konokenj.cdk-api-mcp-server 0.64.0__py3-none-any.whl → 0.66.0__py3-none-any.whl

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.application-load-balanced-ecs-service.ts

@@ -1,15 +1,13 @@
 import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
 import { InstanceType, Vpc, SecurityGroup, Peer, Port } from 'aws-cdk-lib/aws-ec2';
 import { Cluster, ContainerImage, AsgCapacityProvider, EcsOptimizedImage } from 'aws-cdk-lib/aws-ecs';
-import { App, Stack } from 'aws-cdk-lib';
+import { App, Stack, CfnResource } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import { ApplicationLoadBalancedEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
 
 const app = new App({
   postCliContext: {
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new Stack(app, 'aws-ecs-integ-alb');
@@ -20,6 +18,11 @@ const securityGroup = new SecurityGroup(stack, 'SecurityGroup', {
   allowAllOutbound: true,
 });
 securityGroup.addIngressRule(Peer.anyIpv4(), Port.tcpRange(32768, 65535));
+// Suppress security guardian rule - intentionally allowing public access for load balancer testing
+const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
+cfnSecurityGroup.addMetadata('guard', {
+  SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+});
 
 const provider1 = new AsgCapacityProvider(stack, 'FirstCapacityProvier', {
   autoScalingGroup: new AutoScalingGroup(stack, 'FirstAutoScalingGroup', {
@@ -65,6 +68,13 @@ const applicationLoadBalancedEc2Service = new ApplicationLoadBalancedEc2Service(
   ipAddressType: elbv2.IpAddressType.IPV4,
 });
 applicationLoadBalancedEc2Service.loadBalancer.connections.addSecurityGroup(securityGroup);
+// Suppress security guardian rule - load balancer intentionally needs public access for testing
+applicationLoadBalancedEc2Service.loadBalancer.connections.securityGroups.forEach(sg => {
+  const cfnSg = sg.node.defaultChild as CfnResource;
+  cfnSg.addMetadata('guard', {
+    SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+  });
+});
 
 new integ.IntegTest(app, 'applicationLoadBalancedEc2ServiceTest', {
   testCases: [stack],

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.healthchecks-multiple-application-load-balanced-ecs-service.ts

@@ -2,15 +2,13 @@ import { InstanceType, Vpc, SecurityGroup, Peer, Port } from 'aws-cdk-lib/aws-ec
 import { Cluster, ContainerImage, AsgCapacityProvider, EcsOptimizedImage } from 'aws-cdk-lib/aws-ecs';
 import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
 import { Protocol } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
-import { App, Duration, Stack } from 'aws-cdk-lib';
+import { App, Duration, Stack, CfnResource } from 'aws-cdk-lib';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 
 import { ApplicationMultipleTargetGroupsEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 
 const app = new App({
   postCliContext: {
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new Stack(app, 'aws-ecs-integ-multiple-alb-healthchecks');
@@ -21,6 +19,11 @@ const securityGroup = new SecurityGroup(stack, 'MyAutoScalingGroupSG', {
   allowAllOutbound: true,
 });
 securityGroup.addIngressRule(Peer.anyIpv4(), Port.tcpRange(32768, 65535));
+// Suppress security guardian rule - intentionally allowing public access for load balancer testing
+const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
+cfnSecurityGroup.addMetadata('guard', {
+  SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+});
 const provider = new AsgCapacityProvider(stack, 'MyProvider', {
   autoScalingGroup: new AutoScalingGroup(stack, 'MyAutoScalingGroup', {
     vpc,
@@ -70,6 +73,15 @@ const applicationMultipleTargetGroupsFargateService = new ApplicationMultipleTar
 });
 applicationMultipleTargetGroupsFargateService.loadBalancers[0].connections.addSecurityGroup(securityGroup);
 applicationMultipleTargetGroupsFargateService.loadBalancers[1].connections.addSecurityGroup(securityGroup);
+// Suppress security guardian rule - load balancers intentionally need public access for testing
+applicationMultipleTargetGroupsFargateService.loadBalancers.forEach(lb => {
+  lb.connections.securityGroups.forEach(sg => {
+    const cfnSg = sg.node.defaultChild as CfnResource;
+    cfnSg.addMetadata('guard', {
+      SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+    });
+  });
+});
 
 applicationMultipleTargetGroupsFargateService.targetGroups[0].configureHealthCheck({
   protocol: Protocol.HTTP,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.healthchecks-multiple-network-load-balanced-ecs-service.ts

