cdk-factory 0.9.11__tar.gz → 0.10.0__tar.gz

{cdk_factory-0.9.11 → cdk_factory-0.10.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cdk_factory
-Version: 0.9.11
+Version: 0.10.0
 Summary: CDK Factory. A QuickStarter and best practices setup for CDK projects
 Author-email: Eric Wilson <eric.wilson@geekcafe.com>
 License: MIT License

{cdk_factory-0.9.11 → cdk_factory-0.10.0}/pyproject.toml

@@ -33,7 +33,7 @@ markers = [
 [project]
 
 name = "cdk_factory"
-version = "0.9.11"
+version = "0.10.0"
 authors = [
   { name="Eric Wilson", email="eric.wilson@geekcafe.com" }
 ]

{cdk_factory-0.9.11 → cdk_factory-0.10.0}/run-tests.sh

@@ -24,15 +24,19 @@ echo "=================================="
 if [ ! -d ".venv" ]; then
     echo -e "${YELLOW}Creating virtual environment...${NC}"
     python3 -m venv .venv
+    # Install dependencies
+    echo -e "${YELLOW}Installing dependencies...${NC}"
+    pip install -q -r requirements.dev.txt
+    pip install -q -r requirements.tests.txt
+fi
+
+# see if it's activated
+if [ ! -f ".venv/bin/activate" ]; then
+    echo -e "${YELLOW}Activating virtual environment...${NC}"
+    source ./.venv/bin/activate
 fi
 
-echo -e "${YELLOW}Activating virtual environment...${NC}"
-source ./.venv/bin/activate
 
-# Install dependencies
-echo -e "${YELLOW}Installing dependencies...${NC}"
-pip install -q -r requirements.dev.txt
-pip install -q -r requirements.tests.txt
 
 # Check if pytest is installed in the virtual environment
 if ! command -v pytest &> /dev/null; then

{cdk_factory-0.9.11 → cdk_factory-0.10.0}/src/cdk_factory/app.py

@@ -32,15 +32,12 @@ class CdkAppFactory:
         config_path: str | None = None,
         outdir: str | None = None,
         add_env_context: bool = True,
-        auto_detect_project_root: bool = True,
-        is_pipeline: bool = False,
     ) -> None:
 
         self.args = args or CommandlineArgs()
         self.runtime_directory = runtime_directory
         self.config_path: str | None = config_path
         self.add_env_context = add_env_context
-        self._is_pipeline = is_pipeline
 
         # Auto-detect runtime_directory if not provided
         if not self.runtime_directory:
@@ -50,21 +47,26 @@ class CdkAppFactory:
         # 1. Explicit outdir parameter (highest priority)
         # 2. CDK_OUTDIR environment variable
         # 3. Default: {runtime_directory}/cdk.out
-        
+
         supplied_outdir = outdir or (
             self.args.outdir if hasattr(self.args, "outdir") else None
         )
-        
+
         if supplied_outdir:
-            # Explicit outdir: convert to absolute path
-            self.outdir = os.path.abspath(supplied_outdir)
+            # Explicit outdir: if relative, resolve against runtime_directory
+            # If absolute, use as-is
+            if os.path.isabs(supplied_outdir):
+                self.outdir = supplied_outdir
+            else:
+                # Relative path: resolve against runtime_directory, not cwd
+                self.outdir = os.path.join(self.runtime_directory, supplied_outdir)
         elif os.getenv("CDK_OUTDIR"):
             # Environment variable override
             self.outdir = os.path.abspath(os.getenv("CDK_OUTDIR"))
         else:
             # Default: cdk.out in runtime_directory
             # This resolves correctly in both local and CodeBuild environments
-            self.outdir = str(Path(self.runtime_directory).resolve() / "cdk.out")
+            self.outdir = os.path.join(self.runtime_directory, "cdk.out")
 
         # Clean and recreate directory for fresh synthesis
         if os.path.exists(self.outdir):
@@ -126,6 +128,8 @@ class CdkAppFactory:
         # Validate that the assembly directory exists and has files
         self._validate_synth_output(assembly)
 
