konokenj.cdk-api-mcp-server 0.40.0__py3-none-any.whl → 0.42.0__py3-none-any.whl

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-dynamodb/integ.table-v2-global.ts

@@ -19,7 +19,9 @@ class TestStack extends Stack {
         writeCapacity: Capacity.autoscaled({ maxCapacity: 20, targetUtilizationPercent: 60, seedCapacity: 10 }),
       }),
       encryption: TableEncryptionV2.awsManagedKey(),
-      contributorInsights: true,
+      contributorInsightsSpecification: {
+        enabled: true,
+      },
       pointInTimeRecovery: true,
       tableClass: TableClass.STANDARD_INFREQUENT_ACCESS,
       timeToLiveAttribute: 'attr',
@@ -49,7 +51,9 @@ class TestStack extends Stack {
           readCapacity: Capacity.autoscaled({ minCapacity: 5, maxCapacity: 25 }),
           globalSecondaryIndexOptions: {
             gsi2: {
-              contributorInsights: false,
+              contributorInsightsSpecification: {
+                enabled: false,
+              },
             },
           },
           tags: [{ key: 'USE2ReplicaTagKey', value: 'USE2ReplicaTagValue' }],
@@ -57,7 +61,9 @@ class TestStack extends Stack {
         {
           region: 'us-west-2',
           tableClass: TableClass.STANDARD,
-          contributorInsights: false,
+          contributorInsightsSpecification: {
+            enabled: false,
+          },
           globalSecondaryIndexOptions: {
             gsi1: {
               readCapacity: Capacity.fixed(15),

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/README.md

@@ -1970,6 +1970,9 @@ const volumeFromSnapshot = new ecs.ServiceManagedVolume(this, 'EBSVolume', {
     snapShotId: 'snap-066877671789bd71b',
     volumeType: ec2.EbsDeviceVolumeType.GP3,
     fileSystemType: ecs.FileSystemType.XFS,
+    // Specifies the Amazon EBS Provisioned Rate for Volume Initialization.
+    // Valid range is between 100 and 300 MiB/s.
+    volumeInitializationRate: Size.mebibytes(200),
   },
 });
 

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.ebs-volume-initialization-rate.ts

@@ -0,0 +1,80 @@
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as cdk from 'aws-cdk-lib';
+import * as ecs from 'aws-cdk-lib/aws-ecs';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import { Construct } from 'constructs';
+
+/*
+ * This integration test demonstrates how to use EBS volume initialization rate
+ * with Service Managed Volumes.
+ *
+ * To run this test with a real EBS snapshot:
+ * 1. Create an EBS volume:
+ *    aws ec2 create-volume --size 1 --volume-type gp3 --availability-zone us-east-1a
+ * 2. Create a snapshot from the volume:
+ *    aws ec2 create-snapshot --volume-id vol-xxxxxxxxx --description "Test snapshot"
+ * 3. Wait for snapshot completion:
+ *    aws ec2 wait snapshot-completed --snapshot-ids snap-xxxxxxxxx
+ * 4. Set the environment variable SNAPSHOT_ID to the snapshot ID:
+ *    export SNAPSHOT_ID=snap-xxxxxxxxx
+ */
+
+const snapShotId = process.env.SNAPSHOT_ID ?? 'snap-123456789abcdef0';
+
+class TestStack extends cdk.Stack {
+  constructor(scope: Construct, id: string) {
+    super(scope, id);
+
+    const vpc = new ec2.Vpc(this, 'Vpc', {
+      maxAzs: 1,
+      restrictDefaultSecurityGroup: false,
+    });
+
+    const cluster = new ecs.Cluster(this, 'FargateCluster', {
+      vpc,
+    });
+
+    const taskDefinition = new ecs.FargateTaskDefinition(this, 'TaskDef');
+
+    const container = taskDefinition.addContainer('web', {
+      image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+      portMappings: [{
+        containerPort: 80,
+        protocol: ecs.Protocol.TCP,
+      }],
+    });
+
+    const volume = new ecs.ServiceManagedVolume(this, 'EBSVolume', {
+      name: 'ebs1',
+      managedEBSVolume: {
+        volumeType: ec2.EbsDeviceVolumeType.GP3,
+        size: cdk.Size.gibibytes(1),
+        fileSystemType: ecs.FileSystemType.EXT4,
+        volumeInitializationRate: cdk.Size.mebibytes(200),
+        snapShotId: snapShotId,
+      },
+    });
+
+    volume.mountIn(container, {
+      containerPath: '/var/lib',
+      readOnly: false,
+    });
+
+    taskDefinition.addVolume(volume);
+
+    const service = new ecs.FargateService(this, 'FargateService', {
+      cluster,
+      taskDefinition,
+      desiredCount: 1,
+    });
+
+    service.addVolume(volume);
+  }
+}
+
+const app = new cdk.App();
+const stack = new TestStack(app, 'integ-aws-ecs-ebs-volume-initialization-rate');
+
+new integ.IntegTest(app, 'EBSVolumeInitializationRate', {
+  testCases: [stack],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/README.md

