PyPI - cdk-factory - Versions diffs - 0.16.16__py3-none-any.whl → 0.17.0__py3-none-any.whl - Mend

cdk-factory 0.16.16py3-none-any.whl → 0.17.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

cdk_factory/stack_library/vpc/vpc_stack_standardized.py ADDED Viewed

@@ -0,0 +1,411 @@
+"""
+VPC Stack Pattern for CDK-Factory (Standardized SSM Version)
+Maintainers: Eric Wilson
+MIT License.  See Project Root for the license information.
+"""
+from typing import Dict, Any, List, Optional
+import aws_cdk as cdk
+from aws_cdk import aws_ec2 as ec2
+from aws_lambda_powertools import Logger
+from constructs import Construct
+from cdk_factory.configurations.deployment import DeploymentConfig
+from cdk_factory.configurations.stack import StackConfig
+from cdk_factory.configurations.resources.vpc import VpcConfig
+from cdk_factory.interfaces.istack import IStack
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
+from cdk_factory.stack.stack_module_registry import register_stack
+from cdk_factory.workload.workload_factory import WorkloadConfig
+logger = Logger(service="VpcStackStandardized")
+@register_stack("vpc_library_module")
+@register_stack("vpc_stack")
+class VpcStack(IStack, StandardizedSsmMixin):
+    """
+    Reusable stack for AWS VPC with standardized SSM integration.
+    This version uses the StandardizedSsmMixin to provide consistent SSM parameter
+    handling across all CDK Factory modules.
+    Key Features:
+    - Standardized SSM import/export patterns
+    - Template variable resolution
+    - Comprehensive validation
+    - Clear error handling
+    - Backward compatibility
+    """
+    def __init__(self, scope: Construct, id: str, **kwargs) -> None:
+        # Initialize parent classes properly
+        super().__init__(scope, id, **kwargs)
+        # Initialize module attributes
+        self.vpc_config = None
+        self.stack_config = None
+        self.deployment = None
+        self.workload = None
+        self.vpc = None
+    def build(
+        self,
+        stack_config: StackConfig,
+        deployment: DeploymentConfig,
+        workload: WorkloadConfig,
+    ) -> None:
+        """Build the VPC stack"""
+        self._build(stack_config, deployment, workload)
+    def _build(
+        self,
+        stack_config: StackConfig,
+        deployment: DeploymentConfig,
+        workload: WorkloadConfig,
+    ) -> None:
+        """Internal build method for the VPC stack"""
+        self.stack_config = stack_config
+        self.deployment = deployment
+        self.workload = workload
+        self.vpc_config = VpcConfig(stack_config.dictionary.get("vpc", {}), deployment)
+        vpc_name = deployment.build_resource_name(self.vpc_config.name)
+        # Setup standardized SSM integration
+        self.setup_standardized_ssm_integration(
+            scope=self,
+            config=self.vpc_config,
+            resource_type="vpc",
+            resource_name=vpc_name,
+            deployment=deployment,
+            workload=workload
+        )
+        # Process SSM imports using standardized method
+        self.process_standardized_ssm_imports()
+        # Import any required resources from SSM
+        imported_resources = self.get_all_ssm_imports()
+        if imported_resources:
+            logger.info(f"Imported resources from SSM: {list(imported_resources.keys())}")
+        # Create the VPC
+        self.vpc = self._create_vpc(vpc_name)
+        # Add outputs
+        self._add_outputs(vpc_name)
+        # Export SSM parameters
+        self._export_ssm_parameters()
+        logger.info(f"VPC {vpc_name} built successfully")
+    def _create_vpc(self, vpc_name: str) -> ec2.Vpc:
+        """Create a VPC with the specified configuration"""
+        # Configure subnet configuration
+        subnet_configuration = self._get_subnet_configuration()
+        # Configure NAT gateways
+        nat_gateway_count = self.vpc_config.nat_gateways.get("count", 1)
+        # Get explicit availability zones to avoid dummy AZs in pipeline synthesis
+        # When CDK synthesizes in a pipeline context, it doesn't have access to real AZs
+        # So we explicitly specify them based on the deployment region
+        availability_zones = None
+        if self.deployment:
+            region = self.deployment.region or "us-east-1"
+            # Explicitly list AZs for the region to avoid dummy values
+            max_azs = self.vpc_config.max_azs or 2