+        self._copy_cdk_out_to_project_root()
+
         return assembly
 
     def _validate_synth_output(self, assembly: CloudAssembly) -> None:
@@ -244,6 +248,33 @@ class CdkAppFactory:
         # Priority 4: Fallback to runtime_directory
         return str(current)
 
+    def _copy_cdk_out_to_project_root(self):
+        # Copy the cdk.out directory to the project root so it can be picked up by CodeBuild
+        # Source: the actual CDK output directory from the synthesis (e.g., /tmp/cdk-factory/cdk.out)
+        cdk_out_source = self.outdir
+
+        # raise Exception(f"cdk_out_source: {cdk_out_source}")
+
+        # Destination: project root (two directories up from devops/cdk-iac where this file lives)
+        project_root = os.getenv("CODEBUILD_SRC_DIR")
+        if not project_root:
+            return
+
+        cdk_out_dest = os.path.join(project_root, "cdk.out")
+
+        print(f"👉 Project root: {project_root}")
+        print(f"👉 CDK output source: {cdk_out_source}")
+        print(f"👉 CDK output destination: {cdk_out_dest}")
+
+        if os.path.exists(cdk_out_dest):
+            print("❌ CDK output directory already exists, skipping copy")
+            return
+        else:
+            print("✅ CDK output directory does not exist, copying")
+
+        shutil.copytree(cdk_out_source, cdk_out_dest)
+        print(f"✅  Copied CDK output to {cdk_out_dest}")
+
 
 if __name__ == "__main__":
     # deploy_test()

{cdk_factory-0.9.11 → cdk_factory-0.10.0}/src/cdk_factory/configurations/resources/auto_scaling.py

@@ -148,3 +148,30 @@ class AutoScalingConfig(EnhancedBaseConfig):
     def target_group_arns(self) -> List[str]:
         """Target group ARNs for the Auto Scaling Group"""
         return self.__config.get("target_group_arns", [])
+
+    @property
+    def user_data_scripts(self) -> List[Dict[str, Any]]:
+        """
+        User data scripts to inject from files.
+        Each script should have:
+        - type: 'file' or 'inline'
+        - path: path to script file (if type is 'file')
+        - content: script content (if type is 'inline')
+        - variables: dict of variables for substitution
+        """
+        return self.__config.get("user_data_scripts", [])
+
+    @property
+    def iam_inline_policies(self) -> List[Dict[str, Any]]:
+        """
+        IAM inline policies to attach to the instance role.
+        Each policy should have:
+        - name: policy name
+        - statements: list of IAM policy statements
+        """
+        return self.__config.get("iam_inline_policies", [])
+
+    @property
+    def key_name(self) -> Optional[str]:
+        """EC2 key pair name for SSH access"""
+        return self.__config.get("key_name")

