konokenj.cdk-api-mcp-server 0.31.0__py3-none-any.whl → 0.57.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (243) hide show
  1. cdk_api_mcp_server/__about__.py +1 -1
  2. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-amplify-alpha/README.md +12 -0
  3. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-bedrock-agentcore-alpha/README.md +1979 -0
  4. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-bedrock-alpha/README.md +946 -0
  5. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-eks-v2-alpha/README.md +160 -75
  6. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-elasticache-alpha/README.md +421 -0
  7. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-glue-alpha/README.md +39 -9
  8. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-imagebuilder-alpha/README.md +656 -0
  9. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-iot-alpha/README.md +1 -1
  10. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-lambda-go-alpha/README.md +102 -4
  11. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-lambda-python-alpha/README.md +6 -6
  12. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-msk-alpha/README.md +38 -8
  13. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-s3tables-alpha/README.md +82 -2
  14. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-sagemaker-alpha/README.md +32 -0
  15. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/mixins-preview/README.md +182 -0
  16. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/README.md/README.md +367 -17
  17. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigateway/README.md +34 -0
  18. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigateway/integ.api-with-authorizer-and-proxy.ts +1 -1
  19. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigateway/integ.lambda-api.ts +1 -1
  20. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigateway/integ.lambda-permission-consolidation.ts +55 -0
  21. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigateway/integ.spec-restapi.ts +1 -0
  22. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2/README.md +224 -60
  23. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2/integ.api-dualstack.ts +3 -4
  24. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2/integ.api.ts +5 -3
  25. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2/integ.stage.ts +10 -7
  26. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2/integ.usage-plan.ts +80 -0
  27. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-authorizers/integ.iam.ts +34 -38
  28. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-authorizers/integ.lambda.ts +2 -2
  29. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-authorizers/integ.user-pool.ts +1 -1
  30. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/README.md +35 -0
  31. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/integ.add-subroute-integration.ts +7 -4
  32. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/integ.http-proxy.ts +1 -1
  33. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/integ.lambda-connect-disconnect-trigger.ts +2 -2
  34. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/integ.lambda-permission-consolidation.ts +45 -0
  35. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/integ.lambda-proxy.ts +1 -1
  36. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/integ.lambda.ts +4 -4
  37. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2-integrations/integ.sqs.ts +58 -71
  38. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-appsync/integ.graphql-lambda-permission.ts +1 -1
  39. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-appsync/integ.js-resolver.ts +1 -1
  40. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-autoscaling/README.md +1 -1
  41. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-autoscaling/integ.asg-lt.ts +7 -0
  42. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-batch/README.md +49 -1
  43. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-batch/integ.ecs-exec-batch-job.ts +148 -0
  44. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-batch/integ.managed-compute-environment-default-instance-class.ts +20 -0
  45. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-certificatemanager/README.md +11 -0
  46. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudformation/integ.core-custom-resources-node-18.ts +1 -1
  47. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudformation/integ.core-custom-resources-service-timeout.ts +1 -1
  48. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront/README.md +292 -1
  49. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront-origins/README.md +83 -0
  50. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront-origins/integ.function-url-origin-ip-address-type.ts +84 -0
  51. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront-origins/integ.http-origin.ts +5 -2
  52. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront-origins/integ.origin-response-completion-timeout.ts +50 -0
  53. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudtrail/integ.cloudtrail-data-events-only.ts +1 -1
  54. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudwatch/README.md +104 -12
  55. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudwatch/integ.alarm-and-dashboard.ts +12 -0
  56. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudwatch/integ.anomaly-detection-alarm.ts +44 -2
