PyPI - konokenj.cdk-api-mcp-server - Versions diffs - 0.64.0__py3-none-any.whl → 0.66.0__py3-none-any.whl - Mend

konokenj.cdk-api-mcp-server 0.64.0py3-none-any.whl → 0.66.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of konokenj.cdk-api-mcp-server might be problematic. Click here for more details.

Files changed (70) hide show

cdk_api_mcp_server/__about__.py CHANGED Viewed

@@ -1,4 +1,4 @@
 # SPDX-FileCopyrightText: 2025-present Kenji Kono <konoken@amazon.co.jp>
 #
 # SPDX-License-Identifier: MIT
-__version__ = "0.64.0"
+__version__ = "0.66.0"

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-elasticache-alpha/README.md CHANGED Viewed

@@ -305,6 +305,8 @@ const user = new elasticache.NoPasswordUser(this, 'User', {
 });
 ```
+> NOTE: `NoPasswordUser` is only available for Redis Cache.
 ### Default user
 ElastiCache automatically creates a default user with both a user ID and username set to `default`. This default user cannot be modified or deleted. The user is created as a no password authentication user.

cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-imagebuilder-alpha/README.md CHANGED Viewed

@@ -199,8 +199,8 @@ Use AWS-managed workflows for common pipeline phases:
 const workflowPipeline = new imagebuilder.ImagePipeline(this, 'WorkflowPipeline', {
   recipe: exampleImageRecipe,
   workflows: [
-    { workflow: imagebuilder.AwsManagedWorkflow.buildImage(this, 'BuildWorkflow') },
-    { workflow: imagebuilder.AwsManagedWorkflow.testImage(this, 'TestWorkflow') }
+    { workflow: imagebuilder.AmazonManagedWorkflow.buildImage(this, 'BuildWorkflow') },
+    { workflow: imagebuilder.AmazonManagedWorkflow.testImage(this, 'TestWorkflow') }
   ]
 });
 ```
@@ -211,9 +211,9 @@ For container pipelines, use container-specific workflows:
 const containerWorkflowPipeline = new imagebuilder.ImagePipeline(this, 'ContainerWorkflowPipeline', {
   recipe: exampleContainerRecipe,
   workflows: [
-    { workflow: imagebuilder.AwsManagedWorkflow.buildContainer(this, 'BuildContainer') },
-    { workflow: imagebuilder.AwsManagedWorkflow.testContainer(this, 'TestContainer') },
-    { workflow: imagebuilder.AwsManagedWorkflow.distributeContainer(this, 'DistributeContainer') }
+    { workflow: imagebuilder.AmazonManagedWorkflow.buildContainer(this, 'BuildContainer') },
+    { workflow: imagebuilder.AmazonManagedWorkflow.testContainer(this, 'TestContainer') },
+    { workflow: imagebuilder.AmazonManagedWorkflow.distributeContainer(this, 'DistributeContainer') }
   ]
 });
 ```
@@ -430,8 +430,8 @@ Use workflows for custom build, test, and distribution processes:
 const imageWithWorkflows = new imagebuilder.Image(this, 'ImageWithWorkflows', {
   recipe: exampleImageRecipe,
   workflows: [
-    { workflow: imagebuilder.AwsManagedWorkflow.buildImage(this, 'BuildWorkflow') },
-    { workflow: imagebuilder.AwsManagedWorkflow.testImage(this, 'TestWorkflow') }
+    { workflow: imagebuilder.AmazonManagedWorkflow.buildImage(this, 'BuildWorkflow') },
+    { workflow: imagebuilder.AmazonManagedWorkflow.testImage(this, 'TestWorkflow') }
   ]
 });
 ```
@@ -603,12 +603,12 @@ const imageRecipe = new imagebuilder.ImageRecipe(this, 'AmazonManagedImageRecipe
   ),
   components: [
     {
-      component: imagebuilder.AwsManagedComponent.updateOS(this, 'UpdateOS', {
+      component: imagebuilder.AmazonManagedComponent.updateOs(this, 'UpdateOS', {
         platform: imagebuilder.Platform.LINUX
       })
     },
     {
