konokenj.cdk-api-mcp-server 0.31.0__py3-none-any.whl → 0.33.0__py3-none-any.whl

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events/integ.api-destination.ts

@@ -0,0 +1,42 @@
+import { App, CfnOutput, SecretValue, Stack } from 'aws-cdk-lib';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import * as events from 'aws-cdk-lib/aws-events';
+import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
+
+const app = new App();
+
+const stack = new Stack(app, 'events-api-destination-stack');
+
+const secret = new secretsmanager.Secret(stack, 'Secret', {
+  secretStringValue: SecretValue.unsafePlainText('abc123'),
+});
+
+const connection = new events.Connection(stack, 'Connection', {
+  authorization: events.Authorization.apiKey('x-api-key', secret.secretValue),
+  description: 'Connection with API Key x-api-key',
+  connectionName: 'MyConnection',
+});
+
+const destination = new events.ApiDestination(stack, 'Destination', {
+  connection,
+  endpoint: 'https://httpbin.org/headers',
+  httpMethod: events.HttpMethod.GET,
+  apiDestinationName: 'MyDestination',
+  rateLimitPerSecond: 1,
+  description: 'Calling example.com with API key x-api-key',
+});
+
+// arn:aws:events:{region}:{account}:api-destination/{destination-name}/11111111-1111-1111-1111-111111111111
+new CfnOutput(stack, 'DestinationArn', {
+  value: destination.apiDestinationArn,
+  description: 'The ARN of the API destination',
+});
+// arn:aws:events:{region}:{account}:api-destination/{destination-name}
+new CfnOutput(stack, 'DestinationArnForPolicy', {
+  value: destination.apiDestinationArnForPolicy || '',
+  description: 'The ARN of the API destination in resource format',
+});
+
+new IntegTest(app, 'events-api-destination-integ', {
+  testCases: [stack],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/README.md

@@ -369,11 +369,16 @@ const connection = events.Connection.fromEventBusArn(
   'arn:aws:secretsmanager:us-east-1:123456789012:secret:SecretName-f3gDy9',
 );
 
-const apiDestinationArn = 'arn:aws:events:us-east-1:123456789012:api-destination/DestinationName';
+const apiDestinationArn = 'arn:aws:events:us-east-1:123456789012:api-destination/DestinationName/11111111-1111-1111-1111-111111111111';
+const apiDestinationArnForPolicy = 'arn:aws:events:us-east-1:123456789012:api-destination/DestinationName';
 const destination = events.ApiDestination.fromApiDestinationAttributes(
   this,
   'Destination',
-  { apiDestinationArn, connection },
+  {
+    apiDestinationArn,
+    connection,
+    apiDestinationArnForPolicy // optional
+  },
 );
 
 const rule = new events.Rule(this, 'OtherRule', {

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-iam/integ.custom-permissions-boundary-aspect.ts

@@ -0,0 +1,50 @@
+/**
+ * This integration test tests the case of a customer setting a permissions boundary using a custom aspect,
+ * then trying to override at a more specific level using the PermissionsBoundary.of() API.
+ *
+ * Overriding should work.
+ */
+import { App, Stack, IAspect, Aspects } from 'aws-cdk-lib';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { CfnRole, ManagedPolicy, PermissionsBoundary, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam';
+import { IConstruct } from 'constructs';
+
+class CustomAspect implements IAspect {
+  public visit(node: IConstruct): void {
+    if (node instanceof CfnRole) {
+      node.addPropertyOverride('PermissionsBoundary', 'arn:aws:iam::aws:policy/ReadOnlyAccess');
+    }
+  }
+}
+
+const app = new App({
+  postCliContext: {
+    // Force the intended behavior, from before we found this bug
+    '@aws-cdk/core:aspectPrioritiesMutating': false,
+  },
+});
+
+const stack = new Stack(app, 'integ-permissions-boundary', {
+  env: {
+    account: process.env.CDK_INTEG_ACCOUNT ?? process.env.CDK_DEFAULT_ACCOUNT,
+    region: process.env.CDK_INTEG_REGION ?? process.env.CDK_DEFAULT_REGION,
+  },
+});
+
+Aspects.of(stack).add(new CustomAspect());
+
+new Role(stack, 'NormalRole', {
+  assumedBy: new ServicePrincipal('sqs.amazonaws.com'),
+});
+
+const powerRole = new Role(stack, 'PowerRole', {
+  assumedBy: new ServicePrincipal('sqs.amazonaws.com'),
+});
+
+PermissionsBoundary.of(powerRole).apply(ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'));
+
+new IntegTest(app, 'integ-test', {
+  testCases: [stack],
+});
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/README.md