  57. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudwatch/integ.dashboard-with-graphwidget-with-labels-visible.ts +92 -0
  58. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudwatch/integ.dashboard-with-metric-id-and-visible.ts +70 -0
  59. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudwatch/integ.search-expression.ts +51 -0
  60. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codebuild/README.md +143 -3
  61. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codebuild/integ.project-docker-server.ts +44 -0
  62. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codebuild/integ.project-fleet-attribute-based-compute.ts +59 -7
  63. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codebuild/integ.project-fleet-custom-instance-type.ts +130 -0
  64. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codebuild/integ.project-fleet-overflow-behavior.ts +61 -0
  65. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codebuild/integ.project-s3-cache.ts +71 -0
  66. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codebuild/integ.project-windows-image.ts +1 -2
  67. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codepipeline-actions/integ.pipeline-elastic-beanstalk-deploy.ts +26 -17
  68. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cognito/README.md +13 -2
  69. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cognito/integ.user-pool-client-explicit-props.ts +1 -0
  70. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-docdb/README.md +24 -0
  71. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-docdb/integ.cluster-serverless.ts +34 -0
  72. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/README.md +225 -15
  73. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/TABLE_V1_API.md +45 -2
  74. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.dynamodb-v2.cci.ts +49 -0
  75. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.dynamodb.add-to-resource-policy.ts +97 -0
  76. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.dynamodb.cci.ts +27 -0
  77. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.dynamodb.compound.ts +32 -0
  78. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.dynamodb.contirubtor-insights-for-gsi.ts +6 -2
  79. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.dynamodb.policy.ts +21 -1
  80. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.table-v2-global.ts +9 -3
  81. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.table-v2-mrsc.ts +31 -0
  82. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.table-v2.compound.ts +43 -0
  83. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/README.md +28 -1
  84. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/integ.client-vpn-endpoint-disconnect-on-session-timeout.ts +65 -0
  85. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/integ.vpc-endpoint.lit.ts +6 -0
  86. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/integ.vpc-flow-logs.ts +4 -0
  87. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecr/README.md +41 -2
  88. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecr/integ.tag-mutability-exclusion.ts +30 -0
  89. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecr-assets/README.md +4 -0
  90. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecr-assets/integ.assets-docker.ts +6 -0
  91. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/README.md +189 -1
  92. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.availability-zone-rebalancing.ts +14 -4
  93. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.blue-green-deployment-strategy.ts +147 -0
  94. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cluster-windows-server-ami.ts +5 -6
  95. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.ebs-volume-initialization-rate.ts +80 -0
  96. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.enable-execute-command.ts +35 -29
  97. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.exec-command.ts +16 -22
  98. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.lb-awsvpc-nw.ts +26 -16
  99. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-capacity-provider.ts +114 -0
  100. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-no-default-capacity-provider.ts +107 -0
  101. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.placement-strategies.ts +32 -8
  102. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.pseudo-terminal.ts +18 -8
  103. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/README.md +2 -0
  104. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.alb-fargate-service-public-private-switch.ts +45 -0
  105. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.alb-fargate-service-smart-defaults.ts +143 -0
  106. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/README.md +103 -83
  107. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-al2023-nodegroup.ts +1 -1
  108. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.eks-cluster-removal-policy.ts +31 -0
  109. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/integ.fargate-cluster.ts +1 -1
  110. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancingv2/README.md +55 -4
  111. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancingv2/integ.alb-lambda-multi-value-headers.ts +1 -1
  112. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancingv2/integ.alb-target-group-attributes.ts +45 -0
  113. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancingv2/integ.alb.oidc.ts +1 -1
