cdk-factory 0.16.16__py3-none-any.whl → 0.17.1__py3-none-any.whl

cdk_factory/stack_library/ecs/ecs_cluster_stack_standardized.py

@@ -0,0 +1,305 @@
+"""
+ECS Cluster Stack Module (Standardized SSM Version)
+
+Provides a dedicated stack for creating and configuring ECS clusters
+with proper configurability, explicit resource management, and standardized SSM integration.
+"""
+
+import logging
+from typing import Optional, Dict, Any
+
+from aws_cdk import (
+    aws_ecs as ecs,
+    aws_ec2 as ec2,
+    aws_iam as iam,
+    CfnOutput,
+)
+from constructs import Construct
+
+from cdk_factory.configurations.stack import StackConfig
+from cdk_factory.configurations.deployment import DeploymentConfig
+from cdk_factory.configurations.workload import WorkloadConfig
+from cdk_factory.interfaces.vpc_provider_mixin import VPCProviderMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
+from cdk_factory.configurations.resources.ecs_cluster import EcsClusterConfig
+from cdk_factory.stack.stack_module_registry import register_stack
+from cdk_factory.interfaces.istack import IStack
+
+logger = logging.getLogger(__name__)
+
+
+@register_stack("ecs_cluster_stack")
+class EcsClusterStack(IStack, VPCProviderMixin, StandardizedSsmMixin):
+    """
+    A dedicated stack for creating and managing ECS clusters with standardized SSM integration.
+
+    This stack provides explicit configuration of ECS clusters including:
+    - Cluster naming
+    - Container insights
+    - Cluster settings
+    - Standardized SSM parameter exports
+    - IAM role configurations
+    - Template variable resolution
+    - Comprehensive validation
+    """
+
+    def __init__(self, scope: Construct, id: str, **kwargs) -> None:
+        """
+        Initialize the ECS Cluster stack.
+        
+        Args:
+            scope: The CDK construct scope
+            id: The construct ID
+        """
+        super().__init__(scope, id, **kwargs)
+        
+        self._initialize_vpc_cache()
+        
+        self.ecs_config: Optional[EcsClusterConfig] = None
+        self.stack_config: Optional[StackConfig] = None
+        self.deployment: Optional[DeploymentConfig] = None
+        self.workload: Optional[WorkloadConfig] = None
+        self.ecs_cluster: Optional[ecs.Cluster] = None
+        self.instance_role: Optional[iam.Role] = None
+        self.instance_profile: Optional[iam.CfnInstanceProfile] = None
+
+    def build(
+        self,
+        stack_config: StackConfig,
+        deployment: DeploymentConfig,
+        workload: WorkloadConfig,
+    ) -> None:
+        """Build the ECS Cluster stack"""
+        self._build(stack_config, deployment, workload)
+
+    def _build(
+        self,
+        stack_config: StackConfig,
+        deployment: DeploymentConfig,
+        workload: WorkloadConfig,
+    ) -> None:
+        """Internal build method for the ECS Cluster stack"""
+        self.stack_config = stack_config
+        self.deployment = deployment
+        self.workload = workload
+        
+        # Initialize VPC cache from mixin
+        self._initialize_vpc_cache()
+        
+        # Load ECS cluster configuration
+        self.ecs_config: EcsClusterConfig = EcsClusterConfig(
+            stack_config.dictionary.get("ecs_cluster", {})
+        )
+        
+        cluster_name = deployment.build_resource_name(self.ecs_config.name)
+        
+        logger.info(f"Creating ECS Cluster stack: {cluster_name}")
+        
+        # Setup standardized SSM integration
+        self.setup_standardized_ssm_integration(
+            scope=self,
+            config=self.ecs_config,
+            resource_type="ecs_cluster",
+            resource_name=cluster_name,
+            deployment=deployment,
+            workload=workload
+        )
+
+        # Process SSM imports using standardized method
+        self.process_standardized_ssm_imports()
+        
