konokenj.cdk-api-mcp-server 0.41.0__py3-none-any.whl → 0.42.0__py3-none-any.whl

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.alb-fargate-service-smart-defaults.ts

@@ -0,0 +1,143 @@
+/**
+ * Integration test for the conditional openListener behavior in ApplicationLoadBalancedFargateService.
+ *
+ * This test validates the security feature that automatically sets openListener to false when custom
+ * security groups are detected on the load balancer, preventing unintended internet exposure.
+ *
+ * Test scenarios:
+ * 1. DefaultService: No custom security groups provided
+ *    - Expected: openListener defaults to true, creates 0.0.0.0/0 ingress rules
+ *    - Validates: Default behavior when CDK manages all security groups
+ *
+ * 2. ExplicitOpenService: Explicit openListener: true
+ *    - Expected: Creates 0.0.0.0/0 ingress rules regardless of other settings
+ *    - Validates: Explicit override functionality works correctly
+ *
+ * 3. ExplicitClosedService: Explicit openListener: false
+ *    - Expected: Does NOT create 0.0.0.0/0 ingress rules
+ *    - Validates: Explicit closed listener prevents internet access
+ *
+ * 4. ConditionalWithCustomSG: Custom security groups + no explicit openListener
+ *    - Expected: Conditional behavior kicks in, openListener defaults to false
+ *    - Validates: Core feature - prevents 0.0.0.0/0 rules when custom SGs detected
+ *
+ * The test uses AWS SDK calls to verify actual security group configurations in deployed resources,
+ * ensuring the feature works correctly in real AWS environments.
+ */
+
+import { Vpc, SecurityGroup, Port } from 'aws-cdk-lib/aws-ec2';
+import { Cluster, ContainerImage } from 'aws-cdk-lib/aws-ecs';
+import { ApplicationLoadBalancer } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
+import { App, Stack, Duration } from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import { ApplicationLoadBalancedFargateService } from 'aws-cdk-lib/aws-ecs-patterns';
+
+const app = new App({
+  postCliContext: {
+    // Enable the feature flag for this test
+    '@aws-cdk/aws-ecs-patterns:secGroupsDisablesImplicitOpenListener': true,
+  },
+});
+
+const stack = new Stack(app, 'aws-ecs-integ-alb-fg-smart-defaults');
+const vpc = new Vpc(stack, 'Vpc', { maxAzs: 3, natGateways: 1, restrictDefaultSecurityGroup: false });
+const cluster = new Cluster(stack, 'Cluster', { vpc });
+
+// Test case 1: Service with conditional default (no openListener specified)
+// CDK creates load balancer, should default to openListener: true (no custom security groups)
+new ApplicationLoadBalancedFargateService(stack, 'SmartDefaultService', {
+  cluster,
+  memoryLimitMiB: 512,
+  taskImageOptions: {
+    image: ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  },
+  // No openListener specified - should default to true since no custom security groups
+});
+
+// Test case 2: Service with explicit openListener: true
+new ApplicationLoadBalancedFargateService(stack, 'ExplicitOpenService', {
+  cluster,
+  memoryLimitMiB: 512,
+  taskImageOptions: {
+    image: ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  },
+  openListener: true, // Should create 0.0.0.0/0 rules
+  listenerPort: 8080,
+});
+
+// Test case 3: Service with explicit openListener: false
+new ApplicationLoadBalancedFargateService(stack, 'ExplicitClosedService', {
+  cluster,
+  memoryLimitMiB: 512,
+  taskImageOptions: {
+    image: ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  },
+  openListener: false, // Should NOT create 0.0.0.0/0 rules
+  listenerPort: 9090,
+});
+
+// Test case 4: Service with custom security groups (conditional default should apply)
+const customSecurityGroup = new SecurityGroup(stack, 'CustomSecurityGroup', {
+  vpc,
+  description: 'Custom security group for load balancer',
+});
+
+// Add a custom rule to the security group
+customSecurityGroup.addIngressRule(
+  customSecurityGroup,
+  Port.tcp(80),
+  'Allow HTTP from custom security group',
+);
+
+const customLoadBalancer = new ApplicationLoadBalancer(stack, 'CustomLoadBalancer', {
+  vpc,
+  internetFacing: true,
+  securityGroup: customSecurityGroup,
+});
+
+// This should use conditional default (openListener: false) because custom security groups are detected
+new ApplicationLoadBalancedFargateService(stack, 'SmartDefaultWithCustomSG', {
+  cluster,
+  memoryLimitMiB: 512,
+  taskImageOptions: {