@@ -1,14 +1,12 @@
 import { InstanceType, Vpc, Peer, Port, SecurityGroup } from 'aws-cdk-lib/aws-ec2';
 import { AsgCapacityProvider, Cluster, ContainerImage, EcsOptimizedImage } from 'aws-cdk-lib/aws-ecs';
 import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
-import { App, Stack } from 'aws-cdk-lib';
+import { App, Stack, CfnResource } from 'aws-cdk-lib';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 import { NetworkMultipleTargetGroupsEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 
 const app = new App({
   postCliContext: {
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new Stack(app, 'aws-ecs-integ-nlb-healthchecks');
@@ -19,6 +17,13 @@ const securityGroup = new SecurityGroup(stack, 'MyAutoScalingGroupSG', {
   allowAllOutbound: true,
 });
 securityGroup.addIngressRule(Peer.anyIpv4(), Port.tcpRange(32768, 65535));
+
+// Suppress security guardian rule for intentional test setup
+const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
+cfnSecurityGroup.addMetadata('guard', {
+  SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+});
+
 const provider = new AsgCapacityProvider(stack, 'MyProvider', {
   autoScalingGroup: new AutoScalingGroup(stack, 'MyAutoScalingGroup', {
     vpc,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.multiple-application-load-balanced-ecs-service-idle-timeout.ts

@@ -3,7 +3,7 @@ import { InstanceType, Vpc } from 'aws-cdk-lib/aws-ec2';
 import { Cluster, ContainerImage } from 'aws-cdk-lib/aws-ecs';
 import { ApplicationProtocol, SslPolicy } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
 import { PublicHostedZone } from 'aws-cdk-lib/aws-route53';
-import { App, Duration, Stack } from 'aws-cdk-lib';
+import { App, Duration, Stack, CfnResource } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import { ApplicationMultipleTargetGroupsEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 import { AUTOSCALING_GENERATE_LAUNCH_TEMPLATE } from 'aws-cdk-lib/cx-api';
@@ -13,8 +13,6 @@ const app = new App({
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
     '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': false,
     '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });
@@ -26,7 +24,7 @@ const cluster = new Cluster(stack, 'Cluster', { vpc });
 cluster.addCapacity('DefaultAutoScalingGroup', { instanceType: new InstanceType('t2.micro') });
 
 // Two load balancers with different idle timeouts.
-new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
+const service = new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
   cluster,
   memoryLimitMiB: 256,
   taskImageOptions: {
@@ -87,6 +85,16 @@ new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
   ],
 });
 
+// Suppress security guardian rule for ALB default behavior (open: true)
+service.loadBalancers.forEach(lb => {
+  lb.connections.securityGroups.forEach(sg => {
+    const cfnSg = sg.node.defaultChild as CfnResource;
+    cfnSg.addMetadata('guard', {
+      SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+    });
+  });
+});
+
 new integ.IntegTest(app, 'multiAlbEcsEc2Test', {
   testCases: [stack],
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.multiple-application-load-balanced-ecs-service.ts

@@ -1,6 +1,6 @@
 import { InstanceType, Vpc } from 'aws-cdk-lib/aws-ec2';
 import { Cluster, ContainerImage, Ec2TaskDefinition } from 'aws-cdk-lib/aws-ecs';
-import { App, Stack } from 'aws-cdk-lib';
+import { App, Stack, CfnResource } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import { ApplicationMultipleTargetGroupsEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 import { REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS } from 'aws-cdk-lib/cx-api';
@@ -9,8 +9,6 @@ const app = new App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
     [REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS]: false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });
@@ -32,7 +30,7 @@ taskDefinition.addContainer('web', {
 });
 
 // One load balancer with one listener and two target groups.
-new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
+const service = new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
   cluster,
   taskDefinition,
   enableExecuteCommand: true,
@@ -48,6 +46,14 @@ new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
   ],
 });
 
