konokenj.cdk-api-mcp-server 0.28.0__py3-none-any.whl → 0.30.0__py3-none-any.whl

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codedeploy/integ.deployment-group.ts

@@ -1,62 +1,240 @@
-import * as path from 'path';
 import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch';
-import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as ecs from 'aws-cdk-lib/aws-ecs';
+import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
 import * as cdk from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
 import * as codedeploy from 'aws-cdk-lib/aws-codedeploy';
-import { STANDARD_NODEJS_RUNTIME } from '../../../config';
 
-const app = new cdk.App({
-  postCliContext: {
-    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
+/**
+ * Follow these instructions to manually test running a CodeDeploy deployment with the resources provisioned in this stack:
+ *
+ * 1. Deploy the stack:
+```
+$ cdk deploy --app 'node integ.deployment-group.js' aws-cdk-codedeploy-ecs-dg
+```
+ *
+ * 2. Create a file called `appspec.json` with the following contents, replacing the placeholders with output values from the deployed stack:
+```
+{
+  "version": 0.0,
+  "Resources": [
+    {
+      "TargetService": {
+        "Type": "AWS::ECS::Service",
+        "Properties": {
+          "TaskDefinition": "<PLACEHOLDER - NEW TASK DEFINITION>",
+          "LoadBalancerInfo": {
+            "ContainerName": "Container",
+            "ContainerPort": 80
+          },
+          "PlatformVersion": "LATEST",
+          "NetworkConfiguration": {
+            "awsvpcConfiguration": {
+              "subnets": [
+                "<PLACEHOLDER - SUBNET 1 ID>",
+                "<PLACEHOLDER - SUBNET 2 ID>",
+              ],
+              "securityGroups": [
+                "<PLACEHOLDER - SECURITY GROUP ID>"
+              ],
+              "assignPublicIp": "DISABLED"
+            }
+          }
+        }
+      }
+    }
+  ]
+}
+```
+ *
+ * 3. Start the deployment:
+```
+$ appspec=$(jq -R -s '.' < appspec.json | sed 's/\\n//g')
+$ aws deploy create-deployment \
+   --application-name <PLACEHOLDER - CODEDEPLOY APPLICATION NAME> \
+   --deployment-group-name <PLACEHOLDER - CODEDEPLOY DEPLOYMENT GROUP NAME> \
+   --description "AWS CDK integ test" \
+   --revision revisionType=AppSpecContent,appSpecContent={content="$appspec"}
+```
+ *
+ * 4. Wait for the deployment to complete successfully, providing the deployment ID from the previous step:
+```
+$ aws deploy wait deployment-successful --deployment-id <PLACEHOLDER - DEPLOYMENT ID>
+```
+ *
+ * 5. Destroy the stack:
+```
+$ cdk destroy --app 'node integ.deployment-group.js' aws-cdk-codedeploy-ecs-dg
+```
+ */
+
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'aws-cdk-codedeploy-ecs-dg');
+
+// Network infrastructure
+const vpc = new ec2.Vpc(stack, 'VPC', { maxAzs: 2, restrictDefaultSecurityGroup: false });
+
+// ECS service
+const cluster = new ecs.Cluster(stack, 'EcsCluster', {
+  vpc,
+});
+const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef');
+taskDefinition.addContainer('Container', {
+  image: ecs.ContainerImage.fromRegistry('public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest'),
+  portMappings: [{ containerPort: 80 }],
+});
+const service = new ecs.FargateService(stack, 'FargateService', {
+  cluster,
+  taskDefinition,
+  deploymentController: {
+    type: ecs.DeploymentControllerType.CODE_DEPLOY,
   },
 });
-const stack = new cdk.Stack(app, 'aws-cdk-codedeploy-lambda');
 
