PyPI - konokenj.cdk-api-mcp-server - Versions diffs - 0.65.0__py3-none-any.whl → 0.67.0__py3-none-any.whl - Mend

konokenj.cdk-api-mcp-server 0.65.0py3-none-any.whl → 0.67.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of konokenj.cdk-api-mcp-server might be problematic. Click here for more details.

Files changed (68) hide show

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-capacity-provider-default-roles.ts ADDED Viewed

@@ -0,0 +1,93 @@
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as cdk from 'aws-cdk-lib';
+import * as ecs from 'aws-cdk-lib/aws-ecs';
+import * as integ from '@aws-cdk/integ-tests-alpha';
+const app = new cdk.App({
+  postCliContext: {
+    '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
+    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
+    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
+  },
+});
+const stack = new cdk.Stack(app, 'integ-managedinstances-capacity-provider-default-roles');
+const vpc = new ec2.Vpc(stack, 'Vpc', { maxAzs: 2, restrictDefaultSecurityGroup: true });
+const cluster = new ecs.Cluster(stack, 'ManagedInstancesCluster', {
+  vpc,
+  enableFargateCapacityProviders: true,
+});
+// Create a security group for FMI instances
+const fmiSecurityGroup = new ec2.SecurityGroup(stack, 'ManagedInstancesSecurityGroup', {
+  vpc,
+  description: 'Security group for ManagedInstances capacity provider instances',
+  allowAllOutbound: false,
+});
+// Add specific outbound rule for HTTPS
+fmiSecurityGroup.addEgressRule(
+  ec2.Peer.anyIpv4(),
+  ec2.Port.tcp(443),
+  'Allow HTTPS outbound',
+);
+// Create MI Capacity Provider without specifying infrastructureRole or ec2InstanceProfile
+// This will test the default roles
+const miCapacityProvider = new ecs.ManagedInstancesCapacityProvider(stack, 'ManagedInstancesCapacityProvider', {
+  subnets: vpc.privateSubnets,
+  securityGroups: [fmiSecurityGroup],
+  propagateTags: ecs.PropagateManagedInstancesTags.CAPACITY_PROVIDER,
+  instanceRequirements: {
+    vCpuCountMin: 1,
+    memoryMin: cdk.Size.gibibytes(2),
+    cpuManufacturers: [ec2.CpuManufacturer.INTEL],
+  },
+});
+// Add FMI capacity provider to cluster
+cluster.addManagedInstancesCapacityProvider(miCapacityProvider);
+cluster.addDefaultCapacityProviderStrategy([
+  {
+    capacityProvider: miCapacityProvider.capacityProviderName,
+    weight: 1,
+  },
+]);
+// Create a task definition compatible with Managed Instances and Fargate
+const taskDefinition = new ecs.TaskDefinition(stack, 'TaskDef', {
+  compatibility: ecs.Compatibility.FARGATE_AND_MANAGED_INSTANCES,
+  cpu: '256',
+  memoryMiB: '512',
+  networkMode: ecs.NetworkMode.AWS_VPC,
+});
+taskDefinition.addContainer('web', {
+  image: ecs.ContainerImage.fromRegistry('public.ecr.aws/docker/library/httpd:2.4'),
+  memoryLimitMiB: 512,
+  portMappings: [
+    {
+      containerPort: 80,
+      protocol: ecs.Protocol.TCP,
+    },
+  ],
+});
+// Create a service using the MI capacity provider
+new ecs.FargateService(stack, 'ManagedInstancesService', {
+  cluster,
+  taskDefinition,
+  capacityProviderStrategies: [
+    {
+      capacityProvider: miCapacityProvider.capacityProviderName,
+      weight: 1,
+    },
+  ],
+  desiredCount: 1,
+});
+new integ.IntegTest(app, 'ManagedInstancesCapacityProvidersDefaultRoles', {
+  testCases: [stack],
+});
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-capacity-provider.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new cdk.Stack(app, 'integ-managedinstances-capacity-provider');

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.managedinstances-no-default-capacity-provider.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new cdk.Stack(app, 'integ-managedinstances-no-default-capacity-provider');

