cdk-factory 0.8.5__tar.gz → 0.8.7__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of cdk-factory might be problematic. Click here for more details.

Files changed (149) hide show
  1. cdk_factory-0.8.7/LAMBDA_PERMISSION_FIX_SUMMARY.md +56 -0
  2. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/PKG-INFO +1 -1
  3. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/pyproject.toml +1 -1
  4. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/cognito.py +63 -0
  5. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/api_gateway/api_gateway_stack.py +19 -3
  6. cdk_factory-0.8.7/src/cdk_factory/stack_library/cognito/cognito_stack.py +539 -0
  7. cdk_factory-0.8.7/src/cdk_factory/version.py +1 -0
  8. cdk_factory-0.8.5/src/cdk_factory/stack_library/cognito/cognito_stack.py +0 -181
  9. cdk_factory-0.8.5/src/cdk_factory/version.py +0 -1
  10. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/.gitignore +0 -0
  11. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/.windsurfrules +0 -0
  12. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/BUG_FIX_SSM_IMPORTS_METADATA_FIELDS.md +0 -0
  13. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/CHANGELOG_v0.8.1.md +0 -0
  14. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/CHANGELOG_v0.8.2.md +0 -0
  15. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/CHANGELOG_v0.8.3.md +0 -0
  16. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/LICENSE +0 -0
  17. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/README.md +0 -0
  18. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/RELEASE_NOTES_v0.8.2.md +0 -0
  19. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/SUMMARY_v0.8.2.md +0 -0
  20. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/SUMMARY_v0.8.3.md +0 -0
  21. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/archive/README.md +0 -0
  22. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/archive/migrate_to_enhanced_ssm.py +0 -0
  23. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/examples/json-imports/README.md +0 -0
  24. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/examples/separate-api-gateway/README.md +0 -0
  25. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/examples/separate-api-gateway/api-gateway-stack.json +0 -0
  26. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/examples/separate-api-gateway/config.json +0 -0
  27. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/examples/separate-api-gateway/lambda-stack.json +0 -0
  28. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/mypy.ini +0 -0
  29. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/publish_to_pypi.py +0 -0
  30. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/publish_to_pypi.sh +0 -0
  31. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/pysetup.py +0 -0
  32. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/pysetup.sh +0 -0
  33. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/requirements.dev.txt +0 -0
  34. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/requirements.tests.txt +0 -0
  35. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/requirements.txt +0 -0
  36. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/run-checks.sh +0 -0
  37. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/run-tests-clean-venv.sh +0 -0
  38. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/run-tests.sh +0 -0
  39. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/__init__.py +0 -0
  40. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/app.py +0 -0
  41. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/builds/README.md +0 -0
  42. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/cdk.json +0 -0
  43. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/commands/command_loader.py +0 -0
  44. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/base_config.py +0 -0
  45. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/cdk_config.py +0 -0
  46. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/deployment.py +0 -0
  47. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/deployment_wave.py +0 -0
  48. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/devops.py +0 -0
  49. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/enhanced_base_config.py +0 -0
  50. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/enhanced_ssm_config.py +0 -0
  51. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/management.py +0 -0
  52. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/pipeline.py +0 -0
  53. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/pipeline_stage.py +0 -0
  54. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/_resources.py +0 -0
  55. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/api_gateway.py +0 -0
  56. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/apigateway_route_config.py +0 -0
  57. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/auto_scaling.py +0 -0
  58. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/cloudfront.py +0 -0
  59. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/cloudwatch_widget.py +0 -0
  60. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/code_artifact.py +0 -0
  61. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/code_artifact_login.py +0 -0
  62. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/code_repository.py +0 -0
  63. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/docker.py +0 -0
  64. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/dynamodb.py +0 -0
  65. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/ecr.py +0 -0
  66. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/exisiting.py +0 -0
  67. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/lambda_function.py +0 -0
  68. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/lambda_layers.py +0 -0
  69. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/lambda_triggers.py +0 -0
  70. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/load_balancer.py +0 -0
  71. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/rds.py +0 -0
  72. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/resource_mapping.py +0 -0
  73. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/resource_naming.py +0 -0
  74. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/resource_types.py +0 -0
  75. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/route53.py +0 -0
  76. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/route53_hosted_zone.py +0 -0
  77. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/rum.py +0 -0
  78. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/s3.py +0 -0
  79. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/security_group.py +0 -0
  80. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/security_group_full_stack.py +0 -0
  81. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/sqs.py +0 -0