+// Suppress security guardian rule for ALB default behavior (open: true)
+service.loadBalancer.connections.securityGroups.forEach(sg => {
+  const cfnSg = sg.node.defaultChild as CfnResource;
+  cfnSg.addMetadata('guard', {
+    SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+  });
+});
+
 new integ.IntegTest(app, 'applicationMultipleTargetGroupsEc2ServiceTest', {
   testCases: [stack],
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.network-load-balanced-ecs-service.ts

@@ -1,15 +1,13 @@
 import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
 import { InstanceType, Vpc, SecurityGroup, Peer, Port } from 'aws-cdk-lib/aws-ec2';
 import { Cluster, ContainerImage, AsgCapacityProvider, EcsOptimizedImage } from 'aws-cdk-lib/aws-ecs';
-import { App, Stack } from 'aws-cdk-lib';
+import { App, Stack, CfnResource } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import { NetworkLoadBalancedEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 import { IpAddressType } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
 
 const app = new App({
   postCliContext: {
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new Stack(app, 'aws-ecs-integ-nlb');
@@ -21,6 +19,12 @@ const securityGroup = new SecurityGroup(stack, 'SecurityGroup', {
 });
 securityGroup.addIngressRule(Peer.anyIpv4(), Port.tcpRange(32768, 65535));
 
+// Suppress security guardian rule for intentional test setup
+const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
+cfnSecurityGroup.addMetadata('guard', {
+  SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+});
+
 const provider1 = new AsgCapacityProvider(stack, 'FirstCapacityProvider', {
   autoScalingGroup: new AutoScalingGroup(stack, 'FirstAutoScalingGroup', {
     vpc,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.scheduled-ecs-task.ts

@@ -8,8 +8,6 @@ import { ScheduledEc2Task } from 'aws-cdk-lib/aws-ecs-patterns';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.tls-network-load-balanced-ecs-service.ts

@@ -14,8 +14,6 @@ if (!certArn) throw new Error('For this test you must provide your own Certifica
 const app = new App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/README.md