-const handler = new lambda.Function(stack, 'Handler', {
-  code: lambda.Code.fromAsset(path.join(__dirname, 'handler')),
-  handler: 'index.handler',
-  runtime: STANDARD_NODEJS_RUNTIME,
+// A second task definition for testing a CodeDeploy deployment of the ECS service to a new task definition
+const taskDefinition2 = new ecs.FargateTaskDefinition(stack, 'TaskDef2');
+taskDefinition2.addContainer('Container', {
+  image: ecs.ContainerImage.fromRegistry('public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest'),
+  portMappings: [{ containerPort: 80 }],
 });
-const version = handler.currentVersion;
-const blueGreenAlias = new lambda.Alias(stack, 'Alias', {
-  aliasName: 'alias',
-  version,
+service.node.addDependency(taskDefinition2);
+
+// Load balancer
+const loadBalancer = new elbv2.ApplicationLoadBalancer(stack, 'ServiceLB', {
+  vpc,
+  internetFacing: false,
 });
 
-const preHook = new lambda.Function(stack, 'PreHook', {
-  code: lambda.Code.fromAsset(path.join(__dirname, 'preHook')),
-  handler: 'index.handler',
-  runtime: STANDARD_NODEJS_RUNTIME,
+// Listeners
+const prodListener = loadBalancer.addListener('ProdListener', {
+  port: 80, // port for production traffic
+  protocol: elbv2.ApplicationProtocol.HTTP,
 });
-const postHook = new lambda.Function(stack, 'PostHook', {
-  code: lambda.Code.fromAsset(path.join(__dirname, 'postHook')),
-  handler: 'index.handler',
-  runtime: STANDARD_NODEJS_RUNTIME,
+const testListener = loadBalancer.addListener('TestListener', {
+  port: 9002, // port for testing
+  protocol: elbv2.ApplicationProtocol.HTTP,
 });
 
-new codedeploy.LambdaDeploymentGroup(stack, 'BlueGreenDeployment', {
-  alias: blueGreenAlias,
-  deploymentConfig: codedeploy.LambdaDeploymentConfig.LINEAR_10PERCENT_EVERY_1MINUTE,
-  alarms: [
-    new cloudwatch.Alarm(stack, 'BlueGreenErrors', {
-      comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
-      threshold: 1,
-      evaluationPeriods: 1,
-      metric: blueGreenAlias.metricErrors(),
+// Target groups
+const blueTG = prodListener.addTargets('BlueTG', {
+  port: 80,
+  protocol: elbv2.ApplicationProtocol.HTTP,
+  targets: [
+    service.loadBalancerTarget({
+      containerName: 'Container',
+      containerPort: 80,
     }),
   ],
-  preHook,
-  postHook,
+  deregistrationDelay: cdk.Duration.seconds(30),
+  healthCheck: {
+    interval: cdk.Duration.seconds(5),
+    healthyHttpCodes: '200',
+    healthyThresholdCount: 2,
+    unhealthyThresholdCount: 3,
+    timeout: cdk.Duration.seconds(4),
+  },
 });
 
-const secondAlias = new lambda.Alias(stack, 'SecondAlias', {
-  aliasName: 'secondAlias',
-  version,
+const greenTG = new elbv2.ApplicationTargetGroup(stack, 'GreenTG', {
+  vpc,
+  port: 80,
+  protocol: elbv2.ApplicationProtocol.HTTP,
+  targetType: elbv2.TargetType.IP,
+  deregistrationDelay: cdk.Duration.seconds(30),
+  healthCheck: {
+    interval: cdk.Duration.seconds(5),
+    healthyHttpCodes: '200',
+    healthyThresholdCount: 2,
+    unhealthyThresholdCount: 3,
+    timeout: cdk.Duration.seconds(4),
+  },
+});
+
+testListener.addTargetGroups('GreenTGTest', {
+  targetGroups: [greenTG],
 });
 