cdk_factory-0.10.0/src/cdk_factory/configurations/resources/cloudfront.py

@@ -0,0 +1,124 @@
+"""
+Geek Cafe, LLC
+Maintainers: Eric Wilson
+MIT License.  See Project Root for the license information.
+"""
+from typing import Dict, List, Any, Optional
+from cdk_factory.configurations.enhanced_base_config import EnhancedBaseConfig
+
+
+class CloudFrontConfig(EnhancedBaseConfig):
+    """
+    CloudFront Distribution Configuration
+    Supports both S3 origins (static sites) and custom origins (ALB, API Gateway, etc.)
+    """
+
+    def __init__(self, config: dict = None, deployment=None) -> None:
+        super().__init__(
+            config or {}, 
+            resource_type="cloudfront", 
+            resource_name=config.get("name", "cloudfront") if config else "cloudfront"
+        )
+        self._config = config or {}
+        self._deployment = deployment
+
+    @property
+    def name(self) -> str:
+        """Distribution name"""
+        return self._config.get("name", "cloudfront")
+
+    @property
+    def description(self) -> str:
+        """Distribution description"""
+        return self._config.get("description", "CloudFront Distribution")
+
+    @property
+    def comment(self) -> str:
+        """Distribution comment"""
+        return self._config.get("comment", "")
+
+    @property
+    def enabled(self) -> bool:
+        """Whether distribution is enabled"""
+        return self._config.get("enabled", True)
+
+    @property
+    def aliases(self) -> List[str]:
+        """Alternate domain names (CNAMEs)"""
+        return self._config.get("aliases", [])
+
+    @property
+    def price_class(self) -> str:
+        """Price class for edge locations"""
+        return self._config.get("price_class", "PriceClass_100")
+
+    @property
+    def http_version(self) -> str:
+        """HTTP version (http2, http2_and_3)"""
+        return self._config.get("http_version", "http2_and_3")
+
+    @property
+    def certificate(self) -> Optional[Dict[str, Any]]:
+        """ACM certificate configuration"""
+        return self._config.get("certificate")
+
+    @property
+    def origins(self) -> List[Dict[str, Any]]:
+        """Origin configurations"""
+        return self._config.get("origins", [])
+
+    @property
+    def default_cache_behavior(self) -> Dict[str, Any]:
+        """Default cache behavior"""
+        return self._config.get("default_cache_behavior", {})
+
+    @property
+    def cache_behaviors(self) -> List[Dict[str, Any]]:
+        """Additional cache behaviors"""
+        return self._config.get("cache_behaviors", [])
+
+    @property
+    def custom_error_responses(self) -> List[Dict[str, Any]]:
+        """Custom error responses"""
+        return self._config.get("custom_error_responses", [])
+
+    @property
+    def logging(self) -> Optional[Dict[str, Any]]:
+        """Logging configuration"""
+        return self._config.get("logging")
+
+    @property
+    def waf_web_acl_id(self) -> Optional[str]:
+        """WAF Web ACL ID"""
+        return self._config.get("waf_web_acl_id")
+
+    @property
+    def default_root_object(self) -> str:
+        """Default root object"""
+        return self._config.get("default_root_object", "index.html")
+
+    @property
+    def tags(self) -> Dict[str, str]:
+        """Resource tags"""
+        return self._config.get("tags", {})
+
+    @property
+    def ssm_exports(self) -> Dict[str, str]:
+        """SSM parameter exports"""
+        return self._config.get("ssm_exports", {})
+
+    @property
+    def ssm_imports(self) -> Dict[str, str]:
+        """SSM parameter imports"""
+        return self._config.get("ssm_imports", {})
+
+    @property
+    def hosted_zone_id(self) -> str:
+        """
+        Returns the hosted_zone_id for cloudfront
+        Use this when making dns changes when you want your custom domain
+        to be route through cloudfront.
+
+        As far as I know this Id is static and used for all of cloudfront
+        """
+        return self._config.get("hosted_zone_id", "Z2FDTNDATAQYW2")

{cdk_factory-0.9.11 → cdk_factory-0.10.0}/src/cdk_factory/configurations/resources/ecs_service.py

@@ -142,3 +142,15 @@ class EcsServiceConfig:
     def is_maintenance_mode(self) -> bool:
         """Whether this is a maintenance mode deployment"""
         return self.deployment_type == "maintenance"
+
+    @property
+    def volumes(self) -> List[Dict[str, Any]]:
+        """
+        Volume definitions for the task.
+        Supports host volumes for EC2 launch type and EFS volumes.
+        Each volume should have:
+        - name: volume name
+        - host: {source_path: "/path/on/host"} for bind mounts
+        - efs: {...} for EFS volumes
+        """
+        return self.task_definition.get("volumes", [])

