konokenj.cdk-api-mcp-server 0.38.0__py3-none-any.whl → 0.40.0__py3-none-any.whl

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codedeploy/integ.deployment-group.ts

@@ -1,240 +1,62 @@
+import * as path from 'path';
 import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch';
-import * as ec2 from 'aws-cdk-lib/aws-ec2';
-import * as ecs from 'aws-cdk-lib/aws-ecs';
-import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
+import * as lambda from 'aws-cdk-lib/aws-lambda';
 import * as cdk from 'aws-cdk-lib';
-import * as integ from '@aws-cdk/integ-tests-alpha';
 import * as codedeploy from 'aws-cdk-lib/aws-codedeploy';
+import { STANDARD_NODEJS_RUNTIME } from '../../../config';
 
-/**
- * Follow these instructions to manually test running a CodeDeploy deployment with the resources provisioned in this stack:
- *
- * 1. Deploy the stack:
-```
-$ cdk deploy --app 'node integ.deployment-group.js' aws-cdk-codedeploy-ecs-dg
-```
- *
- * 2. Create a file called `appspec.json` with the following contents, replacing the placeholders with output values from the deployed stack:
-```
-{
-  "version": 0.0,
-  "Resources": [
-    {
-      "TargetService": {
-        "Type": "AWS::ECS::Service",
-        "Properties": {
-          "TaskDefinition": "<PLACEHOLDER - NEW TASK DEFINITION>",
-          "LoadBalancerInfo": {
-            "ContainerName": "Container",
-            "ContainerPort": 80
-          },
-          "PlatformVersion": "LATEST",
-          "NetworkConfiguration": {
-            "awsvpcConfiguration": {
-              "subnets": [
-                "<PLACEHOLDER - SUBNET 1 ID>",
-                "<PLACEHOLDER - SUBNET 2 ID>",
-              ],
-              "securityGroups": [
-                "<PLACEHOLDER - SECURITY GROUP ID>"
-              ],
-              "assignPublicIp": "DISABLED"
-            }
-          }
-        }
-      }
-    }
-  ]
-}
-```
- *
- * 3. Start the deployment:
-```
-$ appspec=$(jq -R -s '.' < appspec.json | sed 's/\\n//g')
-$ aws deploy create-deployment \
-   --application-name <PLACEHOLDER - CODEDEPLOY APPLICATION NAME> \
-   --deployment-group-name <PLACEHOLDER - CODEDEPLOY DEPLOYMENT GROUP NAME> \
-   --description "AWS CDK integ test" \
-   --revision revisionType=AppSpecContent,appSpecContent={content="$appspec"}
-```
- *
- * 4. Wait for the deployment to complete successfully, providing the deployment ID from the previous step:
-```
-$ aws deploy wait deployment-successful --deployment-id <PLACEHOLDER - DEPLOYMENT ID>
-```
- *
- * 5. Destroy the stack:
-```
-$ cdk destroy --app 'node integ.deployment-group.js' aws-cdk-codedeploy-ecs-dg
-```
- */
-
-const app = new cdk.App();
-const stack = new cdk.Stack(app, 'aws-cdk-codedeploy-ecs-dg');
-
-// Network infrastructure
-const vpc = new ec2.Vpc(stack, 'VPC', { maxAzs: 2, restrictDefaultSecurityGroup: false });
-
-// ECS service
-const cluster = new ecs.Cluster(stack, 'EcsCluster', {
-  vpc,
-});
-const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef');
-taskDefinition.addContainer('Container', {
-  image: ecs.ContainerImage.fromRegistry('public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest'),
-  portMappings: [{ containerPort: 80 }],
-});
-const service = new ecs.FargateService(stack, 'FargateService', {
-  cluster,
-  taskDefinition,
-  deploymentController: {
-    type: ecs.DeploymentControllerType.CODE_DEPLOY,
+const app = new cdk.App({
+  postCliContext: {
+    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
   },
 });
+const stack = new cdk.Stack(app, 'aws-cdk-codedeploy-lambda');
 
