cdk-factory 0.17.6__py3-none-any.whl → 0.20.0__py3-none-any.whl

cdk_factory/configurations/deployment.py

@@ -28,6 +28,18 @@ class DeploymentConfig:
         self.__load()
 
     def __load(self):
+        # Validate environment consistency
+        deployment_env = self.__deployment.get("environment")
+        workload_env = self.__workload.get("environment")
+        
+        if deployment_env and workload_env and deployment_env != workload_env:
+            from aws_lambda_powertools import Logger
+            logger = Logger()
+            logger.warning(
+                f"Environment mismatch: deployment.environment='{deployment_env}' != workload.environment='{workload_env}'. "
+                f"Using workload.environment for consistency."
+            )
+        
         self.__load_pipeline()
         self.__load_stacks()
 

cdk_factory/configurations/resources/acm.py

@@ -59,15 +59,22 @@ class AcmConfig:
         """Certificate transparency logging preference (ENABLED or DISABLED)"""
         return self.__config.get("certificate_transparency_logging_preference")
 
+    @property
+    def ssm(self) -> Dict[str, Any]:
+        """SSM configuration for importing/exporting resources"""
+        return self.__config.get("ssm", {})
+
     @property
     def ssm_exports(self) -> Dict[str, str]:
         """SSM parameter paths to export certificate details"""
-        exports = self.__config.get("ssm_exports", {})
+        exports = self.ssm.get("exports", {})
         
         # Provide default SSM export path if not specified
         if not exports and self.__deployment:
+            workload_env = self.__deployment.workload.get("environment", self.__deployment.environment)
+            workload_name = self.__deployment.workload.get("name", self.__deployment.workload_name)
             exports = {
-                "certificate_arn": f"/{self.__deployment.environment}/{self.__deployment.workload_name}/certificate/arn"
+                "certificate_arn": f"/{workload_env}/{workload_name}/certificate/arn"
             }
         
         return exports

cdk_factory/configurations/resources/auto_scaling.py

@@ -70,12 +70,14 @@ class AutoScalingConfig(EnhancedBaseConfig):
         return self.__config.get("termination_policies", ["DEFAULT"])
 
     @property
-    def update_policy(self) -> Dict[str, Any]:
+    def update_policy(self) -> Optional[Dict[str, Any]]:
         """Update policy configuration"""
-        return self.__config.get(
-            "update_policy",
-            {"min_instances_in_service": 1, "max_batch_size": 1, "pause_time": 300},
-        )
+        return self.__config.get("update_policy")
+
+    @property
+    def instance_refresh(self) -> Optional[Dict[str, Any]]:
+        """Instance refresh configuration for rolling updates"""
+        return self.__config.get("instance_refresh")
 
     @property
     def user_data_commands(self) -> List[str]:

cdk_factory/configurations/resources/ecs_cluster.py

@@ -18,6 +18,11 @@ class EcsClusterConfig:
     def __init__(self, config: Dict[str, Any]) -> None:
         self._config = config or {}
     
+    @property
+    def dictionary(self) -> Dict[str, Any]:
+        """Access to the underlying configuration dictionary (for compatibility with SSM mixin)"""
+        return self._config
+    
     @property
     def name(self) -> str:
         """Name of the ECS cluster. Supports template variables like {{WORKLOAD_NAME}}-{{ENVIRONMENT}}-cluster"""

cdk_factory/configurations/resources/ecs_service.py

@@ -83,14 +83,27 @@ class EcsServiceConfig:
         """Whether to assign public IP addresses"""
         return self._config.get("assign_public_ip", False)
 
+    @property
+    def load_balancer_config(self) -> Dict[str, Any]:
+        """Load balancer configuration"""
+        return self._config.get("load_balancer", {})
+
     @property
     def target_group_arns(self) -> List[str]:
         """Target group ARNs for load balancing"""
+        # Check if load_balancer config has target_group_arn
+        if self.load_balancer_config and self.load_balancer_config.get("target_group_arn"):
+            arn = self.load_balancer_config["target_group_arn"]
+            if arn and arn != "arn:aws:elasticloadbalancing:placeholder":
+                return [arn]
         return self._config.get("target_group_arns", [])
 
     @property
     def container_port(self) -> int:
         """Container port for load balancer"""
+        # Check load_balancer config first
+        if self.load_balancer_config and self.load_balancer_config.get("container_port"):
+            return self.load_balancer_config["container_port"]
         return self._config.get("container_port", 80)
 
