cdk-factory 0.16.15__py3-none-any.whl → 0.20.0__py3-none-any.whl

cdk_factory/stack_library/cloudfront/cloudfront_stack.py

@@ -13,6 +13,8 @@ from aws_cdk import (
     aws_cloudfront as cloudfront,
     aws_cloudfront_origins as origins,
     aws_certificatemanager as acm,
+    aws_route53 as route53,
+    aws_s3 as s3,
     aws_lambda as _lambda,
     aws_ssm as ssm,
     CfnOutput,
@@ -143,7 +145,7 @@ class CloudFrontStack(IStack):
             return
 
         # Check if certificate ARN is provided
-        cert_arn = cert_config.get("arn")
+        cert_arn = self.resolve_ssm_value(self, cert_config.get("arn"), "CertificateARN")
         if cert_arn:
             self.certificate = acm.Certificate.from_certificate_arn(
                 self, "Certificate", certificate_arn=cert_arn
@@ -161,8 +163,36 @@ class CloudFrontStack(IStack):
             logger.info(f"Using certificate from SSM: {ssm_param}")
             return
 
+        # Create new certificate from domain name
+        domain_name = cert_config.get("domain_name")
+        if domain_name and self.cf_config.aliases:
+            # CloudFront certificates must be in us-east-1
+            if self.region != "us-east-1":
+                logger.warning(
+                    f"Certificate creation requested but stack is in {self.region}. "
+                    "CloudFront certificates must be created in us-east-1"
+                )
+                return
+
+            # Create the certificate
+            # Get hosted zone from SSM imports
+            hosted_zone_id = cert_config.get("hosted_zone_id")
+            hosted_zone = route53.HostedZone.from_hosted_zone_id(
+                self, "HostedZone", hosted_zone_id
+            )
+
+            self.certificate = acm.Certificate(
+                self,
+                "Certificate",
+                domain_name=domain_name,
+                subject_alternative_names=self.cf_config.aliases,
+                validation=acm.CertificateValidation.from_dns(hosted_zone=hosted_zone),
+            )
+            logger.info(f"Created new ACM certificate for domain: {domain_name}")
+            return
+
         logger.warning(
-            "No certificate ARN provided - CloudFront will use default certificate"
+            "No certificate ARN or domain name provided - CloudFront will use default certificate"
         )
 
     def _create_origins(self) -> None:
@@ -193,27 +223,29 @@ class CloudFrontStack(IStack):
 
     def _create_custom_origin(self, config: Dict[str, Any]) -> cloudfront.IOrigin:
         """Create custom origin (ALB, API Gateway, etc.)"""
-        domain_name = config.get("domain_name")
+        domain_name = self.resolve_ssm_value(
+            self, config.get("domain_name"), config.get("domain_name")
+        )
         origin_id = config.get("id")
 
         if not domain_name:
             raise ValueError("domain_name is required for custom origin")
 
-        # Check if domain name is a placeholder from ssm_imports
-        if domain_name.startswith("{{") and domain_name.endswith("}}"):
-            placeholder_key = domain_name[2:-2]  # Remove {{ and }}
-            if placeholder_key in self.ssm_imported_values:
-                domain_name = self.ssm_imported_values[placeholder_key]
-                logger.info(f"Resolved domain from SSM import: {placeholder_key}")
-            else:
-                logger.warning(f"Placeholder {domain_name} not found in SSM imports")
-
-        # Legacy support: Check if domain name is an SSM parameter reference
-        elif domain_name.startswith("{{ssm:") and domain_name.endswith("}}"):
-            # Extract SSM parameter name
-            ssm_param = domain_name[6:-2]  # Remove {{ssm: and }}
-            domain_name = ssm.StringParameter.value_from_lookup(self, ssm_param)
-            logger.info(f"Resolved domain from SSM lookup {ssm_param}: {domain_name}")
+        # # Check if domain name is a placeholder from ssm_imports
+        # if domain_name.startswith("{{") and domain_name.endswith("}}"):
+        #     placeholder_key = domain_name[2:-2]  # Remove {{ and }}
+        #     if placeholder_key in self.ssm_imported_values:
+        #         domain_name = self.ssm_imported_values[placeholder_key]
+        #         logger.info(f"Resolved domain from SSM import: {placeholder_key}")
+        #     else:
+        #         logger.warning(f"Placeholder {domain_name} not found in SSM imports")
+
+        # # Legacy support: Check if domain name is an SSM parameter reference
+        # elif domain_name.startswith("{{ssm:") and domain_name.endswith("}}"):
+        #     # Extract SSM parameter name
+        #     ssm_param = domain_name[6:-2]  # Remove {{ssm: and }}
+        #     domain_name = ssm.StringParameter.value_from_lookup(self, ssm_param)
+        #     logger.info(f"Resolved domain from SSM lookup {ssm_param}: {domain_name}")
 