-// A second task definition for testing a CodeDeploy deployment of the ECS service to a new task definition
-const taskDefinition2 = new ecs.FargateTaskDefinition(stack, 'TaskDef2');
-taskDefinition2.addContainer('Container', {
-  image: ecs.ContainerImage.fromRegistry('public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest'),
-  portMappings: [{ containerPort: 80 }],
+const handler = new lambda.Function(stack, 'Handler', {
+  code: lambda.Code.fromAsset(path.join(__dirname, 'handler')),
+  handler: 'index.handler',
+  runtime: STANDARD_NODEJS_RUNTIME,
 });
-service.node.addDependency(taskDefinition2);
-
-// Load balancer
-const loadBalancer = new elbv2.ApplicationLoadBalancer(stack, 'ServiceLB', {
-  vpc,
-  internetFacing: false,
+const version = handler.currentVersion;
+const blueGreenAlias = new lambda.Alias(stack, 'Alias', {
+  aliasName: 'alias',
+  version,
 });
 
-// Listeners
-const prodListener = loadBalancer.addListener('ProdListener', {
-  port: 80, // port for production traffic
-  protocol: elbv2.ApplicationProtocol.HTTP,
+const preHook = new lambda.Function(stack, 'PreHook', {
+  code: lambda.Code.fromAsset(path.join(__dirname, 'preHook')),
+  handler: 'index.handler',
+  runtime: STANDARD_NODEJS_RUNTIME,
 });
-const testListener = loadBalancer.addListener('TestListener', {
-  port: 9002, // port for testing
-  protocol: elbv2.ApplicationProtocol.HTTP,
+const postHook = new lambda.Function(stack, 'PostHook', {
+  code: lambda.Code.fromAsset(path.join(__dirname, 'postHook')),
+  handler: 'index.handler',
+  runtime: STANDARD_NODEJS_RUNTIME,
 });
 
-// Target groups
-const blueTG = prodListener.addTargets('BlueTG', {
-  port: 80,
-  protocol: elbv2.ApplicationProtocol.HTTP,
-  targets: [
-    service.loadBalancerTarget({
-      containerName: 'Container',
-      containerPort: 80,
+new codedeploy.LambdaDeploymentGroup(stack, 'BlueGreenDeployment', {
+  alias: blueGreenAlias,
+  deploymentConfig: codedeploy.LambdaDeploymentConfig.LINEAR_10PERCENT_EVERY_1MINUTE,
+  alarms: [
+    new cloudwatch.Alarm(stack, 'BlueGreenErrors', {
+      comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
+      threshold: 1,
+      evaluationPeriods: 1,
+      metric: blueGreenAlias.metricErrors(),
     }),
   ],
-  deregistrationDelay: cdk.Duration.seconds(30),
-  healthCheck: {
-    interval: cdk.Duration.seconds(5),
-    healthyHttpCodes: '200',
-    healthyThresholdCount: 2,
-    unhealthyThresholdCount: 3,
-    timeout: cdk.Duration.seconds(4),
-  },
+  preHook,
+  postHook,
 });
 
-const greenTG = new elbv2.ApplicationTargetGroup(stack, 'GreenTG', {
-  vpc,
-  port: 80,
-  protocol: elbv2.ApplicationProtocol.HTTP,
-  targetType: elbv2.TargetType.IP,
-  deregistrationDelay: cdk.Duration.seconds(30),
-  healthCheck: {
-    interval: cdk.Duration.seconds(5),
-    healthyHttpCodes: '200',
-    healthyThresholdCount: 2,
-    unhealthyThresholdCount: 3,
-    timeout: cdk.Duration.seconds(4),
-  },
-});
-
-testListener.addTargetGroups('GreenTGTest', {
-  targetGroups: [greenTG],
+const secondAlias = new lambda.Alias(stack, 'SecondAlias', {
+  aliasName: 'secondAlias',
+  version,
 });
 