     @property
@@ -138,8 +151,17 @@ class EcsServiceConfig:
         """SSM parameter imports"""
         # Check both nested and flat structures for backwards compatibility
         if "ssm" in self._config and "imports" in self._config["ssm"]:
-            return self._config["ssm"]["imports"]
-        return self.ssm.get("imports", {})
+            imports = self._config["ssm"]["imports"]
+        else:
+            imports = self.ssm.get("imports", {})
+        
+        # Add load_balancer SSM imports if they exist
+        if self.load_balancer_config and "ssm" in self.load_balancer_config:
+            lb_ssm = self.load_balancer_config["ssm"]
+            if "imports" in lb_ssm:
+                imports.update(lb_ssm["imports"])
+        
+        return imports
 
     @property
     def deployment_type(self) -> str:

cdk_factory/configurations/resources/lambda_edge.py

@@ -49,16 +49,30 @@ class LambdaEdgeConfig(EnhancedBaseConfig):
 
     @property
     def timeout(self) -> int:
-        """Timeout in seconds (max 5 for origin-request)"""
+        """Timeout in seconds
+        viewer-request: 5s
+        viewer-response: 5s
+        ---
+        origin-request: 30s
+        origin-response: 30s
+        
+        
+        """
         timeout = int(self._config.get("timeout", 5))
-        if timeout > 5:
-            raise ValueError("Lambda@Edge origin-request timeout cannot exceed 5 seconds")
+
+        event_type = self.event_type
+        if event_type == "viewer-request" or event_type == "viewer-response":
+            if timeout > 5:
+                raise ValueError("Lambda@Edge viewer timeout cannot exceed 5 seconds. Value was set to {}".format(timeout))
+        else:
+            if timeout > 30:
+                raise ValueError("Lambda@Edge origin timeout cannot exceed 30 seconds. Value was set to {}".format(timeout))
         return timeout
 
     @property
     def code_path(self) -> str:
         """Path to Lambda function code directory"""
-        return self._config.get("code_path", "./lambdas/edge/ip_gate")
+        return self._config.get("code_path", "./lambdas/cloudfront/ip_gate")
 
     @property
     def environment(self) -> Dict[str, str]:

cdk_factory/configurations/resources/rds.py

@@ -29,7 +29,7 @@ class RdsConfig(EnhancedBaseConfig):
     @property
     def name(self) -> str:
         """RDS instance name"""
-        return self.__config.get("name", "database")
+        return self.__config.get("name", self.database_name)
     
     @property
     def identifier(self) -> str:

cdk_factory/configurations/resources/route53.py

@@ -106,3 +106,8 @@ class Route53Config:
     def tags(self) -> Dict[str, str]:
         """Tags to apply to the Route53 resources"""
         return self.__config.get("tags", {})
+    
+    @property
+    def records(self) -> List[Dict[str, Any]]:
+        """Records to create"""
+        return self.__config.get("records", [])

cdk_factory/configurations/resources/s3.py

@@ -158,7 +158,15 @@ class S3BucketConfig(EnhancedBaseConfig):
             value = self.__config.get("block_public_access")
 
         if value and isinstance(value, str):
-            if value.lower() == "block_acls":
+            if value.lower() == "disabled":
+                # For public website hosting, disable block public access
+                return s3.BlockPublicAccess(
+                    block_public_acls=False,
+                    block_public_policy=False,
+                    ignore_public_acls=False,
+                    restrict_public_buckets=False
+                )
+            elif value.lower() == "block_acls":
                 return s3.BlockPublicAccess.BLOCK_ACLS
             # elif value.lower() == "block_public_acls":
             #     return s3.BlockPublicAccess.block_public_acls

cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py

@@ -558,7 +558,7 @@ class CloudFrontDistributionConstruct(Construct):
         """
         bucket_policy = s3.BucketPolicy(
             self,
-            id=f"CloudFrontBucketPolicy-{self.source_bucket.bucket_name}",
+            id="CloudFrontBucketPolicy",
             bucket=self.source_bucket,
         )
 

cdk_factory/constructs/lambdas/policies/policy_docs.py

@@ -46,7 +46,7 @@ class ResourceResolver:
                 ssm_config = lambda_dict.get("ssm", {})
 
                 if ssm_config.get("enabled", False):
-                    self._ssm_mixin.setup_standardized_ssm_integration(
+                    self._ssm_mixin.setup_ssm_integration(
                         scope=self.scope,
                         config=lambda_dict,
                         resource_type="lambda",

cdk_factory/interfaces/networked_stack_mixin.py

@@ -26,7 +26,7 @@ class NetworkedStackMixin(StandardizedSsmMixin, VPCProviderMixin):
                 # SSM initialization is handled automatically by StandardizedSsmMixin.__init__
                 
             def _build(self, stack_config, deployment, workload):
-                self.setup_standardized_ssm_integration(scope=self, config=stack_config.dictionary, resource_type="my-resource", resource_name="my-name")
+                self.setup_ssm_integration(scope=self, config=stack_config.dictionary, resource_type="my-resource", resource_name="my-name")
                 self.vpc = self.resolve_vpc(stack_config, deployment, workload)
     """
     