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.placement-constraint-default-empty.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.placement-strategies.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import * as integ from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.pseudo-terminal.ts CHANGED Viewed

@@ -6,8 +6,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.sd-awsvpc-nw.ts CHANGED Viewed

@@ -5,8 +5,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.sd-bridge-nw.ts CHANGED Viewed

@@ -5,8 +5,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.spot-drain.ts CHANGED Viewed

@@ -5,8 +5,6 @@ import * as ecs from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.swap-parameters.ts CHANGED Viewed

@@ -7,8 +7,6 @@ import { LinuxParameters } from 'aws-cdk-lib/aws-ecs';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs/integ.task-definition-placement-constraints.ts CHANGED Viewed

@@ -6,8 +6,6 @@ import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.alb-ecs-service-command-entry-point.ts CHANGED Viewed

@@ -8,8 +8,6 @@ import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': true,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new cdk.Stack(app, 'aws-ecs-integ-alb-ec2-cmd-entrypoint');
@@ -22,6 +20,11 @@ const securityGroup = new ec2.SecurityGroup(stack, 'SecurityGroup', {
   allowAllOutbound: true,
 });
 securityGroup.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcpRange(32768, 65535));
+// Suppress security guardian rule - intentionally allowing public access for load balancer testing
+const cfnSecurityGroup = securityGroup.node.defaultChild as cdk.CfnResource;
+cfnSecurityGroup.addMetadata('guard', {
+  SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+});
 const provider = new ecs.AsgCapacityProvider(stack, 'CapacityProvier', {
   autoScalingGroup: new autoscaling.AutoScalingGroup(
@@ -61,6 +64,13 @@ const applicationLoadBalancedEc2Service = new ecsPatterns.ApplicationLoadBalance
   },
 );
 applicationLoadBalancedEc2Service.loadBalancer.connections.addSecurityGroup(securityGroup);
+// Suppress security guardian rule - load balancer intentionally needs public access for testing
+applicationLoadBalancedEc2Service.loadBalancer.connections.securityGroups.forEach(sg => {
+  const cfnSg = sg.node.defaultChild as cdk.CfnResource;
+  cfnSg.addMetadata('guard', {
+    SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+  });
+});
 new integ.IntegTest(app, 'AlbEc2ServiceWithCommandAndEntryPoint', {
   testCases: [stack],

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.application-load-balanced-ecs-service.ts CHANGED Viewed

@@ -1,15 +1,13 @@
 import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
 import { InstanceType, Vpc, SecurityGroup, Peer, Port } from 'aws-cdk-lib/aws-ec2';
 import { Cluster, ContainerImage, AsgCapacityProvider, EcsOptimizedImage } from 'aws-cdk-lib/aws-ecs';
-import { App, Stack } from 'aws-cdk-lib';
+import { App, Stack, CfnResource } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import { ApplicationLoadBalancedEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2';
 const app = new App({
   postCliContext: {
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new Stack(app, 'aws-ecs-integ-alb');
@@ -20,6 +18,11 @@ const securityGroup = new SecurityGroup(stack, 'SecurityGroup', {
   allowAllOutbound: true,
 });
 securityGroup.addIngressRule(Peer.anyIpv4(), Port.tcpRange(32768, 65535));
+// Suppress security guardian rule - intentionally allowing public access for load balancer testing
+const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
+cfnSecurityGroup.addMetadata('guard', {
+  SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+});
 const provider1 = new AsgCapacityProvider(stack, 'FirstCapacityProvier', {
   autoScalingGroup: new AutoScalingGroup(stack, 'FirstAutoScalingGroup', {
@@ -65,6 +68,13 @@ const applicationLoadBalancedEc2Service = new ApplicationLoadBalancedEc2Service(
   ipAddressType: elbv2.IpAddressType.IPV4,
 });
 applicationLoadBalancedEc2Service.loadBalancer.connections.addSecurityGroup(securityGroup);
+// Suppress security guardian rule - load balancer intentionally needs public access for testing
+applicationLoadBalancedEc2Service.loadBalancer.connections.securityGroups.forEach(sg => {
+  const cfnSg = sg.node.defaultChild as CfnResource;
+  cfnSg.addMetadata('guard', {
+    SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+  });
+});
 new integ.IntegTest(app, 'applicationLoadBalancedEc2ServiceTest', {
   testCases: [stack],