@@ -718,6 +718,52 @@ rule.addTarget(new targets.RedshiftQuery(workgroup.attrWorkgroupWorkgroupArn, {
 }));
 ```
 
+## Send events to an SQS queue
+
+Use the `SqsQueue` target to send events to an SQS queue.
+
+The code snippet below creates an event rule that sends events to an SQS queue every hour:
+
+```ts
+const queue = new sqs.Queue(this, 'MyQueue');
+
+const rule = new events.Rule(this, 'Rule', {
+  schedule: events.Schedule.rate(cdk.Duration.hours(1)),
+});
+
+rule.addTarget(new targets.SqsQueue(queue));
+```
+
+### Using Message Group IDs
+
+You can specify a `messageGroupId` to ensure messages are processed in order. This parameter is required for FIFO queues and optional for standard queues:
+
+```ts
+// FIFO queue - messageGroupId required
+const fifoQueue = new sqs.Queue(this, 'MyFifoQueue', {
+  fifo: true,
+});
+
+const fifoRule = new events.Rule(this, 'FifoRule', {
+  schedule: events.Schedule.rate(cdk.Duration.hours(1)),
+});
+
+fifoRule.addTarget(new targets.SqsQueue(fifoQueue, {
+  messageGroupId: 'MyMessageGroupId',
+}));
+
+// Standard queue - messageGroupId optional (SQS Fair queue feature)
+const standardQueue = new sqs.Queue(this, 'MyStandardQueue');
+
+const standardRule = new events.Rule(this, 'StandardRule', {
+  schedule: events.Schedule.rate(cdk.Duration.hours(1)),
+});
+
+standardRule.addTarget(new targets.SqsQueue(standardQueue, {
+  messageGroupId: 'MyMessageGroupId', // Optional for standard queues
+}));
+```
+
 ## Publish to an SNS Topic
 
 Use the `SnsTopic` target to publish to an SNS Topic.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/integ.event-ec2-task.ts

@@ -10,8 +10,6 @@ import * as targets from 'aws-cdk-lib/aws-events-targets';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/integ.events.ts

@@ -43,7 +43,6 @@ timer3.addTarget(new targets.LambdaFunction(fn, {
 
 app.synth();
 
-/* eslint-disable no-console */
 function handler(event: any, _context: any, callback: any) {
   console.log(JSON.stringify(event, undefined, 2));
   return callback();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/integ.sqs-event-rule-target.ts

@@ -3,6 +3,7 @@ import * as kms from 'aws-cdk-lib/aws-kms';
 import * as sqs from 'aws-cdk-lib/aws-sqs';
 import * as cdk from 'aws-cdk-lib';
 import * as targets from 'aws-cdk-lib/aws-events-targets';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 
 // ---------------------------------
 // Define a rule that triggers an SNS topic every 1min.
@@ -23,11 +24,45 @@ const queue = new sqs.Queue(stack, 'MyQueue', {
   encryption: sqs.QueueEncryption.KMS,
   encryptionMasterKey: key,
 });
+// Suppress false positive: queue uses separate QueuePolicy resource (not inline), which is the correct pattern
+(queue.node.defaultChild as cdk.CfnResource).addMetadata('guard', {
+  SuppressedRules: ['SQS_NO_WORLD_ACCESSIBLE_INLINE'],
+});
 
-const deadLetterQueue = new sqs.Queue(stack, 'MyDeadLetterQueue');
+const deadLetterQueue = new sqs.Queue(stack, 'MyDeadLetterQueue', {
+  encryption: sqs.QueueEncryption.SQS_MANAGED,
+});
+// Suppress false positive: queue uses separate QueuePolicy resource (not inline), which is the correct pattern
+(deadLetterQueue.node.defaultChild as cdk.CfnResource).addMetadata('guard', {
+  SuppressedRules: ['SQS_NO_WORLD_ACCESSIBLE_INLINE'],
+});
 
 event.addTarget(new targets.SqsQueue(queue, {
   deadLetterQueue,
 }));
 
-app.synth();
+// Test messageGroupId support for standard (non-FIFO) queues
+const standardQueue = new sqs.Queue(stack, 'StandardQueue', {
+  encryption: sqs.QueueEncryption.SQS_MANAGED,
+});
+// Suppress false positive: queue uses separate QueuePolicy resource (not inline), which is the correct pattern
+(standardQueue.node.defaultChild as cdk.CfnResource).addMetadata('guard', {
+  SuppressedRules: ['SQS_NO_WORLD_ACCESSIBLE_INLINE'],
+});
+
+const standardQueueEvent = new events.Rule(stack, 'StandardQueueRule', {
+  schedule: events.Schedule.rate(cdk.Duration.minutes(1)),
+});
+
+standardQueueEvent.addTarget(new targets.SqsQueue(standardQueue, {
+  messageGroupId: 'MyMessageGroupId',
+}));
+
+new IntegTest(app, 'integ.sqs-event-rule-target', {
+  testCases: [stack],
+  allowDestroy: [
+    'AWS::SQS::Queue',
