konokenj.cdk-api-mcp-server 0.44.0__py3-none-any.whl → 0.46.0__py3-none-any.whl

cdk_api_mcp_server/__about__.py

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2025-present Kenji Kono <konoken@amazon.co.jp>
 #
 # SPDX-License-Identifier: MIT
-__version__ = "0.44.0"
+__version__ = "0.46.0"

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/custom-resource-handlers/README.md

@@ -1,83 +1,20 @@
-# CDK Handler Framework
+# Type definitions copied from 'aws-cdk-lib'
 
-The CDK handler framework is an internal framework used to code generate constructs that extend a lambda `Function`, lambda `SingletonFunction`, or core `CustomResourceProvider` construct and prohibit the user from directly configuring the `handler`, `runtime`, `code`, and `codeDirectory` properties.  In doing this, we are able to establish best practices, runtime enforcement, and consistency across all handlers we build and vend within the aws-cdk.
+`aws-cdk-lib` depends on this package; but this package depends on some
+types defined in `aws-cdk-lib`.
 
-## CDK Handler Framework Concepts
+This cyclic dependency leads to a non-executable build graph. In order to
+break the cycle, we're just copying some types over from `aws-cdk-lib`.
 
-This framework allows for the creation of three component types:
-1. `ComponentType.FUNCTION` - This is a wrapper around the lambda `Function` construct. It offers the same behavior and performance as a lambda `Function`, but it restricts the consumer from configuring the `handler`, `runtime`, and `code` properties.
-2. `ComponentType.SINGLETON_FUNCTION` - This is a wrapper around the lambda `SingletonFunction` construct. It offers the same behavior and performance as a lambda `SingletonFunction`, but it restricts the consumer from configuring the `handler`, `runtime`, and `code` properties.
-3. `ComponentType.CUSTOM_RESOURCE_PROVIDER` - This is a wrapper around the core `CustomResourceProvider` construct. It offers the same behavior and performance as a `CustomResourceProvider` and can be instantiated via the `getOrCreate` or `getOrCreateProvider` methods. This component restricts the consumer from configuring the `runtime` and `codeDirectory` properties.
+I readily admit this is not a great long-term solution, but those types have
+been stable for years and are unlikely to change. The correct solution would
+probably be to externalize them into a separate package, but even the most
+simple solution of that accord would require bundling the types into
+`aws-cdk-lib` with `bundledDependencies` and that requires us writing a
+replacement for `npm pack`, because by default NPM will refuse to bundle
+`bundledDependencies` that have been symlinked into a local workspace (in fact,
+it will silently ignore them).
 
-Code generating one of these three component types requires adding the component properties to the [config](./config.ts) file by providing `ComponentProps`. The `ComponentProps` are responsible for code generating the specified `ComponentType` with the `handler`, `runtime`, `code`, and `codeDirectory` properties set internally. `ComponentProps` includes the following properties:
-- `type` - the framework component type to generate.
-- `sourceCode` - the source code that will be excuted by the framework component.
-- `runtime` - the runtime that is compatible with the framework component's source code. This is an optional property with a default node runtime that will be the latest available node runtime in the `Stack` deployment region. In general, you should not configure this property unless a `runtime` override is absolutely necessary.
-- `handler` - the name of the method with the source code that the framework component will call. This is an optional property and the default is `index.handler`.
-- `minifyAndBundle` - whether the source code should be minified and bundled. This an optional property and the default is `true`. This should only be set to `false` for python files or for typescript/javascript files with a require import.
+We can build our own replacement for `npm pack`, or we can do a little
+copy/paste.  I'm opting for the latter.
 