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.healthchecks-multiple-application-load-balanced-ecs-service.ts CHANGED Viewed

@@ -2,15 +2,13 @@ import { InstanceType, Vpc, SecurityGroup, Peer, Port } from 'aws-cdk-lib/aws-ec
 import { Cluster, ContainerImage, AsgCapacityProvider, EcsOptimizedImage } from 'aws-cdk-lib/aws-ecs';
 import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
 import { Protocol } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
-import { App, Duration, Stack } from 'aws-cdk-lib';
+import { App, Duration, Stack, CfnResource } from 'aws-cdk-lib';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 import { ApplicationMultipleTargetGroupsEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 const app = new App({
   postCliContext: {
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new Stack(app, 'aws-ecs-integ-multiple-alb-healthchecks');
@@ -21,6 +19,11 @@ const securityGroup = new SecurityGroup(stack, 'MyAutoScalingGroupSG', {
   allowAllOutbound: true,
 });
 securityGroup.addIngressRule(Peer.anyIpv4(), Port.tcpRange(32768, 65535));
+// Suppress security guardian rule - intentionally allowing public access for load balancer testing
+const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
+cfnSecurityGroup.addMetadata('guard', {
+  SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+});
 const provider = new AsgCapacityProvider(stack, 'MyProvider', {
   autoScalingGroup: new AutoScalingGroup(stack, 'MyAutoScalingGroup', {
     vpc,
@@ -70,6 +73,15 @@ const applicationMultipleTargetGroupsFargateService = new ApplicationMultipleTar
 });
 applicationMultipleTargetGroupsFargateService.loadBalancers[0].connections.addSecurityGroup(securityGroup);
 applicationMultipleTargetGroupsFargateService.loadBalancers[1].connections.addSecurityGroup(securityGroup);
+// Suppress security guardian rule - load balancers intentionally need public access for testing
+applicationMultipleTargetGroupsFargateService.loadBalancers.forEach(lb => {
+  lb.connections.securityGroups.forEach(sg => {
+    const cfnSg = sg.node.defaultChild as CfnResource;
+    cfnSg.addMetadata('guard', {
+      SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+    });
+  });
+});
 applicationMultipleTargetGroupsFargateService.targetGroups[0].configureHealthCheck({
   protocol: Protocol.HTTP,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.healthchecks-multiple-network-load-balanced-ecs-service.ts CHANGED Viewed