cdk_factory-0.10.0/src/cdk_factory/configurations/resources/lambda_edge.py

@@ -0,0 +1,92 @@
+"""
+Lambda@Edge Configuration for CDK-Factory
+Geek Cafe, LLC
+Maintainers: Eric Wilson
+MIT License. See Project Root for the license information.
+"""
+from typing import Dict, Optional
+from cdk_factory.configurations.enhanced_base_config import EnhancedBaseConfig
+
+
+class LambdaEdgeConfig(EnhancedBaseConfig):
+    """
+    Configuration class for Lambda@Edge functions.
+    Lambda@Edge has specific constraints:
+    - Must be deployed in us-east-1
+    - Max timeout: 5 seconds for origin-request/response, 30s for viewer-request/response
+    - Max memory: 10GB (but typically use 128-512MB for edge functions)
+    - Must use versioned functions (not $LATEST)
+    """
+
+    def __init__(self, config: dict = None, deployment=None) -> None:
+        super().__init__(
+            config or {},
+            resource_type="lambda_edge",
+            resource_name=config.get("name", "lambda-edge") if config else "lambda-edge"
+        )
+        self._config = config or {}
+        self._deployment = deployment
+
+    @property
+    def name(self) -> str:
+        """Function name"""
+        return self._config.get("name", "lambda-edge")
+
+    @property
+    def handler(self) -> str:
+        """Handler function (e.g., 'handler.lambda_handler')"""
+        return self._config.get("handler", "handler.lambda_handler")
+
+    @property
+    def runtime(self) -> str:
+        """Lambda runtime (e.g., 'python3.11')"""
+        return self._config.get("runtime", "python3.11")
+
+    @property
+    def memory_size(self) -> int:
+        """Memory size in MB (128-10240)"""
+        return int(self._config.get("memory_size", 128))
+
+    @property
+    def timeout(self) -> int:
+        """Timeout in seconds (max 5 for origin-request)"""
+        timeout = int(self._config.get("timeout", 5))
+        if timeout > 5:
+            raise ValueError("Lambda@Edge origin-request timeout cannot exceed 5 seconds")
+        return timeout
+
+    @property
+    def code_path(self) -> str:
+        """Path to Lambda function code directory"""
+        return self._config.get("code_path", "./lambdas/edge/ip_gate")
+
+    @property
+    def environment(self) -> Dict[str, str]:
+        """Environment variables for the Lambda function"""
+        return self._config.get("environment", {})
+
+    @property
+    def description(self) -> str:
+        """Function description"""
+        return self._config.get("description", "Lambda@Edge function")
+
+    @property
+    def event_type(self) -> str:
+        """
+        Lambda@Edge event type:
+        - viewer-request: Executes when CloudFront receives a request from viewer
+        - origin-request: Executes before CloudFront forwards request to origin
+        - origin-response: Executes after CloudFront receives response from origin
+        - viewer-response: Executes before CloudFront returns response to viewer
+        """
+        return self._config.get("event_type", "origin-request")
+
+    @property
+    def publish_version(self) -> bool:
+        """Whether to publish a new version (required for Lambda@Edge)"""
+        return self._config.get("publish_version", True)
+
+    @property
+    def include_body(self) -> bool:
+        """Whether to include request body in origin-request events"""
+        return self._config.get("include_body", False)

cdk_factory-0.10.0/src/cdk_factory/configurations/resources/monitoring.py

@@ -0,0 +1,74 @@
+"""
+Monitoring Configuration
+Geek Cafe, LLC
+Maintainers: Eric Wilson
+MIT License. See Project Root for the license information.
+"""
+
+from typing import Dict, List, Any, Optional
+from cdk_factory.configurations.enhanced_base_config import EnhancedBaseConfig
+
+
+class MonitoringConfig(EnhancedBaseConfig):
+    """
+    Monitoring Configuration for CloudWatch Alarms and Dashboards
+    """
+
+    def __init__(self, config: dict = None, deployment=None) -> None:
+        super().__init__(
+            config or {},
+            resource_type="monitoring",
+            resource_name=config.get("name", "monitoring") if config else "monitoring"
+        )
+        self._config = config or {}
+        self._deployment = deployment
+
+    @property
+    def name(self) -> str:
+        """Monitoring stack name"""
+        return self._config.get("name", "monitoring")
+
+    @property
+    def sns_topics(self) -> List[Dict[str, Any]]:
+        """SNS topics for alarm notifications"""
+        return self._config.get("sns_topics", [])
+
+    @property
+    def alarms(self) -> List[Dict[str, Any]]:
+        """CloudWatch alarms configuration"""
+        return self._config.get("alarms", [])
+
+    @property
+    def dashboards(self) -> List[Dict[str, Any]]:
+        """CloudWatch dashboards configuration"""
+        return self._config.get("dashboards", [])
+
+    @property
+    def composite_alarms(self) -> List[Dict[str, Any]]:
+        """Composite alarms (combine multiple alarms)"""
+        return self._config.get("composite_alarms", [])
+
+    @property
+    def log_metric_filters(self) -> List[Dict[str, Any]]:
+        """CloudWatch Logs metric filters"""
+        return self._config.get("log_metric_filters", [])
+
+    @property
+    def enable_anomaly_detection(self) -> bool:
+        """Enable CloudWatch anomaly detection"""
+        return self._config.get("enable_anomaly_detection", False)
+
+    @property
+    def tags(self) -> Dict[str, str]:
+        """Resource tags"""
+        return self._config.get("tags", {})
+
+    @property
+    def ssm_exports(self) -> Dict[str, str]:
+        """SSM parameter exports"""
+        return self._config.get("ssm_exports", {})
+
+    @property
+    def ssm_imports(self) -> Dict[str, str]:
+        """SSM parameter imports for resource ARNs"""
+        return self._config.get("ssm_imports", {})