-      component: imagebuilder.AwsManagedComponent.awsCliV2(this, 'AwsCli', {
+      component: imagebuilder.AmazonManagedComponent.awsCliV2(this, 'AwsCli', {
         platform: imagebuilder.Platform.LINUX
       })
     }
@@ -790,19 +790,19 @@ const containerRecipe = new imagebuilder.ContainerRecipe(this, 'ComponentContain
 Use pre-built AWS components:
 ```ts
-const containerRecipe = new imagebuilder.ContainerRecipe(this, 'AwsManagedContainerRecipe', {
+const containerRecipe = new imagebuilder.ContainerRecipe(this, 'AmazonManagedContainerRecipe', {
   baseImage: imagebuilder.BaseContainerImage.fromDockerHub('amazonlinux', 'latest'),
   targetRepository: imagebuilder.Repository.fromEcr(
     ecr.Repository.fromRepositoryName(this, 'Repository', 'my-container-repo')
   ),
   components: [
     {
-      component: imagebuilder.AwsManagedComponent.updateOS(this, 'UpdateOS', {
+      component: imagebuilder.AmazonManagedComponent.updateOs(this, 'UpdateOS', {
         platform: imagebuilder.Platform.LINUX
       })
     },
     {
-      component: imagebuilder.AwsManagedComponent.awsCliV2(this, 'AwsCli', {
+      component: imagebuilder.AmazonManagedComponent.awsCliV2(this, 'AwsCli', {
         platform: imagebuilder.Platform.LINUX
       })
     }
@@ -1070,17 +1070,17 @@ AWS provides a collection of managed components for common tasks:
 ```ts
 // Install AWS CLI v2
-const awsCliComponent = imagebuilder.AwsManagedComponent.awsCliV2(this, 'AwsCli', {
+const awsCliComponent = imagebuilder.AmazonManagedComponent.awsCliV2(this, 'AwsCli', {
   platform: imagebuilder.Platform.LINUX
 });
 // Update the operating system
-const updateComponent = imagebuilder.AwsManagedComponent.updateOS(this, 'UpdateOS', {
+const updateComponent = imagebuilder.AmazonManagedComponent.updateOs(this, 'UpdateOS', {
   platform: imagebuilder.Platform.LINUX
 });
 // Reference any AWS-managed component by name
-const customAwsComponent = imagebuilder.AwsManagedComponent.fromAwsManagedComponentName(
+const customAwsComponent = imagebuilder.AmazonManagedComponent.fromAmazonManagedComponentName(
   this,
   'CloudWatchAgent',
   'amazon-cloudwatch-agent-linux'
@@ -1517,15 +1517,15 @@ AWS provides a collection of workflows for common scenarios:
 ```ts
 // Build workflows
-const buildImageWorkflow = imagebuilder.AwsManagedWorkflow.buildImage(this, 'BuildImage');
-const buildContainerWorkflow = imagebuilder.AwsManagedWorkflow.buildContainer(this, 'BuildContainer');
+const buildImageWorkflow = imagebuilder.AmazonManagedWorkflow.buildImage(this, 'BuildImage');
+const buildContainerWorkflow = imagebuilder.AmazonManagedWorkflow.buildContainer(this, 'BuildContainer');
 // Test workflows
-const testImageWorkflow = imagebuilder.AwsManagedWorkflow.testImage(this, 'TestImage');
-const testContainerWorkflow = imagebuilder.AwsManagedWorkflow.testContainer(this, 'TestContainer');
+const testImageWorkflow = imagebuilder.AmazonManagedWorkflow.testImage(this, 'TestImage');
+const testContainerWorkflow = imagebuilder.AmazonManagedWorkflow.testContainer(this, 'TestContainer');
 // Distribution workflows
-const distributeContainerWorkflow = imagebuilder.AwsManagedWorkflow.distributeContainer(this, 'DistributeContainer');
+const distributeContainerWorkflow = imagebuilder.AmazonManagedWorkflow.distributeContainer(this, 'DistributeContainer');
 ```
 ### Lifecycle Policy

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-cloudwatch-actions/integ.lambda-alarm-action.ts CHANGED Viewed