  114. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancingv2/integ.nlb-target-group-attributes.ts +45 -0
  115. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancingv2/integ.nlb.security-group.ts +70 -0
  116. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-elasticloadbalancingv2-actions/integ.cognito.ts +1 -1
  117. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events/README.md +41 -2
  118. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events/integ.api-destination.ts +42 -0
  119. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events/integ.archive-customer-managed-key.ts +23 -0
  120. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events/integ.eventbus.ts +13 -3
  121. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/README.md +93 -4
  122. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/integ.firehose-delivery-stream.ts +51 -0
  123. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-iam/integ.custom-permissions-boundary-aspect.ts +50 -0
  124. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-iam/integ.managed-policy.ts +9 -0
  125. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-iam/integ.policy.ts +9 -0
  126. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesis/README.md +42 -0
  127. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesis/integ.stream-shard-level-monitoring.ts +47 -0
  128. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/README.md +159 -3
  129. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/integ.cloudwatch-logs-processors.ts +45 -0
  130. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/integ.record-format-conversion-schema.ts +154 -0
  131. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/integ.record-format-conversion.ts +178 -0
  132. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/integ.s3-bucket.lit.ts +1 -0
  133. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/README.md +41 -2
  134. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.binary-payload.ts +1 -1
  135. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.lambda-policy-with-token-resolution.ts +46 -0
  136. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.logging-config.ts +8 -8
  137. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.multi-tenancy.ts +24 -0
  138. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.params-and-secrets.ts +1 -1
  139. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.runtime-management.ts +1 -1
  140. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.runtime.fromasset.ts +19 -4
  141. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.runtime.inlinecode.ts +11 -4
  142. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-nodejs/README.md +3 -3
  143. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-nodejs/integ.dependencies-bun-lock.ts +50 -0
  144. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-nodejs/integ.dependencies-pnpm.ts +1 -1
  145. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-nodejs/integ.function-exclude-smithy-models.ts +2 -2
  146. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-nodejs/integ.nodejs.build.images.ts +1 -1
  147. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/README.md +69 -1
  148. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/integ.loggroup-transformer.ts +37 -0
  149. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/integ.metricfilter-apply-on-transformed-logs.ts +29 -0
  150. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/integ.save-logs-insights-query-definition.ts +7 -2
  151. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/integ.subscriptionfilter.ts +1 -1
  152. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/integ.transformer.ts +27 -0
  153. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-opensearchservice/integ.opensearch.ebs.ts +1 -1
  154. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-opensearchservice/integ.opensearch.min.ts +1 -0
  155. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/README.md +72 -2
  156. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster-cloudwatch-logs-exports.ts +56 -0
  157. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster-data-api-to-imported-cluster.ts +1 -1
  158. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster-data-api.ts +1 -1
  159. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster-lookup.ts +100 -0
  160. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster.ts +1 -1
  161. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.instance-database-insights.ts +43 -0
  162. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.instance-lookup.ts +77 -0
  163. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.proxy-endpoint.ts +36 -0
  164. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/README.md +68 -31
  165. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/integ.delete-existing-record-set.ts +0 -1
  166. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/integ.private-hosted-zone-from-attributes.ts +41 -0
  167. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/integ.route53.ts +51 -1
  168. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/integ.zone-delegation-iam-stack.ts +66 -0
  169. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53-targets/integ.cloudfront-alias-target.ts +16 -1
  170. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53-targets/integ.elastic-beanstalk-hostedzoneid.ts +1 -1
