {
+                "MinInstancesInService": update_policy.get(
+                    "min_instances_in_service", 1
+                ),
+                "MaxBatchSize": update_policy.get("max_batch_size", 1),
+                "PauseTime": f"PT{update_policy.get('pause_time', 300)}S",
+            },
+        }
+
+        # Use the robust CDK-documented approach
+        cfn_asg.add_override("UpdatePolicy", merged_policy)
+
+        logger.info("Added rolling update policy to Auto Scaling Group")
+
+    def _export_ssm_parameters(self) -> None:
+        """Export SSM parameters using standardized approach"""
+        if not self.auto_scaling_group:
+            logger.warning("No Auto Scaling Group to export")
             return
-        
-        logger.warning(
-            "No ECS cluster name found in SSM imports. "
-            "Use the dedicated EcsClusterStack module to create ECS clusters."
-        )
 
-    def _inject_cluster_name_into_user_data(self) -> None:
-        """Inject the ECS cluster name into user data commands using SSM imports"""
-        # Check if ECS cluster name is available via SSM imports
-        if self.has_ssm_import("ecs_cluster_name"):
-            cluster_name = self.get_ssm_imported_value("ecs_cluster_name")
-            logger.info(f"Using ECS cluster name from SSM: {cluster_name}")
-        else:
-            logger.warning("No ECS cluster name found in SSM imports, skipping cluster name injection")
+        # Prepare resource values for export
+        resource_values = {
+            "auto_scaling_group_name": self.auto_scaling_group.auto_scaling_group_name,
+            "auto_scaling_group_arn": self.auto_scaling_group.auto_scaling_group_arn,
+        }
+
+        # Export using standardized SSM mixin
+        exported_params = self.export_ssm_parameters(resource_values)
+
+        logger.info(f"Exported SSM parameters: {exported_params}")
+
+    def _configure_instance_refresh(self, asg: autoscaling.AutoScalingGroup) -> None:
+        """Configure instance refresh for rolling updates"""
+        instance_refresh_config = self.asg_config.instance_refresh
+
+        if not instance_refresh_config.get("enabled", False):
             return
-        
-        injected_commands = []
-        cluster_name_injected = False
-        
-        for command in self.user_data_commands:
-            # If this command already sets ECS_CLUSTER, replace it
-            if 'ECS_CLUSTER=' in command:
-                # Replace existing ECS_CLUSTER setting with our cluster name
-                parts = command.split('ECS_CLUSTER=')
-                if len(parts) > 1:
-                    # Keep everything before ECS_CLUSTER=, add our cluster name, then add the rest
-                    before = parts[0]
-                    after_parts = parts[1].split(None, 1)  # Split on first whitespace
-                    after = after_parts[1] if len(after_parts) > 1 else ''
-                    new_command = f"{before}ECS_CLUSTER={cluster_name} {after}".strip()
-                    injected_commands.append(new_command)
-                    cluster_name_injected = True
-                else:
-                    injected_commands.append(f"{command}ECS_CLUSTER={cluster_name}")
-                    cluster_name_injected = True
-            else:
-                injected_commands.append(command)
-        
-        # If no ECS_CLUSTER was found in existing commands, add it
-        if not cluster_name_injected:
-            injected_commands.append(f"echo ECS_CLUSTER={cluster_name} >> /etc/ecs/ecs.config")
-        
-        # Update the user data with the injected commands
-        self.user_data_commands = injected_commands
-        
-        # If user data object exists, we need to recreate it with the updated commands
-        if hasattr(self, 'user_data') and self.user_data:
-            self.user_data = self._recreate_user_data_with_commands(injected_commands)
-
-    def _recreate_user_data_with_commands(self, commands: List[str]) -> ec2.UserData:
-        """Recreate user data with updated commands"""
-        user_data = ec2.UserData.for_linux()
-        
-        for command in commands:
-            user_data.add_commands(command)
-        
-        return user_data
 
-    def _export_resources(self, asg_name: str) -> None:
-        """Export stack resources to SSM and CloudFormation outputs"""
-        # Export ASG name
-        cdk.CfnOutput(
-            self,
-            f"{asg_name}-name",
-            value=self.auto_scaling_group.auto_scaling_group_name,
-            export_name=f"{self.deployment.build_resource_name(asg_name)}-name",
-        )
+        logger.warning("Instance refresh is not supported in this version of the CDK")
+        return
 
-        # Export ASG ARN
-        cdk.CfnOutput(
-            self,
-            f"{asg_name}-arn",
-            value=self.auto_scaling_group.auto_scaling_group_arn,
-            export_name=f"{self.deployment.build_resource_name(asg_name)}-arn",
-        )
+        # Get the CloudFormation ASG resource
+        cfn_asg = asg.node.default_child
+
+        # Configure instance refresh using CloudFormation UpdatePolicy
+        # UpdatePolicy is added at the resource level, not as a property
+        update_policy = {
+            "AutoScalingRollingUpdate": {
+                "PauseTime": "PT300S",  # 5 minutes pause
+                "MinInstancesInService": "1",
+                "MaxBatchSize": "1",
+                "WaitOnResourceSignals": True,
+                "SuspendProcesses": [
+                    "HealthCheck",
+                    "ReplaceUnhealthy",
+                    "AZRebalance",
+                    "AlarmNotification",
+                    "ScheduledActions",
+                ],
+            }
+        }
+
+        # # Apply instance refresh using CloudFormation's cfn_options.update_policy
+        # cfn_asg.cfn_options.update_policy = cdk.CfnUpdatePolicy.from_rolling_update(
+        #     pause_time=cdk.Duration.seconds(300),
+        #     min_instances_in_service=1,
+        #     max_batch_size=1,
+        #     wait_on_resource_signals=True
+        # )
+
+        # Grab the L1 to attach UpdatePolicy.InstanceRefresh
+        cfn_asg: autoscaling.CfnAutoScalingGroup = asg.node.default_child
+
+        # cfn_asg.cfn_options.update_policy = CfnUpdatePolicy.from_auto_scaling_instance_refresh(
+        #     # Triggers tell CFN *what* changes should start a refresh
+        #     triggers=[CfnUpdatePolicy.InstanceRefreshTrigger.LAUNCH_TEMPLATE],
+        #     preferences=CfnUpdatePolicy.InstanceRefreshPreferences(
+        #         # warmup is like “grace” before counting a new instance healthy
+        #         instance_warmup=Duration.minutes(5),
+        #         # how aggressive the refresh is; 90 keeps capacity high
+        #         min_healthy_percentage=90,
+        #         # skip instances that already match the new LT (fast when only userdata/env tweaked)
+        #         skip_matching=True,
+        #         # optional: put instances in Standby first; default is rolling terminate/launch
+        #         # standby_instances=CfnUpdatePolicy.StandbyInstances.TERMINATE,
+        #         # checkpoint_percentages=[25, 50, 75],   # optional: progressive checkpoints
+        #         # checkpoint_delay=Duration.minutes(2),  # optional delay at checkpoints
+        #     ),
+        # )
+        logger.info(f"Configured instance refresh via CDK CfnUpdatePolicy")
+
+        # Note: This provides rolling update functionality similar to instance refresh
+        # For true instance refresh with preferences, we would need CDK v2.80+ or custom CloudFormation
+
+
+# Backward compatibility alias
+AutoScalingStackStandardized = AutoScalingStack