-The [config](./config.ts) file is structured with the top level mapping to an aws-cdk module, i.e., aws-s3, aws-dynamodb, etc. Each service can contain one or more component modules. Component modules are containers for handler framework components and will be rendered as a code generated file. Each component module can contain one or more `ComponentProps` objects. The following example shows a more structural breakdown of how the [config](./config.ts) file is configured:
-
-```ts
-const config = {
-  'aws-s3': { // the aws-cdk-lib module
-    'replica-provider': [ // the component module
-      // handler framework component defined as a `ComponentProps` object
-      {
-        // the handler framework component type
-        type: ComponentType.FUNCTION,
-        // the source code that the component will use
-        sourceCode: path.resolve(__dirname, '..', 'aws-dynamodb', 'replica-handler', 'index.ts'),
-        // the handler in the source code that the component will execute
-        handler: 'index.onEventHandler',
-      },
-    ],
-  },
-  'aws-stepfunctions-tasks': {
-    // contains multiple component modules
-    'eval-nodejs-provider': [
-      {
-        type: ComponentType.SINGLETON_FUNCTION,
-        sourceCode: path.resolve(__dirname, '..', 'aws-stepfunctions-tasks', 'eval-nodejs-handler', 'index.ts'),
-      },
-    ],
-    'role-policy-provider': [
-      {
-        type: ComponentType.SINGLETON_FUNCTION,
-        sourceCode: path.resolve(__dirname, '..', 'aws-stepfunctions-tasks', 'role-policy-handler', 'index.py'),
-        runtime: Runtime.PYTHON_3_9,
-        // prevent minify and bundle since the source code is a python file
-        minifyAndBundle: false,
-      },
-    ],
-  },
-};
-```
-
-Code generation for the component modules is triggered when this package - `@aws-cdk/custom-resource-handlers` - is built. Importantly, this framework is also responsible for minifying and bundling the custom resource providers' source code and dependencies. A flag named `minifyAndBundle` can be configured as part of the `ComponentProps` to prevent minifying and bundling the source code for a specific provider. This flag is only needed for python files or for typescript/javascript files containing require imports.
-
-Once built, all generated code and bundled source code will be written to `@aws-cdk/custom-resource-handlers/dist`. The top level field in the [config](./config.ts) file defining individual aws-cdk modules will be used to create specific directories within `@aws-cdk/custom-resource-handlers/dist` and each component module will be a separate code generated file within these directories named `<component-module>.generated.ts`. As an example, the sample [config](./config.ts) file above would create the following file structure:
-
-|--- @aws-cdk
-|   |--- custom-resource-handlers
-|   |   |--- dist
-|   |   |   |--- aws-s3
-|   |   |   |   |--- replica-handler
-|   |   |   |   |   |--- index.js
-|   |   |   |   |--- replica-provider.generated.ts
-|   |   |   |--- aws-stepfunctions-tasks
-|   |   |   |   |--- eval-nodejs-handler
-|   |   |   |   |   |--- index.js
-|   |   |   |   |--- role-policy-handler
-|   |   |   |   |   |--- index.py
-|   |   |   |   |--- eval-nodejs-provider.generated.ts
-|   |   |   |   |--- role-policy-provider.generated.ts
-
-The code generated handler framework components are consumable from `aws-cdk-lib/custom-resource-handlers/dist` once `aws-cdk-lib` is built. The file structure of `aws-cdk-lib/custom-resource-handlers/dist` will have the same structure as `@aws-cdk/custom-resource-handlers/dist` with the exception of `core`. To prevent circular dependencies, all handler framework components defined in `core`and any associated source code will be consumable from `aws-cdk-lib/core/dist/core`.
-
-## Creating a Handler Framework Component
-
-Creating a new handler framework component involves three steps:
-1. Add the source code to `@aws-cdk/custom-resource-handlers/lib/<aws-cdk-lib-module>`
-2. Update the [config](./config.ts) file by specifying all required `ComponentProps`.
-3. At this point you can directly build `@aws-cdk/custom-resource-handlers` with `yarn build` to view the generated component in `@aws-cdk/custom-resource-handlers/dist`. Alternatively, you can build `aws-cdk-lib` with `npx lerna run build --scope=aws-cdk-lib --skip-nx-cache` to make the generated component available for use within `aws-cdk-lib`