         # Build custom headers (e.g., X-Origin-Secret)
         custom_headers = {}
@@ -267,12 +299,34 @@ class CloudFrontStack(IStack):
 
     def _create_s3_origin(self, config: Dict[str, Any]) -> cloudfront.IOrigin:
         """Create S3 origin"""
-        # S3 origin implementation
-        # This would use origins.S3Origin
-        raise NotImplementedError(
-            "S3 origin support - use existing static_website_stack for S3"
+        bucket_name = self.resolve_ssm_value(
+            self, config.get("bucket_name"), config.get("bucket_name")
+        )
+
+        origin_path = config.get("origin_path", "")
+
+        if not bucket_name:
+            raise ValueError("S3 origin requires 'bucket_name' configuration")
+
+        # For S3 origins, we need to import the bucket by name
+        bucket = s3.Bucket.from_bucket_name(
+            self,
+            id=f"S3OriginBucket-{config.get('id', 'unknown')}",
+            bucket_name=bucket_name,
         )
 
+        # Create S3 origin with OAC (Origin Access Control) for security
+        origin = origins.S3BucketOrigin.with_origin_access_control(
+            bucket,
+            origin_path=origin_path,
+            origin_access_levels=[
+                cloudfront.AccessLevel.READ,
+                cloudfront.AccessLevel.LIST,
+            ],
+        )
+
+        return origin
+
     def _create_distribution(self) -> None:
         """Create CloudFront distribution"""
 

cdk_factory/stack_library/code_artifact/code_artifact_stack.py

@@ -15,7 +15,7 @@ from cdk_factory.configurations.deployment import DeploymentConfig
 from cdk_factory.configurations.stack import StackConfig
 from cdk_factory.configurations.resources.code_artifact import CodeArtifactConfig
 from cdk_factory.interfaces.istack import IStack
-from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import EnhancedSsmParameterMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.workload.workload_factory import WorkloadConfig
 
@@ -24,7 +24,7 @@ logger = Logger(service="CodeArtifactStack")
 
 @register_stack("code_artifact_library_module")
 @register_stack("code_artifact_stack")
-class CodeArtifactStack(IStack, EnhancedSsmParameterMixin):
+class CodeArtifactStack(IStack, StandardizedSsmMixin):
     """
     Reusable stack for AWS CodeArtifact.
     Supports creating domains and repositories with configurable settings.
@@ -140,32 +140,10 @@ class CodeArtifactStack(IStack, EnhancedSsmParameterMixin):
 
     def _add_outputs(self) -> None:
         """Add CloudFormation outputs for the CodeArtifact resources"""
+
+        
         # Domain outputs
         if self.domain:
             domain_name = self.code_artifact_config.domain_name
             
-            # Domain ARN
-            cdk.CfnOutput(
-                self,
-                f"{domain_name}-domain-arn",
-                value=self.domain.attr_arn,
-                export_name=f"{self.deployment.build_resource_name(domain_name)}-domain-arn"
-            )
-            
-            # Domain URL
-            cdk.CfnOutput(
-                self,
-                f"{domain_name}-domain-url",
-                value=f"https://{self.code_artifact_config.account}.d.codeartifact.{self.code_artifact_config.region}.amazonaws.com/",
-                export_name=f"{self.deployment.build_resource_name(domain_name)}-domain-url"
-            )
-        
-        # Repository outputs
-        for repo_name, repo in self.repositories.items():
-            # Repository ARN
-            cdk.CfnOutput(
-                self,
-                f"{repo_name}-repo-arn",
-                value=repo.attr_arn,
-                export_name=f"{self.deployment.build_resource_name(repo_name)}-repo-arn"
-            )
+