cdk_factory/interfaces/standardized_ssm_mixin.py

@@ -24,6 +24,8 @@ import os
 import re
 from typing import Dict, Any, Optional, List, Union
 from aws_cdk import aws_ssm as ssm
+from aws_cdk import aws_ec2 as ec2
+from aws_cdk import aws_ecs as ecs
 from constructs import Construct
 from aws_lambda_powertools import Logger
 from cdk_factory.configurations.deployment import DeploymentConfig
@@ -117,6 +119,7 @@ class StandardizedSsmMixin:
         """Export multiple resource values to SSM Parameter Store."""
         params = {}
         
+        invalid_export_keys = []
         # Only export parameters that are explicitly configured in ssm_exports
         if not hasattr(config, 'ssm_exports') or not config.ssm_exports:
             logger.debug("No SSM exports configured")
@@ -136,8 +139,17 @@ class StandardizedSsmMixin:
                 )
                 params[key] = param
             else:
+                invalid_export_keys.append(key)
                 logger.warning(f"SSM export configured for '{key}' but no value found in resource_values")
         
+        if invalid_export_keys:
+            message = f"Export SSM Error\n🚨 SSM exports configured for '{invalid_export_keys}' but no values found in resource_values"
+            available_keys = list(resource_values.keys())
+            message = f"{message}\n✅ Available keys: {available_keys}"
+            message = f"{message}\n👉 Please update to the correct key or remove from the export list."
+            logger.warning(message)
+            raise ValueError(message)
+            
         return params
 
     def normalize_resource_name(self, name: str, for_export: bool = False) -> str:
@@ -151,7 +163,7 @@ class StandardizedSsmMixin:
         normalized = normalized.strip('-')
         return normalized
 
-    def setup_standardized_ssm_integration(
+    def setup_ssm_integration(
         self,
         scope: Construct,
         config: Any,
@@ -200,7 +212,7 @@ class StandardizedSsmMixin:
         logger.info(f"SSM imports: {len(self.ssm_config.get('imports', {}))}")
         logger.info(f"SSM exports: {len(self.ssm_config.get('exports', {}))}")
     
-    def process_standardized_ssm_imports(self) -> None:
+    def process_ssm_imports(self) -> None:
         """
         Process SSM imports using standardized approach.
         
@@ -228,7 +240,7 @@ class StandardizedSsmMixin:
                 logger.error(error_msg)
                 raise ValueError(error_msg)
     
-    def export_standardized_ssm_parameters(self, resource_values: Dict[str, Any]) -> Dict[str, str]:
+    def export_ssm_parameters(self, resource_values: Dict[str, Any]) -> Dict[str, str]:
         """
         Export SSM parameters using standardized approach.
         
@@ -267,6 +279,23 @@ class StandardizedSsmMixin:
         
         return exported_params
     
+    def resolve_ssm_value(self, scope: Construct, value: str, unique_id: str)-> str:
+        if isinstance(value, str) and value.startswith("{{ssm:") and value.endswith("}}"):
+            # Extract SSM parameter path
+            ssm_param_path = value[6:-2]  # Remove {{ssm: and }}
+            
+            # Import SSM parameter - this creates a token that resolves at deployment time
+            param = ssm.StringParameter.from_string_parameter_name(
+                scope=scope,
+                id=f"{unique_id}-env-{hash(ssm_param_path) % 10000}",
+                string_parameter_name=ssm_param_path
+            )
+            resolved_value = param.string_value
+            logger.info(f"Resolved SSM parameter {ssm_param_path}")
+            return resolved_value
+        else:
+            return value
+
     def _resolve_ssm_import(self, import_value: Union[str, List[str]], import_key: str) -> Union[str, List[str]]:
         """
         Resolve SSM import value with proper error handling and validation.
@@ -336,16 +365,18 @@ class StandardizedSsmMixin:
         # Prepare template variables
         variables = {}
         
-        if self.deployment:
+        # Always prioritize workload environment for consistency
+        if self.workload:
+            variables["ENVIRONMENT"] = self.workload.dictionary.get("environment", "test")
+            variables["WORKLOAD_NAME"] = self.workload.dictionary.get("name", "test-workload")
+            variables["AWS_REGION"] = os.getenv("AWS_REGION", "us-east-1")
+        elif self.deployment:
+            # Fallback to deployment only if workload not available
             variables["ENVIRONMENT"] = self.deployment.environment
             variables["WORKLOAD_NAME"] = self.deployment.workload_name
             variables["AWS_REGION"] = getattr(self.deployment, 'region', None) or os.getenv("AWS_REGION", "us-east-1")
-        elif self.workload:
-            variables["ENVIRONMENT"] = getattr(self.workload, 'environment', 'test')
-            variables["WORKLOAD_NAME"] = getattr(self.workload, 'name', 'test-workload')
-            variables["AWS_REGION"] = os.getenv("AWS_REGION", "us-east-1")
         else:
-            # Fallback to environment variables
+            # Final fallback to environment variables
             variables["ENVIRONMENT"] = os.getenv("ENVIRONMENT", "test")
             variables["WORKLOAD_NAME"] = os.getenv("WORKLOAD_NAME", "test-workload")
             variables["AWS_REGION"] = os.getenv("AWS_REGION", "us-east-1")
@@ -396,7 +427,7 @@ class StandardizedSsmMixin:
             resource_type = segments[3]
             