@@ -91,7 +91,6 @@ new integ.IntegTest(appWithFeatureFlag, 'LambdaAlarmActionIntegrationTestWithFea
 });
 appWithFeatureFlag.synth();
-/* eslint-disable no-console */
 function handler(event: any, _context: any, callback: any) {
   console.log(JSON.stringify(event, undefined, 2));
   return callback();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codebuild/README.md CHANGED Viewed

@@ -394,7 +394,7 @@ is available for specifying Lambda-compatible images.
 You can specify one of the predefined Windows/Linux images by using one
 of the constants such as `WindowsBuildImage.WIN_SERVER_CORE_2019_BASE`,
 `WindowsBuildImage.WINDOWS_BASE_2_0`, `LinuxBuildImage.STANDARD_2_0`,
-`LinuxBuildImage.AMAZON_LINUX_2_5`, `MacBuildImage.BASE_14`, `LinuxArmBuildImage.AMAZON_LINUX_2_ARM`,
+`LinuxBuildImage.AMAZON_LINUX_2_5`, `MacBuildImage.BASE_14`, `MacBuildImage.BASE_15`, `LinuxArmBuildImage.AMAZON_LINUX_2_ARM`,
 `LinuxLambdaBuildImage.AMAZON_LINUX_2_NODE_18` or `LinuxArmLambdaBuildImage.AMAZON_LINUX_2_NODE_18`.
 Alternatively, you can specify a custom image using one of the static methods on

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codebuild/{integ.project-macos-fleet.ts → integ.project-macos-fleet-base14.ts} RENAMED Viewed

@@ -14,10 +14,10 @@ import * as codebuild from 'aws-cdk-lib/aws-codebuild';
  */
 const app = new cdk.App();
-const stack = new cdk.Stack(app, 'aws-cdk-project-macos');
+const stack = new cdk.Stack(app, 'aws-cdk-project-macos-base14');
 const fleet = new codebuild.Fleet(stack, 'MacOsFleet', {
-  fleetName: 'MacOsFleet',
+  fleetName: 'MacOsFleet14',
   baseCapacity: 1,
   computeType: codebuild.FleetComputeType.MEDIUM,
   environmentType: codebuild.EnvironmentType.MAC_ARM,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-codebuild/integ.project-macos-fleet-base15.ts ADDED Viewed

@@ -0,0 +1,62 @@
+import * as cdk from 'aws-cdk-lib';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+import * as codebuild from 'aws-cdk-lib/aws-codebuild';
+/**
+ * Deployment notice:
+ *
+ * The fleet allocation might take >10 minutes to complete,
+ * which can cause the integ test to timeout and fail.
+ *
+ * You can try deploying to a different region, or
+ * or Deploying the stack without integ tests first, with the --no-clean flag,
+ * waiting for the fleet allocation to reach its capacity,
+ * and then running the integ test was the workaround used.
+ */
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'aws-cdk-project-macos-base15');
+const fleet = new codebuild.Fleet(stack, 'MacOsFleet', {
+  fleetName: 'MacOsFleet15',
+  baseCapacity: 1,
+  computeType: codebuild.FleetComputeType.MEDIUM,
+  environmentType: codebuild.EnvironmentType.MAC_ARM,
+});
+const project = new codebuild.Project(stack, 'MacOsProject', {
+  buildSpec: codebuild.BuildSpec.fromObject({
+    version: '0.2',
+    phases: {
+      build: { commands: ['echo "Nothing to do!"'] },
+    },
+  }),
+  environment: {
+    fleet,
+    buildImage: codebuild.MacBuildImage.BASE_15,
+    computeType: codebuild.ComputeType.MEDIUM,
+  },
+});
+const test = new integ.IntegTest(app, 'MacOsProjectIntegTest', {
+  testCases: [stack],
+});
+const listFleets = test.assertions.awsApiCall('Codebuild', 'listFleets');
+listFleets.expect(integ.ExpectedResult.objectLike({
+  fleets: integ.Match.arrayWith([fleet.fleetArn]),
+}));
+const startBuild = test.assertions.awsApiCall('Codebuild', 'startBuild', { projectName: project.projectName });
+// Describe the build and wait for the status to be successful
+test.assertions.awsApiCall('CodeBuild', 'batchGetBuilds', {
+  ids: [startBuild.getAttString('build.id')],
+}).assertAtPath(
+  'builds.0.buildStatus',
+  integ.ExpectedResult.stringLikeRegexp('SUCCEEDED'),
+).waitForAssertions({
+  totalTimeout: cdk.Duration.minutes(10), // Spin up time for Mac can be slow
+  interval: cdk.Duration.seconds(30),
+});
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.app-mesh-proxy-config.ts CHANGED Viewed