@@ -102,10 +102,13 @@ will be used for files successfully delivered to S3. `errorOutputPrefix` will be
 failed records before writing them to S3.
 
 ```ts
+import { TimeZone } from 'aws-cdk-lib';
 declare const bucket: s3.Bucket;
 const s3Destination = new firehose.S3Bucket(bucket, {
   dataOutputPrefix: 'myFirehose/DeliveredYear=!{timestamp:yyyy}/anyMonth/rand=!{firehose:random-string}',
   errorOutputPrefix: 'myFirehoseFailures/!{firehose:error-output-type}/!{timestamp:yyyy}/anyMonth/!{timestamp:dd}',
+  // The time zone of timestamps (default UTC)
+  timeZone: TimeZone.ASIA_TOKYO,
 });
 ```
 

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/integ.s3-bucket.lit.ts

@@ -56,6 +56,7 @@ const deliveryStream = new firehose.DeliveryStream(stack, 'DeliveryStream', {
     dataOutputPrefix: 'regularPrefix',
     errorOutputPrefix: 'errorPrefix',
     fileExtension: '.log.gz',
+    timeZone: cdk.TimeZone.ASIA_TOKYO,
     bufferingInterval: cdk.Duration.seconds(60),
     bufferingSize: cdk.Size.mebibytes(1),
     encryptionKey: key,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.lambda-policy-with-token-resolution.ts

@@ -0,0 +1,46 @@
+import * as cdk from 'aws-cdk-lib';
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+
+const app = new cdk.App({
+  postCliContext: {
+    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
+  },
+});
+const stack = new cdk.Stack(app, 'stack');
+
+const mappingName = 'testmapping';
+const mapping = new cdk.CfnMapping(stack, 'testmapping', {
+  mapping: {
+    us: {
+      regionalModels:
+        'arn:aws:bedrock:us-west-2::foundation-model/amazon.nova-lite-v1:0',
+    },
+  },
+});
+mapping.overrideLogicalId(mappingName);
+
+const func = new lambda.Function(stack, 'test-function', {
+  code: new lambda.InlineCode('exports.handler = async (event) => { console.log(event); return {\'statusCode\': 200, \'body\': \'\'}; }'),
+  runtime: lambda.Runtime.NODEJS_20_X,
+  handler: 'index.handler',
+});
+
+// Literal resources in statement
+func.addToRolePolicy(new iam.PolicyStatement({
+  actions: ['bedrock:Invoke*'],
+  resources: [
+    '*',
+  ],
+}));
+
+// Array token resources in statement
+func.addToRolePolicy(new iam.PolicyStatement({
+  actions: ['bedrock:Invoke*'],
+  resources: cdk.Fn.split(',', cdk.Fn.findInMap(mappingName, 'us', 'regionalModels')),
+}));
+
+new integ.IntegTest(app, 'lambda-policy-with-token-resolution', {
+  testCases: [stack],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/README.md

