cdk-factory 0.17.4__py3-none-any.whl → 0.17.5__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. cdk_factory/stack_library/vpc/vpc_stack_standardized.py +30 -0
  2. cdk_factory/version.py +1 -1
  3. {cdk_factory-0.17.4.dist-info → cdk_factory-0.17.5.dist-info}/METADATA +1 -1
  4. {cdk_factory-0.17.4.dist-info → cdk_factory-0.17.5.dist-info}/RECORD +7 -7
  5. {cdk_factory-0.17.4.dist-info → cdk_factory-0.17.5.dist-info}/WHEEL +0 -0
  6. {cdk_factory-0.17.4.dist-info → cdk_factory-0.17.5.dist-info}/entry_points.txt +0 -0
  7. {cdk_factory-0.17.4.dist-info → cdk_factory-0.17.5.dist-info}/licenses/LICENSE +0 -0
cdk_factory/stack_library/vpc/vpc_stack_standardized.py CHANGED
@@ -138,6 +138,7 @@ class VpcStack(IStack, StandardizedSsmMixin):
138
138
  "enable_dns_support": self.vpc_config.enable_dns_support,
139
139
  "max_azs": self.vpc_config.max_azs if not availability_zones else None,
140
140
  "availability_zones": availability_zones, # Use explicit AZs when available
141
+ "restrict_default_security_group": self.vpc_config.get("restrict_default_security_group", False),
141
142
  "gateway_endpoints": (
142
143
  {
143
144
  "S3": ec2.GatewayVpcEndpointOptions(
@@ -152,6 +153,10 @@ class VpcStack(IStack, StandardizedSsmMixin):
152
153
  # Create the VPC
153
154
  vpc = ec2.Vpc(self, vpc_name, **vpc_props)
154
155
 
156
+ # Add IAM permissions for default security group restriction if enabled
157
+ if self.vpc_config.get("restrict_default_security_group", False):
158
+ self._add_default_sg_restriction_permissions(vpc)
159
+
155
160
  # Add interface endpoints if specified
156
161
  if self.vpc_config.enable_interface_endpoints:
157
162
  self._add_interface_endpoints(vpc, self.vpc_config.interface_endpoints)
@@ -392,6 +397,31 @@ class VpcStack(IStack, StandardizedSsmMixin):
392
397
 