@@ -5,8 +5,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.capacity-provider-managed-draining.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new cdk.Stack(app, 'integ-ec2-capacity-provider-managed-draining');

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.capacity-provider.ts CHANGED Viewed

@@ -6,8 +6,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.clb-host-nw.ts CHANGED Viewed

@@ -2,12 +2,11 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
 import * as elb from 'aws-cdk-lib/aws-elasticloadbalancing';
 import * as cdk from 'aws-cdk-lib';
 import * as ecs from 'aws-cdk-lib/aws-ecs';
+import { CfnResource } from 'aws-cdk-lib';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });
@@ -45,6 +44,14 @@ const lb = new elb.LoadBalancer(stack, 'LB', { vpc });
 lb.addListener({ externalPort: 80 });
 lb.addTarget(service);
+// Suppress security guardian rule for CLB default behavior
+lb.connections.securityGroups.forEach(sg => {
+  const cfnSg = sg.node.defaultChild as CfnResource;
+  cfnSg.addMetadata('guard', {
+    SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+  });
+});
 new cdk.CfnOutput(stack, 'LoadBalancerDNS', { value: lb.loadBalancerDnsName });
 app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cloudmap-container-port.ts CHANGED Viewed

@@ -2,12 +2,11 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
 import * as cloudmap from 'aws-cdk-lib/aws-servicediscovery';
 import * as cdk from 'aws-cdk-lib';
 import * as ecs from 'aws-cdk-lib/aws-ecs';
+import { CfnResource } from 'aws-cdk-lib';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });
@@ -33,6 +32,14 @@ const capacity = cluster.addCapacity('capacity', {
 });
 capacity.connections.allowFromAnyIpv4(ec2.Port.tcpRange(32768, 61000));
+// Suppress security guardian rule for intentional test setup
+capacity.connections.securityGroups.forEach(sg => {
+  const cfnSg = sg.node.defaultChild as CfnResource;
+  cfnSg.addMetadata('guard', {
+    SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+  });
+});
 cluster.addDefaultCloudMapNamespace({ name: 'aws-ecs-integ' });
 const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef', {});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cluster-amazonlinux2-neuron-ami.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cluster-imported.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cluster-windows-server-ami.ts CHANGED Viewed

@@ -8,8 +8,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cluster.amazonlinux2023-ami.ts CHANGED Viewed

@@ -8,8 +8,6 @@ import * as iam from 'aws-cdk-lib/aws-iam';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': true,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.default-capacity-provider.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.deployment-alarms.ts CHANGED Viewed

@@ -8,8 +8,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.enable-execute-command.ts CHANGED Viewed

@@ -10,8 +10,6 @@ const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
     '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': true,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.environment-file.ts CHANGED Viewed

@@ -10,8 +10,6 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.exec-command.ts CHANGED Viewed

@@ -8,8 +8,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.firelens-s3-config.ts CHANGED Viewed

@@ -3,12 +3,11 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
 import * as s3_assets from 'aws-cdk-lib/aws-s3-assets';
 import * as cdk from 'aws-cdk-lib';
 import * as ecs from 'aws-cdk-lib/aws-ecs';
+import { CfnResource } from 'aws-cdk-lib';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });
@@ -69,6 +68,13 @@ container.addPortMappings({
 // Create a security group that allows tcp @ port 80
 const securityGroup = new ec2.SecurityGroup(stack, 'websvc-sg', { vpc });
 securityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(80));
+// Suppress security guardian rule for intentional test setup
+const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
+cfnSecurityGroup.addMetadata('guard', {
+  SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+});
 new ecs.Ec2Service(stack, 'Service', {
   cluster,
   taskDefinition,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.graviton.ts CHANGED Viewed