-prodListener.node.addDependency(greenTG);
-testListener.node.addDependency(blueTG);
-service.node.addDependency(testListener);
-service.node.addDependency(greenTG);
-
-// Alarms: monitor 500s and unhealthy hosts on target groups
-const blueUnhealthyHosts = new cloudwatch.Alarm(stack, 'BlueUnhealthyHosts', {
-  alarmName: stack.stackName + '-Unhealthy-Hosts-Blue',
-  metric: blueTG.metricUnhealthyHostCount(),
-  threshold: 1,
-  evaluationPeriods: 2,
-});
-
-const blueApiFailure = new cloudwatch.Alarm(stack, 'Blue5xx', {
-  alarmName: stack.stackName + '-Http-500-Blue',
-  metric: blueTG.metricHttpCodeTarget(
-    elbv2.HttpCodeTarget.TARGET_5XX_COUNT,
-    { period: cdk.Duration.minutes(1) },
-  ),
-  threshold: 1,
-  evaluationPeriods: 1,
-});
-
-const greenUnhealthyHosts = new cloudwatch.Alarm(stack, 'GreenUnhealthyHosts', {
-  alarmName: stack.stackName + '-Unhealthy-Hosts-Green',
-  metric: greenTG.metricUnhealthyHostCount(),
-  threshold: 1,
-  evaluationPeriods: 2,
-});
-
-const greenApiFailure = new cloudwatch.Alarm(stack, 'Green5xx', {
-  alarmName: stack.stackName + '-Http-500-Green',
-  metric: greenTG.metricHttpCodeTarget(
-    elbv2.HttpCodeTarget.TARGET_5XX_COUNT,
-    { period: cdk.Duration.minutes(1) },
-  ),
-  threshold: 1,
-  evaluationPeriods: 1,
-});
-
-// Deployment group
-const deploymentConfig = new codedeploy.EcsDeploymentConfig(stack, 'CanaryConfig', {
-  trafficRouting: codedeploy.TrafficRouting.timeBasedCanary({
-    interval: cdk.Duration.minutes(1),
-    percentage: 20,
-  }),
-});
-
-const dg = new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', {
-  alarms: [
-    blueUnhealthyHosts,
-    blueApiFailure,
-    greenUnhealthyHosts,
-    greenApiFailure,
-  ],
-  service,
-  blueGreenDeploymentConfig: {
-    blueTargetGroup: blueTG,
-    greenTargetGroup: greenTG,
-    listener: prodListener,
-    testListener,
-    terminationWaitTime: cdk.Duration.minutes(1),
-  },
-  deploymentConfig,
-  autoRollback: {
-    stoppedDeployment: true,
-  },
-  ignoreAlarmConfiguration: true,
-});
-
-// Outputs to use for manual testing
-new cdk.CfnOutput(stack, 'NewTaskDefinition', { value: taskDefinition2.taskDefinitionArn });
-new cdk.CfnOutput(stack, 'Subnet1Id', { value: vpc.privateSubnets[0].subnetId });
-new cdk.CfnOutput(stack, 'Subnet2Id', { value: vpc.privateSubnets[1].subnetId });
-new cdk.CfnOutput(stack, 'SecurityGroupId', { value: service.connections.securityGroups[0].securityGroupId });
-new cdk.CfnOutput(stack, 'CodeDeployApplicationName', { value: dg.application.applicationName });
-new cdk.CfnOutput(stack, 'CodeDeployDeploymentGroupName', { value: dg.deploymentGroupName });
-
-new integ.IntegTest(app, 'EcsDeploymentGroupTest', {
-  testCases: [stack],
+new codedeploy.LambdaDeploymentGroup(stack, 'SecondDeployment', {
+  alias: secondAlias,
+  deploymentConfig: codedeploy.LambdaDeploymentConfig.CANARY_10PERCENT_5MINUTES,
 });
 
 app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/README.md

@@ -150,6 +150,68 @@ const barStack = new BarStack(app, 'BarStack', {
 
 Note: You can create an instance of the `TableV2` construct with as many `replicas` as needed as long as there is only one replica per region. After table creation you can add or remove `replicas`, but you can only add or remove a single replica in each update.
 
