PyPI - konokenj.cdk-api-mcp-server - Versions diffs - 0.31.0__py3-none-any.whl → 0.57.0__py3-none-any.whl - Mend

konokenj.cdk-api-mcp-server 0.31.0py3-none-any.whl → 0.57.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (243) hide show

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-opensearchservice/integ.opensearch.ebs.ts CHANGED Viewed

@@ -7,7 +7,7 @@ class TestStack extends Stack {
   constructor(scope: Construct, id: string, props?: StackProps) {
     super(scope, id, props);
-    const instanceTypes = ['i4g.large.search', 'i4i.xlarge.search', 'r7gd.xlarge.search'];
+    const instanceTypes = ['i4g.large.search', 'i4i.xlarge.search', 'r7gd.xlarge.search', 'r8gd.medium.search'];
     instanceTypes.forEach((instanceType, index) => {
       new opensearch.Domain(this, `Domain${index + 1}`, {

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-opensearchservice/integ.opensearch.min.ts CHANGED Viewed

@@ -11,6 +11,7 @@ class TestStack extends Stack {
       opensearch.EngineVersion.OPENSEARCH_2_13,
       opensearch.EngineVersion.OPENSEARCH_2_15,
       opensearch.EngineVersion.OPENSEARCH_2_17,
+      opensearch.EngineVersion.OPENSEARCH_3_1,
     ];
     // deploy opensearch domain with minimal configuration

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/README.md CHANGED Viewed

@@ -418,6 +418,24 @@ To apply changes of the cluster, such as engine version, in the next scheduled m
 For details, see [Modifying an Amazon Aurora DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Modifying.html).
+### Retaining Automated Backups
+By default, when a database cluster is deleted, automated backups are removed immediately unless an AWS Backup policy specifies a point-in-time restore rule. You can control this behavior using the `deleteAutomatedBackups` property:
+```ts
+declare const vpc: ec2.IVpc;
+// Retain automated backups after cluster deletion
+new rds.DatabaseCluster(this, 'Database', {
+  engine: rds.DatabaseClusterEngine.auroraMysql({ version: rds.AuroraMysqlEngineVersion.VER_3_01_0 }),
+  writer: rds.ClusterInstance.provisioned('writer'),
+  vpc,
+  deleteAutomatedBackups: false,
+});
+```
+When set to `false`, automated backups are retained according to the configured retention period after the cluster is deleted. When set to `true` or not specified (default), automated backups are deleted immediately when the cluster is deleted.
+Detail about this feature can be found in the [AWS documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.Retaining.html).
 ### Migrating from instanceProps
 Creating instances in a `DatabaseCluster` using `instanceProps` & `instances` is
@@ -1148,6 +1166,26 @@ const proxy = dbInstance.addProxy('proxy', {
 });
 ```
+### Proxy Endpoint
+The following example add additional endpoint to RDS Proxy.
+```ts
+declare const vpc: ec2.Vpc;
+declare const secrets: secretsmanager.Secret[];
+declare const dbInstance: rds.DatabaseInstance;
+const proxy = dbInstance.addProxy('Proxy', {
+  secrets,
+  vpc,
+});
+// Add a reader endpoint
+proxy.addEndpoint('ProxyEndpoint', {
+  vpc,
+  targetRole: rds.ProxyEndpointTargetRole.READ_ONLY,
+});
+```
 ## Exporting Logs
 You can publish database logs to Amazon CloudWatch Logs. With CloudWatch Logs, you can perform real-time analysis of the log data,
@@ -1166,7 +1204,7 @@ const cluster = new rds.DatabaseCluster(this, 'Database', {
   }),
   writer: rds.ClusterInstance.provisioned('writer'),
   vpc,
-  cloudwatchLogsExports: ['error', 'general', 'slowquery', 'audit'], // Export all available MySQL-based logs
+  cloudwatchLogsExports: ['error', 'general', 'slowquery', 'audit', 'instance', 'iam-db-auth-error'], // Export all available MySQL-based logs
   cloudwatchLogsRetention: logs.RetentionDays.THREE_MONTHS, // Optional - default is to never expire logs
   cloudwatchLogsRetentionRole: myLogsPublishingRole, // Optional - a role will be created if not provided
   // ...