@@ -1605,6 +1605,25 @@ const dbFromLookup = rds.DatabaseInstance.fromLookup(this, 'dbFromLookup', {
 dbFromLookup.grantConnect(myUserRole, 'my-user-id');
 ```
 
+## Importing existing DatabaseCluster
+
+### Lookup DatabaseCluster by clusterIdentifier
+
+You can lookup an existing DatabaseCluster by its clusterIdentifier using `DatabaseCluster.fromLookup()`. This method returns an `IDatabaseCluster`.
+
+Here's how `DatabaseCluster.fromLookup()` can be used:
+
+```ts
+declare const myUserRole: iam.Role;
+
+const clusterFromLookup = rds.DatabaseCluster.fromLookup(this, 'ClusterFromLookup', {
+  clusterIdentifier: 'my-cluster-id',
+});
+
+// Grant a connection
+clusterFromLookup.grantConnect(myUserRole, 'my-user-id');
+```
+
 ## Limitless Database Cluster
 
 Amazon Aurora [PostgreSQL Limitless Database](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/limitless.html) provides automated horizontal scaling to process millions of write transactions per second and manages petabytes of data while maintaining the simplicity of operating inside a single database.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster-lookup.ts

@@ -0,0 +1,100 @@
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { App, CfnOutput, Stack } from 'aws-cdk-lib';
+import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as rds from 'aws-cdk-lib/aws-rds';
+
+const app = new App();
+const clusterIdentifier = 'test-cluster-lookup';
+
+const stackLookup = new Stack(app, 'aws-cdk-rds-cluster-lookup', {
+  env: {
+    account: process.env.CDK_INTEG_ACCOUNT ?? process.env.CDK_DEFAULT_ACCOUNT,
+    region: process.env.CDK_INTEG_REGION ?? process.env.CDK_DEFAULT_REGION,
+  },
+});
+
+// Lookup the existing cluster created by the preDeploy hook
+const lookedUpCluster = rds.DatabaseCluster.fromLookup(stackLookup, 'LookedUpCluster', {
+  clusterIdentifier,
+});
+
+new CfnOutput(stackLookup, 'LookedUpClusterEndpoint', {
+  value: lookedUpCluster.clusterEndpoint.socketAddress,
+});
+
+new CfnOutput(stackLookup, 'LookedUpClusterReadEndpoint', {
+  value: lookedUpCluster.clusterReadEndpoint.socketAddress,
+});
+
+new CfnOutput(stackLookup, 'LookedUpClusterIdentifier', {
+  value: lookedUpCluster.clusterIdentifier,
+});
+
+new CfnOutput(stackLookup, 'LookedUpClusterResourceIdentifier', {
+  value: lookedUpCluster.clusterResourceIdentifier,
+});
+
+new CfnOutput(stackLookup, 'LookedUpClusterArn', {
+  value: lookedUpCluster.clusterArn,
+});
+
+new CfnOutput(stackLookup, 'SecurityGroupIds', {
+  value: lookedUpCluster.connections.securityGroups.map(sg => sg.securityGroupId).join(','),
+});
+
+// test grant
+const dbAccessRole = new iam.Role(stackLookup, 'DbAccessRole', {
+  assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
+  description: 'Role for accessing the Aurora cluster via IAM authentication',
+});
+
+lookedUpCluster.grantConnect(dbAccessRole, 'admin');
+lookedUpCluster.grantDataApiAccess(dbAccessRole);
+
+// test metric
+lookedUpCluster.metricDatabaseConnections().createAlarm(stackLookup, 'HighConnectionsAlarm', {
+  threshold: 100,
+  evaluationPeriods: 3,
+  alarmDescription: 'Database has high number of connections',
+  comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+});
+
+lookedUpCluster.metricCPUUtilization().createAlarm(stackLookup, 'HighCPUAlarm', {
+  threshold: 90,
+  evaluationPeriods: 3,
+  alarmDescription: 'Database CPU utilization is high',
+  comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+});
+
+lookedUpCluster.metricFreeableMemory().createAlarm(stackLookup, 'LowMemoryAlarm', {
+  threshold: 100 * 1024 * 1024,
+  evaluationPeriods: 3,
+  alarmDescription: 'Database is running low on memory',
+  comparisonOperator: cloudwatch.ComparisonOperator.LESS_THAN_THRESHOLD,
+});
+
+lookedUpCluster.metricDeadlocks().createAlarm(stackLookup, 'DeadlockAlarm', {
+  threshold: 5,
+  evaluationPeriods: 2,
+  alarmDescription: 'Database has deadlocks',
+  comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+});
+
+new IntegTest(app, 'integ-rds-cluster-from-lookup', {
+  testCases: [stackLookup],
+  enableLookups: true,
+  stackUpdateWorkflow: false,
+  // Create Aurora cluster before the test and delete it after
+  hooks: {
+    preDeploy: [
+      `aws rds create-db-cluster --db-cluster-identifier ${clusterIdentifier} --engine aurora-mysql --engine-version 8.0.mysql_aurora.3.09.0 --master-username admin --master-user-password Admin1234 --enable-http-endpoint --enable-iam-database-authentication --region us-east-1`,
