konokenj.cdk-api-mcp-server 0.30.0__py3-none-any.whl → 0.32.0__py3-none-any.whl

cdk_api_mcp_server/__about__.py

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2025-present Kenji Kono <konoken@amazon.co.jp>
 #
 # SPDX-License-Identifier: MIT
-__version__ = "0.30.0"
+__version__ = "0.32.0"

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-lambda-python-alpha/README.md

@@ -65,22 +65,23 @@ new python.PythonFunction(this, 'MyFunction', {
 
 ## Packaging
 
-If `requirements.txt`, `Pipfile` or `poetry.lock` exists at the entry path, the construct will handle installing all required modules in a [Lambda compatible Docker container](https://gallery.ecr.aws/sam/build-python3.7) according to the `runtime` and with the Docker platform based on the target architecture of the Lambda function.
+If `requirements.txt`, `Pipfile`, `uv.lock` or `poetry.lock` exists at the entry path, the construct will handle installing all required modules in a [Lambda compatible Docker container](https://gallery.ecr.aws/sam/build-python3.13) according to the `runtime` and with the Docker platform based on the target architecture of the Lambda function.
 
 Python bundles are only recreated and published when a file in a source directory has changed.
 Therefore (and as a general best-practice), it is highly recommended to commit a lockfile with a
 list of all transitive dependencies and their exact versions. This will ensure that when any dependency version is updated, the bundle asset is recreated and uploaded.
 
-To that end, we recommend using [`pipenv`] or [`poetry`] which have lockfile support.
+To that end, we recommend using [`pipenv`], [`uv`] or [`poetry`] which have lockfile support.
 
 - [`pipenv`](https://pipenv-fork.readthedocs.io/en/latest/basics.html#example-pipfile-lock)
 - [`poetry`](https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control)
+- [`uv`](https://docs.astral.sh/uv/concepts/projects/sync/#exporting-the-lockfile)
 
 Packaging is executed using the `Packaging` class, which:
 
 1. Infers the packaging type based on the files present.
-2. If it sees a `Pipfile` or a `poetry.lock` file, it exports it to a compatible `requirements.txt` file with credentials (if they're available in the source files or in the bundling container).
-3. Installs dependencies using `pip`.
+2. If it sees a `Pipfile`, `uv.lock` or a `poetry.lock` file, it exports it to a compatible `requirements.txt` file with credentials (if they're available in the source files or in the bundling container).
+3. Installs dependencies using `pip` or `uv`.
 4. Copies the dependencies into an asset that is bundled for the Lambda package.
 
 **Lambda with a requirements.txt**
@@ -109,6 +110,18 @@ Packaging is executed using the `Packaging` class, which:
 ├── poetry.lock # your poetry lock file has to be present at the entry path
 ```
 
+**Lambda with a uv.lock**
+
+Reference: https://docs.astral.sh/uv/concepts/projects/layout/
+
+```plaintext
+.
+├── lambda_function.py # exports a function named 'handler'
+├── pyproject.toml # your poetry project definition
+├── uv.lock # your uv lock file has to be present at the entry path
+├── .python-version # this file is ignored, python version is configured via Runtime
+```
+
 **Excluding source files**
 
 You can exclude files from being copied using the optional bundling string array parameter `assetExcludes`:

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudwatch/README.md

@@ -53,6 +53,39 @@ const metric = new cloudwatch.Metric({
 });
 ```
 
+### Metric ID
+
+Metrics can be assigned a unique identifier using the `id` property. This is
+useful when referencing metrics in math expressions:
+
+```ts
+const metric = new cloudwatch.Metric({
+  namespace: 'AWS/Lambda',
+  metricName: 'Invocations',
+  dimensionsMap: {
+    FunctionName: 'MyFunction'
+  },
+  id: 'invocations'
+});
+```
+
+The `id` must start with a lowercase letter and can only contain letters, numbers, and underscores.
+
+### Metric Visible
+Metrics can be hidden from dashboard graphs using the `visible` property:
+
+```ts
+declare const fn: lambda.Function;
+
+const metric = fn.metricErrors({
+  visible: false
+});
+```
+
+By default, all metrics are visible (`visible: true`). Setting `visible: false`
+hides the metric from dashboard visualizations while still allowing it to be
+used in math expressions given that it has an `id` set to it.
+
 ### Metric Math
 