  171. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3/integ.bucket.notifications-scoped-permissions.ts +71 -0
  172. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-assets/integ.assets.bundling.docker-opts.ts +4 -1
  173. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/README.md +83 -4
  174. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-big-response.ts +17 -6
  175. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-cloudfront.ts +20 -18
  176. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-cross-nested-stack-source.ts +64 -0
  177. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-cross-stack-source.ts +53 -0
  178. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-cross-stack-ssm-source.ts +97 -0
  179. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-data.ts +99 -59
  180. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-deployed-bucket.ts +10 -4
  181. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-large-file.ts +23 -12
  182. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-loggroup.ts +7 -2
  183. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-security-groups-efs.ts +77 -0
  184. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-security-groups-empty.ts +69 -0
  185. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-security-groups-multiple.ts +89 -0
  186. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-security-groups-single.ts +77 -0
  187. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-signcontent.ts +11 -7
  188. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-substitution-with-destination-key.ts +15 -8
  189. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-substitution-with-role.ts +29 -14
  190. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-substitution.ts +16 -8
  191. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-vpc-basic.ts +65 -0
  192. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-vpc-config.ts +66 -0
  193. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-vpc-custom-subnets.ts +66 -0
  194. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-vpc-efs.ts +66 -0
  195. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-vpc-security-groups.ts +72 -0
  196. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-vpc-subnet-selection.ts +70 -0
  197. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment.ts +47 -69
  198. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-notifications/integ.bucket-notifications.ts +80 -42
  199. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-secretsmanager/integ.secret.dynamic-reference-key.ts +38 -0
  200. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-signer/integ.signing-profile.ts +5 -0
  201. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-sns/README.md +2 -0
  202. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-sns-subscriptions/integ.sns-sqs-subscription-filter.ts +75 -0
  203. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-sns-subscriptions/integ.sns-sqs.ts +21 -40
  204. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions/integ.distributed-map-parallel.ts +82 -0
  205. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions/integ.distributed-map-redrive.ts +130 -0
  206. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions/integ.map-with-catch.ts +1 -0
  207. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions/integ.sm-jsonpath-with-distributed-map-jsonata.ts +105 -0
  208. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/README.md +75 -5
  209. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.call-aws-service-cross-region-lambda.ts +1 -1
  210. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.emr-create-cluster-with-ebs.ts +126 -0
  211. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.evaluate-expression-arm64.ts +27 -0
  212. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.evaluate-expression-default.ts +25 -0
  213. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.evaluate-expression-mixed-arch.ts +35 -0
  214. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.evaluate-expression-nodejs22.ts +27 -0
  215. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.evaluate-expression-x86.ts +27 -0
  216. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.invoke-json-path.ts +102 -0
  217. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-synthetics/README.md +84 -1
  218. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-synthetics/integ.canary-browser-type.ts +35 -0
  219. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-synthetics/integ.canary-resources-to-replicate-tags.ts +36 -0
  220. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-synthetics/integ.canary-retry.ts +32 -0
  221. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-synthetics/integ.canary-runtime-validation.ts +43 -0
  222. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-synthetics/integ.canary.ts +2 -0
  223. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cloudformation-include/integ.novalue-nonstring.ts +25 -0
  224. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/core/README.md +2 -1870
  225. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/README.md +59 -0
  226. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.aws-custom-resource.ts +1 -1
  227. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.custom-resource-config-lambda-node-runtime.ts +1 -1
