cdk-factory 0.9.11__py3-none-any.whl → 0.9.13__py3-none-any.whl

cdk_factory/stack_library/ecs/ecs_service_stack.py

@@ -198,9 +198,78 @@ class EcsServiceStack(IStack, EnhancedSsmParameterMixin):
                 task_role=task_role,
             )
         
+        # Add volumes to task definition
+        self._add_volumes_to_task()
+        
         # Add containers
         self._add_containers_to_task()
 
+    def _add_volumes_to_task(self) -> None:
+        """
+        Add volumes to the task definition.
+        Supports host volumes for EC2 launch type and EFS volumes for both.
+        """
+        volumes = self.ecs_config.volumes
+        
+        if not volumes:
+            return  # No volumes to add
+        
+        for volume_config in volumes:
+            volume_name = volume_config.get("name")
+            if not volume_name:
+                logger.warning("Volume name is required, skipping")
+                continue
+            
+            # Check volume type
+            if "host" in volume_config:
+                # Host volume (bind mount for EC2)
+                if self.ecs_config.launch_type != "EC2":
+                    logger.warning(f"Host volumes are only supported for EC2 launch type, skipping volume {volume_name}")
+                    continue
+                
+                host_config = volume_config["host"]
+                source_path = host_config.get("source_path")
+                
+                if not source_path:
+                    logger.warning(f"Host source_path is required for volume {volume_name}, skipping")
+                    continue
+                
+                # Add host volume to task definition
+                self.task_definition.add_volume(
+                    name=volume_name,
+                    host=ecs.Host(source_path=source_path)
+                )
+                
+                logger.info(f"Added host volume: {volume_name} -> {source_path}")
+                
+            elif "efs" in volume_config:
+                # EFS volume (supported for both EC2 and Fargate)
+                efs_config = volume_config["efs"]
+                file_system_id = efs_config.get("file_system_id")
+                
+                if not file_system_id:
+                    logger.warning(f"EFS file_system_id is required for volume {volume_name}, skipping")
+                    continue
+                
+                # Build EFS volume configuration
+                efs_volume_config = ecs.EfsVolumeConfiguration(
+                    file_system_id=file_system_id,
+                    root_directory=efs_config.get("root_directory", "/"),
+                    transit_encryption="ENABLED" if efs_config.get("transit_encryption", True) else "DISABLED",
+                    authorization_config=ecs.AuthorizationConfig(
+                        access_point_id=efs_config.get("access_point_id")
+                    ) if efs_config.get("access_point_id") else None
+                )
+                
+                self.task_definition.add_volume(
+                    name=volume_name,
+                    efs_volume_configuration=efs_volume_config
+                )
+                
+                logger.info(f"Added EFS volume: {volume_name} -> {file_system_id}")
+            else:
+                logger.warning(f"Volume {volume_name} must specify either 'host' or 'efs' configuration")
+
     def _add_containers_to_task(self) -> None:
         """Add container definitions to the task"""
         container_definitions = self.ecs_config.container_definitions
@@ -262,6 +331,27 @@ class EcsServiceStack(IStack, EnhancedSsmParameterMixin):
                         protocol=ecs.Protocol.TCP,
                     )
                 )
+            
+            # Add mount points (bind volumes to container)
+            mount_points = container_config.get("mount_points", [])
+            for mount_point in mount_points:
+                source_volume = mount_point.get("source_volume")
+                container_path = mount_point.get("container_path")
+                read_only = mount_point.get("read_only", False)
+                
+                if not source_volume or not container_path:
+                    logger.warning(f"Mount point requires source_volume and container_path, skipping")
+                    continue
+                
+                container.add_mount_points(
+                    ecs.MountPoint(
+                        source_volume=source_volume,
+                        container_path=container_path,
+                        read_only=read_only
+                    )
+                )
+                
+                logger.info(f"Added mount point: {source_volume} -> {container_path} (read_only={read_only})")
 
     def _load_secrets(self, secrets_config: Dict[str, str]) -> Dict[str, ecs.Secret]:
         """Load secrets from Secrets Manager or SSM Parameter Store"""

cdk_factory/stack_library/lambda_edge/__init__.py

@@ -0,0 +1,6 @@
+"""
+Lambda@Edge Stack Library Module
+"""
+from cdk_factory.stack_library.lambda_edge.lambda_edge_stack import LambdaEdgeStack
+
+__all__ = ["LambdaEdgeStack"]