+            if region == "us-east-1":
+                availability_zones = [f"us-east-1{chr(97+i)}" for i in range(max_azs)]  # us-east-1a, us-east-1b, etc.
+            elif region == "us-east-2":
+                availability_zones = [f"us-east-2{chr(97+i)}" for i in range(max_azs)]
+            elif region == "us-west-1":
+                availability_zones = [f"us-west-1{chr(97+i)}" for i in range(max_azs)]
+            elif region == "us-west-2":
+                availability_zones = [f"us-west-2{chr(97+i)}" for i in range(max_azs)]
+        # Build VPC properties
+        # Note: CDK doesn't allow both 'availability_zones' and 'max_azs' - use one or the other
+        vpc_props = {
+            "vpc_name": vpc_name,
+            "cidr": self.vpc_config.cidr,
+            "nat_gateways": nat_gateway_count,
+            "subnet_configuration": subnet_configuration,
+            "enable_dns_hostnames": self.vpc_config.enable_dns_hostnames,
+            "enable_dns_support": self.vpc_config.enable_dns_support,
+            "gateway_endpoints": (
+                {
+                    "S3": ec2.GatewayVpcEndpointOptions(
+                        service=ec2.GatewayVpcEndpointAwsService.S3
+                    )
+                }
+                if self.vpc_config.enable_s3_endpoint
+                else None
+            ),
+        }
+        # Use either availability_zones or max_azs, not both
+        if availability_zones:
+            vpc_props["availability_zones"] = availability_zones
+        else:
+            vpc_props["max_azs"] = self.vpc_config.max_azs
+        # Create the VPC
+        vpc = ec2.Vpc(self, vpc_name, **vpc_props)
+        # Add interface endpoints if specified
+        if self.vpc_config.enable_interface_endpoints:
+            self._add_interface_endpoints(vpc, self.vpc_config.interface_endpoints)
+        # Add tags if specified
+        for key, value in self.vpc_config.tags.items():
+            cdk.Tags.of(vpc).add(key, value)
+        return vpc
+    def _get_subnet_configuration(self) -> List[ec2.SubnetConfiguration]:
+        """Configure the subnets for the VPC"""
+        subnet_configs = []
+        # Public subnets
+        if self.vpc_config.subnets.get("public", {}).get("enabled", True):
+            public_config = self.vpc_config.subnets["public"]
+            subnet_configs.append(
+                ec2.SubnetConfiguration(
+                    name=self.vpc_config.public_subnet_name,
+                    subnet_type=ec2.SubnetType.PUBLIC,
+                    cidr_mask=public_config.get("cidr_mask", 24),
+                    map_public_ip_on_launch=public_config.get("map_public_ip", True),
+                )
+            )
+        # Private subnets
+        if self.vpc_config.subnets.get("private", {}).get("enabled", True):
+            private_config = self.vpc_config.subnets["private"]
+            subnet_configs.append(
+                ec2.SubnetConfiguration(
+                    name=self.vpc_config.private_subnet_name,
+                    subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS,
+                    cidr_mask=private_config.get("cidr_mask", 24),
+                )
+            )
+        # Isolated subnets
+        if self.vpc_config.subnets.get("isolated", {}).get("enabled", False):
+            isolated_config = self.vpc_config.subnets["isolated"]
+            subnet_configs.append(
+                ec2.SubnetConfiguration(
+                    name=self.vpc_config.isolated_subnet_name,
+                    subnet_type=ec2.SubnetType.PRIVATE_ISOLATED,
+                    cidr_mask=isolated_config.get("cidr_mask", 24),
+                )
+            )
+        return subnet_configs
+    def _add_interface_endpoints(self, vpc: ec2.Vpc, endpoints: List[str]) -> None:
+        """Add VPC interface endpoints"""
+        endpoint_services = {
+            "ecr.api": ec2.InterfaceVpcEndpointAwsService.ECR,
+            "ecr.dkr": ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER,
+            "ec2": ec2.InterfaceVpcEndpointAwsService.EC2,
+            "ecs": ec2.InterfaceVpcEndpointAwsService.ECS,
+            "lambda": ec2.InterfaceVpcEndpointAwsService.LAMBDA,
+            "secretsmanager": ec2.InterfaceVpcEndpointAwsService.SECRETS_MANAGER,
+            "ssm": ec2.InterfaceVpcEndpointAwsService.SSM,
+            "kms": ec2.InterfaceVpcEndpointAwsService.KMS,
+        }
+        for endpoint_name in endpoints:
+            if endpoint_name in endpoint_services:
+                vpc.add_interface_endpoint(
+                    f"{endpoint_name}-endpoint",
+                    service=endpoint_services[endpoint_name],
+                    subnets=ec2.SubnetSelection(
+                        subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS
+                    ),
+                )
+                logger.info(f"Added interface endpoint: {endpoint_name}")
+            else:
+                logger.warning(f"Unknown interface endpoint: {endpoint_name}")
+    def _add_outputs(self, vpc_name: str) -> None:
+        """Add CloudFormation outputs for the VPC"""
+        if not self.vpc:
+            return
+        # VPC outputs
+        cdk.CfnOutput(
+            self,
+            f"{vpc_name}-VpcId",
+            value=self.vpc.vpc_id,
+            description=f"VPC ID for {vpc_name}",
+            export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-vpc-id",
+        )
+        # Subnet outputs
+        public_subnet_ids = [subnet.subnet_id for subnet in self.vpc.public_subnets]
+        if public_subnet_ids:
+            cdk.CfnOutput(
+                self,
+                f"{vpc_name}-PublicSubnetIds",
+                value=",".join(public_subnet_ids),
+                description=f"Public subnet IDs for {vpc_name}",
+                export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-public-subnet-ids",
+            )
+        private_subnet_ids = [subnet.subnet_id for subnet in self.vpc.private_subnets]
+        if private_subnet_ids:
+            cdk.CfnOutput(
+                self,
+                f"{vpc_name}-PrivateSubnetIds",
+                value=",".join(private_subnet_ids),
+                description=f"Private subnet IDs for {vpc_name}",
+                export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-private-subnet-ids",
+            )
+        isolated_subnet_ids = [subnet.subnet_id for subnet in self.vpc.isolated_subnets]
+        if isolated_subnet_ids:
+            cdk.CfnOutput(
+                self,
+                f"{vpc_name}-IsolatedSubnetIds",
+                value=",".join(isolated_subnet_ids),
+                description=f"Isolated subnet IDs for {vpc_name}",
+                export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-isolated-subnet-ids",
+            )
+        # Route table outputs - simplified to avoid route table access issues
+        # Skip route table outputs for now as they're causing CDK API issues
+        # public_route_table_ids = []
+        # if self.vpc.public_subnets:
+        #     for subnet in self.vpc.public_subnets:
+        #         # Access route table through the subnet's route table association
+        #         for association in subnet.node.children:
+        #             if hasattr(association, 'route_table_id') and association.route_table_id:
+        #                 public_route_table_ids.append(association.route_table_id)
+        #
+        # if public_route_table_ids:
+        #     cdk.CfnOutput(
+        #         self,
+        #         f"{vpc_name}-PublicRouteTableIds",
+        #         value=",".join(public_route_table_ids),
+        #         description=f"Public route table IDs for {vpc_name}",
+        #         export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-public-route-table-ids",
+        #     )
+        #
+        # private_route_table_ids = []
+        # if self.vpc.private_subnets:
+        #     for subnet in self.vpc.private_subnets:
+        #         # Access route table through the subnet's route table association
+        #         for association in subnet.node.children:
+        #             if hasattr(association, 'route_table_id') and association.route_table_id:
+        #                 private_route_table_ids.append(association.route_table_id)
+        #
+        # if private_route_table_ids:
+        #     cdk.CfnOutput(
+        #         self,
+        #         f"{vpc_name}-PrivateRouteTableIds",
+        #         value=",".join(private_route_table_ids),
+        #         description=f"Private route table IDs for {vpc_name}",
+        #         export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-private-route-table-ids",
+        #     )
+        # Internet Gateway output
+        if hasattr(self.vpc, 'internet_gateway_id') and self.vpc.internet_gateway_id:
+            cdk.CfnOutput(
