cdk-factory 0.16.15__py3-none-any.whl → 0.20.0__py3-none-any.whl

cdk_factory/stack_library/ecs/ecs_cluster_stack.py

@@ -1,8 +1,8 @@
 """
-ECS Cluster Stack Module
+ECS Cluster Stack Module (Standardized SSM Version)
 
 Provides a dedicated stack for creating and configuring ECS clusters
-with proper configurability and explicit resource management.
+with proper configurability, explicit resource management, and standardized SSM integration.
 """
 
 import logging
@@ -10,6 +10,7 @@ from typing import Optional, Dict, Any
 
 from aws_cdk import (
     aws_ecs as ecs,
+    aws_ec2 as ec2,
     aws_iam as iam,
     CfnOutput,
 )
@@ -19,6 +20,7 @@ from cdk_factory.configurations.stack import StackConfig
 from cdk_factory.configurations.deployment import DeploymentConfig
 from cdk_factory.configurations.workload import WorkloadConfig
 from cdk_factory.interfaces.vpc_provider_mixin import VPCProviderMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 from cdk_factory.configurations.resources.ecs_cluster import EcsClusterConfig
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.interfaces.istack import IStack
@@ -27,16 +29,18 @@ logger = logging.getLogger(__name__)
 
 
 @register_stack("ecs_cluster_stack")
-class EcsClusterStack(IStack, VPCProviderMixin):
+class EcsClusterStack(IStack, VPCProviderMixin, StandardizedSsmMixin):
     """
-    A dedicated stack for creating and managing ECS clusters.
+    A dedicated stack for creating and managing ECS clusters with standardized SSM integration.
 
     This stack provides explicit configuration of ECS clusters including:
     - Cluster naming
     - Container insights
     - Cluster settings
-    - SSM parameter exports
+    - Standardized SSM parameter exports
     - IAM role configurations
+    - Template variable resolution
+    - Comprehensive validation
     """
 
     def __init__(self, scope: Construct, id: str, **kwargs) -> None:
@@ -58,11 +62,6 @@ class EcsClusterStack(IStack, VPCProviderMixin):
         self.ecs_cluster: Optional[ecs.Cluster] = None
         self.instance_role: Optional[iam.Role] = None
         self.instance_profile: Optional[iam.CfnInstanceProfile] = None
-        
-        # SSM imported values
-        self.ssm_imported_values: Dict[str, Any] = {}
-
-    
 
     def build(
         self,
@@ -87,15 +86,30 @@ class EcsClusterStack(IStack, VPCProviderMixin):
         # Initialize VPC cache from mixin
         self._initialize_vpc_cache()
         
-        # Load ECS cluster configuration
-        self.ecs_config: EcsClusterConfig = EcsClusterConfig(
-            stack_config.dictionary.get("ecs_cluster", {})
-        )
+        # Load ECS cluster configuration with full stack config for SSM access
+        ecs_cluster_dict = stack_config.dictionary.get("ecs_cluster", {})
+        # Merge SSM config from root level into ECS config for VPC resolution
+        if "ssm" in stack_config.dictionary:
+            ecs_cluster_dict["ssm"] = stack_config.dictionary["ssm"]
         
-        logger.info(f"Creating ECS Cluster stack: {self.stack_name}")
+        self.ecs_config: EcsClusterConfig = EcsClusterConfig(ecs_cluster_dict)
         
-        # Process SSM imports first
-        self.process_ssm_imports(self.ecs_config, deployment, "ECS Cluster")
+        cluster_name = deployment.build_resource_name(self.ecs_config.name)
+        
+        logger.info(f"Creating ECS Cluster stack: {cluster_name}")
+        
+        # Setup standardized SSM integration
+        self.setup_ssm_integration(
+            scope=self,
+            config=self.ecs_config,
+            resource_type="ecs_cluster",
+            resource_name=cluster_name,
+            deployment=deployment,
+            workload=workload
+        )
+
+        # Process SSM imports using standardized method
+        self.process_ssm_imports()
         
         # Create the ECS cluster
         self._create_ecs_cluster()
@@ -106,7 +120,12 @@ class EcsClusterStack(IStack, VPCProviderMixin):
         # Export cluster information
         self._export_cluster_info()
         