+    image: ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  },
+  loadBalancer: customLoadBalancer,
+  // No openListener specified - should default to false due to custom security groups
+});
+
+const integTest = new integ.IntegTest(app, 'albFargateServiceSmartDefaultsTest', {
+  testCases: [stack],
+});
+
+// Validate the core conditional behavior by checking the custom security group
+// This confirms that when custom security groups are provided, the conditional default prevents
+// creating overly permissive 0.0.0.0/0 ingress rules
+// Assert that the custom security group only contains self-referencing rules (no 0.0.0.0/0)
+// This validates the feature prevents unintended internet exposure
+integTest.assertions.awsApiCall('EC2', 'describeSecurityGroups', {
+  GroupIds: [customSecurityGroup.securityGroupId],
+}).expect(integ.ExpectedResult.objectLike({
+  SecurityGroups: [
+    {
+      IpPermissions: integ.Match.arrayWith([
+        integ.Match.objectLike({
+          FromPort: 80,
+          ToPort: 80,
+          // Verify only security group references exist, no public internet access (0.0.0.0/0)
+          UserIdGroupPairs: integ.Match.arrayWith([
+            integ.Match.objectLike({
+              GroupId: customSecurityGroup.securityGroupId,
+            }),
+          ]),
+          // Ensure no IpRanges with 0.0.0.0/0 are present
+          IpRanges: [],
+        }),
+      ]),
+    },
+  ],
+})).waitForAssertions({
+  totalTimeout: Duration.minutes(5),
+});
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events/README.md

@@ -332,6 +332,28 @@ new events.EventBus(this, 'Bus', {
 });
 ```
 
-**Note**: Archives and schema discovery are not supported for event buses encrypted using a customer managed key.
-To enable archives or schema discovery on an event bus, choose to use an AWS owned key.
-For more information, see [KMS key options for event bus encryption](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption-at-rest-key-options.html).
+To use a customer managed key for an archive, use the `kmsKey` attribute. 
+
+Note: When you attach a customer managed key to either an EventBus or an Archive, a policy that allows EventBridge to interact with your resource will be added. 
+
+```ts
+import * as kms from 'aws-cdk-lib/aws-kms';
+import { Archive, EventBus } from 'aws-cdk-lib/aws-events';
+
+const stack = new Stack();
+
+declare const kmsKey: kms.IKey;
+
+const eventBus = new EventBus(stack, 'Bus');
+
+const archive = new Archive(stack, 'Archive', {
+  kmsKey: kmsKey,
+  sourceEventBus: eventBus,
+  eventPattern: {
+    source: ['aws.ec2']
+  },
+});
+```
+
+To enable archives or schema discovery on an event bus, customers has the choice of using either an AWS owned key or a customer managed key.
+For more information, see [KMS key options for event bus encryption](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption-at-rest-key-options.html).

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events/integ.archive-customer-managed-key.ts

@@ -0,0 +1,23 @@
+import * as kms from 'aws-cdk-lib/aws-kms';
+import { App, RemovalPolicy, Stack } from 'aws-cdk-lib';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+import { Archive, EventBus } from 'aws-cdk-lib/aws-events';
+
+const app = new App();
+const stack = new Stack(app, 'archive-customer-managed-key');
+
+const kmsKey = new kms.Key(stack, 'KmsKey', {
+  removalPolicy: RemovalPolicy.DESTROY,
+});
+
+new Archive(stack, 'Archive', {
+  kmsKey: kmsKey,
+  sourceEventBus: EventBus.fromEventBusName(stack, 'DefaultEventBus', 'default'),
+  eventPattern: {
+    source: ['test'],
+  },
+});
+
+new IntegTest(app, 'archive-customer-managed-key-test', {
+  testCases: [stack],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/README.md

@@ -325,6 +325,24 @@ new s3deploy.BucketDeployment(this, 'DeployWithInvalidation', {
 });
 ```
 
+By default, the deployment will wait for invalidation to succeed to complete. This will poll Cloudfront for a maximum of 13 minutes to check for a successful invalidation. The drawback to this is that the deployment will fail if invalidation fails or if it takes longer than 13 minutes. As a workaround, there is the option `waitForDistributionInvalidation`, which can be set to false to skip waiting for the invalidation, but this can be risky as invalidation errors will not be reported.