@@ -70,6 +70,8 @@ Fargate services will use the `LATEST` platform version by default, but you can
 
 Fargate services use the default VPC Security Group unless one or more are provided using the `securityGroups` property in the constructor.
 
+**Security Considerations**: When using custom security groups on your load balancer, the `openListener` property controls whether the load balancer listener allows traffic from anywhere on the internet (0.0.0.0/0). By default, `openListener` is `true`, but it will automatically default to `false` when custom security groups are detected, preventing unintended internet exposure. You can always explicitly set `openListener: true` to override this behavior if needed.
+
 By setting `redirectHTTP` to true, CDK will automatically create a listener on port 80 that redirects HTTP traffic to the HTTPS port.
 
 If you specify the option `recordType` you can decide if you want the construct to use CNAME or Route53-Aliases as record sets.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.alb-fargate-service-smart-defaults.ts

@@ -0,0 +1,143 @@
+/**
+ * Integration test for the conditional openListener behavior in ApplicationLoadBalancedFargateService.
+ *
+ * This test validates the security feature that automatically sets openListener to false when custom
+ * security groups are detected on the load balancer, preventing unintended internet exposure.
+ *
+ * Test scenarios:
+ * 1. DefaultService: No custom security groups provided
+ *    - Expected: openListener defaults to true, creates 0.0.0.0/0 ingress rules
+ *    - Validates: Default behavior when CDK manages all security groups
+ *
+ * 2. ExplicitOpenService: Explicit openListener: true
+ *    - Expected: Creates 0.0.0.0/0 ingress rules regardless of other settings
+ *    - Validates: Explicit override functionality works correctly
+ *
+ * 3. ExplicitClosedService: Explicit openListener: false
+ *    - Expected: Does NOT create 0.0.0.0/0 ingress rules
+ *    - Validates: Explicit closed listener prevents internet access
+ *
+ * 4. ConditionalWithCustomSG: Custom security groups + no explicit openListener
+ *    - Expected: Conditional behavior kicks in, openListener defaults to false
+ *    - Validates: Core feature - prevents 0.0.0.0/0 rules when custom SGs detected
+ *
+ * The test uses AWS SDK calls to verify actual security group configurations in deployed resources,
+ * ensuring the feature works correctly in real AWS environments.
+ */
+
+import { Vpc, SecurityGroup, Port } from 'aws-cdk-lib/aws-ec2';
+import { Cluster, ContainerImage } from 'aws-cdk-lib/aws-ecs';
+import { ApplicationLoadBalancer } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
+import { App, Stack, Duration } from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import { ApplicationLoadBalancedFargateService } from 'aws-cdk-lib/aws-ecs-patterns';
+
+const app = new App({
+  postCliContext: {
+    // Enable the feature flag for this test
+    '@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener': true,
+  },
+});
+
+const stack = new Stack(app, 'aws-ecs-integ-alb-fg-smart-defaults');
+const vpc = new Vpc(stack, 'Vpc', { maxAzs: 3, natGateways: 1, restrictDefaultSecurityGroup: false });
+const cluster = new Cluster(stack, 'Cluster', { vpc });
+
+// Test case 1: Service with conditional default (no openListener specified)
+// CDK creates load balancer, should default to openListener: true (no custom security groups)
+new ApplicationLoadBalancedFargateService(stack, 'SmartDefaultService', {
+  cluster,
+  memoryLimitMiB: 512,
+  taskImageOptions: {
+    image: ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  },
+  // No openListener specified - should default to true since no custom security groups
+});
+
+// Test case 2: Service with explicit openListener: true
+new ApplicationLoadBalancedFargateService(stack, 'ExplicitOpenService', {
+  cluster,
+  memoryLimitMiB: 512,
+  taskImageOptions: {
+    image: ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  },
+  openListener: true, // Should create 0.0.0.0/0 rules
+  listenerPort: 8080,
+});
+
+// Test case 3: Service with explicit openListener: false
+new ApplicationLoadBalancedFargateService(stack, 'ExplicitClosedService', {
+  cluster,
+  memoryLimitMiB: 512,
+  taskImageOptions: {
+    image: ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  },
+  openListener: false, // Should NOT create 0.0.0.0/0 rules
+  listenerPort: 9090,
+});
+
+// Test case 4: Service with custom security groups (conditional default should apply)
+const customSecurityGroup = new SecurityGroup(stack, 'CustomSecurityGroup', {
+  vpc,
+  description: 'Custom security group for load balancer',
+});
+
+// Add a custom rule to the security group
+customSecurityGroup.addIngressRule(
+  customSecurityGroup,
+  Port.tcp(80),
+  'Allow HTTP from custom security group',
+);
+
+const customLoadBalancer = new ApplicationLoadBalancer(stack, 'CustomLoadBalancer', {
+  vpc,
+  internetFacing: true,
+  securityGroup: customSecurityGroup,
+});
+
+// This should use conditional default (openListener: false) because custom security groups are detected
+new ApplicationLoadBalancedFargateService(stack, 'SmartDefaultWithCustomSG', {
+  cluster,
+  memoryLimitMiB: 512,
+  taskImageOptions: {
+    image: ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  },
+  loadBalancer: customLoadBalancer,
+  // No openListener specified - should default to false due to custom security groups
+});
+
+const integTest = new integ.IntegTest(app, 'albFargateServiceSmartDefaultsTest', {
+  testCases: [stack],
+});
+
+// Validate the core conditional behavior by checking the custom security group
+// This confirms that when custom security groups are provided, the conditional default prevents
+// creating overly permissive 0.0.0.0/0 ingress rules
+// Assert that the custom security group only contains self-referencing rules (no 0.0.0.0/0)
+// This validates the feature prevents unintended internet exposure
+integTest.assertions.awsApiCall('EC2', 'describeSecurityGroups', {
+  GroupIds: [customSecurityGroup.securityGroupId],
+}).expect(integ.ExpectedResult.objectLike({
+  SecurityGroups: [
+    {
+      IpPermissions: integ.Match.arrayWith([
+        integ.Match.objectLike({
+          FromPort: 80,
+          ToPort: 80,
+          // Verify only security group references exist, no public internet access (0.0.0.0/0)
+          UserIdGroupPairs: integ.Match.arrayWith([
+            integ.Match.objectLike({
+              GroupId: customSecurityGroup.securityGroupId,
+            }),
+          ]),
+          // Ensure no IpRanges with 0.0.0.0/0 are present
+          IpRanges: [],
+        }),
+      ]),
+    },
+  ],
+})).waitForAssertions({
+  totalTimeout: Duration.minutes(5),
+});
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events/README.md

@@ -332,6 +332,28 @@ new events.EventBus(this, 'Bus', {
 });
 ```
 
-**Note**: Archives and schema discovery are not supported for event buses encrypted using a customer managed key.
-To enable archives or schema discovery on an event bus, choose to use an AWS owned key.
-For more information, see [KMS key options for event bus encryption](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption-at-rest-key-options.html).
+To use a customer managed key for an archive, use the `kmsKey` attribute. 
+
+Note: When you attach a customer managed key to either an EventBus or an Archive, a policy that allows EventBridge to interact with your resource will be added. 
+
+```ts
+import * as kms from 'aws-cdk-lib/aws-kms';
+import { Archive, EventBus } from 'aws-cdk-lib/aws-events';
+
+const stack = new Stack();
+
+declare const kmsKey: kms.IKey;
+
+const eventBus = new EventBus(stack, 'Bus');
+
+const archive = new Archive(stack, 'Archive', {
+  kmsKey: kmsKey,
+  sourceEventBus: eventBus,
+  eventPattern: {
+    source: ['aws.ec2']
+  },
+});
+```
+
+To enable archives or schema discovery on an event bus, customers has the choice of using either an AWS owned key or a customer managed key.
+For more information, see [KMS key options for event bus encryption](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption-at-rest-key-options.html).

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events/integ.archive-customer-managed-key.ts

@@ -0,0 +1,23 @@
+import * as kms from 'aws-cdk-lib/aws-kms';
+import { App, RemovalPolicy, Stack } from 'aws-cdk-lib';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { Archive, EventBus } from 'aws-cdk-lib/aws-events';
+
+const app = new App();
+const stack = new Stack(app, 'archive-customer-managed-key');
+
+const kmsKey = new kms.Key(stack, 'KmsKey', {
+  removalPolicy: RemovalPolicy.DESTROY,
+});
+
+new Archive(stack, 'Archive', {
+  kmsKey: kmsKey,
+  sourceEventBus: EventBus.fromEventBusName(stack, 'DefaultEventBus', 'default'),
+  eventPattern: {
+    source: ['test'],
+  },
+});
+
+new IntegTest(app, 'archive-customer-managed-key-test', {
+  testCases: [stack],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/README.md

@@ -1177,7 +1177,7 @@ const version = fn.currentVersion;
 You can use Application AutoScaling to automatically configure the provisioned concurrency for your functions. AutoScaling can be set to track utilization or be based on a schedule. To configure AutoScaling on a function alias:
 
 ```ts
-import * as autoscaling from 'aws-cdk-lib/aws-autoscaling';
+import * as appscaling from 'aws-cdk-lib/aws-applicationautoscaling';
 
 declare const fn: lambda.Function;
 const alias = fn.addAlias('prod');
@@ -1192,7 +1192,7 @@ as.scaleOnUtilization({
 
 // Configure Scheduled Scaling
 as.scaleOnSchedule('ScaleUpInTheMorning', {
-  schedule: autoscaling.Schedule.cron({ hour: '8', minute: '0'}),
+  schedule: appscaling.Schedule.cron({ hour: '8', minute: '0'}),
   minCapacity: 20,
 });
 ```

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53/integ.delete-existing-record-set.ts

@@ -23,7 +23,6 @@ class TestStack extends Stack {
       ttl: Duration.hours(2),
       zone: hostedZone,
       recordName: 'integ',
-      deleteExisting: true,
     });
     newRecord.node.addDependency(existingRecord);
   }

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/README.md

@@ -325,6 +325,24 @@ new s3deploy.BucketDeployment(this, 'DeployWithInvalidation', {
 });
 ```
 
+By default, the deployment will wait for invalidation to succeed to complete. This will poll Cloudfront for a maximum of 13 minutes to check for a successful invalidation. The drawback to this is that the deployment will fail if invalidation fails or if it takes longer than 13 minutes. As a workaround, there is the option `waitForDistributionInvalidation`, which can be set to false to skip waiting for the invalidation, but this can be risky as invalidation errors will not be reported.
+
+```ts
+import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
+
+declare const bucket: s3.IBucket;
+declare const distribution: cloudfront.IDistribution;
+
+new s3deploy.BucketDeployment(this, 'DeployWithInvalidation', {
+  sources: [s3deploy.Source.asset('./website-dist')],
+  destinationBucket: bucket,
+  distribution,
+  distributionPaths: ['/images/*.png'],
+  // Invalidate cache but don't wait or verify that invalidation has completed successfully.
+  waitForDistributionInvalidation: false
+});
+```
+
 ## Signed Content Payloads
 
 By default, deployment uses streaming uploads which set the `x-amz-content-sha256`

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-cross-stack-ssm-source.ts

@@ -0,0 +1,91 @@
+import * as cdk from 'aws-cdk-lib';
+import { Construct } from 'constructs';
+import * as s3 from 'aws-cdk-lib/aws-s3';
+import * as s3deploy from 'aws-cdk-lib/aws-s3-deployment';
+import * as ssm from 'aws-cdk-lib/aws-ssm';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+
+class SsmStack extends cdk.NestedStack {
+  public readonly ssmParam: ssm.StringListParameter;
+
+  constructor(scope: Construct, id: string, props?: cdk.NestedStackProps) {
+    super(scope, id, props);
+
+    const testSubnets = ['subnet-12345', 'subnet-67890'];
+
+    this.ssmParam = new ssm.StringListParameter(this, 'TestParam', {
+      parameterName: '/repro/subnets',
+      stringListValue: testSubnets,
+      description: 'Test parameter for reproduction',
+    });
+  }
+}
+
+class S3Stack extends cdk.NestedStack {
+  public readonly bucket: s3.Bucket;
+
+  constructor(scope: Construct, id: string, props?: cdk.NestedStackProps) {
+    super(scope, id, props);
+
+    const readParam = ssm.StringListParameter.fromStringListParameterName(
+      this,
+      'ReadParam',
+      '/repro/subnets',
+    );
+
+    this.bucket = new s3.Bucket(this, 'ReproBucket', {
+      removalPolicy: cdk.RemovalPolicy.DESTROY,
+      autoDeleteObjects: true,
+    });
+
+    new s3deploy.BucketDeployment(this, 'ReproDeployment', {
+      sources: [
+        s3deploy.Source.jsonData('config.json', {
+          subnets: readParam.stringListValue,
+          expectedValues: ['subnet-12345', 'subnet-67890'],
+          version: '2.207.0',
+          issue: 'StringListParameter tokens not resolved in Source.jsonData',
+          timestamp: new Date().toISOString(),
+        }),
+      ],
+      destinationBucket: this.bucket,
+    });
+  }
+}
+
+export class MainStack extends cdk.Stack {
+  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
+    super(scope, id, props);
+
+    const ssmStack = new SsmStack(this, 'SsmStack');
+    const s3Stack = new S3Stack(this, 'S3Stack');
+    s3Stack.addDependency(ssmStack);
+
+    new cdk.CfnOutput(this, 'BucketName', {
+      value: s3Stack.bucket.bucketName,
+      description: 'Check config.json in this bucket',
+    });
+
+    new cdk.CfnOutput(this, 'ParameterName', {
+      value: ssmStack.ssmParam.parameterName,
+      description: 'SSM parameter name',
+    });
+
+    new cdk.CfnOutput(this, 'ExpectedValues', {
+      value: JSON.stringify(['subnet-12345', 'subnet-67890']),
+      description: 'Expected subnet values in config.json',
+    });
+
+    new cdk.CfnOutput(this, 'VerificationCommand', {
+      value: `aws s3 cp s3://${s3Stack.bucket.bucketName}/config.json - | jq .`,
+      description: 'Command to check the deployed JSON',
+    });
+  }
+}
+
+const app = new cdk.App();
+const stack = new MainStack(app, 'integ-bucket-deployment-cross-stack-ssm');
+
+new integ.IntegTest(app, 'integ-bucket-deployment-cross-stack-ssm-source', {
+  testCases: [stack],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-signer/integ.signing-profile.ts

@@ -16,6 +16,11 @@ new signer.SigningProfile(stack, 'SigningProfileOCI', {
   signatureValidity: cdk.Duration.days(60),
 });
 
+new signer.SigningProfile(stack, 'SigningProfileWithName', {
+  platform: signer.Platform.AWS_LAMBDA_SHA384_ECDSA,
+  signingProfileName: 'test-signing-profile-name',
+});
+
 new IntegTest(app, 'cdk-integ-signer-signing-profile', {
   testCases: [stack],
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-sns/README.md

@@ -121,6 +121,7 @@ declare const fn: lambda.Function;
 
 // Lambda should receive only message matching the following conditions on message body:
 // color: 'red' or 'orange'
+// store: property must not be present
 myTopic.addSubscription(new subscriptions.LambdaSubscription(fn, {
   filterPolicyWithMessageBody: {
     background: sns.FilterOrPolicy.policy({
@@ -128,6 +129,7 @@ myTopic.addSubscription(new subscriptions.LambdaSubscription(fn, {
         allowlist: ['red', 'orange'],
       })),
     }),
+    store: sns.FilterOrPolicy.filter(sns.SubscriptionFilter.notExistsFilter()),
   },
 }));
 ```

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-sns-subscriptions/integ.sns-sqs-subscription-filter.ts

@@ -0,0 +1,75 @@
+import * as sns from 'aws-cdk-lib/aws-sns';
+import * as sqs from 'aws-cdk-lib/aws-sqs';
+import * as cdk from 'aws-cdk-lib';
+import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
+import * as subs from 'aws-cdk-lib/aws-sns-subscriptions';
+
+const app = new cdk.App();
+
+const stack = new cdk.Stack(app, 'sns-sqs-subscription-filter');
+
+const topic = new sns.Topic(stack, 'MyTopic');
+
+const queue1 = new sqs.Queue(stack, 'MyQueue1');
+const queue2 = new sqs.Queue(stack, 'MyQueue2');
+
+topic.addSubscription(new subs.SqsSubscription(queue1, {
+  filterPolicyWithMessageBody: {
+    background: sns.Policy.policy({
+      color: sns.Filter.filter(sns.SubscriptionFilter.stringFilter({
+        allowlist: ['red', 'green'],
+      })),
+    }),
+    price: sns.Filter.filter(sns.SubscriptionFilter.numericFilter({
+      allowlist: [100, 200],
+    })),
+    store: sns.Filter.filter(sns.SubscriptionFilter.existsFilter()),
+  },
+  rawMessageDelivery: true,
+}));
+
+topic.addSubscription(new subs.SqsSubscription(queue2, {
+  filterPolicyWithMessageBody: {
+    background: sns.Policy.policy({
+      color: sns.Filter.filter(sns.SubscriptionFilter.stringFilter({
+        denylist: ['red', 'green'],
+      })),
+    }),
+    price: sns.Filter.filter(sns.SubscriptionFilter.numericFilter({
+      betweenStrict: { start: 100, stop: 200 },
+    })),
+    store: sns.Filter.filter(sns.SubscriptionFilter.notExistsFilter()),
+  },
+  rawMessageDelivery: true,
+}));
+
+const integTest = new IntegTest(app, 'SNS Subscription filters', {
+  testCases: [stack],
+});
+
+const message1 = JSON.stringify({ background: { color: 'green' }, price: 200, store: 'fans' }); // matches queue1 subscription filter
+const message2 = JSON.stringify({ background: { color: 'blue' }, price: 150 }); // matches queue2 subscription filter
+
+// publish messages to SNS topic
+integTest.assertions.awsApiCall('SNS', 'publish', {
+  Message: message1,
+  TopicArn: topic.topicArn,
+});
+integTest.assertions.awsApiCall('SNS', 'publish', {
+  Message: message2,
+  TopicArn: topic.topicArn,
+});
+
+// check messages arrived at expected destination queue
+integTest.assertions.awsApiCall('SQS', 'receiveMessage', {
+  QueueUrl: queue1.queueUrl,
+  WaitTimeSeconds: 20,
+}).expect(ExpectedResult.objectLike({
+  Messages: [{ Body: message1 }],
+}));
+integTest.assertions.awsApiCall('SQS', 'receiveMessage', {
+  QueueUrl: queue2.queueUrl,
+  WaitTimeSeconds: 20,
+}).expect(ExpectedResult.objectLike({
+  Messages: [{ Body: message2 }],
+}));

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-sns-subscriptions/integ.sns-sqs.ts

@@ -3,50 +3,31 @@ import * as sqs from 'aws-cdk-lib/aws-sqs';
 import * as cdk from 'aws-cdk-lib';
 import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
 import * as subs from 'aws-cdk-lib/aws-sns-subscriptions';
-class SnsToSqsStack extends cdk.Stack {
-  topic: sns.Topic;
-  queue: sqs.Queue;
-  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
-    super(scope, id, props);
-    this.topic = new sns.Topic(this, 'MyTopic');
-    const queueStack = new cdk.Stack(app, 'QueueStack');
-    this.queue = new sqs.Queue(queueStack, 'MyQueue');
-    this.topic.addSubscription(new subs.SqsSubscription(this.queue, {
-      filterPolicyWithMessageBody: {
-        background: sns.Policy.policy({
-          color: sns.Filter.filter(sns.SubscriptionFilter.stringFilter({
-            allowlist: ['red', 'green'],
-            denylist: ['white', 'orange'],
-          })),
-        }),
-        price: sns.Filter.filter(sns.SubscriptionFilter.numericFilter({
-          allowlist: [100, 200],
-          between: { start: 300, stop: 350 },
-          greaterThan: 500,
-          lessThan: 1000,
-          betweenStrict: { start: 2000, stop: 3000 },
-        })),
-      },
-    }));
-  }
-}
-// Beginning of the test suite
+
 const app = new cdk.App();
-const stack = new SnsToSqsStack(app, 'SnsToSqsStack');
+
+const stack = new cdk.Stack(app, 'SnsToSqsStack');
+
+const topic = new sns.Topic(stack, 'MyTopic');
+
+const queue = new sqs.Queue(stack, 'MyQueue');
+
+topic.addSubscription(new subs.SqsSubscription(queue, { rawMessageDelivery: true }));
+
 const integTest = new IntegTest(app, 'SNS Subscriptions', {
-  testCases: [
-    stack,
-  ],
+  testCases: [stack],
 });
+
+const message = JSON.stringify({ color: 'green', price: 200 });
+
 integTest.assertions.awsApiCall('SNS', 'publish', {
-  Message: '{ background: { color: \'green\' }, price: 200 }',
-  TopicArn: stack.topic.topicArn,
+  Message: message,
+  TopicArn: topic.topicArn,
 });
-const message = integTest.assertions.awsApiCall('SQS', 'receiveMessage', {
-  QueueUrl: stack.queue.queueUrl,
+
+integTest.assertions.awsApiCall('SQS', 'receiveMessage', {
+  QueueUrl: queue.queueUrl,
   WaitTimeSeconds: 20,
-});
-message.expect(ExpectedResult.objectLike({
-  Messages: [{ Body: '{color: "green", price: 200}' }],
+}).expect(ExpectedResult.objectLike({
+  Messages: [{ Body: message }],
 }));
-app.synth();