cdk_factory/stack_library/lambda_edge/lambda_edge_stack.py

@@ -0,0 +1,258 @@
+"""
+Lambda@Edge Stack Pattern for CDK-Factory
+Supports deploying Lambda functions for CloudFront edge locations.
+Geek Cafe, LLC
+Maintainers: Eric Wilson
+MIT License. See Project Root for the license information.
+"""
+
+from typing import Optional, Dict
+from pathlib import Path
+
+import aws_cdk as cdk
+from aws_cdk import aws_lambda as _lambda
+from aws_cdk import aws_iam as iam
+from aws_cdk import aws_logs as logs
+from aws_cdk import aws_ssm as ssm
+from aws_lambda_powertools import Logger
+from constructs import Construct
+
+from cdk_factory.configurations.deployment import DeploymentConfig
+from cdk_factory.configurations.stack import StackConfig
+from cdk_factory.configurations.resources.lambda_edge import LambdaEdgeConfig
+from cdk_factory.interfaces.istack import IStack
+from cdk_factory.interfaces.enhanced_ssm_parameter_mixin import EnhancedSsmParameterMixin
+from cdk_factory.stack.stack_module_registry import register_stack
+from cdk_factory.workload.workload_factory import WorkloadConfig
+
+logger = Logger(service="LambdaEdgeStack")
+
+
+@register_stack("lambda_edge_library_module")
+@register_stack("lambda_edge_stack")
+class LambdaEdgeStack(IStack, EnhancedSsmParameterMixin):
+    """
+    Reusable stack for Lambda@Edge functions.
+    
+    Lambda@Edge constraints:
+    - Must be deployed in us-east-1
+    - Requires versioned functions (not $LATEST)
+    - Max timeout: 5s for origin-request, 30s for viewer-request
+    - No environment variables in viewer-request/response (origin-request/response only)
+    """
+
+    def __init__(self, scope: Construct, id: str, **kwargs) -> None:
+        super().__init__(scope, id, **kwargs)
+        self.edge_config: Optional[LambdaEdgeConfig] = None
+        self.stack_config: Optional[StackConfig] = None
+        self.deployment: Optional[DeploymentConfig] = None
+        self.workload: Optional[WorkloadConfig] = None
+        self.function: Optional[_lambda.Function] = None
+        self.function_version: Optional[_lambda.Version] = None
+
+    def build(
+        self,
+        stack_config: StackConfig,
+        deployment: DeploymentConfig,
+        workload: WorkloadConfig,
+    ) -> None:
+        """Build the Lambda@Edge stack"""
+        self._build(stack_config, deployment, workload)
+
+    def _build(
+        self,
+        stack_config: StackConfig,
+        deployment: DeploymentConfig,
+        workload: WorkloadConfig,
+    ) -> None:
+        """Internal build method for the Lambda@Edge stack"""
+        self.stack_config = stack_config
+        self.deployment = deployment
+        self.workload = workload
+        
+        # Validate region (Lambda@Edge must be in us-east-1)
+        if self.region != "us-east-1":
+            logger.warning(
+                f"Lambda@Edge must be deployed in us-east-1, but stack region is {self.region}. "
+                "Make sure your deployment config specifies us-east-1."
+            )
+        
+        # Load Lambda@Edge configuration
+        self.edge_config = LambdaEdgeConfig(
+            stack_config.dictionary.get("lambda_edge", {}),
+            deployment
+        )
+        
+        function_name = deployment.build_resource_name(self.edge_config.name)
+        
+        # Create Lambda function
+        self._create_lambda_function(function_name)
+        
+        # Create version (required for Lambda@Edge)
+        self._create_function_version(function_name)
+        
+        # Add outputs
+        self._add_outputs(function_name)
+
+    def _resolve_environment_variables(self) -> Dict[str, str]:
+        """
+        Resolve environment variables, including SSM parameter references.
+        Supports {{ssm:parameter-path}} syntax for dynamic SSM lookups.
+        Uses CDK tokens that resolve at deployment time, not synthesis time.
+        """
+        resolved_env = {}
+        
+        for key, value in self.edge_config.environment.items():
+            # Check if value is an SSM parameter reference
+            if isinstance(value, str) and value.startswith("{{ssm:") and value.endswith("}}"):
+                # Extract SSM parameter path
+                ssm_param_path = value[6:-2]  # Remove {{ssm: and }}
+                
+                # Import SSM parameter - this creates a token that resolves at deployment time
+                param = ssm.StringParameter.from_string_parameter_name(
+                    self,
+                    f"env-{key}-{hash(ssm_param_path) % 10000}",
+                    ssm_param_path
+                )
+                resolved_value = param.string_value
+                logger.info(f"Resolved environment variable {key} from SSM {ssm_param_path}")
+                resolved_env[key] = resolved_value
+            else:
+                resolved_env[key] = value
+        
+        return resolved_env
+
+    def _create_lambda_function(self, function_name: str) -> None:
+        """Create the Lambda function"""
+        
+        # Resolve code path (relative to runtime directory or absolute)
+        code_path = Path(self.edge_config.code_path)
+        if not code_path.is_absolute():
+            # Assume relative to the project root