{cdk_factory-0.9.11 → cdk_factory-0.10.0}/src/cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py

@@ -1,10 +1,11 @@
-from typing import Any, List, Mapping
+from typing import Any, List, Mapping, Optional
 
 from aws_cdk import Duration
 from aws_cdk import aws_certificatemanager as acm
 from aws_cdk import aws_cloudfront as cloudfront
 from aws_cdk import aws_cloudfront_origins as origins
 from aws_cdk import aws_iam as iam
+from aws_cdk import aws_lambda as _lambda
 from aws_cdk import aws_s3 as s3
 from constructs import Construct
 from cdk_factory.configurations.stack import StackConfig
@@ -123,6 +124,7 @@ class CloudFrontDistributionConstruct(Construct):
                 origin=origin,
                 viewer_protocol_policy=cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
                 function_associations=self.__get_function_associations(),
+                edge_lambdas=self.__get_lambda_edge_associations(),
             ),
             default_root_object="index.html",
             error_responses=self._error_responses(),
@@ -218,6 +220,54 @@ class CloudFrontDistributionConstruct(Construct):
 
         return function_associations
 
+    def __get_lambda_edge_associations(self) -> Optional[List[cloudfront.EdgeLambda]]:
+        """
+        Get the Lambda@Edge associations for the distribution from config.
+        
+        Returns:
+            List[cloudfront.EdgeLambda] or None: list of Lambda@Edge associations
+        """
+        edge_lambdas = []
+        
+        if self.stack_config and isinstance(self.stack_config, StackConfig):
+            cloudfront_config = self.stack_config.dictionary.get("cloudfront", {})
+            lambda_edge_associations = cloudfront_config.get("lambda_edge_associations", [])
+            
+            for association in lambda_edge_associations:
+                event_type_str = association.get("event_type", "origin-request")
+                lambda_arn = association.get("lambda_arn")
+                include_body = association.get("include_body", False)
+                
+                if not lambda_arn:
+                    continue  # Skip if no ARN provided
+                
+                # Map event type string to CloudFront enum
+                event_type_map = {
+                    "viewer-request": cloudfront.LambdaEdgeEventType.VIEWER_REQUEST,
+                    "origin-request": cloudfront.LambdaEdgeEventType.ORIGIN_REQUEST,
+                    "origin-response": cloudfront.LambdaEdgeEventType.ORIGIN_RESPONSE,
+                    "viewer-response": cloudfront.LambdaEdgeEventType.VIEWER_RESPONSE,
+                }
+                
+                event_type = event_type_map.get(event_type_str, cloudfront.LambdaEdgeEventType.ORIGIN_REQUEST)
+                
+                # Import the Lambda function version by ARN
+                lambda_version = _lambda.Version.from_version_arn(
+                    self,
+                    f"LambdaEdge-{event_type_str}",
+                    version_arn=lambda_arn
+                )
+                
+                edge_lambdas.append(
+                    cloudfront.EdgeLambda(
+                        function_version=lambda_version,
+                        event_type=event_type,
+                        include_body=include_body
+                    )
+                )
+        
+        return edge_lambdas if edge_lambdas else None
+
     def __get_combined_function(self, hosts: List[str]) -> cloudfront.Function:
         """
         Creates a combined CloudFront function that does both URL rewriting and host restrictions.

