PyPI - konokenj.cdk-api-mcp-server - Versions diffs - 0.51.0__py3-none-any.whl → 0.53.0__py3-none-any.whl - Mend

konokenj.cdk-api-mcp-server 0.51.0py3-none-any.whl → 0.53.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of konokenj.cdk-api-mcp-server might be problematic. Click here for more details.

Files changed (46) hide show

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2/README.md CHANGED Viewed

@@ -14,11 +14,13 @@
   - [VPC Link](#vpc-link)
   - [Private Integration](#private-integration)
   - [Generating ARN for Execute API](#generating-arn-for-execute-api)
-  - [Access Logging](#access-logging)
 - [WebSocket API](#websocket-api)
   - [Manage Connections Permission](#manage-connections-permission)
   - [Managing access to WebSocket APIs](#managing-access-to-websocket-apis)
   - [Usage Plan and API Keys](#usage-plan-and-api-keys)
+- [Common Config](#common-config)
+  - [Route Settings](#route-settings)
+  - [Access Logging](#access-logging)
 ## Introduction
@@ -375,65 +377,6 @@ const arn = api.arnForExecuteApi('GET', '/myApiPath', 'dev');
 - The 'ANY' method can be used for matching any HTTP methods not explicitly defined.
 - The function gracefully handles undefined parameters by using wildcards, making it flexible for various API configurations.
-## Access Logging
-You can turn on logging to write logs to CloudWatch Logs.
-Read more at [Configure logging for HTTP APIs in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging.html)
-```ts
-import * as logs from 'aws-cdk-lib/aws-logs';
-declare const api: apigwv2.HttpApi;
-declare const logGroup: logs.LogGroup;
-const stage = new apigwv2.HttpStage(this, 'Stage', {
-  httpApi: api,
-  accessLogSettings: {
-    destination: new apigwv2.LogGroupLogDestination(logGroup),
-  },
-});
-```
-The following code will generate the access log in the [CLF format](https://en.wikipedia.org/wiki/Common_Log_Format).
-```ts
-import * as apigw from 'aws-cdk-lib/aws-apigateway';
-import * as logs from 'aws-cdk-lib/aws-logs';
-declare const api: apigwv2.HttpApi;
-declare const logGroup: logs.LogGroup;
-const stage = new apigwv2.HttpStage(this, 'Stage', {
-  httpApi: api,
-  accessLogSettings: {
-    destination: new apigwv2.LogGroupLogDestination(logGroup),
-    format: apigw.AccessLogFormat.clf(),
-  },
-});
-```
-You can also configure your own access log format by using the `AccessLogFormat.custom()` API.
-`AccessLogField` provides commonly used fields. The following code configures access log to contain.
-```ts
-import * as apigw from 'aws-cdk-lib/aws-apigateway';
-import * as logs from 'aws-cdk-lib/aws-logs';
-declare const api: apigwv2.HttpApi;
-declare const logGroup: logs.LogGroup;
-const stage = new apigwv2.HttpStage(this, 'Stage', {
-  httpApi: api,
-  accessLogSettings: {
-    destination: new apigwv2.LogGroupLogDestination(logGroup),
-    format: apigw.AccessLogFormat.custom(
-      `${apigw.AccessLogField.contextRequestId()} ${apigw.AccessLogField.contextErrorMessage()} ${apigw.AccessLogField.contextErrorMessageString()}
-      ${apigw.AccessLogField.contextAuthorizerError()} ${apigw.AccessLogField.contextAuthorizerIntegrationStatus()}`
-    ),
-  },
-});
-```
 ## WebSocket API
 A WebSocket API in API Gateway is a collection of WebSocket routes that are integrated with backend HTTP endpoints,
@@ -578,26 +521,6 @@ const webSocketApi = new apigwv2.WebSocketApi(this, 'mywsapi',{
 });
 ```
-## Common Config
-Common config for both HTTP API and WebSocket API
-### Route Settings
-Represents a collection of route settings.
-```ts
-declare const api: apigwv2.HttpApi;
-new apigwv2.HttpStage(this, 'Stage', {
-  httpApi: api,
-  throttle: {
-    rateLimit: 1000,
-    burstLimit: 1000,
-  },
-  detailedMetricsEnabled: true,
-});
-```
 ## Usage Plan and API Keys
 A usage plan specifies who can access one or more deployed WebSocket API stages, and the rate at which they can be accessed. The plan uses API keys to
@@ -740,4 +663,93 @@ const key = new apigwv2.RateLimitedApiKey(this, 'rate-limited-api-key', {
     burstLimit: 200
   }
 });
-```
+```
+## Common Config
+Common config for both HTTP API and WebSocket API
+### Route Settings
+Represents a collection of route settings.