@@ -1,14 +1,12 @@
 import { InstanceType, Vpc, Peer, Port, SecurityGroup } from 'aws-cdk-lib/aws-ec2';
 import { AsgCapacityProvider, Cluster, ContainerImage, EcsOptimizedImage } from 'aws-cdk-lib/aws-ecs';
 import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
-import { App, Stack } from 'aws-cdk-lib';
+import { App, Stack, CfnResource } from 'aws-cdk-lib';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 import { NetworkMultipleTargetGroupsEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 const app = new App({
   postCliContext: {
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new Stack(app, 'aws-ecs-integ-nlb-healthchecks');
@@ -19,6 +17,13 @@ const securityGroup = new SecurityGroup(stack, 'MyAutoScalingGroupSG', {
   allowAllOutbound: true,
 });
 securityGroup.addIngressRule(Peer.anyIpv4(), Port.tcpRange(32768, 65535));
+// Suppress security guardian rule for intentional test setup
+const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
+cfnSecurityGroup.addMetadata('guard', {
+  SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+});
 const provider = new AsgCapacityProvider(stack, 'MyProvider', {
   autoScalingGroup: new AutoScalingGroup(stack, 'MyAutoScalingGroup', {
     vpc,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.multiple-application-load-balanced-ecs-service-idle-timeout.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import { InstanceType, Vpc } from 'aws-cdk-lib/aws-ec2';
 import { Cluster, ContainerImage } from 'aws-cdk-lib/aws-ecs';
 import { ApplicationProtocol, SslPolicy } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
 import { PublicHostedZone } from 'aws-cdk-lib/aws-route53';
-import { App, Duration, Stack } from 'aws-cdk-lib';
+import { App, Duration, Stack, CfnResource } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import { ApplicationMultipleTargetGroupsEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 import { AUTOSCALING_GENERATE_LAUNCH_TEMPLATE } from 'aws-cdk-lib/cx-api';
@@ -13,8 +13,6 @@ const app = new App({
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
     '@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm': false,
     '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });
@@ -26,7 +24,7 @@ const cluster = new Cluster(stack, 'Cluster', { vpc });
 cluster.addCapacity('DefaultAutoScalingGroup', { instanceType: new InstanceType('t2.micro') });
 // Two load balancers with different idle timeouts.
-new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
+const service = new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
   cluster,
   memoryLimitMiB: 256,
   taskImageOptions: {
@@ -87,6 +85,16 @@ new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
   ],
 });
+// Suppress security guardian rule for ALB default behavior (open: true)
+service.loadBalancers.forEach(lb => {
+  lb.connections.securityGroups.forEach(sg => {
+    const cfnSg = sg.node.defaultChild as CfnResource;
+    cfnSg.addMetadata('guard', {
+      SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+    });
+  });
+});
 new integ.IntegTest(app, 'multiAlbEcsEc2Test', {
   testCases: [stack],
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.multiple-application-load-balanced-ecs-service.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { InstanceType, Vpc } from 'aws-cdk-lib/aws-ec2';
 import { Cluster, ContainerImage, Ec2TaskDefinition } from 'aws-cdk-lib/aws-ecs';
-import { App, Stack } from 'aws-cdk-lib';
+import { App, Stack, CfnResource } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import { ApplicationMultipleTargetGroupsEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 import { REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS } from 'aws-cdk-lib/cx-api';
@@ -9,8 +9,6 @@ const app = new App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
     [REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS]: false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });
@@ -32,7 +30,7 @@ taskDefinition.addContainer('web', {
 });
 // One load balancer with one listener and two target groups.
-new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
+const service = new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
   cluster,
   taskDefinition,
   enableExecuteCommand: true,
@@ -48,6 +46,14 @@ new ApplicationMultipleTargetGroupsEc2Service(stack, 'myService', {
   ],
 });
+// Suppress security guardian rule for ALB default behavior (open: true)
+service.loadBalancer.connections.securityGroups.forEach(sg => {
+  const cfnSg = sg.node.defaultChild as CfnResource;
+  cfnSg.addMetadata('guard', {
+    SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+  });
+});
 new integ.IntegTest(app, 'applicationMultipleTargetGroupsEc2ServiceTest', {
   testCases: [stack],
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.network-load-balanced-ecs-service.ts CHANGED Viewed

@@ -1,15 +1,13 @@
 import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
 import { InstanceType, Vpc, SecurityGroup, Peer, Port } from 'aws-cdk-lib/aws-ec2';
 import { Cluster, ContainerImage, AsgCapacityProvider, EcsOptimizedImage } from 'aws-cdk-lib/aws-ecs';
-import { App, Stack } from 'aws-cdk-lib';
+import { App, Stack, CfnResource } from 'aws-cdk-lib';
 import * as integ from '@aws-cdk/integ-tests-alpha';
 import { NetworkLoadBalancedEc2Service } from 'aws-cdk-lib/aws-ecs-patterns';
 import { IpAddressType } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
 const app = new App({
   postCliContext: {
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
   },
 });
 const stack = new Stack(app, 'aws-ecs-integ-nlb');
@@ -21,6 +19,12 @@ const securityGroup = new SecurityGroup(stack, 'SecurityGroup', {
 });
 securityGroup.addIngressRule(Peer.anyIpv4(), Port.tcpRange(32768, 65535));
+// Suppress security guardian rule for intentional test setup
+const cfnSecurityGroup = securityGroup.node.defaultChild as CfnResource;
+cfnSecurityGroup.addMetadata('guard', {
+  SuppressedRules: ['EC2_NO_OPEN_SECURITY_GROUPS'],
+});
 const provider1 = new AsgCapacityProvider(stack, 'FirstCapacityProvider', {
   autoScalingGroup: new AutoScalingGroup(stack, 'FirstAutoScalingGroup', {
     vpc,