+            code_path = Path.cwd() / code_path
+        
+        if not code_path.exists():
+            raise FileNotFoundError(
+                f"Lambda code path does not exist: {code_path}\n"
+                f"Current working directory: {Path.cwd()}"
+            )
+        
+        logger.info(f"Loading Lambda code from: {code_path}")
+        
+        # Map runtime string to CDK Runtime
+        runtime_map = {
+            "python3.11": _lambda.Runtime.PYTHON_3_11,
+            "python3.10": _lambda.Runtime.PYTHON_3_10,
+            "python3.9": _lambda.Runtime.PYTHON_3_9,
+            "python3.12": _lambda.Runtime.PYTHON_3_12,
+            "nodejs18.x": _lambda.Runtime.NODEJS_18_X,
+            "nodejs20.x": _lambda.Runtime.NODEJS_20_X,
+        }
+        
+        runtime = runtime_map.get(
+            self.edge_config.runtime,
+            _lambda.Runtime.PYTHON_3_11
+        )
+        
+        # Resolve environment variables (handles SSM parameter references)
+        resolved_environment = self._resolve_environment_variables()
+        
+        # Create execution role with CloudWatch Logs permissions
+        execution_role = iam.Role(
+            self,
+            f"{function_name}-Role",
+            assumed_by=iam.CompositePrincipal(
+                iam.ServicePrincipal("lambda.amazonaws.com"),
+                iam.ServicePrincipal("edgelambda.amazonaws.com")
+            ),
+            description=f"Execution role for Lambda@Edge function {function_name}",
+            managed_policies=[
+                iam.ManagedPolicy.from_aws_managed_policy_name(
+                    "service-role/AWSLambdaBasicExecutionRole"
+                )
+            ]
+        )
+        
+        # Create the Lambda function
+        self.function = _lambda.Function(
+            self,
+            function_name,
+            function_name=function_name,
+            runtime=runtime,
+            handler=self.edge_config.handler,
+            code=_lambda.Code.from_asset(str(code_path)),
+            memory_size=self.edge_config.memory_size,
+            timeout=cdk.Duration.seconds(self.edge_config.timeout),
+            description=self.edge_config.description,
+            role=execution_role,
+            environment=resolved_environment,
+            log_retention=logs.RetentionDays.ONE_WEEK,
+        )
+        
+        # Add tags
+        for key, value in self.edge_config.tags.items():
+            cdk.Tags.of(self.function).add(key, value)
+
+    def _create_function_version(self, function_name: str) -> None:
+        """
+        Create a version of the Lambda function.
+        Lambda@Edge requires versioned functions (cannot use $LATEST).
+        """
+        self.function_version = self.function.current_version
+        
+        # Add description to version
+        cfn_version = self.function_version.node.default_child
+        if cfn_version:
+            cfn_version.add_property_override(
+                "Description",
+                f"Version for Lambda@Edge deployment - {self.edge_config.description}"
+            )
+
+    def _add_outputs(self, function_name: str) -> None:
+        """Add CloudFormation outputs and SSM exports"""
+        
+        # CloudFormation outputs
+        cdk.CfnOutput(
+            self,
+            "FunctionName",
+            value=self.function.function_name,
+            description="Lambda function name",
+            export_name=f"{function_name}-name"
+        )
+        
+        cdk.CfnOutput(
+            self,
+            "FunctionArn",
+            value=self.function.function_arn,
+            description="Lambda function ARN (unversioned)",
+            export_name=f"{function_name}-arn"
+        )
+        
+        cdk.CfnOutput(
+            self,
+            "FunctionVersionArn",
+            value=self.function_version.function_arn,
+            description="Lambda function version ARN (use this for Lambda@Edge)",
+            export_name=f"{function_name}-version-arn"
+        )
+        
+        # SSM Parameter Store exports (if configured)
+        ssm_exports = self.edge_config.dictionary.get("ssm_exports", {})
+        if ssm_exports:
+            export_values = {
+                "function_name": self.function.function_name,
+                "function_arn": self.function.function_arn,
+                "function_version_arn": self.function_version.function_arn,
+                "function_version": self.function_version.version,
+            }
+            
+            # Export each value to SSM using the enhanced parameter mixin
+            for key, param_path in ssm_exports.items():
+                if key in export_values:
+                    self.export_ssm_parameter(
+                        self,
+                        f"{key}-param",
+                        export_values[key],
+                        param_path,
+                        description=f"{key} for Lambda@Edge function {function_name}"
+                    )

cdk_factory/stack_library/monitoring/__init__.py

@@ -0,0 +1,6 @@
+"""
+Monitoring Stack Library Module
+"""
+from cdk_factory.stack_library.monitoring.monitoring_stack import MonitoringStack
+
+__all__ = ["MonitoringStack"]