+```ts
+declare const api: apigwv2.HttpApi;
+new apigwv2.HttpStage(this, 'Stage', {
+  httpApi: api,
+  throttle: {
+    rateLimit: 1000,
+    burstLimit: 1000,
+  },
+  detailedMetricsEnabled: true,
+});
+```
+### Access Logging
+You can turn on logging to write logs to CloudWatch Logs.
+Read more at Configure logging for [HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging.html) or [WebSocket APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-logging.html)
+```ts
+import * as logs from 'aws-cdk-lib/aws-logs';
+declare const httpApi: apigwv2.HttpApi;
+declare const webSocketApi : apigwv2.WebSocketApi;
+declare const logGroup: logs.LogGroup;
+new apigwv2.HttpStage(this, 'HttpStage', {
+  httpApi,
+  accessLogSettings: {
+    destination: new apigwv2.LogGroupLogDestination(logGroup),
+  },
+});
+new apigwv2.WebSocketStage(this, 'WebSocketStage', {
+  webSocketApi,
+  stageName: 'dev',
+  accessLogSettings: {
+    destination: new apigwv2.LogGroupLogDestination(logGroup),
+  },
+});
+```
+The following code will generate the access log in the [CLF format](https://en.wikipedia.org/wiki/Common_Log_Format).
+```ts
+import * as apigw from 'aws-cdk-lib/aws-apigateway';
+import * as logs from 'aws-cdk-lib/aws-logs';
+declare const api: apigwv2.HttpApi;
+declare const logGroup: logs.LogGroup;
+const stage = new apigwv2.HttpStage(this, 'Stage', {
+  httpApi: api,
+  accessLogSettings: {
+    destination: new apigwv2.LogGroupLogDestination(logGroup),
+    format: apigw.AccessLogFormat.clf(),
+  },
+});
+```
+You can also configure your own access log format by using the `AccessLogFormat.custom()` API.
+`AccessLogField` provides commonly used fields. The following code configures access log to contain.
+```ts
+import * as apigw from 'aws-cdk-lib/aws-apigateway';
+import * as logs from 'aws-cdk-lib/aws-logs';
+declare const api: apigwv2.HttpApi;
+declare const logGroup: logs.LogGroup;
+const stage = new apigwv2.HttpStage(this, 'Stage', {
+  httpApi: api,
+  accessLogSettings: {
+    destination: new apigwv2.LogGroupLogDestination(logGroup),
+    format: apigw.AccessLogFormat.custom(
+      `${apigw.AccessLogField.contextRequestId()} ${apigw.AccessLogField.contextErrorMessage()} ${apigw.AccessLogField.contextErrorMessageString()}
+      ${apigw.AccessLogField.contextAuthorizerError()} ${apigw.AccessLogField.contextAuthorizerIntegrationStatus()}`
+    ),
+  },
+});
+```

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-apigatewayv2/integ.stage.ts CHANGED Viewed

@@ -1,12 +1,19 @@
 #!/usr/bin/env node
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 import * as cdk from 'aws-cdk-lib';
-import * as apigw from 'aws-cdk-lib/aws-apigatewayv2';
+import * as apigwv2 from 'aws-cdk-lib/aws-apigatewayv2';
+import * as apigw from 'aws-cdk-lib/aws-apigateway';
+import * as logs from 'aws-cdk-lib/aws-logs';
 const app = new cdk.App();
 const stack = new cdk.Stack(app, 'aws-cdk-aws-apigatewayv2-websocket-stage');
-const webSocketApi = new apigw.WebSocketApi(stack, 'WebSocketApi');
-new apigw.WebSocketStage(stack, 'WebSocketStage', {
+const logGroup = new logs.LogGroup(stack, 'MyLogGroup', {
+  removalPolicy: cdk.RemovalPolicy.DESTROY,
+});
+const webSocketApi = new apigwv2.WebSocketApi(stack, 'WebSocketApi');
+new apigwv2.WebSocketStage(stack, 'WebSocketStage', {
   webSocketApi,
   stageName: 'dev',
   throttle: {
@@ -15,6 +22,15 @@ new apigw.WebSocketStage(stack, 'WebSocketStage', {
   },
   detailedMetricsEnabled: true,
   description: 'My Stage',
+  accessLogSettings: {
+    destination: new apigwv2.LogGroupLogDestination(logGroup),
+    format: apigw.AccessLogFormat.custom(JSON.stringify({
+      extendedRequestId: apigw.AccessLogField.contextExtendedRequestId(),
+      requestTime: apigw.AccessLogField.contextRequestTime(),
+    })),
+  },
 });
-app.synth();
+new IntegTest(app, 'aws-cdk-aws-apigatewayv2-websocket-stage-test', {
+  testCases: [stack],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codebuild/README.md CHANGED Viewed

@@ -651,7 +651,6 @@ const project = new codebuild.Project(this, 'MyProject', {
   // vpc,
 });
 ```
->>>>>>> 39ec36ec6a (feat(codebuild): add custom instance type and VPC to Fleets)
 ## Logs