             # Check for valid environment patterns
-            if environment not in ["dev", "staging", "prod", "test"]:
+            if environment not in ["dev", "staging", "prod", "test", "alpha", "beta", "sandbox"]:
                 logger.warning(f"{context}: Unusual environment segment: {environment}")
             
             # Check for valid resource type patterns
@@ -529,6 +560,44 @@ class StandardizedSsmMixin:
         return self._ssm_exported_values.copy()
     
     
+    def get_subnet_ids(self, config) -> List[str]:
+        """
+        Helper function to parse subnet IDs from SSM imports.
+        
+        This common pattern handles:
+        1. Comma-separated subnet ID strings from SSM
+        2. List of subnet IDs from SSM
+        3. Fallback to config attributes
+        
+        Args:
+            config: Configuration object that might have subnet_ids attribute
+            
+        Returns:
+            List of subnet IDs (empty list if not found or invalid format)
+        """
+        # Use the standardized SSM imports
+        ssm_imports = self.get_all_ssm_imports()
+        if "subnet_ids" in ssm_imports:
+            subnet_ids = ssm_imports["subnet_ids"]
+            
+            # Handle comma-separated string or list
+            if isinstance(subnet_ids, str):
+                # Split comma-separated string
+                parsed_ids = [sid.strip() for sid in subnet_ids.split(',') if sid.strip()]
+                return parsed_ids
+            elif isinstance(subnet_ids, list):
+                return subnet_ids
+            else:
+                logger.warning(f"Unexpected subnet_ids type: {type(subnet_ids)}")
+                return []
+        
+        # Fallback: Check config attributes
+        elif hasattr(config, 'subnet_ids') and config.subnet_ids:
+            return config.subnet_ids
+        
+        else:
+            logger.warning("No subnet IDs found, using default behavior")
+            return []
 
 class ValidationResult:
     """Result of configuration validation."""
@@ -610,3 +679,6 @@ class SsmStandardValidator:
                 errors.append(f"{context}: SSM path should use template variables: {path}")
         
         return errors
+    
+        
+    

cdk_factory/stack_library/acm/acm_stack.py

@@ -25,6 +25,7 @@ logger = Logger(service="AcmStack")
 
 @register_stack("acm_stack")
 @register_stack("certificate_stack")
+@register_stack("certificate_library_module")
 class AcmStack(IStack, StandardizedSsmMixin):
     """
     Reusable stack for AWS Certificate Manager.
@@ -152,18 +153,7 @@ class AcmStack(IStack, StandardizedSsmMixin):
 
     def _add_outputs(self, cert_name: str) -> None:
         """Add CloudFormation outputs"""
-        cdk.CfnOutput(
-            self,
-            "CertificateArn",
-            value=self.certificate.certificate_arn,
-            description=f"Certificate ARN for {self.acm_config.domain_name}",
-            export_name=f"{cert_name}-arn",
-        )
-        
-        cdk.CfnOutput(
-            self,
-            "DomainName",
-            value=self.acm_config.domain_name,
-            description="Primary domain name for the certificate",
-            export_name=f"{cert_name}-domain",
-        )
+
+        return
+
+       

cdk_factory/stack_library/api_gateway/api_gateway_stack.py

@@ -744,7 +744,7 @@ class ApiGatewayStack(IStack, StandardizedSsmMixin):
         # Setup enhanced SSM integration with proper resource type and name
         api_name = self.api_config.name or "api-gateway"
 
-        self.setup_standardized_ssm_integration(
+        self.setup_ssm_integration(
             scope=self,
             config=self.stack_config.dictionary.get("api_gateway", {}),
             resource_type="api-gateway",
@@ -775,7 +775,7 @@ class ApiGatewayStack(IStack, StandardizedSsmMixin):
             resource_values["authorizer_id"] = authorizer.authorizer_id
 
         # Use enhanced SSM parameter export
-        exported_params = self.export_standardized_ssm_parameters(resource_values)
+        exported_params = self.export_ssm_parameters(resource_values)
 
         if exported_params:
             logger.info(