+                self,
+                f"{vpc_name}-InternetGatewayId",
+                value=self.vpc.internet_gateway_id,
+                description=f"Internet Gateway ID for {vpc_name}",
+                export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-internet-gateway-id",
+            )
+        # NAT Gateway outputs - simplified to avoid None values
+        nat_gateway_ids = []
+        for subnet in self.vpc.public_subnets:
+            if hasattr(subnet, 'node') and subnet.node:
+                for child in subnet.node.children:
+                    if hasattr(child, 'nat_gateway_id') and child.nat_gateway_id:
+                        nat_gateway_ids.append(child.nat_gateway_id)
+        if nat_gateway_ids:
+            cdk.CfnOutput(
+                self,
+                f"{vpc_name}-NatGatewayIds",
+                value=",".join(nat_gateway_ids),
+                description=f"NAT Gateway IDs for {vpc_name}",
+                export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-nat-gateway-ids",
+            )
+    def _export_ssm_parameters(self) -> None:
+        """Export SSM parameters using standardized approach"""
+        if not self.vpc:
+            logger.warning("No VPC to export")
+            return
+        # Prepare resource values for export
+        resource_values = {
+            "vpc_id": self.vpc.vpc_id,
+            "public_subnet_ids": [subnet.subnet_id for subnet in self.vpc.public_subnets],
+            "private_subnet_ids": [subnet.subnet_id for subnet in self.vpc.private_subnets],
+            "isolated_subnet_ids": [subnet.subnet_id for subnet in self.vpc.isolated_subnets],
+        }
+        # Add route table IDs if available - commented out due to CDK API issues
+        # public_route_table_ids = []
+        # if self.vpc.public_subnets:
+        #     for subnet in self.vpc.public_subnets:
+        #         # Access route table through the subnet's route table association
+        #         for association in subnet.node.children:
+        #             if hasattr(association, 'route_table_id') and association.route_table_id:
+        #                 public_route_table_ids.append(association.route_table_id)
+        #
+        # if public_route_table_ids:
+        #     resource_values["public_route_table_ids"] = public_route_table_ids
+        #
+        # private_route_table_ids = []
+        # if self.vpc.private_subnets:
+        #     for subnet in self.vpc.private_subnets:
+        #         # Access route table through the subnet's route table association
+        #         for association in subnet.node.children:
+        #             if hasattr(association, 'route_table_id') and association.route_table_id:
+        #                 private_route_table_ids.append(association.route_table_id)
+        #
+        # if private_route_table_ids:
+        #     resource_values["private_route_table_ids"] = private_route_table_ids
+        # Add NAT Gateway IDs if available - simplified to avoid None values
+        nat_gateway_ids = []
+        for subnet in self.vpc.public_subnets:
+            if hasattr(subnet, 'node') and subnet.node:
+                for child in subnet.node.children:
+                    if hasattr(child, 'nat_gateway_id') and child.nat_gateway_id:
+                        nat_gateway_ids.append(child.nat_gateway_id)
+        if nat_gateway_ids:
+            resource_values["nat_gateway_ids"] = nat_gateway_ids
+        # Add Internet Gateway ID if available
+        if hasattr(self.vpc, 'internet_gateway_id') and self.vpc.internet_gateway_id:
+            resource_values["internet_gateway_id"] = self.vpc.internet_gateway_id
+        # Export using standardized SSM mixin
+        exported_params = self.export_standardized_ssm_parameters(resource_values)
+        logger.info(f"Exported SSM parameters: {exported_params}")
+    # Backward compatibility methods
+    def auto_export_resources(self, resource_values: Dict[str, Any], context: Dict[str, Any] = None) -> Dict[str, str]:
+        """Backward compatibility method for existing modules."""
+        return self.export_standardized_ssm_parameters(resource_values)
+    def auto_import_resources(self, context: Dict[str, Any] = None) -> Dict[str, Any]:
+        """Backward compatibility method for existing modules."""
+        return self.get_all_ssm_imports()
+# Backward compatibility alias
+VpcStackStandardized = VpcStack