  228. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.external-id.ts +80 -0
  229. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/custom-resources/integ.invoke-function-payload.ts +1 -1
  230. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +152 -10
  231. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/README.md +55 -1
  232. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/interfaces/README.md +33 -0
  233. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/README.md +4 -0
  234. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/integ.newpipeline-reduce-stagerole-scope.ts +4 -1
  235. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/pipelines/integ.pipeline-with-customsynthesizer.ts +105 -0
  236. {konokenj_cdk_api_mcp_server-0.31.0.dist-info → konokenj_cdk_api_mcp_server-0.57.0.dist-info}/METADATA +2 -2
  237. {konokenj_cdk_api_mcp_server-0.31.0.dist-info → konokenj_cdk_api_mcp_server-0.57.0.dist-info}/RECORD +240 -151
  238. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/integ.kinesis-firehose-stream.ts +0 -33
  239. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/integ.expose-metric-with-dimensions.ts +0 -47
  240. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-signcontent.d.ts +0 -1
  241. {konokenj_cdk_api_mcp_server-0.31.0.dist-info → konokenj_cdk_api_mcp_server-0.57.0.dist-info}/WHEEL +0 -0
  242. {konokenj_cdk_api_mcp_server-0.31.0.dist-info → konokenj_cdk_api_mcp_server-0.57.0.dist-info}/entry_points.txt +0 -0
  243. {konokenj_cdk_api_mcp_server-0.31.0.dist-info → konokenj_cdk_api_mcp_server-0.57.0.dist-info}/licenses/LICENSE.txt +0 -0
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-no-default-capacity-provider.ts ADDED
@@ -0,0 +1,107 @@
1
+ import * as ec2 from 'aws-cdk-lib/aws-ec2';
2
+ import * as iam from 'aws-cdk-lib/aws-iam';
3
+ import * as cdk from 'aws-cdk-lib';
4
+ import * as ecs from 'aws-cdk-lib/aws-ecs';
5
+ import * as integ from '@aws-cdk/integ-tests-alpha';
6
+
7
+ const app = new cdk.App({
8
+ postCliContext: {
9
+ '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
10
+ '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
11
+ '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
12
+ },
13
+ });
14
+ const stack = new cdk.Stack(app, 'integ-managedinstances-no-default-capacity-provider');
15
+
16
+ const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false });
17
+ const cluster = new ecs.Cluster(stack, 'ManagedInstancesCluster', {
18
+ vpc,
19
+ });
20
+
21
+ // Create IAM roles required for FMI following Omakase specifications
22
+ const infrastructureRole = new iam.Role(stack, 'InfrastructureRole', {
23
+ roleName: 'InfrastructureRole',
24
+ assumedBy: new iam.ServicePrincipal('ecs.amazonaws.com'),
25
+ managedPolicies: [
26
+ iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonECSInfrastructureRolePolicyForManagedInstances'),
27
+ ],
28
+ });
29
+
30
+ const instanceRole = new iam.Role(stack, 'InstanceRole', {
31
+ roleName: 'InstanceRole',
32
+ assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
33
+ managedPolicies: [
34
+ iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonECSInstanceRolePolicyForManagedInstances'),
35
+ ],
36
+ });
37
+
38
+ infrastructureRole.grantPassRole(instanceRole);
39
+
40
+ const instanceProfile = new iam.InstanceProfile(stack, 'InstanceProfile', {
41
+ instanceProfileName: 'InstanceProfile',
42
+ role: instanceRole,
43
+ });
44
+
45
+ // Create a security group for FMI instances
46
+ const fmiSecurityGroup = new ec2.SecurityGroup(stack, 'ManagedInstancesSecurityGroup', {
47
+ vpc,
48
+ description: 'Security group for ManagedInstances capacity provider instances',
49
+ allowAllOutbound: true,
50
+ });
51
+
52
+ // Create MI Capacity Provider
53
+ const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(stack, 'ManagedInstancesCapacityProvider', {
54
+ infrastructureRole: infrastructureRole,
55
+ ec2InstanceProfile: instanceProfile,
56
+ subnets: vpc.privateSubnets,
57
+ securityGroups: [fmiSecurityGroup],
58
+ propagateTags: ecs.PropagateManagedInstancesTags.CAPACITY_PROVIDER,
59
+ instanceRequirements: {
60
+ vCpuCountMin: 1,
61
+ memoryMin: cdk.Size.gibibytes(2),
62
+ cpuManufacturers: [ec2.CpuManufacturer.INTEL],
63
+ acceleratorManufacturers: [ec2.AcceleratorManufacturer.NVIDIA],
64
+ },
65
+ });
66
+
67
+ // Add FMI capacity provider to cluster
68
+ cluster.addManagedInstancesCapacityProvider(miCapacityProvider);
69
+
70
+ // Create a task definition compatible with Managed Instances and Fargate
71
+ const taskDefinition = new ecs.TaskDefinition(stack, 'TaskDef', {
72
+ compatibility: ecs.Compatibility.FARGATE_AND_MANAGED_INSTANCES,
73
+ cpu: '256',
74
+ memoryMiB: '512',
75
+ networkMode: ecs.NetworkMode.AWS_VPC,
76
+ });
77
+
78
+ taskDefinition.addContainer('web', {
79
+ image: ecs.ContainerImage.fromRegistry('public.ecr.aws/docker/library/httpd:2.4'),
80
+ memoryLimitMiB: 512,
81
+ portMappings: [
82
+ {
83
+ containerPort: 80,
84
+ protocol: ecs.Protocol.TCP,
85
+ },
86
+ ],
87
+ });
88
+
89
+ // Create a service using the MI capacity provider
90
+ new ecs.FargateService(stack, 'ManagedInstancesService', {
91
+ cluster,
92
+ taskDefinition,
93
+ capacityProviderStrategies: [
94
+ {
95
+ capacityProvider: miCapacityProvider.capacityProviderName,
96
+ weight: 1,
97
+ },
98
+ ],
99
+ desiredCount: 1,
100
+ });
101
+
102
+ new integ.IntegTest(app, 'ManagedInstancesCapacityProviders', {
103