+        # Create the ECS cluster
+        self._create_ecs_cluster()
+        
+        # Create IAM roles if needed
+        self._create_iam_roles()
+        
+        # Export cluster information
+        self._export_cluster_info()
+        
+        # Export SSM parameters
+        self._export_ssm_parameters()
+        
+        logger.info(f"ECS Cluster stack created: {cluster_name}")
+
+    def _create_ecs_cluster(self):
+        """Create the ECS cluster with explicit configuration."""
+        logger.info(f"Creating ECS cluster: {self.ecs_config.name}")
+
+        # Build cluster settings
+        cluster_settings = []
+
+        # Add container insights if enabled
+        if self.ecs_config.container_insights:
+            cluster_settings.append({"name": "containerInsights", "value": "enabled"})
+
+        # Add custom cluster settings
+        if self.ecs_config.cluster_settings:
+            cluster_settings.extend(self.ecs_config.cluster_settings)
+
+        # Get VPC using standardized approach
+        self.vpc = self._get_vpc()
+        
+        # Create the ECS cluster
+        self.ecs_cluster = ecs.Cluster(
+            self,
+            "ECSCluster",
+            cluster_name=self.ecs_config.name,
+            vpc=self.vpc,
+            container_insights=self.ecs_config.container_insights,
+            default_cloud_map_namespace=(
+                self.ecs_config.cloud_map_namespace
+                if self.ecs_config.cloud_map_namespace
+                else None
+            ),
+            execute_command_configuration=(
+                self.ecs_config.execute_command_configuration
+                if self.ecs_config.execute_command_configuration
+                else None
+            ),
+        )
+
+        logger.info(f"ECS cluster created: {self.ecs_config.name}")
+
+    def _get_vpc(self):
+        """
+        Get VPC using the centralized VPC provider mixin.
+        """
+        # Use the centralized VPC resolution from VPCProviderMixin
+        return self.resolve_vpc(
+            config=self.ecs_config,
+            deployment=self.deployment,
+            workload=self.workload
+        )
+
+    def _create_iam_roles(self):
+        """Create IAM roles for the ECS cluster if configured."""
+        if not self.ecs_config.create_instance_role:
+            logger.info("Skipping instance role creation (disabled in config)")
+            return
+
+        logger.info("Creating ECS instance role")
+
+        # Create the instance role
+        self.instance_role = iam.Role(
+            self,
+            "ECSInstanceRole",
+            assumed_by=iam.ServicePrincipal("ec2.amazonaws.com"),
+            managed_policies=[
+                iam.ManagedPolicy.from_aws_managed_policy_name("AmazonECSWorkerNodePolicy"),
+                iam.ManagedPolicy.from_aws_managed_policy_name("AmazonEC2ContainerRegistryReadOnly"),
+                iam.ManagedPolicy.from_aws_managed_policy_name("AmazonSSMManagedInstanceCore"),
+            ],
+            role_name=f"{self.ecs_config.name}-ecs-instance-role",
+        )
+
+        # Create instance profile
+        self.instance_profile = iam.CfnInstanceProfile(
+            self,
+            "ECSInstanceProfile",
+            roles=[self.instance_role.role_name],
+            instance_profile_name=f"{self.ecs_config.name}-ecs-instance-profile",
+        )
+
+        logger.info("ECS instance role and profile created")
+
+    def _export_cluster_info(self):
+        """Export cluster information as CloudFormation outputs."""
+        if not self.ecs_cluster:
+            return
+
+        cluster_name = self.deployment.build_resource_name(self.ecs_config.name)
+
+        # Export cluster name
+        CfnOutput(
+            self,
+            f"{cluster_name}-ClusterName",
+            value=self.ecs_cluster.cluster_name,