  82. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/vpc.py +0 -0
  83. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/stack.py +0 -0
  84. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/workload.py +0 -0
  85. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py +0 -0
  86. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/constructs/ecr/ecr_construct.py +0 -0
  87. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/constructs/lambdas/lambda_function_construct.py +0 -0
  88. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/constructs/lambdas/lambda_function_docker_construct.py +0 -0
  89. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/constructs/lambdas/lambda_function_role_construct.py +0 -0
  90. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/constructs/lambdas/policies/policy_docs.py +0 -0
  91. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/constructs/lambdas/policies/policy_statements.py +0 -0
  92. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/constructs/s3_buckets/s3_bucket_construct.py +0 -0
  93. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/constructs/s3_buckets/s3_bucket_replication_destination_construct.py +0 -0
  94. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/constructs/s3_buckets/s3_bucket_replication_source_construct.py +0 -0
  95. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/constructs/sqs/policies/sqs_policies.py +0 -0
  96. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/interfaces/enhanced_ssm_parameter_mixin.py +0 -0
  97. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/interfaces/istack.py +0 -0
  98. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/interfaces/live_ssm_resolver.py +0 -0
  99. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/interfaces/ssm_parameter_mixin.py +0 -0
  100. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/lambdas/health_handler.py +0 -0
  101. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/pipeline/pipeline_factory.py +0 -0
  102. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/pipeline/security/policies.py +0 -0
  103. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/pipeline/security/roles.py +0 -0
  104. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/pipeline/stage.py +0 -0
  105. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack/istack.py +0 -0
  106. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack/stack_factory.py +0 -0
  107. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack/stack_module_loader.py +0 -0
  108. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack/stack_module_registry.py +0 -0
  109. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack/stack_modules.py +0 -0
  110. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/__init__.py +0 -0
  111. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/auto_scaling/__init__.py +0 -0
  112. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/auto_scaling/auto_scaling_stack.py +0 -0
  113. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/aws_lambdas/lambda_stack.py +0 -0
  114. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/buckets/README.md +0 -0
  115. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/buckets/bucket_stack.py +0 -0
  116. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/code_artifact/code_artifact_stack.py +0 -0
  117. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/dynamodb/dynamodb_stack.py +0 -0
  118. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/ecr/README.md +0 -0
  119. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/ecr/ecr_stack.py +0 -0
  120. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/load_balancer/__init__.py +0 -0
  121. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/load_balancer/load_balancer_stack.py +0 -0
  122. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/rds/__init__.py +0 -0
  123. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/rds/rds_stack.py +0 -0
  124. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/route53/__init__.py +0 -0
  125. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/route53/route53_stack.py +0 -0
  126. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/rum/__init__.py +0 -0
  127. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/rum/rum_stack.py +0 -0
  128. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/security_group/__init__.py +0 -0
  129. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/security_group/security_group_full_stack.py +0 -0
  130. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/security_group/security_group_stack.py +0 -0
  131. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/simple_queue_service/sqs_stack.py +0 -0
  132. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/stack_base.py +0 -0
  133. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/vpc/__init__.py +0 -0
  134. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/vpc/vpc_stack.py +0 -0
  135. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/websites/static_website_stack.py +0 -0
  136. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stages/websites/static_website_stage.py +0 -0
  137. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/utilities/api_gateway_integration_utility.py +0 -0
  138. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/utilities/commandline_args.py +0 -0
  139. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/utilities/configuration_loader.py +0 -0
  140. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/utilities/docker_utilities.py +0 -0
  141. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/utilities/environment_services.py +0 -0
  142. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/utilities/file_operations.py +0 -0
  143. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/utilities/git_utilities.py +0 -0
  144. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/utilities/json_loading_utility.py +0 -0
  145. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/utilities/lambda_function_utilities.py +0 -0
  146. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/utilities/os_execute.py +0 -0
  147. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/utils/api_gateway_utilities.py +0 -0
  148. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/workload/workload_factory.py +0 -0
  149. {cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/handlers/test/handler.py +0 -0
cdk_factory-0.8.7/LAMBDA_PERMISSION_FIX_SUMMARY.md ADDED
@@ -0,0 +1,56 @@
1
+ # Lambda Permission Fix - Quick Summary
2
+
3
+ ## The Problem
4
+ ```
5
+ Execution failed due to configuration error: Invalid permissions on Lambda function
6
+ ```
7
+
8
+ ## The Root Cause
9
+ When importing Lambda from SSM (`lambda_name` or `lambda_arn_ssm_path`), API Gateway didn't have permission to invoke it.