+      `aws rds create-db-instance --db-instance-identifier ${clusterIdentifier}-instance --db-cluster-identifier ${clusterIdentifier} --engine aurora-mysql --db-instance-class db.r5.large --region us-east-1`,
+      `aws rds wait db-instance-available --db-instance-identifier ${clusterIdentifier}-instance --region us-east-1`,
+    ],
+    postDeploy: [
+      `aws rds delete-db-instance --db-instance-identifier ${clusterIdentifier}-instance --skip-final-snapshot --region us-east-1`,
+      `aws rds delete-db-cluster --db-cluster-identifier ${clusterIdentifier} --skip-final-snapshot --region us-east-1`,
+    ],
+  },
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53-targets/integ.elastic-beanstalk-hostedzoneid.ts

@@ -6,7 +6,7 @@ import * as targets from 'aws-cdk-lib/aws-route53-targets';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 import * as elasticbeanstalk from 'aws-cdk-lib/aws-elasticbeanstalk';
 import * as custom from 'aws-cdk-lib/custom-resources';
-import { RegionInfo } from 'aws-cdk-lib/region-info';
+import { RegionInfo } from '@aws-cdk/region-info';
 
 const app = new App({
   postCliContext: {

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.invoke-jsonata.ts

@@ -1,112 +1,119 @@
-import * as path from 'path';
-import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
-import * as cdk from 'aws-cdk-lib';
-import * as apigateway from 'aws-cdk-lib/aws-apigateway';
-import * as events from 'aws-cdk-lib/aws-events';
+import { Code, Function } from 'aws-cdk-lib/aws-lambda';
 import * as sfn from 'aws-cdk-lib/aws-stepfunctions';
-import * as lambda from 'aws-cdk-lib/aws-lambda-nodejs';
-import * as tasks from 'aws-cdk-lib/aws-stepfunctions-tasks';
-import { password, username } from './my-lambda-handler';
+import * as cdk from 'aws-cdk-lib';
+import { LambdaInvoke } from 'aws-cdk-lib/aws-stepfunctions-tasks';
+import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
+import { STANDARD_NODEJS_RUNTIME } from '../../../config';
 
 /*
- * Creates an API Gateway instance with a GET method and mock integration,
- * secured with basic auth. It then creates a matching Connection and uses it
- * in a state machine with a task state to invoke the endpoint.
+ * Creates a state machine with a task state to invoke a Lambda function
+ * The state machine creates a couple of Lambdas that pass results forward
+ * and into a Choice state that validates the output.
+ *
+ * Stack verification steps:
+ * The generated State Machine can be executed from the CLI (or Step Functions console)
+ * and runs with an execution status of `Succeeded`.
  *
- * Stack verification steps :
- * * aws stepfunctions start-execution --state-machine-arn <deployed state machine arn> : should return execution arn
- * * aws stepfunctions describe-execution --execution-arn <execution-arn generated before> : should return status as SUCCEEDED
+ * -- aws stepfunctions start-execution --state-machine-arn <state-machine-arn-from-output> provides execution arn
+ * -- aws stepfunctions describe-execution --execution-arn <state-machine-arn-from-output> returns a status of `Succeeded`
  */
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
   },
 });
-const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-http-invoke-integ');
+const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-lambda-invoke-jsonata-integ');
 
-const authorizerHandler = new lambda.NodejsFunction(stack, 'AuthorizerHandler', {
-  entry: path.resolve(__dirname, 'my-lambda-handler', 'index.ts'),
-  handler: 'handler',
+const submitJobLambda = new Function(stack, 'submitJobLambda', {
+  code: Code.fromInline(`exports.handler = async (event, context) => {
+        return {
+          statusCode: '200',
+          body: 'hello, world!',
+          ...event,
+        };
+      };`),
+  runtime: STANDARD_NODEJS_RUNTIME,
+  handler: 'index.handler',
 });
 
-const authorizer = new apigateway.TokenAuthorizer(stack, 'Authorizer', {
-  handler: authorizerHandler,
-  identitySource: 'method.request.header.Authorization',
-  resultsCacheTtl: cdk.Duration.seconds(0),
-});
-
-const api = new apigateway.RestApi(stack, 'IntegRestApi');
-
-api.root.addResource('test').addMethod(
-  'GET',
-  new apigateway.MockIntegration({
-    integrationResponses: [
-      {
-        statusCode: '200',
-        responseTemplates: {
-          'application/json': JSON.stringify({ message: 'Hello, tester!' }),