+ testCases: [stack],
104
+ regions: ['us-west-2'],
105
+ });
106
+
107
+ app.synth();
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.placement-strategies.ts CHANGED
@@ -2,6 +2,7 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
2
2
  import * as cdk from 'aws-cdk-lib';
3
3
  import { Construct } from 'constructs';
4
4
  import * as ecs from 'aws-cdk-lib/aws-ecs';
5
+ import * as integ from '@aws-cdk/integ-tests-alpha';
5
6
 
6
7
  const app = new cdk.App({
7
8
  postCliContext: {
@@ -12,24 +13,29 @@ const app = new cdk.App({
12
13
  },
13
14
  });
14
15
 
15
- class EcsStack extends cdk.Stack {
16
- constructor(scope: Construct, id: string, props?: cdk.StackProps) {
17
- super(scope, id, props);
18
-
16
+ class BaseEcsStack extends cdk.Stack {
17
+ protected createBaseResources() {
19
18
  const vpc = new ec2.Vpc(this, 'VPC', { restrictDefaultSecurityGroup: false });
20
-
21
19
  const cluster = new ecs.Cluster(this, 'EcsCluster', { vpc });
22
20
  cluster.addCapacity('DefaultAutoScalingGroup', {
23
21
  instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO),
24
22
  });
25
-
26
23
  const taskDefinition = new ecs.Ec2TaskDefinition(this, 'TaskDef');
27
24
  taskDefinition.addContainer('web', {
28
25
  image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
29
26
  memoryLimitMiB: 256,
30
27
  });
28
+ return { vpc, cluster, taskDefinition };
29
+ }
30
+ }
31
+
32
+ // Test service with multiple placement strategies
33
+ class EcsWithStrategiesStack extends BaseEcsStack {
34
+ constructor(scope: Construct, id: string, props?: cdk.StackProps) {
35
+ super(scope, id, props);
36
+ const { cluster, taskDefinition } = this.createBaseResources();
31
37
 
32
- new ecs.Ec2Service(this, 'Test_Stack', {
38
+ new ecs.Ec2Service(this, 'Service', {
33
39
  cluster,
34
40
  taskDefinition,
35
41
  placementStrategies: [
@@ -40,6 +46,24 @@ class EcsStack extends cdk.Stack {
40
46
  }
41
47
  }
42
48
 
43
- new EcsStack(app, 'aws-cdk-ecs-integration-test-stack');
49
+ // Test service with empty placement strategies
50
+ class EcsWithEmptyStrategiesStack extends BaseEcsStack {
51
+ constructor(scope: Construct, id: string, props?: cdk.StackProps) {
52
+ super(scope, id, props);
53
+ const { cluster, taskDefinition } = this.createBaseResources();
54
+
55
+ new ecs.Ec2Service(this, 'Service', {
56
+ cluster,
57
+ taskDefinition,
58
+ placementStrategies: [],
59
+ });
60
+ }
61
+ }
62
+ new integ.IntegTest(app, 'LambdaTest', {
63
+ testCases: [
64
+ new EcsWithStrategiesStack(app, 'ecs-placement-strategies-with-strategies'),
65
+ new EcsWithEmptyStrategiesStack(app, 'ecs-placement-strategies-empty'),
66
+ ],
67
+ });
44
68
 
45
69
  app.synth();
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.pseudo-terminal.ts CHANGED
@@ -3,25 +3,35 @@ import * as cdk from 'aws-cdk-lib';
3
3
  import * as integ from '@aws-cdk/integ-tests-alpha';
4
4
  import * as ecs from 'aws-cdk-lib/aws-ecs';
5
5
 
6
- const app = new cdk.App();
7
- const stack = new cdk.Stack(app, 'integ-pseudo-terminal');
6
+ const app = new cdk.App({
7
+ postCliContext: {
8
+ '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
9
+ '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
10
+ '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
11
+ '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
12
+ },
13
+ });
14
+ const stack = new cdk.Stack(app, 'aws-ecs-integ-pseudo-terminal');
8
15
 
9
16
  // Create a cluster
10
17
  const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false });
11
18
 
12
19
  const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
13
- const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef', {
14
- cpu: 256,
15
- memoryLimitMiB: 512,
20
+ cluster.addCapacity('DefaultAutoScalingGroup', {
21
+ instanceType: new ec2.InstanceType('t2.micro'),
22
+ });
23
+
24
+ const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef', {
25
+ networkMode: ecs.NetworkMode.AWS_VPC,
16
26
  });
27
+
17
28
  taskDefinition.addContainer('web', {
18
29
  image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
19
- memoryLimitMiB: 512,
20
- cpu: 256,
30
+ memoryLimitMiB: 256,
21
31
  pseudoTerminal: true,
22
32
  });
23
33
 
24
- new ecs.FargateService(stack, 'Service', {
34
+ new ecs.Ec2Service(stack, 'Service', {
25
35
  cluster,
26
36
  taskDefinition,
27
37
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/README.md CHANGED
@@ -70,6 +70,8 @@ Fargate services will use the `LATEST` platform version by default, but you can
70
70
 
71
71
  Fargate services use the default VPC Security Group unless one or more are provided using the `securityGroups` property in the constructor.
72
72
 
73
+ **Security Considerations**: When using custom security groups on your load balancer, the `openListener` property controls whether the load balancer listener allows traffic from anywhere on the internet (0.0.0.0/0). By default, `openListener` is `true`, but it will automatically default to `false` when custom security groups are detected, preventing unintended internet exposure. You can always explicitly set `openListener: true` to override this behavior if needed.
74
+
73
75
  By setting `redirectHTTP` to true, CDK will automatically create a listener on port 80 that redirects HTTP traffic to the HTTPS port.
74
76
 
75
77
  If you specify the option `recordType` you can decide if you want the construct to use CNAME or Route53-Aliases as record sets.