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront-origins/README.md

@@ -577,6 +577,7 @@ const origin = new origins.LoadBalancerV2Origin(loadBalancer, {
   connectionAttempts: 3,
   connectionTimeout: Duration.seconds(5),
   readTimeout: Duration.seconds(45),
+  responseCompletionTimeout: Duration.seconds(120),
   keepaliveTimeout: Duration.seconds(45),
   protocolPolicy: cloudfront.OriginProtocolPolicy.MATCH_VIEWER,
 });
@@ -596,6 +597,22 @@ new cloudfront.Distribution(this, 'myDist', {
 });
 ```
 
+The origin can be customized with timeout settings to handle different response scenarios:
+
+```ts
+new cloudfront.Distribution(this, 'Distribution', {
+  defaultBehavior: {
+    origin: new origins.HttpOrigin('api.example.com', {
+      readTimeout: Duration.seconds(60),
+      responseCompletionTimeout: Duration.seconds(120),
+      keepaliveTimeout: Duration.seconds(45),
+    }),
+  },
+});
+```
+
+The `responseCompletionTimeout` property specifies the time that a request from CloudFront to the origin can stay open and wait for a response. If the complete response isn't received from the origin by this time, CloudFront ends the connection. Valid values are 1-3600 seconds, and if set, the value must be equal to or greater than the `readTimeout` value.
+
 See the documentation of `aws-cdk-lib/aws-cloudfront` for more information.
 
 ## VPC origins
@@ -801,6 +818,25 @@ new cloudfront.Distribution(this, 'Distribution', {
 });
 ```
 
+You can also configure timeout settings for Lambda Function URL origins:
+
+```ts
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+
+declare const fn: lambda.Function;
+const fnUrl = fn.addFunctionUrl({ authType: lambda.FunctionUrlAuthType.NONE });
+
+new cloudfront.Distribution(this, 'Distribution', {
+  defaultBehavior: {
+    origin: new origins.FunctionUrlOrigin(fnUrl, {
+      readTimeout: Duration.seconds(30),
+      responseCompletionTimeout: Duration.seconds(90),
+      keepaliveTimeout: Duration.seconds(45),
+    }),
+  },
+});
+```
+
 ### Lambda Function URL with Origin Access Control (OAC)
 You can configure the Lambda Function URL with Origin Access Control (OAC) for enhanced security. When using OAC with Signing SIGV4_ALWAYS, it is recommended to set the Lambda Function URL authType to AWS_IAM to ensure proper authorization.
 

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudfront-origins/integ.origin-response-completion-timeout.ts

@@ -0,0 +1,50 @@
+import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
+import * as origins from 'aws-cdk-lib/aws-cloudfront-origins';
+import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as cdk from 'aws-cdk-lib';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'integ-cloudfront-response-completion-timeout');
+
+const httpOrigin = new origins.HttpOrigin('example.com', {
+  responseCompletionTimeout: cdk.Duration.seconds(120),
+  readTimeout: cdk.Duration.seconds(60),
+});
+
+const fn = new lambda.Function(stack, 'Function', {
+  runtime: lambda.Runtime.NODEJS_18_X,
+  handler: 'index.handler',
+  code: lambda.Code.fromInline('exports.handler = async () => ({ statusCode: 200, body: "Hello from Lambda!" });'),
+});
+
+const fnUrl = fn.addFunctionUrl({
+  authType: lambda.FunctionUrlAuthType.NONE,
+});
+
+const functionUrlOrigin = new origins.FunctionUrlOrigin(fnUrl, {
+  responseCompletionTimeout: cdk.Duration.seconds(90),
+  readTimeout: cdk.Duration.seconds(30),
+});
+
+const httpOriginNoReadTimeout = new origins.HttpOrigin('api.example.com', {
+  responseCompletionTimeout: cdk.Duration.seconds(300),
+});
+
+new cloudfront.Distribution(stack, 'Distribution', {
+  defaultBehavior: {
+    origin: httpOrigin,
+  },
+  additionalBehaviors: {
+    '/api/*': {
+      origin: functionUrlOrigin,
+    },
+    '/files/*': {
+      origin: httpOriginNoReadTimeout,
+    },
+  },
+});
+
+new IntegTest(app, 'CloudFrontResponseCompletionTimeoutTest', {
+  testCases: [stack],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codedeploy/integ.deployment-config.ts

@@ -2,28 +2,17 @@ import * as cdk from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import * as codedeploy from 'aws-cdk-lib/aws-codedeploy';
 
-const app = new cdk.App({
-  postCliContext: {
-    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-  },
-});
-const stack = new cdk.Stack(app, 'aws-cdk-codedeploy-lambda-config');
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'aws-cdk-codedeploy-ecs-config');
 