-new codedeploy.LambdaDeploymentGroup(stack, 'SecondDeployment', {
-  alias: secondAlias,
-  deploymentConfig: codedeploy.LambdaDeploymentConfig.CANARY_10PERCENT_5MINUTES,
+prodListener.node.addDependency(greenTG);
+testListener.node.addDependency(blueTG);
+service.node.addDependency(testListener);
+service.node.addDependency(greenTG);
+
+// Alarms: monitor 500s and unhealthy hosts on target groups
+const blueUnhealthyHosts = new cloudwatch.Alarm(stack, 'BlueUnhealthyHosts', {
+  alarmName: stack.stackName + '-Unhealthy-Hosts-Blue',
+  metric: blueTG.metricUnhealthyHostCount(),
+  threshold: 1,
+  evaluationPeriods: 2,
+});
+
+const blueApiFailure = new cloudwatch.Alarm(stack, 'Blue5xx', {
+  alarmName: stack.stackName + '-Http-500-Blue',
+  metric: blueTG.metricHttpCodeTarget(
+    elbv2.HttpCodeTarget.TARGET_5XX_COUNT,
+    { period: cdk.Duration.minutes(1) },
+  ),
+  threshold: 1,
+  evaluationPeriods: 1,
+});
+
+const greenUnhealthyHosts = new cloudwatch.Alarm(stack, 'GreenUnhealthyHosts', {
+  alarmName: stack.stackName + '-Unhealthy-Hosts-Green',
+  metric: greenTG.metricUnhealthyHostCount(),
+  threshold: 1,
+  evaluationPeriods: 2,
+});
+
+const greenApiFailure = new cloudwatch.Alarm(stack, 'Green5xx', {
+  alarmName: stack.stackName + '-Http-500-Green',
+  metric: greenTG.metricHttpCodeTarget(
+    elbv2.HttpCodeTarget.TARGET_5XX_COUNT,
+    { period: cdk.Duration.minutes(1) },
+  ),
+  threshold: 1,
+  evaluationPeriods: 1,
+});
+
+// Deployment group
+const deploymentConfig = new codedeploy.EcsDeploymentConfig(stack, 'CanaryConfig', {
+  trafficRouting: codedeploy.TrafficRouting.timeBasedCanary({
+    interval: cdk.Duration.minutes(1),
+    percentage: 20,
+  }),
+});
+
+const dg = new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', {
+  alarms: [
+    blueUnhealthyHosts,
+    blueApiFailure,
+    greenUnhealthyHosts,
+    greenApiFailure,
+  ],
+  service,
+  blueGreenDeploymentConfig: {
+    blueTargetGroup: blueTG,
+    greenTargetGroup: greenTG,
+    listener: prodListener,
+    testListener,
+    terminationWaitTime: cdk.Duration.minutes(1),
+  },
+  deploymentConfig,
+  autoRollback: {
+    stoppedDeployment: true,
+  },
+  ignoreAlarmConfiguration: true,
+});
+
+// Outputs to use for manual testing
+new cdk.CfnOutput(stack, 'NewTaskDefinition', { value: taskDefinition2.taskDefinitionArn });
+new cdk.CfnOutput(stack, 'Subnet1Id', { value: vpc.privateSubnets[0].subnetId });
+new cdk.CfnOutput(stack, 'Subnet2Id', { value: vpc.privateSubnets[1].subnetId });
+new cdk.CfnOutput(stack, 'SecurityGroupId', { value: service.connections.securityGroups[0].securityGroupId });
+new cdk.CfnOutput(stack, 'CodeDeployApplicationName', { value: dg.application.applicationName });
+new cdk.CfnOutput(stack, 'CodeDeployDeploymentGroupName', { value: dg.deploymentGroupName });
+
+new integ.IntegTest(app, 'EcsDeploymentGroupTest', {
+  testCases: [stack],
 });
 
 app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codepipeline-actions/integ.pipeline-elastic-beanstalk-deploy.ts

@@ -85,7 +85,7 @@ const beanstalkEnv = new elasticbeanstalk.CfnEnvironment(stack, 'beanstlk-env',
   applicationName: beanstalkApp.applicationName!,
   environmentName: 'codepipeline-test-env',
   // see https://docs.aws.amazon.com/elasticbeanstalk/latest/platforms/platforms-supported.html#platforms-supported.nodejs
-  solutionStackName: '64bit Amazon Linux 2023 v6.4.3 running Node.js 20',
+  solutionStackName: '64bit Amazon Linux 2023 v6.5.2 running Node.js 20',
   optionSettings: [
     {
       namespace: 'aws:autoscaling:launchconfiguration',

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/README.md

@@ -1281,6 +1281,19 @@ endpoint.addRoute('Route', {
 
 Use the `connections` object of the endpoint to allow traffic to other security groups.
 