+            description=f"ECS Cluster Name for {cluster_name}",
+            export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-ecs-cluster-name",
+        )
+
+        # Export cluster ARN
+        CfnOutput(
+            self,
+            f"{cluster_name}-ClusterArn",
+            value=self.ecs_cluster.cluster_arn,
+            description=f"ECS Cluster ARN for {cluster_name}",
+            export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-ecs-cluster-arn",
+        )
+
+        # Export security group if available
+        if hasattr(self.ecs_cluster, 'connections') and self.ecs_cluster.connections:
+            security_groups = self.ecs_cluster.connections.security_groups
+            if security_groups:
+                CfnOutput(
+                    self,
+                    f"{cluster_name}-SecurityGroupId",
+                    value=security_groups[0].security_group_id,
+                    description=f"ECS Cluster Security Group ID for {cluster_name}",
+                    export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-ecs-cluster-sg-id",
+                )
+
+        # Export instance profile if created
+        if self.instance_profile:
+            CfnOutput(
+                self,
+                f"{cluster_name}-InstanceProfileArn",
+                value=self.instance_profile.attr_arn,
+                description=f"ECS Instance Profile ARN for {cluster_name}",
+                export_name=f"{self.deployment.workload_name}-{self.deployment.environment}-ecs-instance-profile-arn",
+            )
+
+        logger.info("ECS cluster information exported as outputs")
+
+    def _export_ssm_parameters(self) -> None:
+        """Export SSM parameters using standardized approach"""
+        if not self.ecs_cluster:
+            logger.warning("No ECS cluster to export")
+            return
+
+        # Prepare resource values for export
+        resource_values = {
+            "ecs_cluster_name": self.ecs_cluster.cluster_name,
+            "ecs_cluster_arn": self.ecs_cluster.cluster_arn,
+        }
+        
+        # Add security group ID if available
+        if hasattr(self.ecs_cluster, 'connections') and self.ecs_cluster.connections:
+            security_groups = self.ecs_cluster.connections.security_groups
+            if security_groups:
+                resource_values["ecs_cluster_security_group_id"] = security_groups[0].security_group_id
+        
+        # Add instance profile ARN if created
+        if self.instance_profile:
+            resource_values["ecs_instance_profile_arn"] = self.instance_profile.attr_arn
+
+        # Export using standardized SSM mixin
+        exported_params = self.export_standardized_ssm_parameters(resource_values)
+        
+        logger.info(f"Exported SSM parameters: {exported_params}")
+
+    # Backward compatibility methods
+    def process_ssm_imports(self, config: Any, deployment: DeploymentConfig, resource_type: str = "resource") -> None:
+        """Backward compatibility method for existing modules."""
+        # Extract SSM configuration from old format
+        if hasattr(config, 'ssm_imports'):
+            # Convert old ssm_imports format to new format
+            old_imports = config.ssm_imports
+            new_imports = {}
+            
+            for key, value in old_imports.items():
+                # Resolve template variables using old method
+                if isinstance(value, str) and not value.startswith('/'):
+                    value = f"/{deployment.environment}/{deployment.workload_name}/{value}"
+                new_imports[key] = value
+            
+            # Update SSM config
+            self.ssm_config = {"imports": new_imports}
+        
+        # Process imports using standardized method
+        self.process_standardized_ssm_imports()
+
+
+# Backward compatibility alias
+EcsClusterStackStandardized = EcsClusterStack