-new codedeploy.LambdaDeploymentConfig(stack, 'LinearConfig', {
+new codedeploy.EcsDeploymentConfig(stack, 'LinearConfig', {
   trafficRouting: codedeploy.TrafficRouting.timeBasedLinear({
     interval: cdk.Duration.minutes(1),
     percentage: 5,
   }),
 });
 
-new codedeploy.CustomLambdaDeploymentConfig(stack, 'CustomConfig', {
-  interval: cdk.Duration.minutes(1),
-  percentage: 5,
-  type: cdk.aws_codedeploy.CustomLambdaDeploymentConfigType.LINEAR,
-  deploymentConfigName: 'hello',
-});
-
-new integ.IntegTest(app, 'LambdaDeploymentConfigTest', {
+new integ.IntegTest(app, 'EcsDeploymentConfigTest', {
   testCases: [stack],
 });
 

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codedeploy/integ.deployment-group.ts

@@ -1,62 +1,240 @@
-import * as path from 'path';
 import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch';
-import * as lambda from 'aws-cdk-lib/aws-lambda';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as ecs from 'aws-cdk-lib/aws-ecs';
+import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
 import * as cdk from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
 import * as codedeploy from 'aws-cdk-lib/aws-codedeploy';
-import { STANDARD_NODEJS_RUNTIME } from '../../../config';
 
-const app = new cdk.App({
-  postCliContext: {
-    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
+/**
+ * Follow these instructions to manually test running a CodeDeploy deployment with the resources provisioned in this stack:
+ *
+ * 1. Deploy the stack:
+```
+$ cdk deploy --app 'node integ.deployment-group.js' aws-cdk-codedeploy-ecs-dg
+```
+ *
+ * 2. Create a file called `appspec.json` with the following contents, replacing the placeholders with output values from the deployed stack:
+```
+{
+  "version": 0.0,
+  "Resources": [
+    {
+      "TargetService": {
+        "Type": "AWS::ECS::Service",
+        "Properties": {
+          "TaskDefinition": "<PLACEHOLDER - NEW TASK DEFINITION>",
+          "LoadBalancerInfo": {
+            "ContainerName": "Container",
+            "ContainerPort": 80
+          },
+          "PlatformVersion": "LATEST",
+          "NetworkConfiguration": {
+            "awsvpcConfiguration": {
+              "subnets": [
+                "<PLACEHOLDER - SUBNET 1 ID>",
+                "<PLACEHOLDER - SUBNET 2 ID>",
+              ],
+              "securityGroups": [
+                "<PLACEHOLDER - SECURITY GROUP ID>"
+              ],
+              "assignPublicIp": "DISABLED"
+            }
+          }
+        }
+      }
+    }
+  ]
+}
+```
+ *
+ * 3. Start the deployment:
+```
+$ appspec=$(jq -R -s '.' < appspec.json | sed 's/\\n//g')
+$ aws deploy create-deployment \
+   --application-name <PLACEHOLDER - CODEDEPLOY APPLICATION NAME> \
+   --deployment-group-name <PLACEHOLDER - CODEDEPLOY DEPLOYMENT GROUP NAME> \
+   --description "AWS CDK integ test" \
+   --revision revisionType=AppSpecContent,appSpecContent={content="$appspec"}
+```
+ *
+ * 4. Wait for the deployment to complete successfully, providing the deployment ID from the previous step:
+```
+$ aws deploy wait deployment-successful --deployment-id <PLACEHOLDER - DEPLOYMENT ID>
+```
+ *
+ * 5. Destroy the stack:
+```
+$ cdk destroy --app 'node integ.deployment-group.js' aws-cdk-codedeploy-ecs-dg
+```
+ */
+
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'aws-cdk-codedeploy-ecs-dg');
+
+// Network infrastructure
+const vpc = new ec2.Vpc(stack, 'VPC', { maxAzs: 2, restrictDefaultSecurityGroup: false });
+
+// ECS service
+const cluster = new ecs.Cluster(stack, 'EcsCluster', {
+  vpc,
+});
+const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef');
+taskDefinition.addContainer('Container', {
+  image: ecs.ContainerImage.fromRegistry('public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest'),
+  portMappings: [{ containerPort: 80 }],
+});
+const service = new ecs.FargateService(stack, 'FargateService', {
+  cluster,
+  taskDefinition,
+  deploymentController: {
+    type: ecs.DeploymentControllerType.CODE_DEPLOY,
   },
 });
-const stack = new cdk.Stack(app, 'aws-cdk-codedeploy-lambda');
 