+## Multi-Region Strong Consistency (MRSC)
+
+By default, DynamoDB global tables provide eventual consistency across regions. For applications requiring strong consistency across regions, you can configure Multi-Region Strong Consistency (MRSC) using the `multiRegionConsistency` property.
+
+MRSC global tables can be configured in two ways:
+* **Three replicas**: Deploy your table across three regions within the same region set
+* **Two replicas + one witness**: Deploy your table across two regions with a witness region for consensus
+
+### Region Sets
+
+MRSC global tables must be deployed within the same region set. The supported region sets are:
+
+* **US Region set**: `us-east-1`, `us-east-2`, `us-west-2`
+* **EU Region set**: `eu-west-1`, `eu-west-2`, `eu-west-3`, `eu-central-1`  
+* **AP Region set**: `ap-northeast-1`, `ap-northeast-2`, `ap-northeast-3`
+
+### Three Replicas Configuration
+
+```ts
+import * as cdk from 'aws-cdk-lib';
+
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'Stack', { env: { region: 'us-west-2' } });
+
+const mrscTable = new dynamodb.TableV2(stack, 'MRSCTable', {
+  partitionKey: { name: 'pk', type: dynamodb.AttributeType.STRING },
+  multiRegionConsistency: dynamodb.MultiRegionConsistency.STRONG,
+  replicas: [
+    { region: 'us-east-1' },
+    { region: 'us-east-2' },
+  ],
+});
+```
+
+### Two Replicas + Witness Configuration
+
+```ts
+import * as cdk from 'aws-cdk-lib';
+
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'Stack', { env: { region: 'us-west-2' } });
+
+const mrscTable = new dynamodb.TableV2(stack, 'MRSCTable', {
+  partitionKey: { name: 'pk', type: dynamodb.AttributeType.STRING },
+  multiRegionConsistency: dynamodb.MultiRegionConsistency.STRONG,
+  replicas: [
+    { region: 'us-east-1' },
+  ],
+  witnessRegion: 'us-east-2',
+});
+```
+
+### Important Considerations
+
+* **Witness regions** can only be used with `MultiRegionConsistency.STRONG`. Attempting to specify a witness region with eventual consistency will result in a validation error.
+* **Region validation**: All regions (primary, replicas, and witness) must be within the same region set.
+* **Replica count**: When using a witness region, you must have exactly 2 replicas (including the primary). Without a witness region, you must have exactly 3 replicas.
+* **Performance**: MRSC provides strong consistency but may have higher latency compared to eventual consistency.
+
+Further reading:
+https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/V2globaltables_HowItWorks.html#V2globaltables_HowItWorks.consistency-modes-mrsc
+
 ## Billing
 
 The `TableV2` construct can be configured with on-demand or provisioned billing:

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.table-v2-mrsc.ts

@@ -0,0 +1,31 @@
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib';
+import { AttributeType, MultiRegionConsistency, TableV2 } from 'aws-cdk-lib/aws-dynamodb';
+import { Construct } from 'constructs';
+
+class TestStack extends Stack {
+  public constructor(scope: Construct, id: string, props: StackProps) {
+    super(scope, id, props);
+
+    new TableV2(this, 'GlobalTable', {
+      tableName: 'my-global-table',
+      partitionKey: { name: 'pk', type: AttributeType.STRING },
+      sortKey: { name: 'sk', type: AttributeType.NUMBER },
+      removalPolicy: RemovalPolicy.DESTROY,
+      multiRegionConsistency: MultiRegionConsistency.STRONG,
+      witnessRegion: 'us-west-2',
+      replicas: [
+        {
+          region: 'us-east-2',
+        },
+      ],
+    });
+  }
+}
+
+const app = new App();
+new IntegTest(app, 'aws-cdk-global-table-integ', {
+  testCases: [new TestStack(app, 'aws-cdk-global-table-mrsc', { env: { region: 'us-east-1' } })],
+  regions: ['us-east-1'],
+  stackUpdateWorkflow: false,
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/README.md

@@ -1104,6 +1104,18 @@ new ec2.InterfaceVpcEndpoint(this, 'VPC Endpoint', {
 });
 ```
 
+For cross-region VPC endpoints, specify the `serviceRegion` parameter:
+
+```ts
+declare const vpc: ec2.Vpc;
+
+new ec2.InterfaceVpcEndpoint(this, 'CrossRegionEndpoint', {
+  vpc,
+  service: new ec2.InterfaceVpcEndpointService('com.amazonaws.vpce.us-east-1.vpce-svc-123456', 443),
+  serviceRegion: 'us-east-1', // Same region as the service endpoint above
+});
+```
+
 #### Security groups for interface VPC endpoints
 
 By default, interface VPC endpoints create a new security group and all traffic to the endpoint from within the VPC will be automatically allowed.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ec2/integ.vpc-endpoint.lit.ts

@@ -55,6 +55,12 @@ class VpcEndpointStack extends cdk.Stack {
       ipAddressType: ec2.VpcEndpointIpAddressType.IPV4,
       dnsRecordIpType: ec2.VpcEndpointDnsRecordIpType.IPV4,
     });
+
+    // Add a cross-region interface endpoint
+    vpc.addInterfaceEndpoint('CrossRegionEndpoint', {
+      service: new ec2.InterfaceVpcEndpointService('com.amazonaws.vpce.us-east-1.vpce-svc-123456', 443),
+      serviceRegion: 'us-east-1', // Cross-region service
+    });
   }
 }
 

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/README.md

@@ -2076,8 +2076,6 @@ Amazon ECS supports native blue/green deployments that allow you to deploy new v
 
 [Amazon ECS blue/green deployments](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-blue-green.html)
 
-### Using Fargate L2 constructs for Blue/Green Feature
-
 ```ts
 import * as lambda from 'aws-cdk-lib/aws-lambda';
 