10
+
11
+ ## The Fix (One Line Change)
12
+ Changed from:
13
+ ```python
14
+ lambda_fn = _lambda.Function.from_function_arn(self, id, lambda_arn)
15
+ ```
16
+
17
+ To:
18
+ ```python
19
+ lambda_fn = _lambda.Function.from_function_attributes(
20
+ self, id,
21
+ function_arn=lambda_arn,
22
+ same_environment=True # ← This is the key!
23
+ )
24
+ ```
25
+
26
+ Plus adding explicit permission:
27
+ ```python
28
+ _lambda.CfnPermission(
29
+ self, f"lambda-permission-{suffix}",
30
+ action="lambda:InvokeFunction",
31
+ function_name=lambda_fn.function_arn,
32
+ principal="apigateway.amazonaws.com",
33
+ source_arn=f"arn:aws:execute-api:{region}:{account}:{api_id}/*/{method}{path}"
34
+ )
35
+ ```
36
+
37
+ ## Why `same_environment=True`?
38
+ - Tells CDK the Lambda is in the same account/region
39
+ - Allows adding `CfnPermission` without validation errors
40
+ - `from_function_arn()` creates read-only references that block permissions
41
+
42
+ ## What Gets Created
43
+ A CloudFormation `AWS::Lambda::Permission` resource that grants your API Gateway invoke access to the Lambda.
44
+
45
+ ## Files Changed
46
+ - `src/cdk_factory/stack_library/api_gateway/api_gateway_stack.py` - The fix
47
+ - `tests/unit/test_api_gateway_lambda_permission.py` - New tests
48
+ - `docs/api_gateway_lambda_permissions_fix.md` - Full documentation
49
+
50
+ ## Applies To
51
+ ✅ Routes with `lambda_name` (SSM auto-discovery)
52
+ ✅ Routes with `lambda_arn_ssm_path` (explicit SSM path)
53
+ ❌ Routes with `src` (inline Lambda - already works)
54
+
55
+ ## Deployment
56
+ Just redeploy your API Gateway stack - no Lambda stack changes needed!
{cdk_factory-0.8.5 → cdk_factory-0.8.7}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: cdk_factory
3
- Version: 0.8.5
3
+ Version: 0.8.7
4
4
  Summary: CDK Factory. A QuickStarter and best practices setup for CDK projects
5
5
  Author-email: Eric Wilson <eric.wilson@geekcafe.com>
6
6
  License: MIT License
{cdk_factory-0.8.5 → cdk_factory-0.8.7}/pyproject.toml RENAMED
@@ -33,7 +33,7 @@ markers = [
33
33
  [project]
34
34
 
35
35
  name = "cdk_factory"
36
- version = "0.8.5"
36
+ version = "0.8.7"
37
37
  authors = [
38
38
  { name="Eric Wilson", email="eric.wilson@geekcafe.com" }
39
39
  ]
{cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/configurations/resources/cognito.py RENAMED
@@ -243,3 +243,66 @@ class CognitoConfig(EnhancedBaseConfig):
243
243
  def ssm(self) -> Dict[str, Any]:
244
244
  """Whether to export the user pool name (default: False)"""
245
245
  return self.__config.get("ssm", {})
246
+
247
+ @property
248
+ def app_clients(self) -> list | None:
249
+ """
250
+ App clients for the user pool.
251
+ Supports multiple clients with different auth flows and OAuth settings.