 Math expressions are supported by instantiating the `MathExpression` class.
@@ -86,6 +119,31 @@ const problemPercentage = new cloudwatch.MathExpression({
 });
 ```
 
+### Metric ID Usage in Math Expressions
+
+When metrics have custom IDs, you can reference them directly in math expressions.
+
+```ts
+declare const fn: lambda.Function;
+
+const invocations = fn.metricInvocations({
+  id: 'lambda_invocations',
+});
+
+const errors = fn.metricErrors({
+  id: 'lambda_errors',
+});
+```
+
+When metrics have predefined IDs, they can be referenced directly in math expressions by their ID without requiring the `usingMetrics` property.
+
+```ts
+const errorRate = new cloudwatch.MathExpression({
+  expression: 'lambda_errors / lambda_invocations * 100',
+  label: 'Error Rate (%)',
+});
+```
+
 ### Search Expressions
 
 Math expressions also support search expressions. For example, the following

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudwatch/integ.dashboard-with-metric-id-and-visible.ts

@@ -0,0 +1,70 @@
+import { App, Stack, StackProps } from 'aws-cdk-lib';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { Dashboard, Metric, GraphWidget, MathExpression } from 'aws-cdk-lib/aws-cloudwatch';
+
+class DashboardWithMetricIdAndVisibleIntegrationTest extends Stack {
+  constructor(scope: App, id: string, props?: StackProps) {
+    super(scope, id, props);
+
+    const dashboard = new Dashboard(this, 'Dash');
+
+    const lambdaInvocations = new Metric({
+      namespace: 'AWS/Lambda',
+      metricName: 'Invocations',
+      dimensionsMap: { FunctionName: 'test-function' },
+      label: 'Lambda Invocations',
+      id: 'lambda_invocations',
+      visible: true,
+    });
+
+    const lambdaErrors = new Metric({
+      namespace: 'AWS/Lambda',
+      metricName: 'Errors',
+      dimensionsMap: { FunctionName: 'test-function' },
+      label: 'Lambda Errors (Hidden for calculation)',
+      id: 'lambda_errors',
+      visible: false,
+    });
+
+    const lambdaDuration = new Metric({
+      namespace: 'AWS/Lambda',
+      metricName: 'Duration',
+      dimensionsMap: { FunctionName: 'test-function' },
+      label: 'Lambda Duration',
+      id: 'lambda_duration',
+      visible: true,
+    });
+
+    const lambdaThrottles = new Metric({
+      namespace: 'AWS/Lambda',
+      metricName: 'Throttles',
+      dimensionsMap: { FunctionName: 'test-function' },
+      label: 'Lambda Throttles (Hidden)',
+      id: 'lambda_throttles',
+      visible: false,
+    });
+
+    const errorRate = new MathExpression({
+      expression: 'lambda_errors / lambda_invocations * 100',
+      label: 'Error Rate (%)',
+    });
+
+    const widget = new GraphWidget({
+      title: 'Lambda Metrics with ID and Visible Properties',
+      left: [
+        lambdaInvocations,
+        lambdaErrors,
+        lambdaDuration,
+        lambdaThrottles,
+        errorRate,
+      ],
+    });
+
+    dashboard.addWidgets(widget);
+  }
+}
+
+const app = new App();
+new IntegTest(app, 'cdk-integ-dashboard-with-metric-id-and-visible', {
+  testCases: [new DashboardWithMetricIdAndVisibleIntegrationTest(app, 'DashboardWithMetricIdAndVisibleIntegrationTest')],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecr-assets/integ.assets-docker.ts

@@ -46,6 +46,10 @@ const asset8 = new assets.DockerImageAsset(stack, 'DockerImage8', {
   cacheDisabled: true,
 });
 
+const asset9 = new assets.DockerImageAsset(stack, 'DockerImage9', {
+  directory: path.join(__dirname, 'demo-image-dockerignore'),
+});
+
 const user = new iam.User(stack, 'MyUser');
 asset.repository.grantPull(user);
 asset2.repository.grantPull(user);
@@ -55,6 +59,7 @@ asset5.repository.grantPull(user);
 asset6.repository.grantPull(user);
 asset7.repository.grantPull(user);
 asset8.repository.grantPull(user);
+asset9.repository.grantPull(user);
 
 new cdk.CfnOutput(stack, 'ImageUri', { value: asset.imageUri });
 new cdk.CfnOutput(stack, 'ImageUri2', { value: asset2.imageUri });
@@ -64,5 +69,6 @@ new cdk.CfnOutput(stack, 'ImageUri5', { value: asset5.imageUri });
 new cdk.CfnOutput(stack, 'ImageUri6', { value: asset6.imageUri });
 new cdk.CfnOutput(stack, 'ImageUri7', { value: asset7.imageUri });
 new cdk.CfnOutput(stack, 'ImageUri8', { value: asset8.imageUri });
+new cdk.CfnOutput(stack, 'ImageUri9', { value: asset9.imageUri });
 
 app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-iam/integ.custom-permissions-boundary-aspect.ts

@@ -0,0 +1,50 @@
+/**
+ * This integration test tests the case of a customer setting a permissions boundary using a custom aspect,
+ * then trying to override at a more specific level using the PermissionsBoundary.of() API.
+ *
+ * Overriding should work.
+ */
+import { App, Stack, IAspect, Aspects } from 'aws-cdk-lib';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { CfnRole, ManagedPolicy, PermissionsBoundary, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam';
+import { IConstruct } from 'constructs';
+
+class CustomAspect implements IAspect {
+  public visit(node: IConstruct): void {
+    if (node instanceof CfnRole) {
+      node.addPropertyOverride('PermissionsBoundary', 'arn:aws:iam::aws:policy/ReadOnlyAccess');
+    }
+  }
+}
+
+const app = new App({
+  postCliContext: {
+    // Force the intended behavior, from before we found this bug
+    '@aws-cdk/core:aspectPrioritiesMutating': false,
+  },
+});
+
+const stack = new Stack(app, 'integ-permissions-boundary', {
+  env: {
+    account: process.env.CDK_INTEG_ACCOUNT ?? process.env.CDK_DEFAULT_ACCOUNT,
+    region: process.env.CDK_INTEG_REGION ?? process.env.CDK_DEFAULT_REGION,
+  },
+});
+
+Aspects.of(stack).add(new CustomAspect());
+
+new Role(stack, 'NormalRole', {
+  assumedBy: new ServicePrincipal('sqs.amazonaws.com'),
+});
+
+const powerRole = new Role(stack, 'PowerRole', {
+  assumedBy: new ServicePrincipal('sqs.amazonaws.com'),
+});
+
+PermissionsBoundary.of(powerRole).apply(ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'));
+
+new IntegTest(app, 'integ-test', {
+  testCases: [stack],
+});
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/README.md

@@ -1605,6 +1605,25 @@ const dbFromLookup = rds.DatabaseInstance.fromLookup(this, 'dbFromLookup', {
 dbFromLookup.grantConnect(myUserRole, 'my-user-id');
 ```
 