-        logger.info(f"ECS Cluster stack created: {self.stack_name}")
+        # Export SSM parameters
+        logger.info("Starting SSM parameter export for ECS cluster")
+        self._export_ssm_parameters()
+        logger.info("Completed SSM parameter export for ECS cluster")
+        
+        logger.info(f"ECS Cluster stack created: {cluster_name}")
 
     def _create_ecs_cluster(self):
         """Create the ECS cluster with explicit configuration."""
@@ -117,25 +136,22 @@ class EcsClusterStack(IStack, VPCProviderMixin):
 
         # Add container insights if enabled
         if self.ecs_config.container_insights:
-            cluster_settings.append({"name": "containerInsights", "value": "enabled"})
+            cluster_settings.append({"name": "containerInsightsV2", "value": "enabled"})
 
         # Add custom cluster settings
         if self.ecs_config.cluster_settings:
             cluster_settings.extend(self.ecs_config.cluster_settings)
 
-        # Create the ECS cluster
-        self.vpc = self.resolve_vpc(
-            config=self.ecs_config,
-            deployment=self.deployment,
-            workload=self.workload
-        )
+        # Get VPC using standardized approach
+        self.vpc = self._get_vpc()
         
+        # Create the ECS cluster
         self.ecs_cluster = ecs.Cluster(
             self,
             "ECSCluster",
             cluster_name=self.ecs_config.name,
             vpc=self.vpc,
-            container_insights=self.ecs_config.container_insights,
+            container_insights_v2=ecs.ContainerInsights.ENABLED if self.ecs_config.container_insights else ecs.ContainerInsights.DISABLED,
             default_cloud_map_namespace=(
                 self.ecs_config.cloud_map_namespace
                 if self.ecs_config.cloud_map_namespace
@@ -148,11 +164,26 @@ class EcsClusterStack(IStack, VPCProviderMixin):
             ),
         )
 
-        logger.info(f"Created ECS cluster: {self.ecs_config.name}")
+        logger.info(f"ECS cluster created: {self.ecs_config.name}")
+
+    def _get_vpc(self):
+        """
+        Get VPC using the centralized VPC provider mixin.
+        """
+        
+        # Use the stack_config (not ecs_config) to ensure SSM imports are available
+        return self.resolve_vpc(
+            config=self.ecs_config,
+            deployment=self.deployment,
+            workload=self.workload
+        )
 
     def _create_iam_roles(self):
         """Create IAM roles for the ECS cluster if configured."""
+        logger.info(f"create_instance_role setting: {self.ecs_config.create_instance_role}")
+        
         if not self.ecs_config.create_instance_role:
+            logger.info("Skipping instance role creation (disabled in config)")
             return
 
         logger.info("Creating ECS instance role")
@@ -162,71 +193,124 @@ class EcsClusterStack(IStack, VPCProviderMixin):
             self,
             "ECSInstanceRole",
             assumed_by=iam.ServicePrincipal("ec2.amazonaws.com"),
-            role_name=self.ecs_config.instance_role_name
-            or f"{self.ecs_config.name}-instance-role",
+            managed_policies=[
+                iam.ManagedPolicy.from_aws_managed_policy_name("service-role/AmazonEC2ContainerServiceforEC2Role"),
+                iam.ManagedPolicy.from_aws_managed_policy_name("AmazonEC2ContainerRegistryReadOnly"),
+                iam.ManagedPolicy.from_aws_managed_policy_name("AmazonSSMManagedInstanceCore"),
+            ],
+            role_name=f"{self.ecs_config.name}-ecs-instance-role",
         )
 
-        # Add managed policies
-        for policy in self.ecs_config.managed_policies:
-            self.instance_role.add_managed_policy(
-                iam.ManagedPolicy.from_aws_managed_policy_name(policy)
-            )
-
-        # Add inline policies if provided
-        if self.ecs_config.inline_policies:
-            for policy_name, policy_document in self.ecs_config.inline_policies.items():
-                self.instance_role.add_to_policy(
-                    iam.PolicyStatement.from_json(policy_document)
-                )
+        logger.info(f"Created ECS instance role: {self.instance_role.role_name}")
 