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-iam/integ.managed-policy.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { App, Stack } from 'aws-cdk-lib';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 import { AccountRootPrincipal, Grant, ManagedPolicy, PolicyStatement, Role, User } from 'aws-cdk-lib/aws-iam';
+import * as lambda from 'aws-cdk-lib/aws-lambda';
 const app = new App();
@@ -34,6 +35,14 @@ policy.attachToRole(role);
 const importedRole = Role.fromRoleArn(stack, 'ImportedRole', role.roleArn);
 policy.attachToRole(importedRole);
+// Can be passed to grantInvoke, see https://github.com/aws/aws-cdk/issues/32980
+const func = new lambda.Function(stack, 'Function', {
+  runtime: lambda.Runtime.NODEJS_LATEST,
+  handler: 'index.handler',
+  code: lambda.Code.fromInline('export const handler = async () => null'),
+});
+func.grantInvoke(policy);
 new IntegTest(app, 'ManagedPolicyInteg', {
   testCases: [stack],
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-iam/integ.policy.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { App, Stack } from 'aws-cdk-lib';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 import { AccountRootPrincipal, Grant, Policy, PolicyStatement, Role, User } from 'aws-cdk-lib/aws-iam';
+import * as lambda from 'aws-cdk-lib/aws-lambda';
 const app = new App();
@@ -21,6 +22,14 @@ role.grantAssumeRole(user);
 Grant.addToPrincipal({ actions: ['iam:*'], resourceArns: [role.roleArn], grantee: policy2 });
+// Can be passed to grantInvoke, see https://github.com/aws/aws-cdk/issues/32980
+const func = new lambda.Function(stack, 'Function', {
+  runtime: lambda.Runtime.NODEJS_LATEST,
+  handler: 'index.handler',
+  code: lambda.Code.fromInline('export const handler = async () => null'),
+});
+func.grantInvoke(policy);
 new IntegTest(app, 'PolicyInteg', {
   testCases: [stack],
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/README.md CHANGED Viewed

@@ -483,8 +483,11 @@ Data can be transformed before being delivered to destinations. There are two ty
 data processing for delivery streams: record transformation with AWS Lambda, and record
 format conversion using a schema stored in an AWS Glue table. If both types of data
 processing are configured, then the Lambda transformation is performed first. By default,
-no data processing occurs. This construct library currently only supports data
-transformation with AWS Lambda. See [#15501](https://github.com/aws/aws-cdk/issues/15501)
+no data processing occurs.
+This construct library currently only supports data
+transformation with AWS Lambda and some built-in data processors.
+See [#15501](https://github.com/aws/aws-cdk/issues/15501)
 to track the status of adding support for record format conversion.
 ### Data transformation with AWS Lambda
@@ -520,7 +523,7 @@ const lambdaProcessor = new firehose.LambdaFunctionProcessor(lambdaFunction, {
 });
 declare const bucket: s3.Bucket;
 const s3Destination = new firehose.S3Bucket(bucket, {
-  processor: lambdaProcessor,
+  processors: [lambdaProcessor],
 });
 new firehose.DeliveryStream(this, 'Delivery Stream', {
   destination: s3Destination,
@@ -532,6 +535,60 @@ new firehose.DeliveryStream(this, 'Delivery Stream', {
 See: [Data Transformation](https://docs.aws.amazon.com/firehose/latest/dev/data-transformation.html)
 in the *Amazon Data Firehose Developer Guide*.
+### Add a new line delimiter when delivering data to Amazon S3
+You can specify the `AppendDelimiterToRecordProcessor` built-in processor to add a new line delimiter between records in objects that are delivered to Amazon S3. This can be helpful for parsing objects in Amazon S3.
+For details, see [Use Amazon S3 bucket prefix to deliver data](https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning-s3bucketprefix.html).
+```ts
+declare const bucket: s3.Bucket;
+const s3Destination = new firehose.S3Bucket(bucket, {
+  processors: [
+    new firehose.AppendDelimiterToRecordProcessor(),
+  ],
+});
+new firehose.DeliveryStream(this, 'Delivery Stream', {
+  destination: s3Destination,
+});
+```
+### Decompress and extract message of CloudWatch Logs
+CloudWatch Logs events are sent to Firehose in compressed gzip format. If you want to deliver decompressed log events to Firehose destinations, you can use the `DecompressionProcessor` to automatically decompress CloudWatch Logs.
+For details, see [Send CloudWatch Logs to Firehose](https://docs.aws.amazon.com/firehose/latest/dev/writing-with-cloudwatch-logs.html).
+You may also needed to specify `AppendDelimiterToRecordProcessor`
+because decompressed log events record has no trailing newline.
+```ts
+declare const bucket: s3.Bucket;
+const s3Destination = new firehose.S3Bucket(bucket, {
+  processors: [
+    new firehose.DecompressionProcessor(),
+    new firehose.AppendDelimiterToRecordProcessor(),
+  ],
+});
+new firehose.DeliveryStream(this, 'Delivery Stream', {
+  destination: s3Destination,
+});
+```
+When you enable decompression, you have the option to also enable message extraction. When using message extraction, Firehose filters out all metadata, such as owner, loggroup, logstream, and others from the decompressed CloudWatch Logs records and delivers only the content inside the message fields.
+```ts
+declare const bucket: s3.Bucket;
+const s3Destination = new firehose.S3Bucket(bucket, {
+  processors: [
+    new firehose.DecompressionProcessor(),
+    new firehose.CloudWatchLogProcessor({ dataMessageExtraction: true }),
+  ],
+});
+new firehose.DeliveryStream(this, 'Delivery Stream', {
+  destination: s3Destination,
+});
+```
 ## Specifying an IAM role
 The DeliveryStream class automatically creates IAM service roles with all the minimum

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-kinesisfirehose/integ.cloudwatch-logs-processors.ts ADDED Viewed