cdk_factory/utilities/api_gateway_integration_utility.py CHANGED Viewed

@@ -537,34 +537,42 @@ class ApiGatewayIntegrationUtility:
                 if ssm_path:
                     # Use enhanced SSM parameter import with auto-discovery support
-                    from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import (
-                        EnhancedSsmParameterMixin,
+                    from cdk_factory.interfaces.standardized_ssm_mixin import (
+                        StandardizedSsmMixin,
                     )
-                    ssm_mixin = EnhancedSsmParameterMixin()
+                    ssm_mixin = StandardizedSsmMixin()
                     # Setup enhanced SSM integration for auto-import
                     # Use "user-pool" as resource identifier for SSM paths to match cognito exports
-                    ssm_mixin.setup_enhanced_ssm_integration(
+                    api_gateway_config = stack_config.dictionary.get("api_gateway", {}).copy()
+                    # Configure SSM imports for auto-discovery
+                    if ssm_path == "auto":
+                        if "ssm" not in api_gateway_config:
+                            api_gateway_config["ssm"] = {}
+                        if "imports" not in api_gateway_config["ssm"]:
+                            api_gateway_config["ssm"]["imports"] = {}
+                        api_gateway_config["ssm"]["imports"]["user_pool_arn"] = "/{{ORGANIZATION}}/{{ENVIRONMENT}}/cognito/user-pool/arn"
+                    ssm_mixin.setup_standardized_ssm_integration(
                         scope=self.scope,
-                        config=stack_config.dictionary.get("api_gateway", {}),
+                        config=api_gateway_config,
                         resource_type="cognito",
                         resource_name="user-pool",
                     )
-                    # If ssm_path is "auto", use auto-import mechanism
+                    # Get user pool ARN using new pattern - read directly from config
                     if ssm_path == "auto":
                         logger.info("Using auto-import for user pool ARN")
-                        imported_values = ssm_mixin.auto_import_resources()
-                        user_pool_arn = imported_values.get("user_pool_arn")
+                        ssm_imports = api_gateway_config.get("ssm", {}).get("imports", {})
+                        user_pool_arn = ssm_imports.get("user_pool_arn")
                     else:
                         # Use direct parameter import for specific SSM path
                         logger.info(
                             f"Looking up user pool ARN from SSM parameter: {ssm_path}"
                         )
-                        user_pool_arn = ssm_mixin._import_enhanced_ssm_parameter(
-                            ssm_path, "user_pool_arn"
-                        )
+                        user_pool_arn = ssm_mixin._resolve_single_ssm_import(ssm_path, "user_pool_arn")
             # Extract user pool ID from ARN if we have it
             if user_pool_arn and not user_pool_id:
@@ -866,15 +874,15 @@ class ApiGatewayIntegrationUtility:
         if ssm_config.get("enabled", False):
             try:
-                from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import (
-                    EnhancedSsmParameterMixin,
+                from cdk_factory.interfaces.standardized_ssm_mixin import (
+                    StandardizedSsmMixin,
                 )
-                ssm_mixin = EnhancedSsmParameterMixin()
+                ssm_mixin = StandardizedSsmMixin()
                 # Setup enhanced SSM integration for auto-import
                 # Use consistent resource name for cross-stack compatibility
-                ssm_mixin.setup_enhanced_ssm_integration(
+                ssm_mixin.setup_standardized_ssm_integration(
                     scope=self.scope,
                     config=api_gateway_config,
                     resource_type="api-gateway",
@@ -900,7 +908,7 @@ class ApiGatewayIntegrationUtility:
                         logger.info(
                             f"Looking up authorizer ID from SSM parameter: {import_value}"
                         )
-                        authorizer_id = ssm_mixin._import_enhanced_ssm_parameter(
+                        authorizer_id = ssm_mixin._resolve_single_ssm_import(
                             import_value, "authorizer_id"
                         )
                         if authorizer_id:

cdk_factory/utilities/environment_services.py CHANGED Viewed

@@ -23,9 +23,9 @@ logger = Logger(__name__)
 class EnvironmentVariables:
     """
-    Easy access to allo the environment variables we use in the appliction.
-    It's a best practice to use this vs doing and os.getevn in each application.
-    This helps us track all the enviroment variables in use
+    Easy access to allow the environment variables we use in the application.
+    It's a best practice to use this vs doing and os.getenv in each application.
+    This helps us track all the environment variables in use
     """
     @staticmethod

cdk_factory/utilities/json_loading_utility.py CHANGED Viewed

@@ -212,7 +212,7 @@ class JsonLoadingUtility:
             replacements = {
                 "{{workload-name}}": "geekcafe",
                 "{{deployment-name}}": "dev",
-                "{{awsAccount}}": "123456789012",
+                "{{awsAccount}}": os.environ.get("AWS_ACCOUNT", "123456789012"),
                 "{{hostedZoneName}}": "sandbox.geekcafe.com",
                 "{{placeholder}}": "DYNAMIC_VALUE"
             }

cdk-factory 0.16.16__py3-none-any.whl → 0.17.0__py3-none-any.whl

cdk-factory 0.16.16py3-none-any.whl → 0.17.0py3-none-any.whl