@@ -1514,7 +1552,20 @@ new rds.DatabaseCluster(this, 'Database', {
 });
 ```
-Note: Database Insights are only supported for Amazon Aurora MySQL and Amazon Aurora PostgreSQL clusters.
+Database Insights is also supported for RDS instances:
+```ts
+declare const vpc: ec2.Vpc;
+new rds.DatabaseInstance(this, 'PostgresInstance', {
+  engine: rds.DatabaseInstanceEngine.postgres({ version: rds.PostgresEngineVersion.VER_17_5 }),
+  instanceType: ec2.InstanceType.of(ec2.InstanceClass.R5, ec2.InstanceSize.LARGE),
+  vpc,
+  // If you enable the advanced mode of Database Insights,
+  // Performance Insights is enabled and you must set the `performanceInsightRetention` to 465(15 months).
+  databaseInsightsMode: rds.DatabaseInsightsMode.ADVANCED,
+  performanceInsightRetention: rds.PerformanceInsightRetention.MONTHS_15,
+});
+```
 > Visit [CloudWatch Database Insights](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Database-Insights.html) for more details.
@@ -1605,6 +1656,25 @@ const dbFromLookup = rds.DatabaseInstance.fromLookup(this, 'dbFromLookup', {
 dbFromLookup.grantConnect(myUserRole, 'my-user-id');
 ```
+## Importing existing DatabaseCluster
+### Lookup DatabaseCluster by clusterIdentifier
+You can lookup an existing DatabaseCluster by its clusterIdentifier using `DatabaseCluster.fromLookup()`. This method returns an `IDatabaseCluster`.
+Here's how `DatabaseCluster.fromLookup()` can be used:
+```ts
+declare const myUserRole: iam.Role;
+const clusterFromLookup = rds.DatabaseCluster.fromLookup(this, 'ClusterFromLookup', {
+  clusterIdentifier: 'my-cluster-id',
+});
+// Grant a connection
+clusterFromLookup.grantConnect(myUserRole, 'my-user-id');
+```
 ## Limitless Database Cluster
 Amazon Aurora [PostgreSQL Limitless Database](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/limitless.html) provides automated horizontal scaling to process millions of write transactions per second and manages petabytes of data while maintaining the simplicity of operating inside a single database.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster-cloudwatch-logs-exports.ts ADDED Viewed

@@ -0,0 +1,56 @@
+import * as cdk from 'aws-cdk-lib/core';
+import { ExpectedResult, IntegTest } from '@aws-cdk/integ-tests-alpha';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as rds from 'aws-cdk-lib/aws-rds';
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'CloudWatchLogsExportsStack');
+const vpc = new ec2.Vpc(stack, 'VPC');
+const mysql = new rds.DatabaseCluster(stack, 'DatabaseClusterMysql', {
+  engine: rds.DatabaseClusterEngine.auroraMysql({ version: rds.AuroraMysqlEngineVersion.VER_3_09_0 }),
+  writer: rds.ClusterInstance.serverlessV2('writerInstance'),
+  vpc,
+  cloudwatchLogsExports: ['error', 'general', 'slowquery', 'audit', 'instance', 'iam-db-auth-error'],
+  removalPolicy: cdk.RemovalPolicy.DESTROY,
+});
+const postgresql = new rds.DatabaseCluster(stack, 'DatabaseClusterPostgresql', {
+  engine: rds.DatabaseClusterEngine.auroraPostgres({ version: rds.AuroraPostgresEngineVersion.VER_16_4 }),
+  writer: rds.ClusterInstance.serverlessV2('writerInstance'),
+  vpc,
+  cloudwatchLogsExports: ['postgresql', 'iam-db-auth-error', 'instance'],
+  removalPolicy: cdk.RemovalPolicy.DESTROY,
+});
+const integ = new IntegTest(app, 'CloudWatchLogsExportsStackInteg', {
+  testCases: [stack],
+});
+integ.assertions.awsApiCall('RDS', 'describeDBClusters', {
+  DBClusterIdentifier: mysql.clusterIdentifier,
+}).expect(ExpectedResult.objectLike({
+  DBClusters: [{
+    EnabledCloudwatchLogsExports: [
+      'audit',
+      'error',
+      'general',
+      'iam-db-auth-error',
+      'instance',
+      'slowquery',
+    ],
+  }],
+}));
+integ.assertions.awsApiCall('RDS', 'describeDBClusters', {
+  DBClusterIdentifier: postgresql.clusterIdentifier,