@@ -0,0 +1,45 @@
+#!/usr/bin/env node
+import * as path from 'path';
+import * as firehose from 'aws-cdk-lib/aws-kinesisfirehose';
+import * as lambdanodejs from 'aws-cdk-lib/aws-lambda-nodejs';
+import * as s3 from 'aws-cdk-lib/aws-s3';
+import * as cdk from 'aws-cdk-lib';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'firehose-delivery-stream-cloudwatch-logs-processors');
+const bucket = new s3.Bucket(stack, 'DestinationBucket', {
+  removalPolicy: cdk.RemovalPolicy.DESTROY,
+  autoDeleteObjects: true,
+});
+const dataProcessorFunction = new lambdanodejs.NodejsFunction(stack, 'DataProcessorFunction', {
+  entry: path.join(__dirname, 'lambda-data-processor.js'),
+  timeout: cdk.Duration.minutes(1),
+});
+new firehose.DeliveryStream(stack, 'DecompressCloudWatchLogsEntry', {
+  destination: new firehose.S3Bucket(bucket, {
+    processors: [
+      new firehose.DecompressionProcessor(),
+      new firehose.AppendDelimiterToRecordProcessor(),
+      new firehose.LambdaFunctionProcessor(dataProcessorFunction),
+    ],
+  }),
+});
+new firehose.DeliveryStream(stack, 'ExtractCloudWatchLogsEntry', {
+  destination: new firehose.S3Bucket(bucket, {
+    processors: [
+      new firehose.DecompressionProcessor(),
+      new firehose.CloudWatchLogProcessor({ dataMessageExtraction: true }),
+      new firehose.LambdaFunctionProcessor(dataProcessorFunction),
+    ],
+  }),
+});
+new IntegTest(app, 'integ-tests', {
+  testCases: [stack],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.runtime.fromasset.ts CHANGED Viewed

@@ -10,20 +10,35 @@ const app = new App({
 });
 const stack = new Stack(app, 'aws-cdk-lambda-runtime-fromasset');
-const lambdaFunction = new Function(stack, 'MyFunction', {
+const lambdaFunctionJava21 = new Function(stack, 'MyFunctionJava21', {
   runtime: Runtime.JAVA_21,
   handler: 'com.mycompany.app.LambdaMethodHandler::handleRequest',
   code: Code.fromAsset(path.join(__dirname, 'my-app-1.0-SNAPSHOT.zip')),
 });
+const lambdaFunctionJava25 = new Function(stack, 'MyFunctionJava25', {
+  runtime: Runtime.JAVA_25,
+  handler: 'com.mycompany.app.LambdaMethodHandler::handleRequest',
+  code: Code.fromAsset(path.join(__dirname, 'my-app-1.0-SNAPSHOT.zip')),
+});
 const integTest = new integ.IntegTest(app, 'Integ', { testCases: [stack] });
-const invoke = integTest.assertions.invokeFunction({
-  functionName: lambdaFunction.functionName,
+const invokeJava21 = integTest.assertions.invokeFunction({
+  functionName: lambdaFunctionJava21.functionName,
+  payload: '123',
+});
+invokeJava21.expect(integ.ExpectedResult.objectLike({
+  Payload: '"123"',
+}));
+const invokeJava25 = integTest.assertions.invokeFunction({
+  functionName: lambdaFunctionJava25.functionName,
   payload: '123',
 });
-invoke.expect(integ.ExpectedResult.objectLike({
+invokeJava25.expect(integ.ExpectedResult.objectLike({
   Payload: '"123"',
 }));

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.runtime.inlinecode.ts CHANGED Viewed

@@ -55,6 +55,13 @@ const python313 = new Function(stack, 'PYTHON_3_13', {
 });
 new CfnOutput(stack, 'PYTHON_3_13-functionName', { value: python313.functionName });
+const python314 = new Function(stack, 'PYTHON_3_14', {
+  code: new InlineCode('def handler(event, context):\n  return "success"'),
+  handler: 'index.handler',
+  runtime: Runtime.PYTHON_3_14,
+});
+new CfnOutput(stack, 'PYTHON_3_14-functionName', { value: python314.functionName });
 const node20xfn = new Function(stack, 'NODEJS_20_X', {
   code: new InlineCode('exports.handler = async function(event) { return "success" }'),
   handler: 'index.handler',