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.alb-fargate-service-public-private-switch.ts ADDED
@@ -0,0 +1,45 @@
1
+ import * as ec2 from 'aws-cdk-lib/aws-ec2';
2
+ import * as ecs from 'aws-cdk-lib/aws-ecs';
3
+ import * as cdk from 'aws-cdk-lib';
4
+ import * as integ from '@aws-cdk/integ-tests-alpha';
5
+ import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns';
6
+
7
+ const app = new cdk.App();
8
+ const stack = new cdk.Stack(app, 'aws-ecs-integ-alb-fargate-public-private-switch');
9
+
10
+ const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false });
11
+ const cluster = new ecs.Cluster(stack, 'FargateCluster', { vpc });
12
+
13
+ // Test private load balancer (the problematic case from the issue)
14
+ new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'PrivateALBFargateService', {
15
+ cluster,
16
+ memoryLimitMiB: 1024,
17
+ cpu: 512,
18
+ publicLoadBalancer: false, // This should create ECSPrivate target group
19
+ taskImageOptions: {
20
+ image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
21
+ },
22
+ });
23
+
24
+ // Test public load balancer for comparison
25
+ new ecsPatterns.ApplicationLoadBalancedFargateService(stack, 'PublicALBFargateService', {
26
+ cluster,
27
+ memoryLimitMiB: 1024,
28
+ cpu: 512,
29
+ publicLoadBalancer: true, // This should create ECS target group
30
+ taskImageOptions: {
31
+ image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
32
+ },
33
+ });
34
+
35
+ new integ.IntegTest(app, 'ALBFargatePublicPrivateSwitchTest', {
36
+ testCases: [stack],
37
+ allowDestroy: [
38
+ 'PrivateALBFargateServiceLB3F43693F',
39
+ 'PrivateALBFargateServiceLBPublicListenerECSPrivateGroup81AA5B8B',
40
+ 'PublicALBFargateServiceLBBDD839E7',
41
+ 'PublicALBFargateServiceLBPublicListenerECSGroupD991EA00',
42
+ ],
43
+ });
44
+
45
+ app.synth();
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.alb-fargate-service-smart-defaults.ts ADDED
@@ -0,0 +1,143 @@
1
+ /**
2
+ * Integration test for the conditional openListener behavior in ApplicationLoadBalancedFargateService.
3
+ *
4
+ * This test validates the security feature that automatically sets openListener to false when custom
5
+ * security groups are detected on the load balancer, preventing unintended internet exposure.
6
+ *
7
+ * Test scenarios:
8
+ * 1. DefaultService: No custom security groups provided
9
+ * - Expected: openListener defaults to true, creates 0.0.0.0/0 ingress rules
10
+ * - Validates: Default behavior when CDK manages all security groups
11
+ *
12
+ * 2. ExplicitOpenService: Explicit openListener: true
13
+ * - Expected: Creates 0.0.0.0/0 ingress rules regardless of other settings
14
+ * - Validates: Explicit override functionality works correctly
15
+ *
16
+ * 3. ExplicitClosedService: Explicit openListener: false
17
+ * - Expected: Does NOT create 0.0.0.0/0 ingress rules
18
+ * - Validates: Explicit closed listener prevents internet access
19
+ *
20
+ * 4. ConditionalWithCustomSG: Custom security groups + no explicit openListener
21
+ * - Expected: Conditional behavior kicks in, openListener defaults to false
22
+ * - Validates: Core feature - prevents 0.0.0.0/0 rules when custom SGs detected
23
+ *
24
+ * The test uses AWS SDK calls to verify actual security group configurations in deployed resources,
25
+ * ensuring the feature works correctly in real AWS environments.