+}).expect(ExpectedResult.objectLike({
+  DBClusters: [{
+    EnabledCloudwatchLogsExports: [
+      'iam-db-auth-error',
+      'instance',
+      'postgresql',
+    ],
+  }],
+}));

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster-data-api-to-imported-cluster.ts CHANGED Viewed

@@ -14,7 +14,7 @@ const stack = new cdk.Stack(app, 'cluster-data-api-to-imported-cluster');
 const vpc = new ec2.Vpc(stack, 'VPC');
 const func = new lambda.Function(stack, 'Function', {
-  runtime: lambda.Runtime.NODEJS_18_X,
+  runtime: lambda.Runtime.NODEJS_20_X,
   handler: 'index.handler',
   code: lambda.Code.fromInline('exports.handler = async (event) => { return "hello"; }'),
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster-data-api.ts CHANGED Viewed

@@ -14,7 +14,7 @@ const stack = new cdk.Stack(app, 'cluster-data-api');
 const vpc = new ec2.Vpc(stack, 'VPC');
 const fucntion = new lambda.Function(stack, 'Function', {
-  runtime: lambda.Runtime.NODEJS_18_X,
+  runtime: lambda.Runtime.NODEJS_20_X,
   handler: 'index.handler',
   code: lambda.Code.fromInline('exports.handler = async (event) => { return "hello"; }'),
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster-lookup.ts ADDED Viewed

@@ -0,0 +1,100 @@
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { App, CfnOutput, Stack } from 'aws-cdk-lib';
+import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as rds from 'aws-cdk-lib/aws-rds';
+const app = new App();
+const clusterIdentifier = 'test-cluster-lookup';
+const stackLookup = new Stack(app, 'aws-cdk-rds-cluster-lookup', {
+  env: {
+    account: process.env.CDK_INTEG_ACCOUNT ?? process.env.CDK_DEFAULT_ACCOUNT,
+    region: process.env.CDK_INTEG_REGION ?? process.env.CDK_DEFAULT_REGION,
+  },
+});
+// Lookup the existing cluster created by the preDeploy hook
+const lookedUpCluster = rds.DatabaseCluster.fromLookup(stackLookup, 'LookedUpCluster', {
+  clusterIdentifier,
+});
+new CfnOutput(stackLookup, 'LookedUpClusterEndpoint', {
+  value: lookedUpCluster.clusterEndpoint.socketAddress,
+});
+new CfnOutput(stackLookup, 'LookedUpClusterReadEndpoint', {
+  value: lookedUpCluster.clusterReadEndpoint.socketAddress,
+});
+new CfnOutput(stackLookup, 'LookedUpClusterIdentifier', {
+  value: lookedUpCluster.clusterIdentifier,
+});
+new CfnOutput(stackLookup, 'LookedUpClusterResourceIdentifier', {
+  value: lookedUpCluster.clusterResourceIdentifier,
+});
+new CfnOutput(stackLookup, 'LookedUpClusterArn', {
+  value: lookedUpCluster.clusterArn,
+});
+new CfnOutput(stackLookup, 'SecurityGroupIds', {
+  value: lookedUpCluster.connections.securityGroups.map(sg => sg.securityGroupId).join(','),
+});
+// test grant
+const dbAccessRole = new iam.Role(stackLookup, 'DbAccessRole', {
+  assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
+  description: 'Role for accessing the Aurora cluster via IAM authentication',
+});
+lookedUpCluster.grantConnect(dbAccessRole, 'admin');
+lookedUpCluster.grantDataApiAccess(dbAccessRole);
+// test metric
+lookedUpCluster.metricDatabaseConnections().createAlarm(stackLookup, 'HighConnectionsAlarm', {
+  threshold: 100,
+  evaluationPeriods: 3,
+  alarmDescription: 'Database has high number of connections',
+  comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+});
+lookedUpCluster.metricCPUUtilization().createAlarm(stackLookup, 'HighCPUAlarm', {
+  threshold: 90,
+  evaluationPeriods: 3,
+  alarmDescription: 'Database CPU utilization is high',
+  comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+});
+lookedUpCluster.metricFreeableMemory().createAlarm(stackLookup, 'LowMemoryAlarm', {
+  threshold: 100 * 1024 * 1024,
+  evaluationPeriods: 3,
+  alarmDescription: 'Database is running low on memory',
+  comparisonOperator: cloudwatch.ComparisonOperator.LESS_THAN_THRESHOLD,