393
398
  logger.info(f"Exported SSM parameters: {exported_params}")
394
399
 
400
+ def _add_default_sg_restriction_permissions(self, vpc: ec2.Vpc) -> None:
401
+ """
402
+ Add IAM permissions required for default security group restriction.
403
+
404
+ CDK creates a custom resource that needs ec2:AuthorizeSecurityGroupIngress
405
+ permission to restrict the default security group.
406
+ """
407
+ from aws_cdk import aws_iam as iam
408
+
409
+ # Find the custom resource role that CDK creates for default SG restriction
410
+ # The role follows a naming pattern: {VpcName}-CustomVpcRestrictDefaultSGCustomResource*
411
+
412
+ # Grant the required permissions to all roles in this stack that might need it
413
+ # This is a broad approach since we can't easily predict the exact role name
414
+ for child in self.node.children:
415
+ if hasattr(child, 'role') and hasattr(child.role, 'add_to_policy'):
416
+ child.role.add_to_policy(iam.PolicyStatement(
417
+ actions=[
418
+ "ec2:AuthorizeSecurityGroupIngress",
419
+ "ec2:RevokeSecurityGroupIngress",
420
+ "ec2:UpdateSecurityGroupRuleDescriptionsIngress"
421
+ ],
422
+ resources=[vpc.vpc_default_security_group.security_group_arn]
423
+ ))
424
+
395
425
  # Backward compatibility methods
396
426
  def auto_export_resources(self, resource_values: Dict[str, Any], context: Dict[str, Any] = None) -> Dict[str, str]:
397
427
  """Backward compatibility method for existing modules."""
cdk_factory/version.py CHANGED
@@ -1 +1 @@
1
- __version__ = "0.17.4"
1
+ __version__ = "0.17.5"
{cdk_factory-0.17.4.dist-info → cdk_factory-0.17.5.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: cdk_factory
3
- Version: 0.17.4
3
+ Version: 0.17.5
4
4
  Summary: CDK Factory. A QuickStarter and best practices setup for CDK projects
5
5
  Author-email: Eric Wilson <eric.wilson@geekcafe.com>
6
6
  License: MIT License
{cdk_factory-0.17.4.dist-info → cdk_factory-0.17.5.dist-info}/RECORD RENAMED
@@ -2,7 +2,7 @@ cdk_factory/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
2
2
  cdk_factory/app.py,sha256=RnX0-pwdTAPAdKJK_j13Zl8anf9zYKBwboR0KA8K8xM,10346
3
3
  cdk_factory/cdk.json,sha256=SKZKhJ2PBpFH78j-F8S3VDYW-lf76--Q2I3ON-ZIQfw,3106
4
4
  cdk_factory/cli.py,sha256=FGbCTS5dYCNsfp-etshzvFlGDCjC28r6rtzYbe7KoHI,6407
5
- cdk_factory/version.py,sha256=LisYi6U4jD61j06adgCNdZJfR0RhF_Im0hPrka6lSjc,23
5
+ cdk_factory/version.py,sha256=ZIYpuZI41Jfj-0NfW9-SGHVIJ9A014nURtKnLa84glc,23
6
6
  cdk_factory/builds/README.md,sha256=9BBWd7bXpyKdMU_g2UljhQwrC9i5O_Tvkb6oPvndoZk,90
7
7
  cdk_factory/commands/command_loader.py,sha256=QbLquuP_AdxtlxlDy-2IWCQ6D-7qa58aphnDPtp_uTs,3744
8
8
  cdk_factory/configurations/base_config.py,sha256=eJ3Pl3GWk1jVr_bYQaaWlw4_-ZiFGaiXllI_fOOX1i0,9323
@@ -117,7 +117,7 @@ cdk_factory/stack_library/security_group/security_group_full_stack.py,sha256=yvZ
117
117
  cdk_factory/stack_library/security_group/security_group_stack.py,sha256=Zv9FCEHvSBT1cM9bXOtyIUFwhRHKCSTgvaqOyhGj0wg,14456
118
118
  cdk_factory/stack_library/simple_queue_service/sqs_stack.py,sha256=jJksWrvrvgZUMM01RZ317DOIxqIJbkYYSYu38w0jHpc,6039
119
119
  cdk_factory/stack_library/vpc/__init__.py,sha256=7pIqP97Gf2AJbv9Ebp1WbQGHYhgEbWJ52L1MzeXBybA,42
120
- cdk_factory/stack_library/vpc/vpc_stack_standardized.py,sha256=pMFzNJUEwhI2i-ikM_SNnagT5SQGdKipoaJPqbYXpBw,17535
120
+ cdk_factory/stack_library/vpc/vpc_stack_standardized.py,sha256=7vd_n6L7VYusIdnXREicJ2HUlxWbk3cOgzffH5nD1Mw,19136
121
121
  cdk_factory/stack_library/websites/static_website_stack.py,sha256=A292BlKDof0JnVewkK_3JiRB04rX7J9Na0a-iz3JWzw,11243
122
122
  cdk_factory/stages/websites/static_website_stage.py,sha256=X4fpKXkhb0zIbSHx3QyddBhVSLBryb1vf1Cg2fMTqog,755
123
123
  cdk_factory/templates/README.md,sha256=ATBEjG6beYvbEAdLtZ_8xnxgFD5X0cgZoI_6pToqH90,2679
@@ -136,8 +136,8 @@ cdk_factory/utilities/os_execute.py,sha256=5Op0LY_8Y-pUm04y1k8MTpNrmQvcLmQHPQITE
136
136
  cdk_factory/utils/api_gateway_utilities.py,sha256=If7Xu5s_UxmuV-kL3JkXxPLBdSVUKoLtohm0IUFoiV8,4378
137
137
  cdk_factory/validation/config_validator.py,sha256=Pb0TkLiPFzUplBOgMorhRCVm08vEzZhRU5xXCDTa5CA,17602
138
138
  cdk_factory/workload/workload_factory.py,sha256=yDI3cRhVI5ELNDcJPLpk9UY54Uind1xQoV3spzT4z7E,6068
139
- cdk_factory-0.17.4.dist-info/METADATA,sha256=cBM2_WWn_BuKqhtAmw9QPghfq9kGLKWdAF3DDHZbJio,2451
140
- cdk_factory-0.17.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
141
- cdk_factory-0.17.4.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
142
- cdk_factory-0.17.4.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
143
- cdk_factory-0.17.4.dist-info/RECORD,,
139
+ cdk_factory-0.17.5.dist-info/METADATA,sha256=R2L5fuA3X_oTcd-wwZoLOk0tpzAf-jkmoEAdiANmf_I,2451
140
+ cdk_factory-0.17.5.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
141
+ cdk_factory-0.17.5.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
142
+ cdk_factory-0.17.5.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
143
+ cdk_factory-0.17.5.dist-info/RECORD,,