-const handler = new lambda.Function(stack, 'Handler', {
-  code: lambda.Code.fromAsset(path.join(__dirname, 'handler')),
-  handler: 'index.handler',
-  runtime: STANDARD_NODEJS_RUNTIME,
+// A second task definition for testing a CodeDeploy deployment of the ECS service to a new task definition
+const taskDefinition2 = new ecs.FargateTaskDefinition(stack, 'TaskDef2');
+taskDefinition2.addContainer('Container', {
+  image: ecs.ContainerImage.fromRegistry('public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest'),
+  portMappings: [{ containerPort: 80 }],
 });
-const version = handler.currentVersion;
-const blueGreenAlias = new lambda.Alias(stack, 'Alias', {
-  aliasName: 'alias',
-  version,
+service.node.addDependency(taskDefinition2);
+
+// Load balancer
+const loadBalancer = new elbv2.ApplicationLoadBalancer(stack, 'ServiceLB', {
+  vpc,
+  internetFacing: false,
 });
 
-const preHook = new lambda.Function(stack, 'PreHook', {
-  code: lambda.Code.fromAsset(path.join(__dirname, 'preHook')),
-  handler: 'index.handler',
-  runtime: STANDARD_NODEJS_RUNTIME,
+// Listeners
+const prodListener = loadBalancer.addListener('ProdListener', {
+  port: 80, // port for production traffic
+  protocol: elbv2.ApplicationProtocol.HTTP,
 });
-const postHook = new lambda.Function(stack, 'PostHook', {
-  code: lambda.Code.fromAsset(path.join(__dirname, 'postHook')),
-  handler: 'index.handler',
-  runtime: STANDARD_NODEJS_RUNTIME,
+const testListener = loadBalancer.addListener('TestListener', {
+  port: 9002, // port for testing
+  protocol: elbv2.ApplicationProtocol.HTTP,
 });
 
-new codedeploy.LambdaDeploymentGroup(stack, 'BlueGreenDeployment', {
-  alias: blueGreenAlias,
-  deploymentConfig: codedeploy.LambdaDeploymentConfig.LINEAR_10PERCENT_EVERY_1MINUTE,
-  alarms: [
-    new cloudwatch.Alarm(stack, 'BlueGreenErrors', {
-      comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
-      threshold: 1,
-      evaluationPeriods: 1,
-      metric: blueGreenAlias.metricErrors(),
+// Target groups
+const blueTG = prodListener.addTargets('BlueTG', {
+  port: 80,
+  protocol: elbv2.ApplicationProtocol.HTTP,
+  targets: [
+    service.loadBalancerTarget({
+      containerName: 'Container',
+      containerPort: 80,
     }),
   ],
-  preHook,
-  postHook,
+  deregistrationDelay: cdk.Duration.seconds(30),
+  healthCheck: {
+    interval: cdk.Duration.seconds(5),
+    healthyHttpCodes: '200',
+    healthyThresholdCount: 2,
+    unhealthyThresholdCount: 3,
+    timeout: cdk.Duration.seconds(4),
+  },
 });
 
-const secondAlias = new lambda.Alias(stack, 'SecondAlias', {
-  aliasName: 'secondAlias',
-  version,
+const greenTG = new elbv2.ApplicationTargetGroup(stack, 'GreenTG', {
+  vpc,
+  port: 80,
+  protocol: elbv2.ApplicationProtocol.HTTP,
+  targetType: elbv2.TargetType.IP,
+  deregistrationDelay: cdk.Duration.seconds(30),
+  healthCheck: {
+    interval: cdk.Duration.seconds(5),
+    healthyHttpCodes: '200',
+    healthyThresholdCount: 2,
+    unhealthyThresholdCount: 3,
+    timeout: cdk.Duration.seconds(4),
+  },
+});
+
+testListener.addTargetGroups('GreenTGTest', {
+  targetGroups: [greenTG],
 });
 