+## Importing existing DatabaseCluster
+
+### Lookup DatabaseCluster by clusterIdentifier
+
+You can lookup an existing DatabaseCluster by its clusterIdentifier using `DatabaseCluster.fromLookup()`. This method returns an `IDatabaseCluster`.
+
+Here's how `DatabaseCluster.fromLookup()` can be used:
+
+```ts
+declare const myUserRole: iam.Role;
+
+const clusterFromLookup = rds.DatabaseCluster.fromLookup(this, 'ClusterFromLookup', {
+  clusterIdentifier: 'my-cluster-id',
+});
+
+// Grant a connection
+clusterFromLookup.grantConnect(myUserRole, 'my-user-id');
+```
+
 ## Limitless Database Cluster
 
 Amazon Aurora [PostgreSQL Limitless Database](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/limitless.html) provides automated horizontal scaling to process millions of write transactions per second and manages petabytes of data while maintaining the simplicity of operating inside a single database.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster-lookup.ts

@@ -0,0 +1,100 @@
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { App, CfnOutput, Stack } from 'aws-cdk-lib';
+import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as rds from 'aws-cdk-lib/aws-rds';
+
+const app = new App();
+const clusterIdentifier = 'test-cluster-lookup';
+
+const stackLookup = new Stack(app, 'aws-cdk-rds-cluster-lookup', {
+  env: {
+    account: process.env.CDK_INTEG_ACCOUNT ?? process.env.CDK_DEFAULT_ACCOUNT,
+    region: process.env.CDK_INTEG_REGION ?? process.env.CDK_DEFAULT_REGION,
+  },
+});
+
+// Lookup the existing cluster created by the preDeploy hook
+const lookedUpCluster = rds.DatabaseCluster.fromLookup(stackLookup, 'LookedUpCluster', {
+  clusterIdentifier,
+});
+
+new CfnOutput(stackLookup, 'LookedUpClusterEndpoint', {
+  value: lookedUpCluster.clusterEndpoint.socketAddress,
+});
+
+new CfnOutput(stackLookup, 'LookedUpClusterReadEndpoint', {
+  value: lookedUpCluster.clusterReadEndpoint.socketAddress,
+});
+
+new CfnOutput(stackLookup, 'LookedUpClusterIdentifier', {
+  value: lookedUpCluster.clusterIdentifier,
+});
+
+new CfnOutput(stackLookup, 'LookedUpClusterResourceIdentifier', {
+  value: lookedUpCluster.clusterResourceIdentifier,
+});
+
+new CfnOutput(stackLookup, 'LookedUpClusterArn', {
+  value: lookedUpCluster.clusterArn,
+});
+
+new CfnOutput(stackLookup, 'SecurityGroupIds', {
+  value: lookedUpCluster.connections.securityGroups.map(sg => sg.securityGroupId).join(','),
+});
+
+// test grant
+const dbAccessRole = new iam.Role(stackLookup, 'DbAccessRole', {
+  assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
+  description: 'Role for accessing the Aurora cluster via IAM authentication',
+});
+
+lookedUpCluster.grantConnect(dbAccessRole, 'admin');
+lookedUpCluster.grantDataApiAccess(dbAccessRole);
+
+// test metric
+lookedUpCluster.metricDatabaseConnections().createAlarm(stackLookup, 'HighConnectionsAlarm', {
+  threshold: 100,
+  evaluationPeriods: 3,
+  alarmDescription: 'Database has high number of connections',
+  comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+});
+
+lookedUpCluster.metricCPUUtilization().createAlarm(stackLookup, 'HighCPUAlarm', {
+  threshold: 90,
+  evaluationPeriods: 3,
+  alarmDescription: 'Database CPU utilization is high',
+  comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+});
+
+lookedUpCluster.metricFreeableMemory().createAlarm(stackLookup, 'LowMemoryAlarm', {
+  threshold: 100 * 1024 * 1024,
+  evaluationPeriods: 3,
+  alarmDescription: 'Database is running low on memory',
+  comparisonOperator: cloudwatch.ComparisonOperator.LESS_THAN_THRESHOLD,
+});
+
+lookedUpCluster.metricDeadlocks().createAlarm(stackLookup, 'DeadlockAlarm', {
+  threshold: 5,
+  evaluationPeriods: 2,
+  alarmDescription: 'Database has deadlocks',
+  comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+});
+
+new IntegTest(app, 'integ-rds-cluster-from-lookup', {
+  testCases: [stackLookup],
+  enableLookups: true,
+  stackUpdateWorkflow: false,
+  // Create Aurora cluster before the test and delete it after
+  hooks: {
+    preDeploy: [
+      `aws rds create-db-cluster --db-cluster-identifier ${clusterIdentifier} --engine aurora-mysql --engine-version 8.0.mysql_aurora.3.09.0 --master-username admin --master-user-password Admin1234 --enable-http-endpoint --enable-iam-database-authentication --region us-east-1`,
+      `aws rds create-db-instance --db-instance-identifier ${clusterIdentifier}-instance --db-cluster-identifier ${clusterIdentifier} --engine aurora-mysql --db-instance-class db.r5.large --region us-east-1`,
+      `aws rds wait db-instance-available --db-instance-identifier ${clusterIdentifier}-instance --region us-east-1`,
+    ],
+    postDeploy: [
+      `aws rds delete-db-instance --db-instance-identifier ${clusterIdentifier}-instance --skip-final-snapshot --region us-east-1`,
+      `aws rds delete-db-cluster --db-cluster-identifier ${clusterIdentifier} --skip-final-snapshot --region us-east-1`,
+    ],
+  },
+});