cdk_factory-0.10.0/src/cdk_factory/lambdas/edge/ip_gate/handler.py

@@ -0,0 +1,104 @@
+"""
+Lambda@Edge Origin-Request Handler for IP-based Access Gating
+Geek Cafe, LLC
+Maintainers: Eric Wilson
+"""
+
+import ipaddress
+import json
+import os
+
+
+def lambda_handler(event, context):
+    """
+    Lambda@Edge origin-request handler that implements IP-based gating
+    with maintenance site fallback.
+    
+    Features:
+    - Inject X-Viewer-IP header for origin visibility
+    - Check viewer IP against allowlist when gate is enabled
+    - Rewrite blocked IPs to maintenance CloudFront distribution, and serve up maintenance site
+    - Toggle via GATE_ENABLED environment variable
+    """
+    
+    # Extract request from CloudFront event
+    request = event['Records'][0]['cf']['request']
+    client_ip = request['clientIp']
+    
+    # Configuration from environment variables
+    gate_enabled = os.environ.get('GATE_ENABLED', 'false').lower() == 'true'
+    allow_cidrs_str = os.environ.get('ALLOW_CIDRS', '')
+    maint_cf_host = os.environ.get('MAINT_CF_HOST', '')
+    
+    # Parse allowed CIDRs
+    allow_cidrs = [cidr.strip() for cidr in allow_cidrs_str.split(',') if cidr.strip()]
+    
+    # Always inject viewer IP header
+    if 'headers' not in request:
+        request['headers'] = {}
+    
+    request['headers']['x-viewer-ip'] = [{
+        'key': 'X-Viewer-IP',
+        'value': client_ip
+    }]
+    
+    # If gate is disabled, pass through to origin
+    if not gate_enabled:
+        return request
+    
+    # Check if IP is in allowlist
+    ip_allowed = False
+    try:
+        client_ip_obj = ipaddress.ip_address(client_ip)
+        for cidr in allow_cidrs:
+            try:
+                network = ipaddress.ip_network(cidr, strict=False)
+                if client_ip_obj in network:
+                    ip_allowed = True
+                    break
+            except (ValueError, ipaddress.AddressValueError):
+                # Invalid CIDR, skip
+                continue
+    except (ValueError, ipaddress.AddressValueError):
+        # Invalid client IP, block by default
+        ip_allowed = False
+    
+    # If IP is allowed, pass through to origin
+    if ip_allowed:
+        return request
+    
+    # IP not allowed - redirect to maintenance site
+    if not maint_cf_host:
+        # Safety: if maintenance host not configured, pass through with warning
+        # In production, you might want to return a fixed error response instead
+        return request
+    
+    # Rewrite origin to maintenance CloudFront distribution
+    request['origin'] = {
+        'custom': {
+            'domainName': maint_cf_host,
+            'port': 443,
+            'protocol': 'https',
+            'path': '',
+            'sslProtocols': ['TLSv1.2'],
+            'readTimeout': 30,
+            'keepaliveTimeout': 5,
+            'customHeaders': {}
+        }
+    }
+    
+    # Update Host header to match new origin
+    request['headers']['host'] = [{
+        'key': 'Host',
+        'value': maint_cf_host
+    }]
+    
+    # Normalize URI - redirect directory requests to index.html
+    uri = request.get('uri', '/')
+    if uri.endswith('/'):
+        request['uri'] = uri + 'index.html'
+    elif '.' not in uri.split('/')[-1]:
+        # No file extension, likely a directory
+        request['uri'] = uri + '/index.html'
+    
+    return request

{cdk_factory-0.9.11 → cdk_factory-0.10.0}/src/cdk_factory/pipeline/pipeline_factory.py

@@ -403,6 +403,7 @@ class PipelineFactoryStack(IStack):
             relative_path = os.path.relpath(abs_output, abs_cwd)
             return relative_path
         except ValueError:
+            print(f"Failed to compute relative path from {abs_output} to {abs_cwd}")
             # Different drives on Windows or other edge case
             # Fall back to basename approach (just the directory name)
             return "cdk.out"