-new codedeploy.LambdaDeploymentGroup(stack, 'SecondDeployment', {
-  alias: secondAlias,
-  deploymentConfig: codedeploy.LambdaDeploymentConfig.CANARY_10PERCENT_5MINUTES,
+prodListener.node.addDependency(greenTG);
+testListener.node.addDependency(blueTG);
+service.node.addDependency(testListener);
+service.node.addDependency(greenTG);
+
+// Alarms: monitor 500s and unhealthy hosts on target groups
+const blueUnhealthyHosts = new cloudwatch.Alarm(stack, 'BlueUnhealthyHosts', {
+  alarmName: stack.stackName + '-Unhealthy-Hosts-Blue',
+  metric: blueTG.metricUnhealthyHostCount(),
+  threshold: 1,
+  evaluationPeriods: 2,
+});
+
+const blueApiFailure = new cloudwatch.Alarm(stack, 'Blue5xx', {
+  alarmName: stack.stackName + '-Http-500-Blue',
+  metric: blueTG.metricHttpCodeTarget(
+    elbv2.HttpCodeTarget.TARGET_5XX_COUNT,
+    { period: cdk.Duration.minutes(1) },
+  ),
+  threshold: 1,
+  evaluationPeriods: 1,
+});
+
+const greenUnhealthyHosts = new cloudwatch.Alarm(stack, 'GreenUnhealthyHosts', {
+  alarmName: stack.stackName + '-Unhealthy-Hosts-Green',
+  metric: greenTG.metricUnhealthyHostCount(),
+  threshold: 1,
+  evaluationPeriods: 2,
+});
+
+const greenApiFailure = new cloudwatch.Alarm(stack, 'Green5xx', {
+  alarmName: stack.stackName + '-Http-500-Green',
+  metric: greenTG.metricHttpCodeTarget(
+    elbv2.HttpCodeTarget.TARGET_5XX_COUNT,
+    { period: cdk.Duration.minutes(1) },
+  ),
+  threshold: 1,
+  evaluationPeriods: 1,
+});
+
+// Deployment group
+const deploymentConfig = new codedeploy.EcsDeploymentConfig(stack, 'CanaryConfig', {
+  trafficRouting: codedeploy.TrafficRouting.timeBasedCanary({
+    interval: cdk.Duration.minutes(1),
+    percentage: 20,
+  }),
+});
+
+const dg = new codedeploy.EcsDeploymentGroup(stack, 'BlueGreenDG', {
+  alarms: [
+    blueUnhealthyHosts,
+    blueApiFailure,
+    greenUnhealthyHosts,
+    greenApiFailure,
+  ],
+  service,
+  blueGreenDeploymentConfig: {
+    blueTargetGroup: blueTG,
+    greenTargetGroup: greenTG,
+    listener: prodListener,
+    testListener,
+    terminationWaitTime: cdk.Duration.minutes(1),
+  },
+  deploymentConfig,
+  autoRollback: {
+    stoppedDeployment: true,
+  },
+  ignoreAlarmConfiguration: true,
+});
+
+// Outputs to use for manual testing
+new cdk.CfnOutput(stack, 'NewTaskDefinition', { value: taskDefinition2.taskDefinitionArn });
+new cdk.CfnOutput(stack, 'Subnet1Id', { value: vpc.privateSubnets[0].subnetId });
+new cdk.CfnOutput(stack, 'Subnet2Id', { value: vpc.privateSubnets[1].subnetId });
+new cdk.CfnOutput(stack, 'SecurityGroupId', { value: service.connections.securityGroups[0].securityGroupId });
+new cdk.CfnOutput(stack, 'CodeDeployApplicationName', { value: dg.application.applicationName });
+new cdk.CfnOutput(stack, 'CodeDeployDeploymentGroupName', { value: dg.deploymentGroupName });
+
+new integ.IntegTest(app, 'EcsDeploymentGroupTest', {
+  testCases: [stack],
 });
 
 app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.availability-zone-rebalancing.ts

