cdk-factory 0.19.10__py3-none-any.whl → 0.19.13__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. cdk_factory/configurations/resources/lambda_edge.py +17 -3
  2. cdk_factory/stack_library/lambda_edge/lambda_edge_stack.py +86 -1
  3. cdk_factory/version.py +1 -1
  4. {cdk_factory-0.19.10.dist-info → cdk_factory-0.19.13.dist-info}/METADATA +1 -1
  5. {cdk_factory-0.19.10.dist-info → cdk_factory-0.19.13.dist-info}/RECORD +8 -8
  6. {cdk_factory-0.19.10.dist-info → cdk_factory-0.19.13.dist-info}/WHEEL +0 -0
  7. {cdk_factory-0.19.10.dist-info → cdk_factory-0.19.13.dist-info}/entry_points.txt +0 -0
  8. {cdk_factory-0.19.10.dist-info → cdk_factory-0.19.13.dist-info}/licenses/LICENSE +0 -0
cdk_factory/configurations/resources/lambda_edge.py CHANGED
@@ -49,10 +49,24 @@ class LambdaEdgeConfig(EnhancedBaseConfig):
49
49
 
50
50
  @property
51
51
  def timeout(self) -> int:
52
- """Timeout in seconds (max 5 for origin-request)"""
52
+ """Timeout in seconds
53
+ viewer-request: 5s
54
+ viewer-response: 5s
55
+ ---
56
+ origin-request: 30s
57
+ origin-response: 30s
58
+
59
+
60
+ """
53
61
  timeout = int(self._config.get("timeout", 5))
54
- if timeout > 5:
55
- raise ValueError("Lambda@Edge origin-request timeout cannot exceed 5 seconds. Value was set to {}".format(timeout))
62
+
63
+ event_type = self.event_type
64
+ if event_type == "viewer-request" or event_type == "viewer-response":
65
+ if timeout > 5:
66
+ raise ValueError("Lambda@Edge viewer timeout cannot exceed 5 seconds. Value was set to {}".format(timeout))
67
+ else:
68
+ if timeout > 30:
69
+ raise ValueError("Lambda@Edge origin timeout cannot exceed 30 seconds. Value was set to {}".format(timeout))
56
70
  return timeout
57
71
 
58
72
  @property
cdk_factory/stack_library/lambda_edge/lambda_edge_stack.py CHANGED
@@ -100,6 +100,9 @@ class LambdaEdgeStack(IStack, StandardizedSsmMixin):
100
100
  # Create version (required for Lambda@Edge)
101
101
  self._create_function_version(function_name)
102
102
 
103
+ # Configure edge log retention for regional logs
104
+ self._configure_edge_log_retention(function_name)
105
+
103
106
  # Add outputs
104
107
  self._add_outputs(function_name)
105
108
 
@@ -268,7 +271,8 @@ class LambdaEdgeStack(IStack, StandardizedSsmMixin):
268
271
  f"{function_name}-Role",
269
272
  assumed_by=iam.CompositePrincipal(
270
273
  iam.ServicePrincipal("lambda.amazonaws.com"),
271
- iam.ServicePrincipal("edgelambda.amazonaws.com")
274
+ iam.ServicePrincipal("edgelambda.amazonaws.com"),
275
+ iam.ServicePrincipal("cloudfront.amazonaws.com") # Add CloudFront service principal
272
276
  ),
273
277
  description=f"Execution role for Lambda@Edge function {function_name}",
274
278
  managed_policies=[
@@ -314,6 +318,36 @@ class LambdaEdgeStack(IStack, StandardizedSsmMixin):
314
318
  for key, value in self.edge_config.tags.items():
315
319
  cdk.Tags.of(self.function).add(key, value)
316
320
 
321
+ # Add resource-based policy allowing CloudFront to invoke the Lambda function
322
+ # This is REQUIRED for Lambda@Edge to work properly
323
+ permission_kwargs = {
324
+ "principal": iam.ServicePrincipal("cloudfront.amazonaws.com"),
325
+ "action": "lambda:InvokeFunction",
326
+ }
327
+
328
+ # Optional: Add source ARN restriction if CloudFront distribution ARN is available
329
+ # This provides more secure permission scoping
330
+ distribution_arn_path = f"/{self.deployment.environment}/{self.workload.name}/cloudfront/arn"
331
+ try:
332
+ distribution_arn = ssm.StringParameter.from_string_parameter_name(
333
+ self,
334
+ "cloudfront-distribution-arn",
335
+ distribution_arn_path
336
+ ).string_value
337
+
338
+ # Add source ARN condition for more secure permission scoping
339
+ permission_kwargs["source_arn"] = distribution_arn
340
+ logger.info(f"Adding CloudFront permission with source ARN restriction: {distribution_arn}")
341
+ except Exception:
342
+ # Distribution ARN not available (common during initial deployment)
343
+ # CloudFront will scope the permission appropriately when it associates the Lambda
344
+ logger.warning(f"CloudFront distribution ARN not found at {distribution_arn_path}, using open permission")
345
+
346
+ self.function.add_permission(
347
+ "CloudFrontInvokePermission",
348
+ **permission_kwargs
349
+ )
350
+
317
351
  def _create_function_version(self, function_name: str) -> None:
318
352
  """
319
353
  Create a version of the Lambda function.
@@ -329,6 +363,57 @@ class LambdaEdgeStack(IStack, StandardizedSsmMixin):
329
363
  f"Version for Lambda@Edge deployment - {self.edge_config.description}"
330
364
  )
331
365
 