+});
+lookedUpCluster.metricDeadlocks().createAlarm(stackLookup, 'DeadlockAlarm', {
+  threshold: 5,
+  evaluationPeriods: 2,
+  alarmDescription: 'Database has deadlocks',
+  comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+});
+new IntegTest(app, 'integ-rds-cluster-from-lookup', {
+  testCases: [stackLookup],
+  enableLookups: true,
+  stackUpdateWorkflow: false,
+  // Create Aurora cluster before the test and delete it after
+  hooks: {
+    preDeploy: [
+      `aws rds create-db-cluster --db-cluster-identifier ${clusterIdentifier} --engine aurora-mysql --engine-version 8.0.mysql_aurora.3.09.0 --master-username admin --master-user-password Admin1234 --enable-http-endpoint --enable-iam-database-authentication --region us-east-1`,
+      `aws rds create-db-instance --db-instance-identifier ${clusterIdentifier}-instance --db-cluster-identifier ${clusterIdentifier} --engine aurora-mysql --db-instance-class db.r5.large --region us-east-1`,
+      `aws rds wait db-instance-available --db-instance-identifier ${clusterIdentifier}-instance --region us-east-1`,
+    ],
+    postDeploy: [
+      `aws rds delete-db-instance --db-instance-identifier ${clusterIdentifier}-instance --skip-final-snapshot --region us-east-1`,
+      `aws rds delete-db-cluster --db-cluster-identifier ${clusterIdentifier} --skip-final-snapshot --region us-east-1`,
+    ],
+  },
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.cluster.ts CHANGED Viewed

@@ -63,6 +63,7 @@ class TestStack extends cdk.Stack {
       parameterGroup: params,
       storageEncryptionKey: kmsKey,
       autoMinorVersionUpgrade: false,
+      deleteAutomatedBackups: false,
     });
     cluster.connections.allowDefaultPortFromAnyIpv4('Open to the world');
@@ -100,4 +101,3 @@ const stackWithFeatureFlag = new TestStack(appWithFeatureFlag, 'aws-cdk-rds-inte
 new IntegTest(appWithFeatureFlag, 'test-rds-cluster-with-feature-flag', {
   testCases: [stackWithFeatureFlag],
 });
-appWithFeatureFlag.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.instance-database-insights.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as cdk from 'aws-cdk-lib';
+import {
+  DatabaseInstance,
+  DatabaseInsightsMode,
+  PerformanceInsightRetention,
+  PostgresEngineVersion,
+  DatabaseInstanceEngine,
+} from 'aws-cdk-lib/aws-rds';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+class TestStack extends cdk.Stack {
+  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
+    super(scope, id, props);
+    const vpc = new ec2.Vpc(this, 'VPC', { maxAzs: 2, restrictDefaultSecurityGroup: false });
+    new DatabaseInstance(this, 'PostgresInstanceAdvanced', {
+      engine: DatabaseInstanceEngine.postgres({ version: PostgresEngineVersion.VER_16_9 }),
+      instanceType: ec2.InstanceType.of(ec2.InstanceClass.R5, ec2.InstanceSize.LARGE),
+      vpc,
+      allocatedStorage: 100,
+      databaseInsightsMode: DatabaseInsightsMode.ADVANCED,
+      performanceInsightRetention: PerformanceInsightRetention.MONTHS_15,
+    });
+    new DatabaseInstance(this, 'PostgresInstanceStandard', {
+      engine: DatabaseInstanceEngine.postgres({ version: PostgresEngineVersion.VER_16_9 }),
+      instanceType: ec2.InstanceType.of(ec2.InstanceClass.R5, ec2.InstanceSize.LARGE),
+      vpc,
+      allocatedStorage: 100,
+      databaseInsightsMode: DatabaseInsightsMode.STANDARD,
+      enablePerformanceInsights: true,
+    });
+  }
+}
+const app = new cdk.App();
+const stack = new TestStack(app, 'aws-cdk-rds-integ-instance-database-insights');
+new IntegTest(app, 'integ-instance-database-insights', {
+  testCases: [stack],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.instance-lookup.ts ADDED Viewed

@@ -0,0 +1,77 @@
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { App, CfnOutput, Stack } from 'aws-cdk-lib';
+import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch';
+import * as iam from 'aws-cdk-lib/aws-iam';
+import * as rds from 'aws-cdk-lib/aws-rds';
+const app = new App();
+const instanceIdentifier = 'test-instance-lookup';
+const stackLookup = new Stack(app, 'aws-cdk-rds-instance-lookup', {
+  env: {
+    account: process.env.CDK_INTEG_ACCOUNT ?? process.env.CDK_DEFAULT_ACCOUNT,
+    region: process.env.CDK_INTEG_REGION ?? process.env.CDK_DEFAULT_REGION,
+  },
+});
+const lookedUpInstance = rds.DatabaseInstance.fromLookup(stackLookup, 'LookedUpInstance', {
+  instanceIdentifier,
+});
+new CfnOutput(stackLookup, 'LookedUpInstanceEndpoint', {
+  value: lookedUpInstance.instanceEndpoint.socketAddress,
+});
+new CfnOutput(stackLookup, 'LookedUpInstanceIdentifier', {
+  value: lookedUpInstance.instanceIdentifier,
+});
+new CfnOutput(stackLookup, 'LookedUpInstanceResourceIdentifier', {
+  value: lookedUpInstance.instanceResourceId ?? 'undefined',
+});
+new CfnOutput(stackLookup, 'LookedUpInstanceArn', {
+  value: lookedUpInstance.instanceArn,
+});
+new CfnOutput(stackLookup, 'SecurityGroupIds', {
+  value: lookedUpInstance.connections.securityGroups.map(sg => sg.securityGroupId).join(','),
+});
+// test grant
+const dbAccessRole = new iam.Role(stackLookup, 'DbAccessRole', {
+  assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
+  description: 'Role for accessing the RDS instance via IAM authentication',
+});
+lookedUpInstance.grantConnect(dbAccessRole, 'admin');
+// test metric
+lookedUpInstance.metricCPUUtilization().createAlarm(stackLookup, 'HighCPUAlarm', {
+  threshold: 90,
+  evaluationPeriods: 3,
+  alarmDescription: 'Database CPU utilization is high',
+  comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+});
+lookedUpInstance.metricFreeableMemory().createAlarm(stackLookup, 'LowMemoryAlarm', {
+  threshold: 100 * 1024 * 1024,
+  evaluationPeriods: 3,
+  alarmDescription: 'Database is running low on memory',
+  comparisonOperator: cloudwatch.ComparisonOperator.LESS_THAN_THRESHOLD,
+});
+new IntegTest(app, 'integ-rds-instance-from-lookup', {
+  testCases: [stackLookup],
+  enableLookups: true,
+  stackUpdateWorkflow: false,
+  hooks: {
+    preDeploy: [
+      `aws rds create-db-instance --db-instance-identifier ${instanceIdentifier} --engine mysql --engine-version 8.0.42 --master-username admin --master-user-password Admin1234 --allocated-storage 20 --db-instance-class db.t3.micro --enable-iam-database-authentication`,
+      `aws rds wait db-instance-available --db-instance-identifier ${instanceIdentifier}`,
+    ],
+    postDeploy: [
+      `aws rds delete-db-instance --db-instance-identifier ${instanceIdentifier} --skip-final-snapshot`,
+    ],
+  },
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/integ.proxy-endpoint.ts ADDED Viewed

@@ -0,0 +1,36 @@
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import { App, RemovalPolicy, Stack } from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import * as rds from 'aws-cdk-lib/aws-rds';
+const app = new App();
+const stack = new Stack(app, 'cdk-rds-proxy-endpoint');
+const vpc = new ec2.Vpc(stack, 'vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false });
+const dbInstance = new rds.DatabaseInstance(stack, 'dbInstance', {
+  engine: rds.DatabaseInstanceEngine.postgres({
+    version: rds.PostgresEngineVersion.VER_17_5,
+  }),
+  instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MEDIUM),
+  vpc,
+  removalPolicy: RemovalPolicy.DESTROY,
+});
+const dbProxy = new rds.DatabaseProxy(stack, 'dbProxy', {
+  secrets: [dbInstance.secret!],
+  proxyTarget: rds.ProxyTarget.fromInstance(dbInstance),
+  vpc,
+});
+const securityGroup = ec2.SecurityGroup.fromSecurityGroupId(stack, 'SecurityGroup', vpc.vpcDefaultSecurityGroup);