@@ -3,20 +3,30 @@ import * as cdk from 'aws-cdk-lib';
 import * as ecs from 'aws-cdk-lib/aws-ecs';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 
-const app = new cdk.App();
+const app = new cdk.App({
+  postCliContext: {
+    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
+    '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
+  },
+});
 const stack = new cdk.Stack(app, 'aws-ecs-integ-availability-zone-rebalancing');
 
 const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false });
 
-const cluster = new ecs.Cluster(stack, 'Cluster', { vpc });
+const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
+
+cluster.addCapacity('DefaultAutoScalingGroup', {
+  instanceType: new ec2.InstanceType('t2.micro'),
+});
 
-const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef');
+const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef');
 
 taskDefinition.addContainer('web', {
   image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  memoryLimitMiB: 256,
 });
 
-new ecs.FargateService(stack, 'FargateService', {
+new ecs.Ec2Service(stack, 'FrontendService', {
   cluster,
   taskDefinition,
   availabilityZoneRebalancing: ecs.AvailabilityZoneRebalancing.ENABLED,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.enable-execute-command.ts

@@ -1,30 +1,53 @@
-import * as ec2 from 'aws-cdk-lib/aws-ec2';
-import * as kms from 'aws-cdk-lib/aws-kms';
+
+import * as autoscaling from 'aws-cdk-lib/aws-autoscaling';
 import * as s3 from 'aws-cdk-lib/aws-s3';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
 import * as cdk from 'aws-cdk-lib';
-import { Duration } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import * as ecs from 'aws-cdk-lib/aws-ecs';
 
 const app = new cdk.App({
   postCliContext: {
+    '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
     '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': true,
+    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
+    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
+    '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });
 const stack = new cdk.Stack(app, 'aws-ecs-integ-enable-execute-command');
 
-const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: false });
+const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2 });
+
+const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef');
+
+taskDefinition.addContainer('web', {
+  image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
+  memoryReservationMiB: 256,
+  portMappings: [
+    {
+      containerPort: 80,
+      hostPort: 8080,
+      protocol: ecs.Protocol.TCP,
+    },
+  ],
+});
 
-const kmsKey = new kms.Key(stack, 'KmsKey');
+const execBucket = new s3.Bucket(stack, 'EcsExecBucket');
 
-const execBucket = new s3.Bucket(stack, 'EcsExecBucket', {
-  encryptionKey: kmsKey,
+const cp = new ecs.AsgCapacityProvider(stack, 'EC2CapacityProvider', {
+  autoScalingGroup: new autoscaling.AutoScalingGroup(stack, 'ASG', {
+    vpc,
+    instanceType: new ec2.InstanceType('t2.micro'),
+    machineImage: ecs.EcsOptimizedImage.amazonLinux2(),
+  }),
+  // This is to allow cdk destroy to work; otherwise deletion will hang bc ASG cannot be deleted
+  enableManagedTerminationProtection: false,
 });
 
-const cluster = new ecs.Cluster(stack, 'FargateCluster', {
+const cluster = new ecs.Cluster(stack, 'EC2CPCluster', {
   vpc,
   executeCommandConfiguration: {
-    kmsKey,
     logConfiguration: {
       s3Bucket: execBucket,
       s3EncryptionEnabled: true,
@@ -33,19 +56,9 @@ const cluster = new ecs.Cluster(stack, 'FargateCluster', {
     logging: ecs.ExecuteCommandLogging.OVERRIDE,
   },
 });
+cluster.addAsgCapacityProvider(cp);
 
-const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef');
-
-taskDefinition.addContainer('web', {
-  image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample'),
-  healthCheck: {
-    command: ['CMD-SHELL', 'curl localhost:8000'],
-    interval: Duration.seconds(60),
-    timeout: Duration.seconds(40),
-  },
-});
-
-new ecs.FargateService(stack, 'FargateService', {
+new ecs.Ec2Service(stack, 'EC2Service', {
   cluster,
   taskDefinition,
   enableExecuteCommand: true,
@@ -53,12 +66,5 @@ new ecs.FargateService(stack, 'FargateService', {
 
 new integ.IntegTest(app, 'enable-execute-command-test', {
   testCases: [stack],
-  diffAssets: true,
-  cdkCommandOptions: {
-    deploy: {
-      args: {
-        rollback: true,
-      },
-    },
-  },
 });
+app.synth();