366
+ def _configure_edge_log_retention(self, function_name: str) -> None:
367
+ """
368
+ Configure log retention for Lambda@Edge regional logs.
369
+
370
+ Lambda@Edge creates log groups in multiple regions that need
371
+ separate retention configuration from the primary log group.
372
+ """
373
+ from aws_cdk import custom_resources as cr
374
+
375
+ # Get edge log retention from config (default to same as primary logs)
376
+ edge_retention_days = self.edge_config.dictionary.get("edge_log_retention_days", 7)
377
+
378
+ # List of common Lambda@Edge regions
379
+ edge_regions = [
380
+ 'us-east-1', 'us-east-2', 'us-west-1', 'us-west-2',
381
+ 'eu-west-1', 'eu-west-2', 'eu-central-1',
382
+ 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1',
383
+ 'ca-central-1', 'sa-east-1'
384
+ ]
385
+
386
+ # Create custom resource to set log retention for each region
387
+ for region in edge_regions:
388
+ log_group_name = f"/aws/lambda/{region}.{function_name}"
389
+
390
+ # Use AwsCustomResource to set log retention
391
+ cr.AwsCustomResource(
392
+ self, f"EdgeLogRetention-{region}",
393
+ on_update={
394
+ "service": "Logs",
395
+ "action": "putRetentionPolicy",
396
+ "parameters": {
397
+ "logGroupName": log_group_name,
398
+ "retentionInDays": edge_retention_days
399
+ },
400
+ "physical_resource_id": cr.PhysicalResourceId.from_response("logGroupName")
401
+ },
402
+ on_delete={
403
+ "service": "Logs",
404
+ "action": "deleteRetentionPolicy",
405
+ "parameters": {
406
+ "logGroupName": log_group_name
407
+ },
408
+ "physical_resource_id": cr.PhysicalResourceId.from_response("logGroupName")
409
+ },
410
+ policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
411
+ resources=[f"arn:aws:logs:{region}:*:log-group:{log_group_name}*"]
412
+ )
413
+ )
414
+
415
+ logger.info(f"Configured edge log retention to {edge_retention_days} days for {len(edge_regions)} regions")
416
+
332
417
  def _add_outputs(self, function_name: str) -> None:
333
418
  """Add CloudFormation outputs and SSM exports"""
334
419
 