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.scheduled-ecs-task.ts CHANGED Viewed

@@ -8,8 +8,6 @@ import { ScheduledEc2Task } from 'aws-cdk-lib/aws-ecs-patterns';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-ecs-patterns/integ.tls-network-load-balanced-ecs-service.ts CHANGED Viewed

@@ -14,8 +14,6 @@ if (!certArn) throw new Error('For this test you must provide your own Certifica
 const app = new App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-eks/README.md CHANGED Viewed

@@ -282,7 +282,7 @@ cluster.addNodegroupCapacity('custom-node-group', {
 });
 ```
-> **NOTE:** If you add instances with the inferentia class (`inf1` or `inf2`) or trainium class (`trn1` or `trn1n`)
+> **NOTE:** If you add instances with the inferentia class (`inf1` or `inf2`) or trainium class (`trn1`, `trn1n`, or `trn2`)
 > the [neuron plugin](https://awsdocs-neuron.readthedocs-hosted.com/en/latest/containers/dlc-then-eks-devflow.html)
 > will be automatically installed in the kubernetes cluster.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/README.md CHANGED Viewed

@@ -718,6 +718,52 @@ rule.addTarget(new targets.RedshiftQuery(workgroup.attrWorkgroupWorkgroupArn, {
 }));
 ```
+## Send events to an SQS queue
+Use the `SqsQueue` target to send events to an SQS queue.
+The code snippet below creates an event rule that sends events to an SQS queue every hour:
+```ts
+const queue = new sqs.Queue(this, 'MyQueue');
+const rule = new events.Rule(this, 'Rule', {
+  schedule: events.Schedule.rate(cdk.Duration.hours(1)),
+});
+rule.addTarget(new targets.SqsQueue(queue));
+```
+### Using Message Group IDs
+You can specify a `messageGroupId` to ensure messages are processed in order. This parameter is required for FIFO queues and optional for standard queues:
+```ts
+// FIFO queue - messageGroupId required
+const fifoQueue = new sqs.Queue(this, 'MyFifoQueue', {
+  fifo: true,
+});
+const fifoRule = new events.Rule(this, 'FifoRule', {
+  schedule: events.Schedule.rate(cdk.Duration.hours(1)),
+});
+fifoRule.addTarget(new targets.SqsQueue(fifoQueue, {
+  messageGroupId: 'MyMessageGroupId',
+}));
+// Standard queue - messageGroupId optional (SQS Fair queue feature)
+const standardQueue = new sqs.Queue(this, 'MyStandardQueue');
+const standardRule = new events.Rule(this, 'StandardRule', {
+  schedule: events.Schedule.rate(cdk.Duration.hours(1)),
+});
+standardRule.addTarget(new targets.SqsQueue(standardQueue, {
+  messageGroupId: 'MyMessageGroupId', // Optional for standard queues
+}));
+```
 ## Publish to an SNS Topic
 Use the `SnsTopic` target to publish to an SNS Topic.

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/integ.event-ec2-task.ts CHANGED Viewed

@@ -10,8 +10,6 @@ import * as targets from 'aws-cdk-lib/aws-events-targets';
 const app = new cdk.App({
   postCliContext: {
     '@aws-cdk/aws-lambda:useCdkManagedLogGroup': false,
-    '@aws-cdk/aws-ecs:enableImdsBlockingDeprecatedFeature': false,
-    '@aws-cdk/aws-ecs:disableEcsImdsBlocking': false,
     '@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': false,
   },
 });