+To enable [client route enforcement](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-cre.html), configure the `clientRouteEnforcementOptions.enforced` prop to `true`:
+
+```ts fixture=client-vpn
+const endpoint = vpc.addClientVpnEndpoint('Endpoint', {
+  cidr: '10.100.0.0/16',
+  serverCertificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/server-certificate-id',
+  clientCertificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/client-certificate-id',
+  clientRouteEnforcementOptions: {
+    enforced: true,
+  },
+});
+```
+
 ## Instances
 
 You can use the `Instance` class to start up a single EC2 instance. For production setups, we recommend

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/integ.client-vpn-endpoint-client-route-enforcement.ts

@@ -0,0 +1,68 @@
+import { App, RemovalPolicy, Stack, StackProps, UnscopedValidationError } from 'aws-cdk-lib';
+import * as acm from 'aws-cdk-lib/aws-certificatemanager';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as logs from 'aws-cdk-lib/aws-logs';
+import * as route53 from 'aws-cdk-lib/aws-route53';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { Construct } from 'constructs';
+
+/**
+ * In order to test this you need to have a valid public hosted zone that you can use
+ * to validate the domain identity.
+ */
+const hostedZoneId = process.env.CDK_INTEG_HOSTED_ZONE_ID ?? process.env.HOSTED_ZONE_ID;
+if (!hostedZoneId) throw new UnscopedValidationError('For this test you must provide your own HostedZoneId as an env var "HOSTED_ZONE_ID". See framework-integ/README.md for details.');
+const hostedZoneName = process.env.CDK_INTEG_HOSTED_ZONE_NAME ?? process.env.HOSTED_ZONE_NAME;
+if (!hostedZoneName) throw new UnscopedValidationError('For this test you must provide your own HostedZoneName as an env var "HOSTED_ZONE_NAME". See framework-integ/README.md for details.');
+
+interface TestStackProps extends StackProps {
+  hostedZoneId: string;
+  hostedZoneName: string;
+}
+
+class TestStack extends Stack {
+  constructor(scope: Construct, id: string, props: TestStackProps) {
+    super(scope, id, props);
+
+    const hostedZone = route53.PublicHostedZone.fromHostedZoneAttributes(this, 'HostedZone', {
+      hostedZoneId: props.hostedZoneId,
+      zoneName: props.hostedZoneName,
+    });
+
+    const serverCertificate = new acm.Certificate(this, 'Certificate', {
+      domainName: `server.${props.hostedZoneName}`,
+      validation: acm.CertificateValidation.fromDns(hostedZone),
+    });
+    const clientCertificate = new acm.Certificate(this, 'ClientCertificate', {
+      domainName: `client.${props.hostedZoneName}`,
+      validation: acm.CertificateValidation.fromDns(hostedZone),
+    });
+
+    const vpc = new ec2.Vpc(this, 'Vpc', { maxAzs: 2, natGateways: 0 });
+
+    const logGroup = new logs.LogGroup(this, 'LogGroup', {
+      removalPolicy: RemovalPolicy.DESTROY,
+    });
+
+    vpc.addClientVpnEndpoint('Endpoint', {
+      cidr: '10.100.0.0/16',
+      serverCertificateArn: serverCertificate.certificateArn,
+      clientCertificateArn: clientCertificate.certificateArn,
+      logGroup,
+      clientRouteEnforcementOptions: {
+        enforced: true,
+      },
+    });
+  }
+}
+
+const app = new App();
+new IntegTest(app, 'client-vpn-endpoint-integ', {
+  testCases: [
+    new TestStack(app, 'client-vpn-endpoint-stack', {
+      hostedZoneId,
+      hostedZoneName,
+    }),
+  ],
+  stackUpdateWorkflow: false,
+});