cdk_factory/version.py CHANGED
@@ -1 +1 @@
1
- __version__ = "0.19.10"
1
+ __version__ = "0.19.13"
{cdk_factory-0.19.10.dist-info → cdk_factory-0.19.13.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: cdk_factory
3
- Version: 0.19.10
3
+ Version: 0.19.13
4
4
  Summary: CDK Factory. A QuickStarter and best practices setup for CDK projects
5
5
  Author-email: Eric Wilson <eric.wilson@geekcafe.com>
6
6
  License: MIT License
{cdk_factory-0.19.10.dist-info → cdk_factory-0.19.13.dist-info}/RECORD RENAMED
@@ -2,7 +2,7 @@ cdk_factory/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
2
2
  cdk_factory/app.py,sha256=RnX0-pwdTAPAdKJK_j13Zl8anf9zYKBwboR0KA8K8xM,10346
3
3
  cdk_factory/cdk.json,sha256=SKZKhJ2PBpFH78j-F8S3VDYW-lf76--Q2I3ON-ZIQfw,3106
4
4
  cdk_factory/cli.py,sha256=FGbCTS5dYCNsfp-etshzvFlGDCjC28r6rtzYbe7KoHI,6407
5
- cdk_factory/version.py,sha256=gIAvq9SB6YStPs9R4fOTA5ElNAzsxGid7xxii31j-fI,24
5
+ cdk_factory/version.py,sha256=qfLAZUWz8ZIxPUsFWlqQCfCwTNmUwrL2jNL4w6ZRFi0,24
6
6
  cdk_factory/builds/README.md,sha256=9BBWd7bXpyKdMU_g2UljhQwrC9i5O_Tvkb6oPvndoZk,90
7
7
  cdk_factory/commands/command_loader.py,sha256=QbLquuP_AdxtlxlDy-2IWCQ6D-7qa58aphnDPtp_uTs,3744
8
8
  cdk_factory/configurations/base_config.py,sha256=eJ3Pl3GWk1jVr_bYQaaWlw4_-ZiFGaiXllI_fOOX1i0,9323
@@ -34,7 +34,7 @@ cdk_factory/configurations/resources/ecr.py,sha256=iJEtKqBT7vQU0LU4urIglraIR7cPZ
34
34
  cdk_factory/configurations/resources/ecs_cluster.py,sha256=mQYJu7SUPDl5E4dMR6HCPFoWvFA3RGIb0iMNn-K7LX8,3635
35
35
  cdk_factory/configurations/resources/ecs_service.py,sha256=bOWjVECd6Kbc5NGGSnDaopnKrjRsUfmaZ6-qrsmTs3Q,6468
36
36
  cdk_factory/configurations/resources/exisiting.py,sha256=EVOLnkB-DGfTlmDgyQ5DD5k2zYfpFxqI3gugDR7mifI,478
37
- cdk_factory/configurations/resources/lambda_edge.py,sha256=1tzxNPIsUSbwrdBHWrmqg08S629U3IGHNaNjEaLO_r8,3447
37
+ cdk_factory/configurations/resources/lambda_edge.py,sha256=C0S6HrQe2QPfmhj1PhZ7FEnT2EidOg5t-pUFUsOzaDc,3855
38
38
  cdk_factory/configurations/resources/lambda_function.py,sha256=VENZ9-ABJ5mjcN8J8wdLH4KHDYr1kWO0iFDH0B2mJXA,14659
39
39
  cdk_factory/configurations/resources/lambda_layers.py,sha256=gVeP_-LC3Eq0lkPaG_JfFUwboM5evRPr99SfKj53m7A,633
40
40
  cdk_factory/configurations/resources/lambda_triggers.py,sha256=MD7cdMNKEulNBhtMLIFnWJuJ5R-yyIqa0LHUgbSQerA,834
@@ -101,7 +101,7 @@ cdk_factory/stack_library/ecs/__init__.py,sha256=o5vGDtD_h-gVXb3-Ysr8xUNpEcMsnmM
101
101
  cdk_factory/stack_library/ecs/ecs_cluster_stack.py,sha256=sAPTLU5CAwMoLTW_pNy_cd0OtVkfDR7IxxsSq5AE0yo,12091
102
102
  cdk_factory/stack_library/ecs/ecs_service_stack.py,sha256=KB4YCIsMm5JIGM9Bm-bKcr3eX5xXFgnoA7jST_ekK44,28209
103
103
  cdk_factory/stack_library/lambda_edge/__init__.py,sha256=ByBJ_CWdc4UtTmFBZH-6pzBMNkjkdtE65AmnB0Fs6lM,156
104
- cdk_factory/stack_library/lambda_edge/lambda_edge_stack.py,sha256=7owFVRijjtyAAgwRWfVophJlwi9ATDon9ekkJdSQTNw,17050
104
+ cdk_factory/stack_library/lambda_edge/lambda_edge_stack.py,sha256=eHh_k4mbNp1prEnNvKqfK82lLNrMZS-7HAaUYzFEoOU,21040
105
105
  cdk_factory/stack_library/load_balancer/__init__.py,sha256=wZpKw2OecLJGdF5mPayCYAEhu2H3c2gJFFIxwXftGDU,52
106
106
  cdk_factory/stack_library/load_balancer/load_balancer_stack.py,sha256=ApW5q3SAvSJtiK0RInNljmubqXqKZU5QBAaUoeIW-pM,28287
107
107
  cdk_factory/stack_library/monitoring/__init__.py,sha256=k1G_KDx47Aw0UugaL99PN_TKlyLK4nkJVApCaAK7GJg,153
@@ -136,8 +136,8 @@ cdk_factory/utilities/os_execute.py,sha256=5Op0LY_8Y-pUm04y1k8MTpNrmQvcLmQHPQITE
136
136
  cdk_factory/utils/api_gateway_utilities.py,sha256=If7Xu5s_UxmuV-kL3JkXxPLBdSVUKoLtohm0IUFoiV8,4378
137
137
  cdk_factory/validation/config_validator.py,sha256=Pb0TkLiPFzUplBOgMorhRCVm08vEzZhRU5xXCDTa5CA,17602
138
138
  cdk_factory/workload/workload_factory.py,sha256=yDI3cRhVI5ELNDcJPLpk9UY54Uind1xQoV3spzT4z7E,6068
139
- cdk_factory-0.19.10.dist-info/METADATA,sha256=DBpgjyIwcNUX78kwx-jdTlkL9okzQz57iaG23jbF6jU,2452
140
- cdk_factory-0.19.10.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
141
- cdk_factory-0.19.10.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
142
- cdk_factory-0.19.10.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
143
- cdk_factory-0.19.10.dist-info/RECORD,,
139
+ cdk_factory-0.19.13.dist-info/METADATA,sha256=Rw6GGM7Hl5-md3ntKrGRfX2u1ppfZRfIextBHMW-FsE,2452
140
+ cdk_factory-0.19.13.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
141
+ cdk_factory-0.19.13.dist-info/entry_points.txt,sha256=S1DPe0ORcdiwEALMN_WIo3UQrW_g4YdQCLEsc_b0Swg,53
142
+ cdk_factory-0.19.13.dist-info/licenses/LICENSE,sha256=NOtdOeLwg2il_XBJdXUPFPX8JlV4dqTdDGAd2-khxT8,1066
143
+ cdk_factory-0.19.13.dist-info/RECORD,,