-        },
-      },
-    ],
-    passthroughBehavior: apigateway.PassthroughBehavior.NEVER,
-    requestTemplates: {
-      'application/json': '{ "statusCode": 200 }',
-    },
+const submitJob = LambdaInvoke.jsonata(stack, 'Invoke Handler', {
+  lambdaFunction: submitJobLambda,
+  payload: sfn.TaskInput.fromObject({
+    execId: '{% $states.context.Execution.Id %}',
+    execInput: '{% $states.context.Execution.Input %}',
+    execName: '{% $states.context.Execution.Name %}',
+    execRoleArn: '{% $states.context.Execution.RoleArn %}',
+    execStartTime: '{% $states.context.Execution.StartTime %}',
+    stateEnteredTime: '{% $states.context.State.EnteredTime %}',
+    stateName: '{% $states.context.State.Name %}',
+    stateRetryCount: '{% $states.context.State.RetryCount %}',
+    stateMachineId: '{% $states.context.StateMachine.Id %}',
+    stateMachineName: '{% $states.context.StateMachine.Name %}',
   }),
-  {
-    authorizer,
-    methodResponses: [
-      {
-        statusCode: '200',
-      },
-    ],
-  },
-);
+  outputs: '{% $states.result.Payload %}',
+});
 
-const connection = new events.Connection(stack, 'Connection', {
-  authorization: events.Authorization.basic(username, cdk.SecretValue.unsafePlainText(password)),
+const checkJobStateLambda = new Function(stack, 'checkJobStateLambda', {
+  code: Code.fromInline(`exports.handler = async function(event, context) {
+        const expectedFields = [
+          'execId', 'execInput', 'execName', 'execRoleArn',
+          'execStartTime', 'stateEnteredTime', 'stateName',
+          'stateRetryCount', 'stateMachineId', 'stateMachineName',
+        ];
+        const fieldsAreSet = expectedFields.every(field => event[field] !== undefined);
+        return {
+          status: event.statusCode === '200' && fieldsAreSet ? 'SUCCEEDED' : 'FAILED'
+        };
+  };`),
+  runtime: STANDARD_NODEJS_RUNTIME,
+  handler: 'index.handler',
 });
 
-const httpInvokeTask = tasks.HttpInvoke.jsonata(stack, 'Invoke HTTP Endpoint', {
-  apiRoot: api.urlForPath('/'),
-  apiEndpoint: sfn.TaskInput.fromText('{% $states.input.apiEndpoint %}'),
-  connection,
-  method: sfn.TaskInput.fromText('GET'),
+const checkJobState = LambdaInvoke.jsonata(stack, 'Check the job state', {
+  lambdaFunction: checkJobStateLambda,
   outputs: {
-    ResponseBody: '{% $states.result.ResponseBody %}',
+    status: '{% $states.result.Payload.status %}',
   },
 });
 
+const isComplete = sfn.Choice.jsonata(stack, 'Job Complete?');
+const jobFailed = sfn.Fail.jsonata(stack, 'Job Failed', {
+  cause: 'Job Failed',
+  error: 'Received a status that was not 200',
+});
+const finalStatus = sfn.Pass.jsonata(stack, 'Final step');
+
+const chain = sfn.Chain.start(submitJob)
+  .next(checkJobState)
+  .next(
+    isComplete
+      .when(sfn.Condition.jsonata("{% $states.input.status = 'FAILED' %}"), jobFailed)
+      .when(sfn.Condition.jsonata("{% $states.input.status = 'SUCCEEDED' %}"), finalStatus),
+  );
+
 const sm = new sfn.StateMachine(stack, 'StateMachine', {
-  definition: httpInvokeTask,
+  definition: chain,
   timeout: cdk.Duration.seconds(30),
 });
 
-const testCase = new IntegTest(app, 'HttpInvokeTest', {
-  testCases: [stack],
+new cdk.CfnOutput(stack, 'stateMachineArn', {
+  value: sm.stateMachineArn,
 });
 
-// Start an execution
-const start = testCase.assertions.awsApiCall('@aws-sdk/client-sfn', 'StartExecution', {
-  stateMachineArn: sm.stateMachineArn,
-  input: JSON.stringify({
-    apiEndpoint: '/test',
-  }),
+const integ = new IntegTest(app, 'IntegTest', {
+  testCases: [stack],
 });
-
-// describe the results of the execution
-const describe = testCase.assertions.awsApiCall('@aws-sdk/client-sfn', 'DescribeExecution', {
-  executionArn: start.getAttString('executionArn'),
+const res = integ.assertions.awsApiCall('@aws-sdk/client-sfn', 'StartExecution', {
+  stateMachineArn: sm.stateMachineArn,
 });
-
-// assert the results
-describe.expect(ExpectedResult.objectLike({
+const executionArn = res.getAttString('executionArn');
+integ.assertions.awsApiCall('@aws-sdk/client-sfn', 'DescribeExecution', {
+  executionArn,
+}).expect(ExpectedResult.objectLike({
   status: 'SUCCEEDED',
-  output: JSON.stringify({
-    ResponseBody: {
-      message: 'Hello, tester!',
-    },
-  }),
-}));
+})).waitForAssertions({
+  totalTimeout: cdk.Duration.seconds(10),
+  interval: cdk.Duration.seconds(3),
+});
 
 app.synth();