+
+```ts
+import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
+
+declare const bucket: s3.IBucket;
+declare const distribution: cloudfront.IDistribution;
+
+new s3deploy.BucketDeployment(this, 'DeployWithInvalidation', {
+  sources: [s3deploy.Source.asset('./website-dist')],
+  destinationBucket: bucket,
+  distribution,
+  distributionPaths: ['/images/*.png'],
+  // Invalidate cache but don't wait or verify that invalidation has completed successfully.
+  waitForDistributionInvalidation: false
+});
+```
+
 ## Signed Content Payloads
 
 By default, deployment uses streaming uploads which set the `x-amz-content-sha256`

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-sns/README.md

@@ -121,6 +121,7 @@ declare const fn: lambda.Function;
 
 // Lambda should receive only message matching the following conditions on message body:
 // color: 'red' or 'orange'
+// store: property must not be present
 myTopic.addSubscription(new subscriptions.LambdaSubscription(fn, {
   filterPolicyWithMessageBody: {
     background: sns.FilterOrPolicy.policy({
@@ -128,6 +129,7 @@ myTopic.addSubscription(new subscriptions.LambdaSubscription(fn, {
         allowlist: ['red', 'orange'],
       })),
     }),
+    store: sns.FilterOrPolicy.filter(sns.SubscriptionFilter.notExistsFilter()),
   },
 }));
 ```

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-sns-subscriptions/integ.sns-sqs-subscription-filter.ts

@@ -0,0 +1,75 @@
+import * as sns from 'aws-cdk-lib/aws-sns';
+import * as sqs from 'aws-cdk-lib/aws-sqs';
+import * as cdk from 'aws-cdk-lib';
+import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
+import * as subs from 'aws-cdk-lib/aws-sns-subscriptions';
+
+const app = new cdk.App();
+
+const stack = new cdk.Stack(app, 'sns-sqs-subscription-filter');
+
+const topic = new sns.Topic(stack, 'MyTopic');
+
+const queue1 = new sqs.Queue(stack, 'MyQueue1');
+const queue2 = new sqs.Queue(stack, 'MyQueue2');
+
+topic.addSubscription(new subs.SqsSubscription(queue1, {
+  filterPolicyWithMessageBody: {
+    background: sns.Policy.policy({
+      color: sns.Filter.filter(sns.SubscriptionFilter.stringFilter({
+        allowlist: ['red', 'green'],
+      })),
+    }),
+    price: sns.Filter.filter(sns.SubscriptionFilter.numericFilter({
+      allowlist: [100, 200],
+    })),
+    store: sns.Filter.filter(sns.SubscriptionFilter.existsFilter()),
+  },
+  rawMessageDelivery: true,
+}));
+
+topic.addSubscription(new subs.SqsSubscription(queue2, {
+  filterPolicyWithMessageBody: {
+    background: sns.Policy.policy({
+      color: sns.Filter.filter(sns.SubscriptionFilter.stringFilter({
+        denylist: ['red', 'green'],
+      })),
+    }),
+    price: sns.Filter.filter(sns.SubscriptionFilter.numericFilter({
+      betweenStrict: { start: 100, stop: 200 },
+    })),
+    store: sns.Filter.filter(sns.SubscriptionFilter.notExistsFilter()),
+  },
+  rawMessageDelivery: true,
+}));
+
+const integTest = new IntegTest(app, 'SNS Subscription filters', {
+  testCases: [stack],
+});
+
+const message1 = JSON.stringify({ background: { color: 'green' }, price: 200, store: 'fans' }); // matches queue1 subscription filter
+const message2 = JSON.stringify({ background: { color: 'blue' }, price: 150 }); // matches queue2 subscription filter
+
+// publish messages to SNS topic
+integTest.assertions.awsApiCall('SNS', 'publish', {
+  Message: message1,
+  TopicArn: topic.topicArn,
+});
+integTest.assertions.awsApiCall('SNS', 'publish', {
+  Message: message2,
+  TopicArn: topic.topicArn,
+});
+
+// check messages arrived at expected destination queue
+integTest.assertions.awsApiCall('SQS', 'receiveMessage', {
+  QueueUrl: queue1.queueUrl,
+  WaitTimeSeconds: 20,
+}).expect(ExpectedResult.objectLike({
+  Messages: [{ Body: message1 }],