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/README.md CHANGED Viewed

@@ -1,6 +1,5 @@
 # AWS S3 Deployment Construct Library
 This library allows populating an S3 bucket with the contents of .zip files
 from other S3 buckets or from local disk.
@@ -83,7 +82,7 @@ User: *** is not authorized to perform: kms:Decrypt on the resource associated w
 because no identity-based policy allows the kms:Decrypt action
 ```
-When this happens, users can use the public `handlerRole` property of `BucketDeployment` to manually
+When this happens, users can use the public `handlerRole` property of `BucketDeployment` to manually
 add the KMS permissions:
 ```ts
@@ -375,6 +374,7 @@ resource handler.
 > of memory and storage size.
 ## JSON-Aware Source Processing
 When using `Source.jsonData` with CDK Tokens (references to construct properties), you may need to enable the escaping option. This is particularly important when the referenced properties might contain special characters that require proper JSON escaping (like double quotes, line breaks, etc.).
 ```ts
@@ -462,7 +462,7 @@ to make from placeholders in a local file which will be resolved during deployme
 is especially useful in situations like creating an API from a spec file, where users might
 want to reference other CDK resources they have created.
-The syntax for template variables is `{{ variableName }}` in your local file. Then, you would
+The syntax for template variables is `{{ variableName }}` in your local file. Then, you would
 specify the substitutions in CDK like this:
 ```ts
@@ -486,7 +486,7 @@ new s3deploy.DeployTimeSubstitutedFile(this, 'MyFile', {
 ```
 Nested variables, like `{{ {{ foo }} }}` or `{{ foo {{ bar }} }}`, are not supported by this
-construct. In the first case of a single variable being is double nested `{{ {{ foo }} }}`, only
+construct. In the first case of a single variable being is double nested `{{ {{ foo }} }}`, only
 the `{{ foo }}` would be replaced by the substitution, and the extra brackets would remain in the file.
 In the second case of two nexted variables `{{ foo {{ bar }} }}`, only the `{{ bar }}` would be replaced
 in the file.
@@ -533,6 +533,67 @@ new cdk.CfnOutput(this, 'ObjectKey', {
 });
 ```
+## Specifying a Custom VPC, Subnets, and Security Groups in BucketDeployment
+By default, the AWS CDK BucketDeployment construct runs in a publicly accessible environment. However, for enhanced security and compliance, you may need to deploy your assets from within a VPC while restricting network access through custom subnets and security groups.
+### Using a Custom VPC
+To deploy assets within a private network, specify the vpc property in BucketDeploymentProps. This ensures that the deployment Lambda function executes within your specified VPC.
+```ts
+const vpc = ec2.Vpc.fromLookup(this, 'ExistingVPC', { vpcId: 'vpc-12345678' });
+const bucket = new s3.Bucket(this, 'MyBucket');
+new s3deploy.BucketDeployment(this, 'DeployToS3', {
+    destinationBucket: bucket,
+    vpc: vpc,
+    sources: [s3deploy.Source.asset('./website')],
+});
+```
+### Specifying Subnets for Deployment
+By default, when you specify a VPC, the BucketDeployment function is deployed in the private subnets of that VPC.
+However, you can customize the subnet selection using the vpcSubnets property.
+```ts
+const vpc = ec2.Vpc.fromLookup(this, 'ExistingVPC', { vpcId: 'vpc-12345678' });
+const bucket = new s3.Bucket(this, 'MyBucket');
+new s3deploy.BucketDeployment(this, 'DeployToS3', {
+    destinationBucket: bucket,
+    vpc: vpc,
+    vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC },
+    sources: [s3deploy.Source.asset('./website')],
+});
+```
+### Defining Custom Security Groups
+For enhanced network security, you can now specify custom security groups in BucketDeploymentProps.
+This allows fine-grained control over ingress and egress rules for the deployment Lambda function.
+```ts
+const vpc = ec2.Vpc.fromLookup(this, 'ExistingVPC', { vpcId: 'vpc-12345678' });
+const bucket = new s3.Bucket(this, 'MyBucket');
+const securityGroup = new ec2.SecurityGroup(this, 'CustomSG', {
+    vpc: vpc,
+    description: 'Allow HTTPS outbound access',
+    allowAllOutbound: false,
+});
+securityGroup.addEgressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(443), 'Allow HTTPS traffic');
+new s3deploy.BucketDeployment(this, 'DeployWithSecurityGroup', {
+    destinationBucket: bucket,
+    vpc: vpc,
+    securityGroups: [securityGroup],
+    sources: [s3deploy.Source.asset('./website')],
+});
+```
 ## Notes
 - This library uses an AWS CloudFormation custom resource which is about 10MiB in