26
+ */
27
+
28
+ import { Vpc, SecurityGroup, Port } from 'aws-cdk-lib/aws-ec2';
29
+ import { Cluster, ContainerImage } from 'aws-cdk-lib/aws-ecs';
30
+ import { ApplicationLoadBalancer } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
31
+ import { App, Stack, Duration } from 'aws-cdk-lib';
32
+ import * as integ from '@aws-cdk/integ-tests-alpha';
33
+ import { ApplicationLoadBalancedFargateService } from 'aws-cdk-lib/aws-ecs-patterns';
34
+
35
+ const app = new App({
36
+ postCliContext: {
37
+ // Enable the feature flag for this test
38
+ '@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener': true,
39
+ },
40
+ });
41
+
42
+ const stack = new Stack(app, 'aws-ecs-integ-alb-fg-smart-defaults');
43
+ const vpc = new Vpc(stack, 'Vpc', { maxAzs: 3, natGateways: 1, restrictDefaultSecurityGroup: false });
44
+ const cluster = new Cluster(stack, 'Cluster', { vpc });
45
+
46
+ // Test case 1: Service with conditional default (no openListener specified)
47
+ // CDK creates load balancer, should default to openListener: true (no custom security groups)
48
+ new ApplicationLoadBalancedFargateService(stack, 'SmartDefaultService', {
49
+ cluster,
50
+ memoryLimitMiB: 512,
51
+ taskImageOptions: {
52
+ image: ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
53
+ },
54
+ // No openListener specified - should default to true since no custom security groups
55
+ });
56
+
57
+ // Test case 2: Service with explicit openListener: true
58
+ new ApplicationLoadBalancedFargateService(stack, 'ExplicitOpenService', {
59
+ cluster,
60
+ memoryLimitMiB: 512,
61
+ taskImageOptions: {
62
+ image: ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
63
+ },
64
+ openListener: true, // Should create 0.0.0.0/0 rules
65
+ listenerPort: 8080,
66
+ });
67
+
68
+ // Test case 3: Service with explicit openListener: false
69
+ new ApplicationLoadBalancedFargateService(stack, 'ExplicitClosedService', {
70
+ cluster,
71
+ memoryLimitMiB: 512,
72
+ taskImageOptions: {
73
+ image: ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
74
+ },
75
+ openListener: false, // Should NOT create 0.0.0.0/0 rules
76
+ listenerPort: 9090,
77
+ });
78
+
79
+ // Test case 4: Service with custom security groups (conditional default should apply)
80
+ const customSecurityGroup = new SecurityGroup(stack, 'CustomSecurityGroup', {
81
+ vpc,
82
+ description: 'Custom security group for load balancer',
83
+ });
84
+
85
+ // Add a custom rule to the security group
86
+ customSecurityGroup.addIngressRule(
87
+ customSecurityGroup,
88
+ Port.tcp(80),
89
+ 'Allow HTTP from custom security group',
90
+ );
91
+
92
+ const customLoadBalancer = new ApplicationLoadBalancer(stack, 'CustomLoadBalancer', {
93
+ vpc,
94
+ internetFacing: true,
95
+ securityGroup: customSecurityGroup,
96
+ });
97
+
98
+ // This should use conditional default (openListener: false) because custom security groups are detected
99
+ new ApplicationLoadBalancedFargateService(stack, 'SmartDefaultWithCustomSG', {
100
+ cluster,
101
+ memoryLimitMiB: 512,
102
+ taskImageOptions: {
103
+ image: ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
104
+ },
105
+ loadBalancer: customLoadBalancer,
106
+ // No openListener specified - should default to false due to custom security groups
107
+ });
108
+
109
+ const integTest = new integ.IntegTest(app, 'albFargateServiceSmartDefaultsTest', {
110
+ testCases: [stack],
111
+ });
112
+
113
+ // Validate the core conditional behavior by checking the custom security group
114
+ // This confirms that when custom security groups are provided, the conditional default prevents
115
+ // creating overly permissive 0.0.0.0/0 ingress rules
116
+ // Assert that the custom security group only contains self-referencing rules (no 0.0.0.0/0)
117
+ // This validates the feature prevents unintended internet exposure
118
+ integTest.assertions.awsApiCall('EC2', 'describeSecurityGroups', {
119
+ GroupIds: [customSecurityGroup.securityGroupId],
120
+ }).expect(integ.ExpectedResult.objectLike({
121
+ SecurityGroups: [
122
+ {
123
+ IpPermissions: integ.Match.arrayWith([
124
+ integ.Match.objectLike({
125
+ FromPort: 80,
126
+ ToPort: 80,
127
+ // Verify only security group references exist, no public internet access (0.0.0.0/0)
128
+ UserIdGroupPairs: integ.Match.arrayWith([
129
+ integ.Match.objectLike({
130
+ GroupId: customSecurityGroup.securityGroupId,
131
+ }),
132
+ ]),
133
+ // Ensure no IpRanges with 0.0.0.0/0 are present
134
+ IpRanges: [],
135
+ }),
136
+ ]),
137
+ },
138
+ ],
139
+ })).waitForAssertions({
140
+ totalTimeout: Duration.minutes(5),
141
+ });
142
+
143
+ app.synth();