+dbProxy.addEndpoint('dbProxyEndpoint', {
+  vpc,
+  targetRole: rds.ProxyEndpointTargetRole.READ_ONLY,
+  securityGroups: [securityGroup],
+});
+new integ.IntegTest(app, 'cdk-rds-proxy-endpoint-integ', {
+  testCases: [stack],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/README.md CHANGED Viewed

@@ -134,6 +134,30 @@ new route53.AaaaRecord(this, 'Alias', {
 });
 ```
+To add an HTTPS record:
+``` ts
+import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
+declare const myZone: route53.HostedZone;
+declare const distribution: cloudfront.CloudFrontWebDistribution;
+// Alias to CloudFront target
+new route53.HttpsRecord(this, 'HttpsRecord-CloudFrontAlias', {
+  zone: myZone,
+  target: route53.RecordTarget.fromAlias(new targets.CloudFrontTarget(distribution)),
+});
+// ServiceMode (priority >= 1)
+new route53.HttpsRecord(this, 'HttpsRecord-ServiceMode', {
+  zone: myZone,
+  values: [route53.HttpsRecordValue.service({ alpn: [route53.Alpn.H3, route53.Alpn.H2] })],
+});
+// AliasMode (priority = 0)
+new route53.HttpsRecord(this, 'HttpsRecord-AliasMode', {
+  zone: myZone,
+  values: [route53.HttpsRecordValue.alias('service.example.com')],
+});
+```
 [Geolocation routing](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-geo.html) can be enabled for continent, country or subdivision:
 ```ts
@@ -343,40 +367,40 @@ const crossAccountRole = new iam.Role(this, 'CrossAccountRole', {
   roleName: 'MyDelegationRole',
   // The other account
   assumedBy: new iam.AccountPrincipal('12345678901'),
-  // You can scope down this role policy to be least privileged.
-  // If you want the other account to be able to manage specific records,
-  // you can scope down by resource and/or normalized record names
-  inlinePolicies: {
-    crossAccountPolicy: new iam.PolicyDocument({
-      statements: [
-        new iam.PolicyStatement({
-          sid: 'ListHostedZonesByName',
-          effect: iam.Effect.ALLOW,
-          actions: ['route53:ListHostedZonesByName'],
-          resources: ['*'],
-        }),
-        new iam.PolicyStatement({
-          sid: 'GetHostedZoneAndChangeResourceRecordSets',
-          effect: iam.Effect.ALLOW,
-          actions: ['route53:GetHostedZone', 'route53:ChangeResourceRecordSets'],
-          // This example assumes the RecordSet subdomain.somexample.com
-          // is contained in the HostedZone
-          resources: ['arn:aws:route53:::hostedzone/HZID00000000000000000'],
-          conditions: {
-            'ForAllValues:StringLike': {
-              'route53:ChangeResourceRecordSetsNormalizedRecordNames': [
-                'subdomain.someexample.com',
-              ],
-            },
-          },
-        }),
-      ],
-    }),
-  },
 });
 parentZone.grantDelegation(crossAccountRole);
 ```
+To restrict the records that can be created with the delegation IAM role, use the optional `delegatedZoneNames` property in the delegation options,
+which enforces the `route53:ChangeResourceRecordSetsNormalizedRecordNames` condition key for record names that match those hosted zone names.
+The `delegatedZoneNames` list may only consist of hosted zones names that are subzones of the parent hosted zone.
+If the delegated zone name contains an unresolved token,
+it must resolve to a zone name that satisfies the requirements according to the documentation:
+https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/specifying-conditions-route53.html#route53_rrset_conditionkeys_normalization
+> All letters must be lowercase.
+> The DNS name must be without the trailing dot.
+> Characters other than a–z, 0–9, - (hyphen), _ (underscore), and . (period, as a delimiter between labels) must use escape codes in the format \three-digit octal code. For example, \052 is the octal code for character *.