+}));
+integTest.assertions.awsApiCall('SQS', 'receiveMessage', {
+  QueueUrl: queue2.queueUrl,
+  WaitTimeSeconds: 20,
+}).expect(ExpectedResult.objectLike({
+  Messages: [{ Body: message2 }],
+}));

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-sns-subscriptions/integ.sns-sqs.ts

@@ -3,50 +3,31 @@ import * as sqs from 'aws-cdk-lib/aws-sqs';
 import * as cdk from 'aws-cdk-lib';
 import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
 import * as subs from 'aws-cdk-lib/aws-sns-subscriptions';
-class SnsToSqsStack extends cdk.Stack {
-  topic: sns.Topic;
-  queue: sqs.Queue;
-  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
-    super(scope, id, props);
-    this.topic = new sns.Topic(this, 'MyTopic');
-    const queueStack = new cdk.Stack(app, 'QueueStack');
-    this.queue = new sqs.Queue(queueStack, 'MyQueue');
-    this.topic.addSubscription(new subs.SqsSubscription(this.queue, {
-      filterPolicyWithMessageBody: {
-        background: sns.Policy.policy({
-          color: sns.Filter.filter(sns.SubscriptionFilter.stringFilter({
-            allowlist: ['red', 'green'],
-            denylist: ['white', 'orange'],
-          })),
-        }),
-        price: sns.Filter.filter(sns.SubscriptionFilter.numericFilter({
-          allowlist: [100, 200],
-          between: { start: 300, stop: 350 },
-          greaterThan: 500,
-          lessThan: 1000,
-          betweenStrict: { start: 2000, stop: 3000 },
-        })),
-      },
-    }));
-  }
-}
-// Beginning of the test suite
+
 const app = new cdk.App();
-const stack = new SnsToSqsStack(app, 'SnsToSqsStack');
+
+const stack = new cdk.Stack(app, 'SnsToSqsStack');
+
+const topic = new sns.Topic(stack, 'MyTopic');
+
+const queue = new sqs.Queue(stack, 'MyQueue');
+
+topic.addSubscription(new subs.SqsSubscription(queue, { rawMessageDelivery: true }));
+
 const integTest = new IntegTest(app, 'SNS Subscriptions', {
-  testCases: [
-    stack,
-  ],
+  testCases: [stack],
 });
+
+const message = JSON.stringify({ color: 'green', price: 200 });
+
 integTest.assertions.awsApiCall('SNS', 'publish', {
-  Message: '{ background: { color: \'green\' }, price: 200 }',
-  TopicArn: stack.topic.topicArn,
+  Message: message,
+  TopicArn: topic.topicArn,
 });
-const message = integTest.assertions.awsApiCall('SQS', 'receiveMessage', {
-  QueueUrl: stack.queue.queueUrl,
+
+integTest.assertions.awsApiCall('SQS', 'receiveMessage', {
+  QueueUrl: queue.queueUrl,
   WaitTimeSeconds: 20,
-});
-message.expect(ExpectedResult.objectLike({
-  Messages: [{ Body: '{color: "green", price: 200}' }],
+}).expect(ExpectedResult.objectLike({
+  Messages: [{ Body: message }],
 }));
-app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.invoke-jsonata.ts

@@ -1,112 +1,119 @@
-import * as path from 'path';
-import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
-import * as cdk from 'aws-cdk-lib';
-import * as apigateway from 'aws-cdk-lib/aws-apigateway';
-import * as events from 'aws-cdk-lib/aws-events';
+import { Code, Function } from 'aws-cdk-lib/aws-lambda';
 import * as sfn from 'aws-cdk-lib/aws-stepfunctions';
-import * as lambda from 'aws-cdk-lib/aws-lambda-nodejs';
-import * as tasks from 'aws-cdk-lib/aws-stepfunctions-tasks';
-import { password, username } from './my-lambda-handler';
+import * as cdk from 'aws-cdk-lib';
+import { LambdaInvoke } from 'aws-cdk-lib/aws-stepfunctions-tasks';
+import { IntegTest, ExpectedResult } from '@aws-cdk/integ-tests-alpha';
+import { STANDARD_NODEJS_RUNTIME } from '../../../config';
 
 /*
- * Creates an API Gateway instance with a GET method and mock integration,
- * secured with basic auth. It then creates a matching Connection and uses it
- * in a state machine with a task state to invoke the endpoint.