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-events-targets/integ.sqs-event-rule-target.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import * as kms from 'aws-cdk-lib/aws-kms';
 import * as sqs from 'aws-cdk-lib/aws-sqs';
 import * as cdk from 'aws-cdk-lib';
 import * as targets from 'aws-cdk-lib/aws-events-targets';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 // ---------------------------------
 // Define a rule that triggers an SNS topic every 1min.
@@ -23,11 +24,45 @@ const queue = new sqs.Queue(stack, 'MyQueue', {
   encryption: sqs.QueueEncryption.KMS,
   encryptionMasterKey: key,
 });
+// Suppress false positive: queue uses separate QueuePolicy resource (not inline), which is the correct pattern
+(queue.node.defaultChild as cdk.CfnResource).addMetadata('guard', {
+  SuppressedRules: ['SQS_NO_WORLD_ACCESSIBLE_INLINE'],
+});
-const deadLetterQueue = new sqs.Queue(stack, 'MyDeadLetterQueue');
+const deadLetterQueue = new sqs.Queue(stack, 'MyDeadLetterQueue', {
+  encryption: sqs.QueueEncryption.SQS_MANAGED,
+});
+// Suppress false positive: queue uses separate QueuePolicy resource (not inline), which is the correct pattern
+(deadLetterQueue.node.defaultChild as cdk.CfnResource).addMetadata('guard', {
+  SuppressedRules: ['SQS_NO_WORLD_ACCESSIBLE_INLINE'],
+});
 event.addTarget(new targets.SqsQueue(queue, {
   deadLetterQueue,
 }));
-app.synth();
+// Test messageGroupId support for standard (non-FIFO) queues
+const standardQueue = new sqs.Queue(stack, 'StandardQueue', {
+  encryption: sqs.QueueEncryption.SQS_MANAGED,
+});
+// Suppress false positive: queue uses separate QueuePolicy resource (not inline), which is the correct pattern
+(standardQueue.node.defaultChild as cdk.CfnResource).addMetadata('guard', {
+  SuppressedRules: ['SQS_NO_WORLD_ACCESSIBLE_INLINE'],
+});
+const standardQueueEvent = new events.Rule(stack, 'StandardQueueRule', {
+  schedule: events.Schedule.rate(cdk.Duration.minutes(1)),
+});
+standardQueueEvent.addTarget(new targets.SqsQueue(standardQueue, {
+  messageGroupId: 'MyMessageGroupId',
+}));
+new IntegTest(app, 'integ.sqs-event-rule-target', {
+  testCases: [stack],
+  allowDestroy: [
+    'AWS::SQS::Queue',
+    'AWS::SQS::QueuePolicy',
+    'AWS::Events::Rule',
+  ],
+});

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-lambda/integ.runtimes.ts CHANGED Viewed

@@ -17,6 +17,14 @@ new Function(stack, 'Lambda', {
   runtime: Runtime.DOTNET_8,
 });
+new Function(stack, 'DotNet10Lambda', {
+  code: Code.fromAsset(path.join(__dirname, 'dotnet-handler')),
+  handler: 'Handler',
+  runtime: Runtime.DOTNET_10,
+});
 new integ.IntegTest(app, 'lambda-runtime-management', {
   testCases: [stack],
 });
+app.synth();

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-logs/README.md CHANGED Viewed

@@ -109,9 +109,10 @@ Log events matching a particular filter can be sent to either a Lambda function
 or a Kinesis stream.
 If the Kinesis stream lives in a different account, a `CrossAccountDestination`
-object needs to be added in the destination account which will act as a proxy
-for the remote Kinesis stream. This object is automatically created for you
-if you use the CDK Kinesis library.
+object must be explicitly created in the destination account which will act as a proxy
+for the remote Kinesis stream.
+Note: The aws-cdk-lib/aws-logs-destinations KinesisDestination construct does not automatically create a CrossAccountDestination for cross-account scenarios.
 Create a `SubscriptionFilter`, initialize it with an appropriate `Pattern` (see
 below) and supply the intended destination:

cdk_api_mcp_server/resources/aws-cdk/constructs/aws-cdk-lib/aws-rds/README.md CHANGED Viewed

@@ -1253,6 +1253,7 @@ new rds.OptionGroup(this, 'Options', {
       securityGroups: [securityGroup], // Optional - a default group will be created if not provided.
     },
   ],
+  optionGroupName: 'MyOptionGroup'
 });
 ```

konokenj.cdk-api-mcp-server 0.65.0__py3-none-any.whl → 0.67.0__py3-none-any.whl

Potentially problematic release.

konokenj.cdk-api-mcp-server 0.65.0py3-none-any.whl → 0.67.0py3-none-any.whl