@@ -5,8 +5,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.lb-awsvpc-nw.ts CHANGED Viewed

@@ -2,12 +2,11 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
 import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
 import * as cdk from 'aws-cdk-lib';
 import * as ecs from 'aws-cdk-lib/aws-ecs';
+import { CfnResource } from 'aws-cdk-lib';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });
@@ -49,6 +48,14 @@ listener.addTargets('ECS', {
   targets: [service],
 });
+// Suppress security guardian rule for ALB default behavior (open: true)
+lb.connections.securityGroups.forEach(sg => {
+  const cfnSg = sg.node.defaultChild as CfnResource;
+  cfnSg.addMetadata('guard', {
+    SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+  });
+});
 new cdk.CfnOutput(stack, 'LoadBalancerDNS', { value: lb.loadBalancerDnsName });
 app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.lb-bridge-nw.ts CHANGED Viewed

@@ -3,12 +3,11 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
 import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
 import * as cdk from 'aws-cdk-lib';
 import * as ecs from 'aws-cdk-lib/aws-ecs';
+import { CfnResource } from 'aws-cdk-lib';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });
@@ -49,6 +48,14 @@ listener.addTargets('ECS', {
   targets: [service],
 });
+// Suppress security guardian rule for ALB default behavior (open: true)
+lb.connections.securityGroups.forEach(sg => {
+  const cfnSg = sg.node.defaultChild as CfnResource;
+  cfnSg.addMetadata('guard', {
+    SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+  });
+});
 new cdk.CfnOutput(stack, 'LoadBalancerDNS', { value: lb.loadBalancerDnsName });
 app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-capacity-provider.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new cdk.Stack(app, 'integ-managedinstances-capacity-provider');

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-no-default-capacity-provider.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new cdk.Stack(app, 'integ-managedinstances-no-default-capacity-provider');

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.placement-constraint-default-empty.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.placement-strategies.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.pseudo-terminal.ts CHANGED Viewed

@@ -6,8 +6,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.sd-awsvpc-nw.ts CHANGED Viewed

@@ -5,8 +5,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.sd-bridge-nw.ts CHANGED Viewed

@@ -5,8 +5,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.spot-drain.ts CHANGED Viewed

@@ -5,8 +5,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.swap-parameters.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import { LinuxParameters } from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.task-definition-placement-constraints.ts CHANGED Viewed

@@ -6,8 +6,6 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.alb-ecs-service-command-entry-point.ts CHANGED Viewed

@@ -8,8 +8,6 @@ import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new cdk.Stack(app, 'aws-ecs-integ-alb-ec2-cmd-entrypoint');
@@ -22,6 +20,11 @@ const securityGroup = new ec2.SecurityGroup(stack, 'SecurityGroup', {
   allowAllOutbound: true,
 });
 securityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcpRange(32768, 65535));
+// Suppress security guardian rule - intentionally allowing public access for load balancer testing
+const cfnSecurityGroup = securityGroup.node.defaultChild as cdk.CfnResource;
+cfnSecurityGroup.addMetadata('guard', {
+  SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+});
 const provider = new ecs.AsgCapacityProvider(stack, 'CapacityProvier', {
   autoScalingGroup: new autoscaling.AutoScalingGroup(
@@ -61,6 +64,13 @@ const applicationLoadBalancedEc2Service = new ecsPatterns.ApplicationLoadBalance
   },
 );
 applicationLoadBalancedEc2Service.loadBalancer.connections.addSecurityGroup(securityGroup);
+// Suppress security guardian rule - load balancer intentionally needs public access for testing
+applicationLoadBalancedEc2Service.loadBalancer.connections.securityGroups.forEach(sg => {
+  const cfnSg = sg.node.defaultChild as cdk.CfnResource;
+  cfnSg.addMetadata('guard', {
+    SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+  });
+});
 new integ.IntegTest(app, 'AlbEc2ServiceWithCommandAndEntryPoint', {
   testCases: [stack],

konokenj.cdk-api-mcp-server 0.64.0__py3-none-any.whl → 0.66.0__py3-none-any.whl

Potentially problematic release.

konokenj.cdk-api-mcp-server 0.64.0py3-none-any.whl → 0.66.0py3-none-any.whl