         # Create instance profile
         self.instance_profile = iam.CfnInstanceProfile(
             self,
             "ECSInstanceProfile",
+            instance_profile_name=f"{self.ecs_config.name}-ecs-instance-profile",
             roles=[self.instance_role.role_name],
-            instance_profile_name=self.ecs_config.instance_profile_name
-            or f"{self.ecs_config.name}-instance-profile",
         )
 
-        logger.info("Created ECS instance role and profile")
+        logger.info(f"Created ECS instance profile: {self.instance_profile.instance_profile_name}")
 
-    def _export_cluster_info(self):
-        """Export cluster information via SSM parameters and CloudFormation outputs."""
-        logger.info("Exporting ECS cluster information")
+        logger.info("ECS instance role and profile created")
 
-        ssm_exports = self.ecs_config.ssm_exports
-        
-        if not ssm_exports:
-            logger.info("No SSM exports configured for ECS Cluster")
+    def _export_cluster_info(self):
+        """Export cluster information as CloudFormation outputs."""
+        if not self.ecs_cluster:
             return
 
-        logger.info(f"Processing {len(ssm_exports)} SSM exports for ECS Cluster")
+        cluster_name = self.deployment.build_resource_name(self.ecs_config.name)
 
-        if "cluster_name" in ssm_exports:
-            self.export_ssm_parameter(
-                scope=self,
-                id="ClusterNameParam",
-                value=self.ecs_config.name,
-                parameter_name=ssm_exports["cluster_name"],
-                description=f"ECS Cluster Name: {self.ecs_config.name}",
-            )
+        # Export cluster name
+        CfnOutput(
+            self,
+            f"{cluster_name}-ClusterName",
+            value=self.ecs_cluster.cluster_name,
+            description=f"ECS Cluster Name for {cluster_name}",
+            export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-ecs-cluster-name",
+        )
 
-        if "cluster_arn" in ssm_exports:
-            self.export_ssm_parameter(
-                scope=self,
-                id="ClusterArnParam",
-                value=self.ecs_cluster.cluster_arn,
-                parameter_name=ssm_exports["cluster_arn"],
-                description=f"ECS Cluster ARN: {self.ecs_cluster.cluster_arn}",
-            )
+        # Export cluster ARN
+        CfnOutput(
+            self,
+            f"{cluster_name}-ClusterArn",
+            value=self.ecs_cluster.cluster_arn,
+            description=f"ECS Cluster ARN for {cluster_name}",
+            export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-ecs-cluster-arn",
+        )
 
-        if "instance_role_arn" in ssm_exports:
-            self.export_ssm_parameter(
-                scope=self,
-                id="InstanceRoleArnParam",
-                value=self.instance_role.role_arn,
-                parameter_name=ssm_exports["instance_role_arn"],
-                description=f"ECS Instance Role ARN: {self.instance_role.role_arn}",
+        # Export security group if available
+        if hasattr(self.ecs_cluster, 'connections') and self.ecs_cluster.connections:
+            security_groups = self.ecs_cluster.connections.security_groups
+            if security_groups:
+                CfnOutput(
+                    self,
+                    f"{cluster_name}-SecurityGroupId",
+                    value=security_groups[0].security_group_id,
+                    description=f"ECS Cluster Security Group ID for {cluster_name}",
+                    export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-ecs-cluster-sg-id",
+                )
+
+        # Export instance profile if created
+        if self.instance_profile:
+            CfnOutput(
+                self,
+                f"{cluster_name}-InstanceProfileArn",
+                value=self.instance_profile.attr_arn,
+                description=f"ECS Instance Profile ARN for {cluster_name}",
+                export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-ecs-instance-profile-arn",
             )
+
+        logger.info("ECS cluster information exported as outputs")
+
+    def _export_ssm_parameters(self) -> None:
+        """Export SSM parameters using standardized approach"""
+        logger.info("=== Starting SSM Parameter Export ===")
         