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-deployment/integ.bucket-deployment-big-response.ts CHANGED Viewed

@@ -11,6 +11,12 @@ import { ExpectedResult } from '@aws-cdk/integ-tests-alpha';
 const numFiles = 50;
+/**
+ * Integration test for bucket deployment with many sources (big response):
+ * - Tests deployment with 50 source files to validate response size handling
+ * - Uses increased memory limit (2048MB) for large deployments
+ * - Validates that objectKeys output is disabled when outputObjectKeys is false
+ */
 class TestBucketDeployment extends cdk.Stack {
   public readonly destinationBucket: s3.IBucket;
   constructor(scope: Construct, id: string, props?: cdk.StackProps) {
@@ -21,6 +27,7 @@ class TestBucketDeployment extends cdk.Stack {
       autoDeleteObjects: true, // needed for integration test cleanup
     });
+    // Create multiple source files to test big response handling
     const sources = [];
     for (let i = 0; i < numFiles; i++) {
       const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'tmpcdk'));
@@ -31,17 +38,17 @@ class TestBucketDeployment extends cdk.Stack {
       sources.push(s3deploy.Source.asset(tempDir));
     }
-    const deploymentBucket = new s3deploy.BucketDeployment(this, 'DeployMe', {
+    const deployment = new s3deploy.BucketDeployment(this, 'DeployWithManySources', {
       sources: sources,
       destinationBucket: this.destinationBucket,
       memoryLimit: 2048,
-      retainOnDelete: false, // default is true, which will block the integration test cleanup
+      retainOnDelete: false,
       outputObjectKeys: false,
     });
     new CfnOutput(this, 'customResourceData', {
       value: Fn.sub('Object Keys are${keys}', {
-        keys: Fn.join(',', deploymentBucket.objectKeys),
+        keys: Fn.join(',', deployment.objectKeys),
       }),
     });
   }
@@ -54,12 +61,12 @@ const app = new cdk.App({
 });
 const testCase = new TestBucketDeployment(app, 'test-bucket-deployments-too-many-sources');
-const integTest = new integ.IntegTest(app, 'integ-test-bucket-deployments', {
+const integTest = new integ.IntegTest(app, 'integ-test-bucket-deployment-big-response', {
   testCases: [testCase],
   diffAssets: true,
 });
-// Assert that DeployMeWithoutExtractingFilesOnDestination deploys a zip file to bucket4
+// Assert that all files were successfully deployed
 for (let i = 0; i < numFiles; i++) {
   const apiCall = integTest.assertions.awsApiCall('S3', 'getObject', {
     Bucket: testCase.destinationBucket.bucketName,
@@ -73,7 +80,7 @@ for (let i = 0; i < numFiles; i++) {
   apiCall.assertAtPath('Body', ExpectedResult.stringLikeRegexp(`This is file number ${i + 1}`));
 }
-// Assert that there is no object keys returned from the custom resource
+// Assert that objectKeys output is empty when outputObjectKeys is false
 const describe = integTest.assertions.awsApiCall('CloudFormation', 'describeStacks', {
   StackName: 'test-bucket-deployments-too-many-sources',
 });

konokenj.cdk-api-mcp-server 0.51.0__py3-none-any.whl → 0.53.0__py3-none-any.whl

Potentially problematic release.

konokenj.cdk-api-mcp-server 0.51.0py3-none-any.whl → 0.53.0py3-none-any.whl