@@ -2102,92 +2100,13 @@ const target = service.loadBalancerTarget({
   containerName: 'nginx',
   containerPort: 80,
   protocol: ecs.Protocol.TCP,
-}, new ecs.AlternateTarget('AlternateTarget', {
-  alternateTargetGroup: greenTargetGroup,
-  productionListener: ecs.ListenerRuleConfiguration.applicationListenerRule(prodListenerRule),
-}));
-
-target.attachToApplicationTargetGroup(blueTargetGroup);
-```
-
-### Using Escape Hatches for Blue/Green Features
-
-The new blue/green deployment features are added to CloudFormation but not yet available in the CDK L2 constructs, you can use escape hatches to access them through the L1 (CfnService) construct.
-
-#### Load Balancer Advanced Configuration
-
-Configure advanced load balancer settings for blue/green deployments with alternate target groups and listener rules:
-
-```ts
-declare const service: ecs.FargateService;
-
-const cfnService = service.node.defaultChild as ecs.CfnService;
-cfnService.loadBalancers = [{
-  containerName: 'web',
-  containerPort: 80,
-  targetGroupArn: 'arn:aws:elasticloadbalancing:region:account:targetgroup/production',
-  advancedConfiguration: {
-    alternateTargetGroupArn: 'arn:aws:elasticloadbalancing:region:account:targetgroup/test',
-    productionListenerRule: 'arn:aws:elasticloadbalancing:region:account:listener-rule/production-rule',
-    testListenerRule: 'arn:aws:elasticloadbalancing:region:account:listener-rule/test-rule',
-    roleArn: 'arn:aws:iam::account:role/ecs-blue-green-role'
-  }
-}];
-```
-
-#### Blue/Green Deployment Configuration
-
-Configure deployment strategy with bake time and lifecycle hooks:
-
-```ts
-declare const service: ecs.FargateService;
-
-const cfnService = service.node.defaultChild as ecs.CfnService;
-cfnService.deploymentConfiguration = {
-  maximumPercent: 200,
-  minimumHealthyPercent: 100,
-  strategy: 'BLUE_GREEN',
-  bakeTimeInMinutes: 15,
-  lifecycleHooks: [{
-    hookTargetArn: 'arn:aws:lambda:region:account:function:pre-deployment-hook',
-    roleArn: 'arn:aws:iam::account:role/deployment-hook-role',
-    lifecycleStages: ['PRE_STOP', 'POST_START']
-  }]
-};
-```
-
-#### Service Connect Test Traffic Rules
-
-Configure test traffic routing for Service Connect during blue/green deployments:
-
-```ts
-declare const cluster: ecs.Cluster;
-declare const taskDefinition: ecs.TaskDefinition;
-
-const service = new ecs.FargateService(this, 'Service', {
-  cluster,
-  taskDefinition,
+  alternateTarget: new ecs.AlternateTarget('AlternateTarget', {
+    alternateTargetGroup: greenTargetGroup,
+    productionListener: ecs.ListenerRuleConfiguration.applicationListenerRule(prodListenerRule),
+  }),
 });
 