+        if not self.ecs_cluster:
+            logger.warning("No ECS cluster to export")
+            return
+
+        logger.info(f"ECS cluster found: {self.ecs_cluster.cluster_name}")
+        logger.info(f"SSM exports configured: {self.ssm_config.get('exports', {})}")
+
+        # Prepare resource values for export
+        resource_values = {
+            "cluster_name": self.ecs_cluster.cluster_name,
+            "cluster_arn": self.ecs_cluster.cluster_arn,
+        }
+        
+        # Add instance role ARN if created
+        if self.instance_role:
+            resource_values["instance_role_arn"] = self.instance_role.role_arn
+            logger.info(f"Instance role ARN added: {self.instance_role.role_name}")
+        else:
+            logger.info("No instance role to export")
+        
+        # Add security group ID if available
+        if hasattr(self.ecs_cluster, 'connections') and self.ecs_cluster.connections:
+            security_groups = self.ecs_cluster.connections.security_groups
+            if security_groups:
+                resource_values["security_group_id"] = security_groups[0].security_group_id
+                logger.info(f"Security group ID added: {security_groups[0].security_group_id}")
         
+        # Add instance profile ARN if created
+        if self.instance_profile:
+            resource_values["instance_profile_arn"] = self.instance_profile.attr_arn
+            logger.info(f"Instance profile ARN added: {self.instance_profile.instance_profile_name}")
+
+        # Export using standardized SSM mixin
+        logger.info(f"Resource values available for export: {list(resource_values.keys())}")
+        for key, value in resource_values.items():
+            logger.info(f"  {key}: {value}")
+            
+        try:
+            exported_params = self.export_ssm_parameters(resource_values)
+            logger.info(f"Successfully exported SSM parameters: {exported_params}")
+        except Exception as e:
+            logger.error(f"Failed to export SSM parameters: {str(e)}")
+            raise
+
+    # Backward compatibility alias
+EcsClusterStackStandardized = EcsClusterStack

cdk_factory/stack_library/ecs/ecs_service_stack.py

@@ -23,7 +23,8 @@ from cdk_factory.configurations.deployment import DeploymentConfig
 from cdk_factory.configurations.stack import StackConfig
 from cdk_factory.configurations.resources.ecs_service import EcsServiceConfig
 from cdk_factory.interfaces.istack import IStack
-from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import EnhancedSsmParameterMixin
+from cdk_factory.interfaces.vpc_provider_mixin import VPCProviderMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.workload.workload_factory import WorkloadConfig
 
@@ -33,7 +34,7 @@ logger = Logger(service="EcsServiceStack")
 @register_stack("ecs_service_library_module")
 @register_stack("ecs_service_stack")
 @register_stack("fargate_service_stack")
-class EcsServiceStack(IStack, EnhancedSsmParameterMixin):
+class EcsServiceStack(IStack, VPCProviderMixin, StandardizedSsmMixin):
     """
     Reusable stack for ECS/Fargate services with Docker container support.
     Supports blue-green deployments, maintenance mode, and auto-scaling.
@@ -100,32 +101,16 @@ class EcsServiceStack(IStack, EnhancedSsmParameterMixin):
         
         # Add outputs
         self._add_outputs(service_name)
+        self._export_to_ssm(service_name)
 
     def _load_vpc(self) -> None:
-        """Load VPC from configuration"""
-        # Check SSM imported values first
-        if "vpc_id" in self.ssm_imported_values:
-            vpc_id = self.ssm_imported_values["vpc_id"]
-            
-            # Build VPC attributes
-            vpc_attrs = {
-                "vpc_id": vpc_id,
-                "availability_zones": ["us-east-1a", "us-east-1b"]
-            }
-            
-            # Use from_vpc_attributes() for SSM tokens
-            self._vpc = ec2.Vpc.from_vpc_attributes(self, "VPC", **vpc_attrs)
-        else:
-            vpc_id = self.ecs_config.vpc_id or self.workload.vpc_id
-            
-            if not vpc_id:
-                raise ValueError("VPC ID is required for ECS service")
-            
-            self._vpc = ec2.Vpc.from_lookup(
-                self,
-                "VPC",
-                vpc_id=vpc_id
-            )
+        """Load VPC using the centralized VPC provider mixin."""
+        # Use the centralized VPC resolution from VPCProviderMixin
+        self._vpc = self.resolve_vpc(
+            config=self.ecs_config,
+            deployment=self.deployment,
+            workload=self.workload
+        )
 
     def _process_ssm_imports(self) -> None:
         """
@@ -241,6 +226,9 @@ class EcsServiceStack(IStack, EnhancedSsmParameterMixin):
                     "CloudWatchAgentServerPolicy"
                 )
             )
+
+        # add any custom policies
+        self._add_custom_task_policies(task_role)
         