252
+
253
+ Structure:
254
+ [{
255
+ "name": "web-client",
256
+ "generate_secret": False,
257
+ "auth_flows": {
258
+ "user_password": True,
259
+ "user_srp": True,
260
+ "custom": False,
261
+ "admin_user_password": False
262
+ },
263
+ "oauth": {
264
+ "flows": {
265
+ "authorization_code_grant": True,
266
+ "implicit_code_grant": False,
267
+ "client_credentials": False
268
+ },
269
+ "scopes": ["email", "openid", "profile"],
270
+ "callback_urls": ["https://example.com/callback"],
271
+ "logout_urls": ["https://example.com/logout"]
272
+ },
273
+ "supported_identity_providers": ["COGNITO"],
274
+ "prevent_user_existence_errors": True,
275
+ "enable_token_revocation": True,
276
+ "access_token_validity": {"minutes": 60},
277
+ "id_token_validity": {"minutes": 60},
278
+ "refresh_token_validity": {"days": 30},
279
+ "read_attributes": ["email", "name"],
280
+ "write_attributes": ["name"]
281
+ }]
282
+
283
+ Example:
284
+ [
285
+ {
286
+ "name": "web-app",
287
+ "generate_secret": False,
288
+ "auth_flows": {
289
+ "user_password": True,
290
+ "user_srp": True
291
+ }
292
+ },
293
+ {
294
+ "name": "backend-service",
295
+ "generate_secret": True,
296
+ "oauth": {
297
+ "flows": {
298
+ "client_credentials": True
299
+ },
300
+ "scopes": ["api/read", "api/write"]
301
+ }
302
+ }
303
+ ]
304
+
305
+ Returns:
306
+ list: List of app client configurations
307
+ """
308
+ return self.__config.get("app_clients")
{cdk_factory-0.8.5 → cdk_factory-0.8.7}/src/cdk_factory/stack_library/api_gateway/api_gateway_stack.py RENAMED
@@ -365,6 +365,7 @@ class ApiGatewayStack(IStack, EnhancedSsmParameterMixin):
365
365
  This is the NEW PATTERN for separating Lambda and API Gateway stacks.
366
366
  """
367
367
  route_path = route["path"]
368
+ method = route.get("method", "GET").upper()
368
369
  suffix = self._get_route_suffix(route) # Use shared method for consistent suffix calculation
369
370
 
370
371
  # Get Lambda ARN from SSM Parameter Store
@@ -376,15 +377,30 @@ class ApiGatewayStack(IStack, EnhancedSsmParameterMixin):
376
377
  f"Ensure Lambda stack has deployed and exported ARN to SSM."
377
378
  )
378
379
 
379
- # Import Lambda function from ARN
380
- lambda_fn = _lambda.Function.from_function_arn(
380
+ # Import Lambda function from ARN using fromFunctionAttributes
381
+ # This allows us to add permissions even for imported functions
382
+ lambda_fn = _lambda.Function.from_function_attributes(
381
383
  self,
382
384
  f"{api_id}-imported-lambda-{suffix}",
383
- lambda_arn
385
+ function_arn=lambda_arn,
386
+ same_environment=True # Allow permission grants for same-account imports
384
387
  )
385
388
 
386
389
  logger.info(f"Imported Lambda for route {route_path}: {lambda_arn}")
387
390
 
391
+ # Add explicit resource-based permission for this specific API Gateway
392
+ # This is CRITICAL for cross-stack Lambda integrations
393
+ _lambda.CfnPermission(
394
+ self,
395
+ f"lambda-permission-{suffix}",
396
+ action="lambda:InvokeFunction",
397
+ function_name=lambda_fn.function_arn,
398
+ principal="apigateway.amazonaws.com",
399
+ source_arn=f"arn:aws:execute-api:{self.region}:{self.account}:{api_gateway.rest_api_id}/*/{method}{route_path}"
400
+ )
401
+
402
+ logger.info(f"Granted API Gateway invoke permissions for Lambda: {lambda_arn}")
403
+
388
404
  # Setup API Gateway resource
389
405
  resource = (
390
406
  api_gateway.root.resource_for_path(route_path)