cdk_factory/stack_library/ecs/ecs_service_stack.py

@@ -23,7 +23,8 @@ from cdk_factory.configurations.deployment import DeploymentConfig
 from cdk_factory.configurations.stack import StackConfig
 from cdk_factory.configurations.resources.ecs_service import EcsServiceConfig
 from cdk_factory.interfaces.istack import IStack
-from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import EnhancedSsmParameterMixin
+from cdk_factory.interfaces.vpc_provider_mixin import VPCProviderMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.workload.workload_factory import WorkloadConfig
 
@@ -33,7 +34,7 @@ logger = Logger(service="EcsServiceStack")
 @register_stack("ecs_service_library_module")
 @register_stack("ecs_service_stack")
 @register_stack("fargate_service_stack")
-class EcsServiceStack(IStack, EnhancedSsmParameterMixin):
+class EcsServiceStack(IStack, VPCProviderMixin, StandardizedSsmMixin):
     """
     Reusable stack for ECS/Fargate services with Docker container support.
     Supports blue-green deployments, maintenance mode, and auto-scaling.
@@ -102,30 +103,13 @@ class EcsServiceStack(IStack, EnhancedSsmParameterMixin):
         self._add_outputs(service_name)
 
     def _load_vpc(self) -> None:
-        """Load VPC from configuration"""
-        # Check SSM imported values first
-        if "vpc_id" in self.ssm_imported_values:
-            vpc_id = self.ssm_imported_values["vpc_id"]
-            
-            # Build VPC attributes
-            vpc_attrs = {
-                "vpc_id": vpc_id,
-                "availability_zones": ["us-east-1a", "us-east-1b"]
-            }
-            
-            # Use from_vpc_attributes() for SSM tokens
-            self._vpc = ec2.Vpc.from_vpc_attributes(self, "VPC", **vpc_attrs)
-        else:
-            vpc_id = self.ecs_config.vpc_id or self.workload.vpc_id
-            
-            if not vpc_id:
-                raise ValueError("VPC ID is required for ECS service")
-            
-            self._vpc = ec2.Vpc.from_lookup(
-                self,
-                "VPC",
-                vpc_id=vpc_id
-            )
+        """Load VPC using the centralized VPC provider mixin."""
+        # Use the centralized VPC resolution from VPCProviderMixin
+        self._vpc = self.resolve_vpc(
+            config=self.ecs_config,
+            deployment=self.deployment,
+            workload=self.workload
+        )
 
     def _process_ssm_imports(self) -> None:
         """

cdk_factory/stack_library/lambda_edge/lambda_edge_stack.py

@@ -25,7 +25,7 @@ from cdk_factory.configurations.deployment import DeploymentConfig
 from cdk_factory.configurations.stack import StackConfig
 from cdk_factory.configurations.resources.lambda_edge import LambdaEdgeConfig
 from cdk_factory.interfaces.istack import IStack
-from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import EnhancedSsmParameterMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.workload.workload_factory import WorkloadConfig
 
@@ -34,7 +34,7 @@ logger = Logger(service="LambdaEdgeStack")
 
 @register_stack("lambda_edge_library_module")
 @register_stack("lambda_edge_stack")
-class LambdaEdgeStack(IStack, EnhancedSsmParameterMixin):
+class LambdaEdgeStack(IStack, StandardizedSsmMixin):
     """
     Reusable stack for Lambda@Edge functions.
     

cdk_factory/stack_library/load_balancer/load_balancer_stack.py

@@ -19,7 +19,8 @@ from cdk_factory.configurations.deployment import DeploymentConfig
 from cdk_factory.configurations.stack import StackConfig
 from cdk_factory.configurations.resources.load_balancer import LoadBalancerConfig
 from cdk_factory.interfaces.istack import IStack
-from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import EnhancedSsmParameterMixin
+from cdk_factory.interfaces.vpc_provider_mixin import VPCProviderMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.workload.workload_factory import WorkloadConfig
 
@@ -30,7 +31,7 @@ logger = Logger(service="LoadBalancerStack")
 @register_stack("alb_stack")
 @register_stack("load_balancer_library_module")
 @register_stack("load_balancer_stack")
-class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
+class LoadBalancerStack(IStack, VPCProviderMixin, StandardizedSsmMixin):
     """
     Reusable stack for AWS Load Balancers.
     Supports creating Application and Network Load Balancers with customizable configurations.
@@ -174,41 +175,16 @@ class LoadBalancerStack(IStack, EnhancedSsmParameterMixin):
 
     @property
     def vpc(self) -> ec2.IVpc:
-        """Get the VPC for the Load Balancer"""
+        """Get the VPC for the Load Balancer using centralized VPC provider mixin."""
         if self._vpc:
             return self._vpc
-
-        # Check SSM imported values first (tokens from SSM parameters)
-        if "vpc_id" in self.ssm_imported_values:
-            vpc_id = self.ssm_imported_values["vpc_id"]
-            
-            # Build VPC attributes
-            vpc_attrs = {
-                "vpc_id": vpc_id,
-                "availability_zones": ["us-east-1a", "us-east-1b"],
-            }
-            
-            # If we have subnet_ids from SSM, provide dummy public subnets
-            # The actual subnets will be set via CloudFormation escape hatch
-            if "subnet_ids" in self.ssm_imported_values:
-                # Provide dummy subnet IDs - these will be overridden by the escape hatch
-                # We need at least one dummy subnet per AZ to satisfy CDK's validation
-                vpc_attrs["public_subnet_ids"] = ["subnet-dummy1", "subnet-dummy2"]
-            
-            # Use from_vpc_attributes() instead of from_lookup() because SSM imports return tokens
-            self._vpc = ec2.Vpc.from_vpc_attributes(self, "VPC", **vpc_attrs)
-        elif self.lb_config.vpc_id:
-            self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.lb_config.vpc_id)
-        elif self.workload.vpc_id:
-            self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.workload.vpc_id)
-        else:
-            # Use default VPC if not provided
-            raise ValueError(
-                "VPC is not defined in the configuration.  "
-                "You can provide it a the load_balancer.vpc_id in the configuration "
-                "or a top level workload.vpc_id in the workload configuration."
-            )
-
+        
+        # Use the centralized VPC resolution from VPCProviderMixin
+        self._vpc = self.resolve_vpc(
+            config=self.lb_config,
+            deployment=self.deployment,
+            workload=self.workload
+        )
         return self._vpc
 