+This feature allows you to better follow the minimum permissions privilege principle:
+```ts
+const parentZone = new route53.PublicHostedZone(this, 'HostedZone', {
+  zoneName: 'someexample.com',
+});
+declare const betaCrossAccountRole: iam.Role;
+parentZone.grantDelegation(betaCrossAccountRole, {
+    delegatedZoneNames: ['beta.someexample.com'],
+});
+declare const prodCrossAccountRole: iam.Role;
+parentZone.grantDelegation(prodCrossAccountRole, {
+    delegatedZoneNames: ['prod.someexample.com'],
+});
+```
 In the account containing the child zone to be delegated:
 ```ts
@@ -516,7 +540,8 @@ const zone = route53.HostedZone.fromHostedZoneAttributes(this, 'MyZone', {
 ```
 Alternatively, use the `HostedZone.fromHostedZoneId` to import hosted zones if
-you know the ID and the retrieval for the `zoneName` is undesirable.
+you know the ID and the retrieval for the `zoneName` is undesirable.
+Note that any records created with a hosted zone obtained this way must have their name be fully qualified
 ```ts
 const zone = route53.HostedZone.fromHostedZoneId(this, 'MyZone', 'ZOJJZC49E0EPZ');
@@ -534,6 +559,18 @@ const zoneFromAttributes = route53.PublicHostedZone.fromPublicHostedZoneAttribut
 const zoneFromId = route53.PublicHostedZone.fromPublicHostedZoneId(this, 'MyZone', 'ZOJJZC49E0EPZ');
 ```
+You can import a Private Hosted Zone with `PrivateHostedZone.fromPrivateHostedZoneId` and `PrivateHostedZone.fromPrivateHostedZoneAttributes` methods:
+```ts
+const privateZoneFromAttributes = route53.PrivateHostedZone.fromPrivateHostedZoneAttributes(this, 'MyPrivateZone', {
+  zoneName: 'example.local',
+  hostedZoneId: 'ZOJJZC49E0EPZ',
+});
+// Does not know zoneName
+const privateZoneFromId = route53.PrivateHostedZone.fromPrivateHostedZoneId(this, 'MyPrivateZone', 'ZOJJZC49E0EPZ');
+```
 You can use `CrossAccountZoneDelegationRecord` on imported Hosted Zones with the `grantDelegation` method:
 ```ts

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/integ.delete-existing-record-set.ts CHANGED Viewed

@@ -23,7 +23,6 @@ class TestStack extends Stack {
       ttl: Duration.hours(2),
       zone: hostedZone,
       recordName: 'integ',
-      deleteExisting: true,
     });
     newRecord.node.addDependency(existingRecord);
   }

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/integ.private-hosted-zone-from-attributes.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as cdk from 'aws-cdk-lib';
+import * as route53 from 'aws-cdk-lib/aws-route53';
+import { PrivateHostedZone } from 'aws-cdk-lib/aws-route53';
+import { ExpectedResult, IntegTest } from '@aws-cdk/integ-tests-alpha';
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'aws-cdk-route53-integ');
+const vpc = new ec2.Vpc(stack, 'VPC', { maxAzs: 1, restrictDefaultSecurityGroup: false });
+const privateZone = new PrivateHostedZone(stack, 'PrivateZone', {
+  zoneName: 'aws-cdk.dev', vpc,
+});
+const expectPrivateHostedZone = route53.PrivateHostedZone.fromHostedZoneAttributes(stack, 'ExpectPrivateHostedZone', {
+  hostedZoneId: privateZone.hostedZoneId,
+  zoneName: privateZone.zoneName,
+});
+const integTest = new IntegTest(app, 'AwsCdkRoute53IntegTest', {
+  testCases: [stack],
+  diffAssets: false,
+});
+const hostedZoneApiCall = integTest.assertions.awsApiCall('Route53', 'getHostedZone', {
+  Id: expectPrivateHostedZone.hostedZoneId,
+});
+hostedZoneApiCall.expect(
+  ExpectedResult.objectLike({
+    HostedZone: {
+      Id: expectPrivateHostedZone.hostedZoneId,
+      Name: expectPrivateHostedZone.zoneName,
+    },
+  }),
+);
+app.synth();

konokenj.cdk-api-mcp-server 0.31.0__py3-none-any.whl → 0.57.0__py3-none-any.whl

konokenj.cdk-api-mcp-server 0.31.0py3-none-any.whl → 0.57.0py3-none-any.whl