         # Create task definition based on launch type
         if self.ecs_config.launch_type == "EC2":
@@ -253,6 +241,7 @@ class EcsServiceStack(IStack, EnhancedSsmParameterMixin):
                 network_mode=ecs.NetworkMode(network_mode.upper()) if network_mode else ecs.NetworkMode.BRIDGE,
                 execution_role=execution_role,
                 task_role=task_role,
+                inference_accelerators=None
             )
         else:
             # Fargate task definition
@@ -264,6 +253,7 @@ class EcsServiceStack(IStack, EnhancedSsmParameterMixin):
                 memory_limit_mib=int(self.ecs_config.memory),
                 execution_role=execution_role,
                 task_role=task_role,
+                inference_accelerators=None
             )
         
         # Add volumes to task definition
@@ -272,6 +262,37 @@ class EcsServiceStack(IStack, EnhancedSsmParameterMixin):
         # Add containers
         self._add_containers_to_task()
 
+    def _add_custom_task_policies(self, task_role: iam.Role) -> None:
+        """
+        Add custom task policies to the task definition.
+        """
+        for policy in self.ecs_config.task_definition.get("policies", []):
+
+            effect = policy.get("effect", "Allow")
+            action = policy.get("action", None)
+            actions = policy.get("actions", [])
+            if action:
+                actions.append(action)
+            resources = policy.get("resources", [])
+            resource = policy.get("resource", None)
+            if resource:
+                resources.append(resource)
+
+            if effect == "Allow" and actions:
+                effect = iam.Effect.ALLOW
+            if effect == "Deny" and actions:
+                effect = iam.Effect.DENY
+
+            sid = policy.get("sid", None)
+            task_role.add_to_policy(
+                iam.PolicyStatement(
+                    effect=effect,
+                    actions=actions,
+                    resources=resources,
+                    sid=sid,
+                )
+            )
+
     def _add_volumes_to_task(self) -> None:
         """
         Add volumes to the task definition.
@@ -556,6 +577,14 @@ class EcsServiceStack(IStack, EnhancedSsmParameterMixin):
         """Attach service to load balancer target groups"""
         target_group_arns = self.ecs_config.target_group_arns
         
+        if target_group_arns:
+            tmp = []
+            for tg_arn in target_group_arns:
+                import hashlib
+                unique_id = hashlib.md5(tg_arn.encode()).hexdigest()
+                tmp.append(self.resolve_ssm_value(self, tg_arn, unique_id))
+            target_group_arns = tmp
+        
         if not target_group_arns:
             # Try to load from SSM if configured
             target_group_arns = self._load_target_groups_from_ssm()
@@ -579,7 +608,7 @@ class EcsServiceStack(IStack, EnhancedSsmParameterMixin):
         for param_key, param_name in ssm_imports.items():
             if 'target_group' in param_key.lower() or 'tg' in param_key.lower():
                 try:
-                    param_value = self.get_ssm_parameter_value(param_name)
+                    param_value = self.get_ssm_imported_value(param_name)
                     if param_value and param_value.startswith('arn:'):
                         target_group_arns.append(param_value)
                 except Exception as e:
@@ -611,35 +640,13 @@ class EcsServiceStack(IStack, EnhancedSsmParameterMixin):
             scale_out_cooldown=cdk.Duration.seconds(60),
         )
 
+    
+
     def _add_outputs(self, service_name: str) -> None:
         """Add CloudFormation outputs"""
+        return
         
-        # Service name output
-        cdk.CfnOutput(
-            self,
-            "ServiceName",
-            value=self.service.service_name,
-            description=f"ECS Service Name: {service_name}",
-        )
         
-        # Service ARN output
-        cdk.CfnOutput(
-            self,
-            "ServiceArn",
-            value=self.service.service_arn,
-            description=f"ECS Service ARN: {service_name}",
-        )
-        
-        # Cluster name output
-        cdk.CfnOutput(
-            self,
-            "ClusterName",
-            value=self.cluster.cluster_name,
-            description=f"ECS Cluster Name for {service_name}",
-        )
-        
-        # Export to SSM if configured
-        self._export_to_ssm(service_name)
 
     def _export_to_ssm(self, service_name: str) -> None:
         """Export resource ARNs and names to SSM Parameter Store"""