+    'AWS::SQS::QueuePolicy',
+    'AWS::Events::Rule',
+  ],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.lambda-adot.ts

@@ -85,7 +85,6 @@ class StackUnderTest extends Stack {
   }
 }
 
-/* eslint-disable no-console */
 function handler(event: any, _context: any, callback: any) {
   console.log(JSON.stringify(event, undefined, 2));
   return callback();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.lambda-insights-mapping.ts

@@ -55,7 +55,6 @@ new lambda.Function(stack, 'MyFunc6', {
 
 app.synth();
 
-/* eslint-disable no-console */
 function handler(event: any, _context: any, callback: any) {
   console.log(JSON.stringify(event, undefined, 2));
   return callback();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.runtimes.ts

@@ -17,6 +17,14 @@ new Function(stack, 'Lambda', {
   runtime: Runtime.DOTNET_8,
 });
 
+new Function(stack, 'DotNet10Lambda', {
+  code: Code.fromAsset(path.join(__dirname, 'dotnet-handler')),
+  handler: 'Handler',
+  runtime: Runtime.DOTNET_10,
+});
+
 new integ.IntegTest(app, 'lambda-runtime-management', {
   testCases: [stack],
 });
+
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.kinesiswithdlq.ts

@@ -13,7 +13,6 @@ import { STANDARD_NODEJS_RUNTIME } from '../../config';
  */
 
 async function handler(event: any) {
-  // eslint-disable-next-line no-console
   console.log('event:', JSON.stringify(event, undefined, 2));
   throw new Error();
 }

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda-event-sources/integ.s3-onfailuire-destination.ts

@@ -65,7 +65,6 @@ export class S3OnFailureDestinationStack extends Stack {
   }
 }
 async function handler(event: any) {
-  // eslint-disable-next-line no-console
   console.log('event:', JSON.stringify(event, undefined, 2));
   throw new Error();
 }

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53-patterns/README.md

@@ -72,3 +72,9 @@ new patterns.HttpsRedirect(this, 'Redirect', {
 It is safe to upgrade to `@aws-cdk/aws-route53-patterns:useCertificate` since
 the new certificate will be created and updated on the CloudFront distribution
 before the old certificate is deleted.
+
+To have `HttpsRedirect` use the `Distribution` construct as the default
+created CloudFront distribution instead of the deprecated `CloudFrontWebDistribution`
+construct, enable the `@aws-cdk/aws-route53-patterns:useDistribution` [feature flag].
+
+[feature flag]: https://docs.aws.amazon.com/cdk/latest/guide/featureflags.html

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53-patterns/integ.hosted-redirect-same-region.ts

@@ -1,6 +1,7 @@
 import { PublicHostedZone } from 'aws-cdk-lib/aws-route53';
+import { CfnBucket } from 'aws-cdk-lib/aws-s3';
 import { Stack, App } from 'aws-cdk-lib';
-// import { ROUTE53_PATTERNS_USE_CERTIFICATE } from '@aws-cdk/cx-api';
+import { ROUTE53_PATTERNS_USE_DISTRIBUTION } from 'aws-cdk-lib/cx-api';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 import { HttpsRedirect } from 'aws-cdk-lib/aws-route53-patterns';
 const hostedZoneId = process.env.CDK_INTEG_HOSTED_ZONE_ID ?? process.env.HOSTED_ZONE_ID;
@@ -11,10 +12,9 @@ const domainName = process.env.CDK_INTEG_DOMAIN_NAME ?? process.env.DOMAIN_NAME;
 if (!domainName) throw new Error('For this test you must provide your own DomainName as an env var "DOMAIN_NAME". See framework-integ/README.md for details.');
 
 const app = new App({
-  // uncomment this to test the old behavior
-  // postCliContext: {
-  //   [ROUTE53_PATTERNS_USE_CERTIFICATE]: false,
-  // },
+  postCliContext: {
+    [ROUTE53_PATTERNS_USE_DISTRIBUTION]: true,
+  },
 });
 const testCase = new Stack(app, 'integ-https-redirect-same-region', {
   env: { region: 'us-east-1' },
@@ -24,12 +24,21 @@ const hostedZone = PublicHostedZone.fromHostedZoneAttributes(testCase, 'HostedZo
   hostedZoneId,
   zoneName: hostedZoneName,
 });
-new HttpsRedirect(testCase, 'redirect', {
+const redirect = new HttpsRedirect(testCase, 'redirect', {
   zone: hostedZone,
   recordNames: [`integ-same-region.${hostedZoneName}`],
   targetDomain: 'aws.amazon.com',
 });
 
+const redirectBucket = redirect.node.findChild('RedirectBucket').node.defaultChild as CfnBucket;