-const cfnService = service.node.defaultChild as ecs.CfnService;
-cfnService.serviceConnectConfiguration = {
-  enabled: true,
-  services: [{
-    portName: 'api',
-    clientAliases: [{
-      port: 80,
-      dnsName: 'my-service',
-      testTrafficRules: {
-        header: {
-          name: 'x-canary-test',
-          value: {
-            exact: 'beta-version'
-          }
-        }
-      }
-    }]
-  }]
-};
+target.attachToApplicationTargetGroup(blueTargetGroup);
 ```
 
 ## Daemon Scheduling Strategy

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.availability-zone-rebalancing.ts

@@ -3,30 +3,20 @@ import * as cdk from 'aws-cdk-lib';
 import * as ecs from 'aws-cdk-lib/aws-ecs';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 
-const app = new cdk.App({
-  postCliContext: {
-    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
-  },
-});
+const app = new cdk.App();
 const stack = new cdk.Stack(app, 'aws-ecs-integ-availability-zone-rebalancing');
 
 const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false });
 
-const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
-
-cluster.addCapacity('DefaultAutoScalingGroup', {
-  instanceType: new ec2.InstanceType('t2.micro'),
-});
+const cluster = new ecs.Cluster(stack, 'Cluster', { vpc });
 
-const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef');
+const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef');
 
 taskDefinition.addContainer('web', {
   image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
-  memoryLimitMiB: 256,
 });
 
-new ecs.Ec2Service(stack, 'FrontendService', {
+new ecs.FargateService(stack, 'FargateService', {
   cluster,
   taskDefinition,
   availabilityZoneRebalancing: ecs.AvailabilityZoneRebalancing.ENABLED,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.blue-green-deployment-strategy.ts

@@ -131,10 +131,11 @@ const target = service.loadBalancerTarget({
   containerName: 'nginx',
   containerPort: 80,
   protocol: ecs.Protocol.TCP,
-}, new ecs.AlternateTarget('LBAlternateOptions', {
-  alternateTargetGroup: greenTargetGroup,
-  productionListener: ecs.ListenerRuleConfiguration.applicationListenerRule(prodListenerRule),
-}));
+  alternateTarget: new ecs.AlternateTarget('LBAlternateOptions', {
+    alternateTargetGroup: greenTargetGroup,
+    productionListener: ecs.ListenerRuleConfiguration.applicationListenerRule(prodListenerRule),
+  }),
+});
 
 target.attachToApplicationTargetGroup(blueTargetGroup);
 

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.enable-execute-command.ts

@@ -1,53 +1,30 @@
-
-import * as autoscaling from 'aws-cdk-lib/aws-autoscaling';
-import * as s3 from 'aws-cdk-lib/aws-s3';
 import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as kms from 'aws-cdk-lib/aws-kms';
+import * as s3 from 'aws-cdk-lib/aws-s3';
 import * as cdk from 'aws-cdk-lib';
+import { Duration } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import * as ecs from 'aws-cdk-lib/aws-ecs';
 
 const app = new cdk.App({
   postCliContext: {
-    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
     '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': true,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
-    '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });
 const stack = new cdk.Stack(app, 'aws-ecs-integ-enable-execute-command');
 
-const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2 });
-
-const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef');
-
-taskDefinition.addContainer('web', {
-  image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
-  memoryReservationMiB: 256,
-  portMappings: [
-    {
-      containerPort: 80,
-      hostPort: 8080,
-      protocol: ecs.Protocol.TCP,
-    },
-  ],
-});
+const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false });
 
-const execBucket = new s3.Bucket(stack, 'EcsExecBucket');
+const kmsKey = new kms.Key(stack, 'KmsKey');
 
-const cp = new ecs.AsgCapacityProvider(stack, 'EC2CapacityProvider', {
-  autoScalingGroup: new autoscaling.AutoScalingGroup(stack, 'ASG', {
-    vpc,
-    instanceType: new ec2.InstanceType('t2.micro'),
-    machineImage: ecs.EcsOptimizedImage.amazonLinux2(),
-  }),
-  // This is to allow cdk destroy to work; otherwise deletion will hang bc ASG cannot be deleted
-  enableManagedTerminationProtection: false,
+const execBucket = new s3.Bucket(stack, 'EcsExecBucket', {
+  encryptionKey: kmsKey,
 });
 
-const cluster = new ecs.Cluster(stack, 'EC2CPCluster', {
+const cluster = new ecs.Cluster(stack, 'FargateCluster', {
   vpc,
   executeCommandConfiguration: {
+    kmsKey,
     logConfiguration: {
       s3Bucket: execBucket,
       s3EncryptionEnabled: true,
@@ -56,9 +33,19 @@ const cluster = new ecs.Cluster(stack, 'EC2CPCluster', {
     logging: ecs.ExecuteCommandLogging.OVERRIDE,
   },
 });
-cluster.addAsgCapacityProvider(cp);
 
-new ecs.Ec2Service(stack, 'EC2Service', {
+const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef');
+
+taskDefinition.addContainer('web', {
+  image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  healthCheck: {
+    command: ['CMD-SHELL', 'curl localhost:8000'],
+    interval: Duration.seconds(60),
+    timeout: Duration.seconds(40),
+  },
+});
+
+new ecs.FargateService(stack, 'FargateService', {
   cluster,
   taskDefinition,
   enableExecuteCommand: true,
@@ -66,5 +53,12 @@ new ecs.Ec2Service(stack, 'EC2Service', {
 
 new integ.IntegTest(app, 'enable-execute-command-test', {
   testCases: [stack],
+  diffAssets: true,
+  cdkCommandOptions: {
+    deploy: {
+      args: {
+        rollback: true,
+      },
+    },
+  },
 });
-app.synth();