+ * Creates a state machine with a task state to invoke a Lambda function
+ * The state machine creates a couple of Lambdas that pass results forward
+ * and into a Choice state that validates the output.
+ *
+ * Stack verification steps:
+ * The generated State Machine can be executed from the CLI (or Step Functions console)
+ * and runs with an execution status of `Succeeded`.
  *
- * Stack verification steps :
- * * aws stepfunctions start-execution --state-machine-arn <deployed state machine arn> : should return execution arn
- * * aws stepfunctions describe-execution --execution-arn <execution-arn generated before> : should return status as SUCCEEDED
+ * -- aws stepfunctions start-execution --state-machine-arn <state-machine-arn-from-output> provides execution arn
+ * -- aws stepfunctions describe-execution --execution-arn <state-machine-arn-from-output> returns a status of `Succeeded`
  */
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
   },
 });
-const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-http-invoke-integ');
+const stack = new cdk.Stack(app, 'aws-stepfunctions-tasks-lambda-invoke-jsonata-integ');
 
-const authorizerHandler = new lambda.NodejsFunction(stack, 'AuthorizerHandler', {
-  entry: path.resolve(__dirname, 'my-lambda-handler', 'index.ts'),
-  handler: 'handler',
+const submitJobLambda = new Function(stack, 'submitJobLambda', {
+  code: Code.fromInline(`exports.handler = async (event, context) => {
+        return {
+          statusCode: '200',
+          body: 'hello, world!',
+          ...event,
+        };
+      };`),
+  runtime: STANDARD_NODEJS_RUNTIME,
+  handler: 'index.handler',
 });
 
-const authorizer = new apigateway.TokenAuthorizer(stack, 'Authorizer', {
-  handler: authorizerHandler,
-  identitySource: 'method.request.header.Authorization',
-  resultsCacheTtl: cdk.Duration.seconds(0),
-});
-
-const api = new apigateway.RestApi(stack, 'IntegRestApi');
-
-api.root.addResource('test').addMethod(
-  'GET',
-  new apigateway.MockIntegration({
-    integrationResponses: [
-      {
-        statusCode: '200',
-        responseTemplates: {
-          'application/json': JSON.stringify({ message: 'Hello, tester!' }),
-        },
-      },
-    ],
-    passthroughBehavior: apigateway.PassthroughBehavior.NEVER,
-    requestTemplates: {
-      'application/json': '{ "statusCode": 200 }',
-    },
+const submitJob = LambdaInvoke.jsonata(stack, 'Invoke Handler', {
+  lambdaFunction: submitJobLambda,
+  payload: sfn.TaskInput.fromObject({
+    execId: '{% $states.context.Execution.Id %}',
+    execInput: '{% $states.context.Execution.Input %}',
+    execName: '{% $states.context.Execution.Name %}',
+    execRoleArn: '{% $states.context.Execution.RoleArn %}',
+    execStartTime: '{% $states.context.Execution.StartTime %}',
+    stateEnteredTime: '{% $states.context.State.EnteredTime %}',
+    stateName: '{% $states.context.State.Name %}',
+    stateRetryCount: '{% $states.context.State.RetryCount %}',
+    stateMachineId: '{% $states.context.StateMachine.Id %}',
+    stateMachineName: '{% $states.context.StateMachine.Name %}',
   }),
-  {
-    authorizer,
-    methodResponses: [
-      {
-        statusCode: '200',
-      },
-    ],
-  },
-);
+  outputs: '{% $states.result.Payload %}',
+});
 