+redirectBucket.addPropertyOverride('BucketEncryption', {
+  ServerSideEncryptionConfiguration: [{
+    ServerSideEncryptionByDefault: {
+      SSEAlgorithm: 'aws:kms',
+    },
+  }],
+});
+
 new IntegTest(app, 'integ-test', {
   testCases: [testCase],
   enableLookups: true,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-route53-patterns/integ.hosted-redirect.ts

@@ -1,6 +1,7 @@
 import { PublicHostedZone } from 'aws-cdk-lib/aws-route53';
+import { CfnBucket } from 'aws-cdk-lib/aws-s3';
 import { Stack, App } from 'aws-cdk-lib';
-// import { ROUTE53_PATTERNS_USE_CERTIFICATE } from '@aws-cdk/cx-api';
+import { ROUTE53_PATTERNS_USE_DISTRIBUTION } from 'aws-cdk-lib/cx-api';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 import { HttpsRedirect } from 'aws-cdk-lib/aws-route53-patterns';
 const hostedZoneId = process.env.CDK_INTEG_HOSTED_ZONE_ID ?? process.env.HOSTED_ZONE_ID;
@@ -11,10 +12,9 @@ const domainName = process.env.CDK_INTEG_DOMAIN_NAME ?? process.env.DOMAIN_NAME;
 if (!domainName) throw new Error('For this test you must provide your own DomainName as an env var "DOMAIN_NAME". See framework-integ/README.md for details.');
 
 const app = new App({
-  // uncomment this to test the old behavior
-  // postCliContext: {
-  //   [ROUTE53_PATTERNS_USE_CERTIFICATE]: false,
-  // },
+  postCliContext: {
+    [ROUTE53_PATTERNS_USE_DISTRIBUTION]: true,
+  },
 });
 const testCase = new Stack(app, 'integ-https-redirect', {
   crossRegionReferences: true,
@@ -28,12 +28,21 @@ const hostedZone = PublicHostedZone.fromHostedZoneAttributes(testCase, 'HostedZo
   hostedZoneId,
   zoneName: hostedZoneName,
 });
-new HttpsRedirect(testCase, 'redirect', {
+const redirect = new HttpsRedirect(testCase, 'redirect', {
   zone: hostedZone,
   recordNames: [`integ.${hostedZoneName}`],
   targetDomain: 'aws.amazon.com',
 });
 
+const redirectBucket = redirect.node.findChild('RedirectBucket').node.defaultChild as CfnBucket;
+redirectBucket.addPropertyOverride('BucketEncryption', {
+  ServerSideEncryptionConfiguration: [{
+    ServerSideEncryptionByDefault: {
+      SSEAlgorithm: 'aws:kms',
+    },
+  }],
+});
+
 new IntegTest(app, 'integ-test', {
   testCases: [testCase],
   enableLookups: true,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-s3-notifications/integ.bucket-notifications.ts

@@ -37,7 +37,6 @@ const unmanagedBucket = s3.Bucket.fromBucketName(c1, 'IntegUnmanagedBucket1', bu
 unmanagedBucket.addObjectCreatedNotification(new s3n.LambdaDestination(fn), { prefix: 'TEST1/', suffix: '.png' });
 unmanagedBucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3n.LambdaDestination(fn), { prefix: 'TEST2/' });
 
-/* eslint-disable no-console */
 function handler(event: any, _context: any, callback: any) {
   console.log(JSON.stringify(event, undefined, 2));
   return callback(null, event);

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-sns-subscriptions/integ.sns-lambda-cross-region.ts

@@ -31,7 +31,6 @@ topic.addSubscription(new subs.LambdaSubscription(fction));
 app.synth();
 
 function handler(event: any, _context: any, callback: any) {
-  /* eslint-disable no-console */
   console.log('====================================================');
   console.log(JSON.stringify(event, undefined, 2));
   console.log('====================================================');

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-sns-subscriptions/integ.sns-lambda.ts

@@ -74,7 +74,6 @@ new SnsToLambda(app, 'aws-cdk-sns-lambda');
 app.synth();
 
 function handler(event: any, _context: any, callback: any) {
-  /* eslint-disable no-console */
   console.log('====================================================');
   console.log(JSON.stringify(event, undefined, 2));
   console.log('====================================================');

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.ec2-run-task-ref-definition.ts

@@ -10,8 +10,6 @@ import { EC2_RESTRICT_DEFAULT_SECURITY_GROUP, STEPFUNCTIONS_TASKS_FIX_RUN_ECS_TA
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.ec2-run-task.ts

@@ -20,8 +20,6 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.ec2-task.ts

@@ -20,8 +20,6 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });