konokenj.cdk-api-mcp-server 0.65.0__py3-none-any.whl → 0.66.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of konokenj.cdk-api-mcp-server might be problematic. Click here for more details.

Files changed (53) hide show
  1. cdk_api_mcp_server/__about__.py +1 -1
  2. cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-imagebuilder-alpha/README.md +20 -20
  3. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.app-mesh-proxy-config.ts +0 -2
  4. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.capacity-provider-managed-draining.ts +0 -2
  5. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.capacity-provider.ts +0 -2
  6. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.clb-host-nw.ts +9 -2
  7. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cloudmap-container-port.ts +9 -2
  8. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cluster-amazonlinux2-neuron-ami.ts +0 -2
  9. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cluster-imported.ts +0 -2
  10. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cluster-windows-server-ami.ts +0 -2
  11. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cluster.amazonlinux2023-ami.ts +0 -2
  12. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.default-capacity-provider.ts +0 -2
  13. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.deployment-alarms.ts +0 -2
  14. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.enable-execute-command.ts +0 -2
  15. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.environment-file.ts +0 -2
  16. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.exec-command.ts +0 -2
  17. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.firelens-s3-config.ts +8 -2
  18. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.graviton.ts +0 -2
  19. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.lb-awsvpc-nw.ts +9 -2
  20. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.lb-bridge-nw.ts +9 -2
  21. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-capacity-provider.ts +0 -2
  22. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-no-default-capacity-provider.ts +0 -2
  23. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.placement-constraint-default-empty.ts +0 -2
  24. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.placement-strategies.ts +0 -2
  25. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.pseudo-terminal.ts +0 -2
  26. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.sd-awsvpc-nw.ts +0 -2
  27. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.sd-bridge-nw.ts +0 -2
  28. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.spot-drain.ts +0 -2
  29. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.swap-parameters.ts +0 -2
  30. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.task-definition-placement-constraints.ts +0 -2
  31. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.alb-ecs-service-command-entry-point.ts +12 -2
  32. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.application-load-balanced-ecs-service.ts +13 -3
  33. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.healthchecks-multiple-application-load-balanced-ecs-service.ts +15 -3
  34. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.healthchecks-multiple-network-load-balanced-ecs-service.ts +8 -3
  35. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.multiple-application-load-balanced-ecs-service-idle-timeout.ts +12 -4
  36. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.multiple-application-load-balanced-ecs-service.ts +10 -4
  37. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.network-load-balanced-ecs-service.ts +7 -3
  38. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.scheduled-ecs-task.ts +0 -2
  39. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.tls-network-load-balanced-ecs-service.ts +0 -2
  40. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/README.md +46 -0
  41. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/integ.event-ec2-task.ts +0 -2
  42. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/integ.sqs-event-rule-target.ts +37 -2
  43. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.runtimes.ts +8 -0
  44. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.ec2-run-task-ref-definition.ts +0 -2
  45. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.ec2-run-task.ts +0 -2
  46. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-stepfunctions-tasks/integ.ec2-task.ts +0 -2
  47. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/FEATURE_FLAGS.md +0 -47
  48. cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/cx-api/README.md +0 -42
  49. {konokenj_cdk_api_mcp_server-0.65.0.dist-info → konokenj_cdk_api_mcp_server-0.66.0.dist-info}/METADATA +2 -2
  50. {konokenj_cdk_api_mcp_server-0.65.0.dist-info → konokenj_cdk_api_mcp_server-0.66.0.dist-info}/RECORD +53 -53
  51. {konokenj_cdk_api_mcp_server-0.65.0.dist-info → konokenj_cdk_api_mcp_server-0.66.0.dist-info}/WHEEL +0 -0
  52. {konokenj_cdk_api_mcp_server-0.65.0.dist-info → konokenj_cdk_api_mcp_server-0.66.0.dist-info}/entry_points.txt +0 -0
  53. {konokenj_cdk_api_mcp_server-0.65.0.dist-info → konokenj_cdk_api_mcp_server-0.66.0.dist-info}/licenses/LICENSE.txt +0 -0
cdk_api_mcp_server/__about__.py CHANGED
@@ -1,4 +1,4 @@
1
1
  # SPDX-FileCopyrightText: 2025-present Kenji Kono <konoken@amazon.co.jp>
2
2
  #
3
3
  # SPDX-License-Identifier: MIT
4
- __version__ = "0.65.0"
4
+ __version__ = "0.66.0"
cdk_api_mcp_server/resources/aws-cdk/constructs/@aws-cdk/aws-imagebuilder-alpha/README.md CHANGED
@@ -199,8 +199,8 @@ Use AWS-managed workflows for common pipeline phases:
199
199
  const workflowPipeline = new imagebuilder.ImagePipeline(this, 'WorkflowPipeline', {
200
200
  recipe: exampleImageRecipe,
201
201
  workflows: [
202
- { workflow: imagebuilder.AwsManagedWorkflow.buildImage(this, 'BuildWorkflow') },
203
- { workflow: imagebuilder.AwsManagedWorkflow.testImage(this, 'TestWorkflow') }
202
+ { workflow: imagebuilder.AmazonManagedWorkflow.buildImage(this, 'BuildWorkflow') },
203
+ { workflow: imagebuilder.AmazonManagedWorkflow.testImage(this, 'TestWorkflow') }
204
204
  ]
205
205
  });
206
206
  ```
@@ -211,9 +211,9 @@ For container pipelines, use container-specific workflows:
211
211
  const containerWorkflowPipeline = new imagebuilder.ImagePipeline(this, 'ContainerWorkflowPipeline', {
212
212
  recipe: exampleContainerRecipe,
213
213
  workflows: [
214
- { workflow: imagebuilder.AwsManagedWorkflow.buildContainer(this, 'BuildContainer') },
215
- { workflow: imagebuilder.AwsManagedWorkflow.testContainer(this, 'TestContainer') },
216
- { workflow: imagebuilder.AwsManagedWorkflow.distributeContainer(this, 'DistributeContainer') }
214
+ { workflow: imagebuilder.AmazonManagedWorkflow.buildContainer(this, 'BuildContainer') },
215
+ { workflow: imagebuilder.AmazonManagedWorkflow.testContainer(this, 'TestContainer') },
216
+ { workflow: imagebuilder.AmazonManagedWorkflow.distributeContainer(this, 'DistributeContainer') }
217
217
  ]
218
218
  });
219
219
  ```
@@ -430,8 +430,8 @@ Use workflows for custom build, test, and distribution processes:
430
430
  const imageWithWorkflows = new imagebuilder.Image(this, 'ImageWithWorkflows', {
431
431
  recipe: exampleImageRecipe,
432
432
  workflows: [
433
- { workflow: imagebuilder.AwsManagedWorkflow.buildImage(this, 'BuildWorkflow') },
434
- { workflow: imagebuilder.AwsManagedWorkflow.testImage(this, 'TestWorkflow') }
433
+ { workflow: imagebuilder.AmazonManagedWorkflow.buildImage(this, 'BuildWorkflow') },
434
+ { workflow: imagebuilder.AmazonManagedWorkflow.testImage(this, 'TestWorkflow') }
435
435
  ]
436
436
  });
437
437
  ```
@@ -603,12 +603,12 @@ const imageRecipe = new imagebuilder.ImageRecipe(this, 'AmazonManagedImageRecipe
603
603
  ),
604
604
  components: [
605
605
  {
606
- component: imagebuilder.AwsManagedComponent.updateOS(this, 'UpdateOS', {
606
+ component: imagebuilder.AmazonManagedComponent.updateOs(this, 'UpdateOS', {
607
607
  platform: imagebuilder.Platform.LINUX
608
608
  })
609
609
  },
610
610
  {
611
- component: imagebuilder.AwsManagedComponent.awsCliV2(this, 'AwsCli', {
611
+ component: imagebuilder.AmazonManagedComponent.awsCliV2(this, 'AwsCli', {
612
612
  platform: imagebuilder.Platform.LINUX
613
613
  })
614
614
  }
@@ -790,19 +790,19 @@ const containerRecipe = new imagebuilder.ContainerRecipe(this, 'ComponentContain
790
790
  Use pre-built AWS components:
791
791
 
792
792
  ```ts
793
- const containerRecipe = new imagebuilder.ContainerRecipe(this, 'AwsManagedContainerRecipe', {
793
+ const containerRecipe = new imagebuilder.ContainerRecipe(this, 'AmazonManagedContainerRecipe', {
794
794
  baseImage: imagebuilder.BaseContainerImage.fromDockerHub('amazonlinux', 'latest'),
795
795
  targetRepository: imagebuilder.Repository.fromEcr(
796
796
  ecr.Repository.fromRepositoryName(this, 'Repository', 'my-container-repo')
797
797
  ),
798
798
  components: [
799
799
  {
800
- component: imagebuilder.AwsManagedComponent.updateOS(this, 'UpdateOS', {
800
+ component: imagebuilder.AmazonManagedComponent.updateOs(this, 'UpdateOS', {
801
801
  platform: imagebuilder.Platform.LINUX
802
802
  })
803
803
  },
804
804
  {
805
- component: imagebuilder.AwsManagedComponent.awsCliV2(this, 'AwsCli', {
805
+ component: imagebuilder.AmazonManagedComponent.awsCliV2(this, 'AwsCli', {
806
806
  platform: imagebuilder.Platform.LINUX
807
807
  })
808
808
  }
@@ -1070,17 +1070,17 @@ AWS provides a collection of managed components for common tasks:
1070
1070
 
1071
1071
  ```ts
1072
1072
  // Install AWS CLI v2
1073
- const awsCliComponent = imagebuilder.AwsManagedComponent.awsCliV2(this, 'AwsCli', {
1073
+ const awsCliComponent = imagebuilder.AmazonManagedComponent.awsCliV2(this, 'AwsCli', {
1074
1074
  platform: imagebuilder.Platform.LINUX
1075
1075
  });
1076
1076
 
1077
1077
  // Update the operating system
1078
- const updateComponent = imagebuilder.AwsManagedComponent.updateOS(this, 'UpdateOS', {
1078
+ const updateComponent = imagebuilder.AmazonManagedComponent.updateOs(this, 'UpdateOS', {
1079
1079
  platform: imagebuilder.Platform.LINUX
1080
1080
  });
1081
1081
 
1082
1082
  // Reference any AWS-managed component by name
1083
- const customAwsComponent = imagebuilder.AwsManagedComponent.fromAwsManagedComponentName(
1083
+ const customAwsComponent = imagebuilder.AmazonManagedComponent.fromAmazonManagedComponentName(
1084
1084
  this,
1085
1085
  'CloudWatchAgent',
1086
1086
  'amazon-cloudwatch-agent-linux'
@@ -1517,15 +1517,15 @@ AWS provides a collection of workflows for common scenarios:
1517
1517
 
1518
1518
  ```ts
1519
1519
  // Build workflows
1520
- const buildImageWorkflow = imagebuilder.AwsManagedWorkflow.buildImage(this, 'BuildImage');
1521
- const buildContainerWorkflow = imagebuilder.AwsManagedWorkflow.buildContainer(this, 'BuildContainer');
1520
+ const buildImageWorkflow = imagebuilder.AmazonManagedWorkflow.buildImage(this, 'BuildImage');
1521
+ const buildContainerWorkflow = imagebuilder.AmazonManagedWorkflow.buildContainer(this, 'BuildContainer');
1522
1522
 
1523
1523
  // Test workflows
1524
- const testImageWorkflow = imagebuilder.AwsManagedWorkflow.testImage(this, 'TestImage');
1525
- const testContainerWorkflow = imagebuilder.AwsManagedWorkflow.testContainer(this, 'TestContainer');
1524
+ const testImageWorkflow = imagebuilder.AmazonManagedWorkflow.testImage(this, 'TestImage');
1525
+ const testContainerWorkflow = imagebuilder.AmazonManagedWorkflow.testContainer(this, 'TestContainer');
1526
1526
 
1527
1527
  // Distribution workflows
1528
- const distributeContainerWorkflow = imagebuilder.AwsManagedWorkflow.distributeContainer(this, 'DistributeContainer');
1528
+ const distributeContainerWorkflow = imagebuilder.AmazonManagedWorkflow.distributeContainer(this, 'DistributeContainer');
1529
1529
  ```
1530
1530
 
1531
1531
  ### Lifecycle Policy
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.app-mesh-proxy-config.ts CHANGED
@@ -5,8 +5,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
5
5
  const app = new cdk.App({
6
6
  postCliContext: {
7
7
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
8
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
9
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
10
8
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
11
9
  },
12
10
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.capacity-provider-managed-draining.ts CHANGED
@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
7
7
  const app = new cdk.App({
8
8
  postCliContext: {
9
9
  '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
10
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
11
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
12
10
  },
13
11
  });
14
12
  const stack = new cdk.Stack(app, 'integ-ec2-capacity-provider-managed-draining');
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.capacity-provider.ts CHANGED
@@ -6,8 +6,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
6
6
  const app = new cdk.App({
7
7
  postCliContext: {
8
8
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
9
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
10
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
11
9
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
12
10
  },
13
11
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.clb-host-nw.ts CHANGED
@@ -2,12 +2,11 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
2
2
  import * as elb from 'aws-cdk-lib/aws-elasticloadbalancing';
3
3
  import * as cdk from 'aws-cdk-lib';
4
4
  import * as ecs from 'aws-cdk-lib/aws-ecs';
5
+ import { CfnResource } from 'aws-cdk-lib';
5
6
 
6
7
  const app = new cdk.App({
7
8
  postCliContext: {
8
9
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
9
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
10
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
11
10
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
12
11
  },
13
12
  });
@@ -45,6 +44,14 @@ const lb = new elb.LoadBalancer(stack, 'LB', { vpc });
45
44
  lb.addListener({ externalPort: 80 });
46
45
  lb.addTarget(service);
47
46
 
47
+ // Suppress security guardian rule for CLB default behavior
48
+ lb.connections.securityGroups.forEach(sg => {
49
+ const cfnSg = sg.node.defaultChild as CfnResource;
50
+ cfnSg.addMetadata('guard', {
51
+ SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
52
+ });
53
+ });
54
+
48
55
  new cdk.CfnOutput(stack, 'LoadBalancerDNS', { value: lb.loadBalancerDnsName });
49
56
 
50
57
  app.synth();
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cloudmap-container-port.ts CHANGED
@@ -2,12 +2,11 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
2
2
  import * as cloudmap from 'aws-cdk-lib/aws-servicediscovery';
3
3
  import * as cdk from 'aws-cdk-lib';
4
4
  import * as ecs from 'aws-cdk-lib/aws-ecs';
5
+ import { CfnResource } from 'aws-cdk-lib';
5
6
 
6
7
  const app = new cdk.App({
7
8
  postCliContext: {
8
9
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
9
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
10
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
11
10
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
12
11
  },
13
12
  });
@@ -33,6 +32,14 @@ const capacity = cluster.addCapacity('capacity', {
33
32
  });
34
33
  capacity.connections.allowFromAnyIpv4(ec2.Port.tcpRange(32768, 61000));
35
34
 
35
+ // Suppress security guardian rule for intentional test setup
36
+ capacity.connections.securityGroups.forEach(sg => {
37
+ const cfnSg = sg.node.defaultChild as CfnResource;
38
+ cfnSg.addMetadata('guard', {
39
+ SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
40
+ });
41
+ });
42
+
36
43
  cluster.addDefaultCloudMapNamespace({ name: 'aws-ecs-integ' });
37
44
 
38
45
  const taskDefinition = new ecs.Ec2TaskDefinition(stack, 'TaskDef', {});
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cluster-amazonlinux2-neuron-ami.ts CHANGED
@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
7
7
  const app = new cdk.App({
8
8
  postCliContext: {
9
9
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
10
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
11
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
12
10
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
13
11
  },
14
12
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cluster-imported.ts CHANGED
@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
7
7
  const app = new cdk.App({
8
8
  postCliContext: {
9
9
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
10
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
11
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
12
10
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
13
11
  },
14
12
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cluster-windows-server-ami.ts CHANGED
@@ -8,8 +8,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
8
8
  const app = new cdk.App({
9
9
  postCliContext: {
10
10
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
11
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
12
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
13
11
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
14
12
  },
15
13
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.cluster.amazonlinux2023-ami.ts CHANGED
@@ -8,8 +8,6 @@ import * as iam from 'aws-cdk-lib/aws-iam';
8
8
  const app = new cdk.App({
9
9
  postCliContext: {
10
10
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
11
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': true,
12
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
13
11
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
14
12
  },
15
13
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.default-capacity-provider.ts CHANGED
@@ -7,8 +7,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
7
7
  const app = new cdk.App({
8
8
  postCliContext: {
9
9
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
10
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
11
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
12
10
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
13
11
  },
14
12
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.deployment-alarms.ts CHANGED
@@ -8,8 +8,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
8
8
  const app = new cdk.App({
9
9
  postCliContext: {
10
10
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
11
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
12
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
13
11
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
14
12
  },
15
13
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.enable-execute-command.ts CHANGED
@@ -10,8 +10,6 @@ const app = new cdk.App({
10
10
  postCliContext: {
11
11
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
12
12
  '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': true,
13
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
14
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
15
13
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
16
14
  },
17
15
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.environment-file.ts CHANGED
@@ -10,8 +10,6 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha';
10
10
  const app = new cdk.App({
11
11
  postCliContext: {
12
12
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
13
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
14
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
15
13
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
16
14
  },
17
15
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.exec-command.ts CHANGED
@@ -8,8 +8,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
8
8
  const app = new cdk.App({
9
9
  postCliContext: {
10
10
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
11
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
12
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
13
11
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
14
12
  },
15
13
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.firelens-s3-config.ts CHANGED
@@ -3,12 +3,11 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
3
3
  import * as s3_assets from 'aws-cdk-lib/aws-s3-assets';
4
4
  import * as cdk from 'aws-cdk-lib';
5
5
  import * as ecs from 'aws-cdk-lib/aws-ecs';
6
+ import { CfnResource } from 'aws-cdk-lib';
6
7
 
7
8
  const app = new cdk.App({
8
9
  postCliContext: {
9
10
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
10
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
11
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
12
11
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
13
12
  },
14
13
  });
@@ -69,6 +68,13 @@ container.addPortMappings({
69
68
  // Create a security group that allows tcp @ port 80
70
69
  const securityGroup = new ec2.SecurityGroup(stack, 'websvc-sg', { vpc });
71
70
  securityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(80));
71
+
72
+ // Suppress security guardian rule for intentional test setup
73
+ const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
74
+ cfnSecurityGroup.addMetadata('guard', {
75
+ SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
76
+ });
77
+
72
78
  new ecs.Ec2Service(stack, 'Service', {
73
79
  cluster,
74
80
  taskDefinition,
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.graviton.ts CHANGED
@@ -5,8 +5,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
5
5
  const app = new cdk.App({
6
6
  postCliContext: {
7
7
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
8
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
9
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
10
8
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
11
9
  },
12
10
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.lb-awsvpc-nw.ts CHANGED
@@ -2,12 +2,11 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
2
2
  import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
3
3
  import * as cdk from 'aws-cdk-lib';
4
4
  import * as ecs from 'aws-cdk-lib/aws-ecs';
5
+ import { CfnResource } from 'aws-cdk-lib';
5
6
 
6
7
  const app = new cdk.App({
7
8
  postCliContext: {
8
9
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
9
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
10
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
11
10
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
12
11
  },
13
12
  });
@@ -49,6 +48,14 @@ listener.addTargets('ECS', {
49
48
  targets: [service],
50
49
  });
51
50
 
51
+ // Suppress security guardian rule for ALB default behavior (open: true)
52
+ lb.connections.securityGroups.forEach(sg => {
53
+ const cfnSg = sg.node.defaultChild as CfnResource;
54
+ cfnSg.addMetadata('guard', {
55
+ SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
56
+ });
57
+ });
58
+
52
59
  new cdk.CfnOutput(stack, 'LoadBalancerDNS', { value: lb.loadBalancerDnsName });
53
60
 
54
61
  app.synth();
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.lb-bridge-nw.ts CHANGED
@@ -3,12 +3,11 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2';
3
3
  import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
4
4
  import * as cdk from 'aws-cdk-lib';
5
5
  import * as ecs from 'aws-cdk-lib/aws-ecs';
6
+ import { CfnResource } from 'aws-cdk-lib';
6
7
 
7
8
  const app = new cdk.App({
8
9
  postCliContext: {
9
10
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
10
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
11
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
12
11
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
13
12
  },
14
13
  });
@@ -49,6 +48,14 @@ listener.addTargets('ECS', {
49
48
  targets: [service],
50
49
  });
51
50
 
51
+ // Suppress security guardian rule for ALB default behavior (open: true)
52
+ lb.connections.securityGroups.forEach(sg => {
53
+ const cfnSg = sg.node.defaultChild as CfnResource;
54
+ cfnSg.addMetadata('guard', {
55
+ SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
56
+ });
57
+ });
58
+
52
59
  new cdk.CfnOutput(stack, 'LoadBalancerDNS', { value: lb.loadBalancerDnsName });
53
60
 
54
61
  app.synth();
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-capacity-provider.ts CHANGED
@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
7
7
  const app = new cdk.App({
8
8
  postCliContext: {
9
9
  '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
10
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
11
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
12
10
  },
13
11
  });
14
12
  const stack = new cdk.Stack(app, 'integ-managedinstances-capacity-provider');
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-no-default-capacity-provider.ts CHANGED
@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
7
7
  const app = new cdk.App({
8
8
  postCliContext: {
9
9
  '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
10
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
11
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
12
10
  },
13
11
  });
14
12
  const stack = new cdk.Stack(app, 'integ-managedinstances-no-default-capacity-provider');
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.placement-constraint-default-empty.ts CHANGED
@@ -7,8 +7,6 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha';
7
7
  const app = new cdk.App({
8
8
  postCliContext: {
9
9
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
10
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
11
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
12
10
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
13
11
  },
14
12
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.placement-strategies.ts CHANGED
@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
7
7
  const app = new cdk.App({
8
8
  postCliContext: {
9
9
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
10
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
11
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
12
10
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
13
11
  },
14
12
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.pseudo-terminal.ts CHANGED
@@ -6,8 +6,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
6
6
  const app = new cdk.App({
7
7
  postCliContext: {
8
8
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
9
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
10
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
11
9
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
12
10
  },
13
11
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.sd-awsvpc-nw.ts CHANGED
@@ -5,8 +5,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
5
5
  const app = new cdk.App({
6
6
  postCliContext: {
7
7
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
8
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
9
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
10
8
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
11
9
  },
12
10
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.sd-bridge-nw.ts CHANGED
@@ -5,8 +5,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
5
5
  const app = new cdk.App({
6
6
  postCliContext: {
7
7
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
8
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
9
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
10
8
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
11
9
  },
12
10
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.spot-drain.ts CHANGED
@@ -5,8 +5,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
5
5
  const app = new cdk.App({
6
6
  postCliContext: {
7
7
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
8
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
9
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
10
8
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
11
9
  },
12
10
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.swap-parameters.ts CHANGED
@@ -7,8 +7,6 @@ import { LinuxParameters } from 'aws-cdk-lib/aws-ecs';
7
7
  const app = new cdk.App({
8
8
  postCliContext: {
9
9
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
10
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
11
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
12
10
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
13
11
  },
14
12
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.task-definition-placement-constraints.ts CHANGED
@@ -6,8 +6,6 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha';
6
6
  const app = new cdk.App({
7
7
  postCliContext: {
8
8
  '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
9
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
10
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
11
9
  '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
12
10
  },
13
11
  });
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.alb-ecs-service-command-entry-point.ts CHANGED
@@ -8,8 +8,6 @@ import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns';
8
8
  const app = new cdk.App({
9
9
  postCliContext: {
10
10
  '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
11
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
12
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
13
11
  },
14
12
  });
15
13
  const stack = new cdk.Stack(app, 'aws-ecs-integ-alb-ec2-cmd-entrypoint');
@@ -22,6 +20,11 @@ const securityGroup = new ec2.SecurityGroup(stack, 'SecurityGroup', {
22
20
  allowAllOutbound: true,
23
21
  });
24
22
  securityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcpRange(32768, 65535));
23
+ // Suppress security guardian rule - intentionally allowing public access for load balancer testing
24
+ const cfnSecurityGroup = securityGroup.node.defaultChild as cdk.CfnResource;
25
+ cfnSecurityGroup.addMetadata('guard', {
26
+ SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
27
+ });
25
28
 
26
29
  const provider = new ecs.AsgCapacityProvider(stack, 'CapacityProvier', {
27
30
  autoScalingGroup: new autoscaling.AutoScalingGroup(
@@ -61,6 +64,13 @@ const applicationLoadBalancedEc2Service = new ecsPatterns.ApplicationLoadBalance
61
64
  },
62
65
  );
63
66
  applicationLoadBalancedEc2Service.loadBalancer.connections.addSecurityGroup(securityGroup);
67
+ // Suppress security guardian rule - load balancer intentionally needs public access for testing
68
+ applicationLoadBalancedEc2Service.loadBalancer.connections.securityGroups.forEach(sg => {
69
+ const cfnSg = sg.node.defaultChild as cdk.CfnResource;
70
+ cfnSg.addMetadata('guard', {
71
+ SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
72
+ });
73
+ });
64
74
 
65
75
  new integ.IntegTest(app, 'AlbEc2ServiceWithCommandAndEntryPoint', {
66
76
  testCases: [stack],
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.application-load-balanced-ecs-service.ts CHANGED
@@ -1,15 +1,13 @@
1
1
  import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
2
2
  import { InstanceType, Vpc, SecurityGroup, Peer, Port } from 'aws-cdk-lib/aws-ec2';
3
3
  import { Cluster, ContainerImage, AsgCapacityProvider, EcsOptimizedImage } from 'aws-cdk-lib/aws-ecs';
4
- import { App, Stack } from 'aws-cdk-lib';
4
+ import { App, Stack, CfnResource } from 'aws-cdk-lib';
5
5
  import * as integ from '@aws-cdk/integ-tests-alpha';
6
6
  import { ApplicationLoadBalancedEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
7
7
  import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
8
8
 
9
9
  const app = new App({
10
10
  postCliContext: {
11
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
12
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
13
11
  },
14
12
  });
15
13
  const stack = new Stack(app, 'aws-ecs-integ-alb');
@@ -20,6 +18,11 @@ const securityGroup = new SecurityGroup(stack, 'SecurityGroup', {
20
18
  allowAllOutbound: true,
21
19
  });
22
20
  securityGroup.addIngressRule(Peer.anyIpv4(), Port.tcpRange(32768, 65535));
21
+ // Suppress security guardian rule - intentionally allowing public access for load balancer testing
22
+ const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
23
+ cfnSecurityGroup.addMetadata('guard', {
24
+ SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
25
+ });
23
26
 
24
27
  const provider1 = new AsgCapacityProvider(stack, 'FirstCapacityProvier', {
25
28
  autoScalingGroup: new AutoScalingGroup(stack, 'FirstAutoScalingGroup', {
@@ -65,6 +68,13 @@ const applicationLoadBalancedEc2Service = new ApplicationLoadBalancedEc2Service(
65
68
  ipAddressType: elbv2.IpAddressType.IPV4,
66
69
  });
67
70
  applicationLoadBalancedEc2Service.loadBalancer.connections.addSecurityGroup(securityGroup);
71
+ // Suppress security guardian rule - load balancer intentionally needs public access for testing
72
+ applicationLoadBalancedEc2Service.loadBalancer.connections.securityGroups.forEach(sg => {
73
+ const cfnSg = sg.node.defaultChild as CfnResource;
74
+ cfnSg.addMetadata('guard', {
75
+ SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
76
+ });
77
+ });
68
78
 
69
79
  new integ.IntegTest(app, 'applicationLoadBalancedEc2ServiceTest', {
70
80
  testCases: [stack],
cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.healthchecks-multiple-application-load-balanced-ecs-service.ts CHANGED
@@ -2,15 +2,13 @@ import { InstanceType, Vpc, SecurityGroup, Peer, Port } from 'aws-cdk-lib/aws-ec
2
2
  import { Cluster, ContainerImage, AsgCapacityProvider, EcsOptimizedImage } from 'aws-cdk-lib/aws-ecs';
3
3
  import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
4
4
  import { Protocol } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
5
- import { App, Duration, Stack } from 'aws-cdk-lib';
5
+ import { App, Duration, Stack, CfnResource } from 'aws-cdk-lib';
6
6
  import { IntegTest } from '@aws-cdk/integ-tests-alpha';
7
7
 
8
8
  import { ApplicationMultipleTargetGroupsEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
9
9
 
10
10
  const app = new App({
11
11
  postCliContext: {
12
- '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
13
- '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
14
12
  },
15
13
  });
16
14
  const stack = new Stack(app, 'aws-ecs-integ-multiple-alb-healthchecks');
@@ -21,6 +19,11 @@ const securityGroup = new SecurityGroup(stack, 'MyAutoScalingGroupSG', {
21
19
  allowAllOutbound: true,
22
20
  });
23
21
  securityGroup.addIngressRule(Peer.anyIpv4(), Port.tcpRange(32768, 65535));
22
+ // Suppress security guardian rule - intentionally allowing public access for load balancer testing
23
+ const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
24
+ cfnSecurityGroup.addMetadata('guard', {
25
+ SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
26
+ });
24
27
  const provider = new AsgCapacityProvider(stack, 'MyProvider', {
25
28
  autoScalingGroup: new AutoScalingGroup(stack, 'MyAutoScalingGroup', {
26
29
  vpc,
@@ -70,6 +73,15 @@ const applicationMultipleTargetGroupsFargateService = new ApplicationMultipleTar
70
73
  });
71
74
  applicationMultipleTargetGroupsFargateService.loadBalancers[0].connections.addSecurityGroup(securityGroup);
72
75
  applicationMultipleTargetGroupsFargateService.loadBalancers[1].connections.addSecurityGroup(securityGroup);
76
+ // Suppress security guardian rule - load balancers intentionally need public access for testing
77
+ applicationMultipleTargetGroupsFargateService.loadBalancers.forEach(lb => {
78
+ lb.connections.securityGroups.forEach(sg => {
79
+ const cfnSg = sg.node.defaultChild as CfnResource;
80
+ cfnSg.addMetadata('guard', {
81
+ SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
82
+ });
83
+ });
84
+ });
73
85
 
74
86
  applicationMultipleTargetGroupsFargateService.targetGroups[0].configureHealthCheck({
75
87
  protocol: Protocol.HTTP,