-const connection = new events.Connection(stack, 'Connection', {
-  authorization: events.Authorization.basic(username, cdk.SecretValue.unsafePlainText(password)),
+const checkJobStateLambda = new Function(stack, 'checkJobStateLambda', {
+  code: Code.fromInline(`exports.handler = async function(event, context) {
+        const expectedFields = [
+          'execId', 'execInput', 'execName', 'execRoleArn',
+          'execStartTime', 'stateEnteredTime', 'stateName',
+          'stateRetryCount', 'stateMachineId', 'stateMachineName',
+        ];
+        const fieldsAreSet = expectedFields.every(field => event[field] !== undefined);
+        return {
+          status: event.statusCode === '200' && fieldsAreSet ? 'SUCCEEDED' : 'FAILED'
+        };
+  };`),
+  runtime: STANDARD_NODEJS_RUNTIME,
+  handler: 'index.handler',
 });
 
-const httpInvokeTask = tasks.HttpInvoke.jsonata(stack, 'Invoke HTTP Endpoint', {
-  apiRoot: api.urlForPath('/'),
-  apiEndpoint: sfn.TaskInput.fromText('{% $states.input.apiEndpoint %}'),
-  connection,
-  method: sfn.TaskInput.fromText('GET'),
+const checkJobState = LambdaInvoke.jsonata(stack, 'Check the job state', {
+  lambdaFunction: checkJobStateLambda,
   outputs: {
-    ResponseBody: '{% $states.result.ResponseBody %}',
+    status: '{% $states.result.Payload.status %}',
   },
 });
 
+const isComplete = sfn.Choice.jsonata(stack, 'Job Complete?');
+const jobFailed = sfn.Fail.jsonata(stack, 'Job Failed', {
+  cause: 'Job Failed',
+  error: 'Received a status that was not 200',
+});
+const finalStatus = sfn.Pass.jsonata(stack, 'Final step');
+
+const chain = sfn.Chain.start(submitJob)
+  .next(checkJobState)
+  .next(
+    isComplete
+      .when(sfn.Condition.jsonata("{% $states.input.status = 'FAILED' %}"), jobFailed)
+      .when(sfn.Condition.jsonata("{% $states.input.status = 'SUCCEEDED' %}"), finalStatus),
+  );
+
 const sm = new sfn.StateMachine(stack, 'StateMachine', {
-  definition: httpInvokeTask,
+  definition: chain,
   timeout: cdk.Duration.seconds(30),
 });
 
-const testCase = new IntegTest(app, 'HttpInvokeTest', {
-  testCases: [stack],
+new cdk.CfnOutput(stack, 'stateMachineArn', {
+  value: sm.stateMachineArn,
 });
 
-// Start an execution
-const start = testCase.assertions.awsApiCall('@aws-sdk/client-sfn', 'StartExecution', {
-  stateMachineArn: sm.stateMachineArn,
-  input: JSON.stringify({
-    apiEndpoint: '/test',
-  }),
+const integ = new IntegTest(app, 'IntegTest', {
+  testCases: [stack],
 });
-
-// describe the results of the execution
-const describe = testCase.assertions.awsApiCall('@aws-sdk/client-sfn', 'DescribeExecution', {
-  executionArn: start.getAttString('executionArn'),
+const res = integ.assertions.awsApiCall('@aws-sdk/client-sfn', 'StartExecution', {
+  stateMachineArn: sm.stateMachineArn,
 });
-
-// assert the results
-describe.expect(ExpectedResult.objectLike({
+const executionArn = res.getAttString('executionArn');
+integ.assertions.awsApiCall('@aws-sdk/client-sfn', 'DescribeExecution', {
+  executionArn,
+}).expect(ExpectedResult.objectLike({
   status: 'SUCCEEDED',
-  output: JSON.stringify({
-    ResponseBody: {
-      message: 'Hello, tester!',
-    },
-  }),
-}));
+})).waitForAssertions({
+  totalTimeout: cdk.Duration.seconds(10),
+  interval: cdk.Duration.seconds(3),
+});
 
 app.synth();