     def _process_ssm_imports(self) -> None:

cdk_factory/stack_library/rds/rds_stack.py

@@ -18,7 +18,8 @@ from cdk_factory.configurations.deployment import DeploymentConfig
 from cdk_factory.configurations.stack import StackConfig
 from cdk_factory.configurations.resources.rds import RdsConfig
 from cdk_factory.interfaces.istack import IStack
-from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import EnhancedSsmParameterMixin
+from cdk_factory.interfaces.vpc_provider_mixin import VPCProviderMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.workload.workload_factory import WorkloadConfig
 
@@ -27,7 +28,7 @@ logger = Logger(service="RdsStack")
 
 @register_stack("rds_library_module")
 @register_stack("rds_stack")
-class RdsStack(IStack, EnhancedSsmParameterMixin):
+class RdsStack(IStack, VPCProviderMixin, StandardizedSsmMixin):
     """
     Reusable stack for AWS RDS.
     Supports creating RDS instances with customizable configurations.
@@ -115,34 +116,16 @@ class RdsStack(IStack, EnhancedSsmParameterMixin):
 
     @property
     def vpc(self) -> ec2.IVpc:
-        """Get the VPC for the RDS instance"""
+        """Get the VPC for the RDS instance using centralized VPC provider mixin."""
         if self._vpc:
             return self._vpc
         
-        # Check SSM imported values first (tokens from SSM parameters)
-        if "vpc_id" in self.ssm_imported_values:
-            vpc_id = self.ssm_imported_values["vpc_id"]
-            
-            # When using tokens, we can't provide subnet lists to from_vpc_attributes
-            # because CDK validates subnet count against AZ count at synthesis time
-            # We'll create a DB subnet group separately instead
-            vpc_attrs = {
-                "vpc_id": vpc_id,
-                "availability_zones": ["us-east-1a", "us-east-1b"]
-            }
-            
-            # Use from_vpc_attributes() for SSM tokens
-            self._vpc = ec2.Vpc.from_vpc_attributes(self, "VPC", **vpc_attrs)
-        elif self.rds_config.vpc_id:
-            self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.rds_config.vpc_id)
-        elif self.workload.vpc_id:
-            self._vpc = ec2.Vpc.from_lookup(self, "VPC", vpc_id=self.workload.vpc_id)
-        else:
-            raise ValueError(
-                "VPC is not defined in the configuration.  "
-                "You can provide it a the rds.vpc_id in the configuration "
-                "or a top level workload.vpc_id in the workload configuration."
-            )
+        # Use the centralized VPC resolution from VPCProviderMixin
+        self._vpc = self.resolve_vpc(
+            config=self.rds_config,
+            deployment=self.deployment,
+            workload=self.workload
+        )
         return self._vpc
 
     def _get_security_groups(self) -> List[ec2.ISecurityGroup]:

cdk_factory/stack_library/route53/route53_stack.py

@@ -18,7 +18,7 @@ from cdk_factory.configurations.deployment import DeploymentConfig
 from cdk_factory.configurations.stack import StackConfig
 from cdk_factory.configurations.resources.route53 import Route53Config
 from cdk_factory.interfaces.istack import IStack
-from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import EnhancedSsmParameterMixin
+from cdk_factory.interfaces.standardized_ssm_mixin import StandardizedSsmMixin
 from cdk_factory.stack.stack_module_registry import register_stack
 from cdk_factory.workload.workload_factory import WorkloadConfig
 
@@ -27,7 +27,7 @@ logger = Logger(service="Route53Stack")
 
 @register_stack("route53_library_module")
 @register_stack("route53_stack")
-class Route53Stack(IStack, EnhancedSsmParameterMixin):
+class Route53Stack(IStack, StandardizedSsmMixin):
     """
     Reusable stack for AWS Route53.
     Supports creating hosted zones, DNS records, and certificate validation.