doc: update readme with cdk-lib changes

Author: mkhidir-aws

.github/workflows/build.yaml

@@ -7,9 +7,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
           node-version: "20"
+      - name: Install latest CDK CLI
+        run: |
+          npm install -g aws-cdk@latest
+          cdk --version
       - name: Formatting
         run: |
           npm ci
@@ -23,7 +27,7 @@ jobs:
           npm audit
           npm run build
           npm run test
-          npx cdk synth
+          cdk synth
       - name: PyTests
         # Suppression of pip audit failure until langchain is upgraded.
         run: |

README.md

@@ -27,6 +27,16 @@ This blueprint deploys the complete AWS GenAI LLM Chatbot solution in your AWS a
 - AWS CLI configured with credentials
 - Node.js 18+ and npm
 - Python 3.8+
+- AWS CDK CLI version compatible with aws-cdk-lib 2.206.0 or later
+  ```bash
+  # Install or update the CDK CLI globally
+  npm install -g aws-cdk@latest
+  
+  # Verify the installed version
+  cdk --version
+  ```
+
+> **Important**: The CDK CLI version must be compatible with the aws-cdk-lib version used in this project (currently 2.206.0). If you encounter a "Cloud assembly schema version mismatch" error during deployment, update your CDK CLI to the latest version using the command above.
 
 ### Deployment
 

lib/authentication/lambda/addFederatedUserToUserGroup/index.py

@@ -72,7 +72,7 @@ def add_user_to_group(cognito, username, group_name, user_pool_id):
 
 def handler(event, context):
     print(f"Event received: {event}")
-    
+
     # Handle different trigger types with different event structures
     if "request" in event and "userAttributes" in event["request"]:
         # POST_AUTHENTICATION trigger
@@ -88,18 +88,30 @@ def handler(event, context):
         new_group = user_attributes.get("custom:chatbot_role")
         user_pool_id = event["userPoolId"]
         trigger_type = "PRE_AUTHENTICATION"
-    elif "request" in event and "userAttributes" in event["request"] and "validationData" in event["request"]:
+    elif (
+        "request" in event
+        and "userAttributes" in event["request"]
+        and "validationData" in event["request"]
+    ):
         # POST_CONFIRMATION trigger
         user_attributes = event["request"]["userAttributes"]
         username = user_attributes.get("sub") or user_attributes.get("username")
         new_group = user_attributes.get("custom:chatbot_role")
         user_pool_id = event["userPoolId"]
         trigger_type = "POST_CONFIRMATION"
-    elif "request" in event and "userAttributes" in event["request"] and "validationData" not in event["request"]:
+    elif (
+        "request" in event
+        and "userAttributes" in event["request"]
+        and "validationData" not in event["request"]
+    ):
         # PRE_SIGN_UP trigger
         user_attributes = event["request"]["userAttributes"]
         # For Pre sign-up, username might be in different fields
-        username = user_attributes.get("sub") or user_attributes.get("username") or user_attributes.get("email")
+        username = (
+            user_attributes.get("sub")
+            or user_attributes.get("username")
+            or user_attributes.get("email")
+        )
         new_group = user_attributes.get("custom:chatbot_role")
         user_pool_id = event["userPoolId"]
         trigger_type = "PRE_SIGN_UP"
@@ -115,7 +127,7 @@ def handler(event, context):
 
     # Get default group from environment variable or use 'user' as fallback
     default_group = os.environ.get("DEFAULT_USER_GROUP", "user")
-    
+
     # If no custom:chatbot_role is provided, use default group
     if not new_group:
         new_group = default_group
@@ -125,18 +137,22 @@ def handler(event, context):
     if trigger_type == "PRE_SIGN_UP":
         print("Pre sign-up trigger - user will be created after this trigger completes")
         print(f"Will assign user to group: {new_group}")
-        print("Note: Group assignment will happen in a separate trigger (POST_CONFIRMATION)")
-        
+        print(
+            "Note: Group assignment will happen in a separate \
+            trigger (POST_CONFIRMATION)"
+        )
+
         # For Pre sign-up, we can only validate or modify the sign-up request
         # We cannot assign groups yet as the user doesn't exist
-        # The group assignment will need to happen in POST_CONFIRMATION or PRE_AUTHENTICATION
-        
+        # The group assignment will need to happen in
+        # POST_CONFIRMATION or PRE_AUTHENTICATION
+
         # You might want to add the group information to the user attributes
         # so it can be used later in POST_CONFIRMATION
         if "custom:chatbot_role" not in user_attributes:
             user_attributes["custom:chatbot_role"] = new_group
             print(f"Added custom:chatbot_role attribute: {new_group}")
-        
+
         return event
 
     # For other triggers (PRE_AUTHENTICATION, POST_AUTHENTICATION, POST_CONFIRMATION)

package-lock.json

@@ -64,7 +64,7 @@
     "@types/node": "20.1.7",
     "@typescript-eslint/eslint-plugin": "^6.0.0",
     "@typescript-eslint/parser": "^6.0.0",
-    "aws-cdk": "~2.1010.0",
+    "aws-cdk": "^2.211.0",
     "aws-xray-sdk-core": "3.10.1",
     "eslint": "^8.45.0",
     "eslint-config-prettier": "^9.1.0",
@@ -85,7 +85,7 @@
     "@aws-cdk/aws-apigatewayv2-integrations-alpha": "^2.114.1-alpha.0",
     "@aws-cdk/aws-cognito-identitypool-alpha": "^2.114.1-alpha.0",
     "@cdklabs/generative-ai-cdk-constructs": "^0.1.122",
-    "aws-cdk-lib": "~2.206.0",
+    "aws-cdk-lib": "^2.211.0",
     "cdk-monitoring-constructs": "8.1.0",
     "cdk-nag": "2.28.139",
     "commander": "^11.0.0",

package.json

@@ -141,7 +141,19 @@ def test_handler_no_chatbot_role(mock_cognito):
         "userPoolId": "us-east-1_testpool",
     }
 
+    # Mock the response to prevent infinite pagination
+    mock_cognito.admin_list_groups_for_user.return_value = {
+        "Groups": []  # User has no current groups
+    }
+
     result = handler(event, None)
 
     assert result == event
-    mock_cognito.admin_list_groups_for_user.assert_not_called()
+    # Should call admin_list_groups_for_user once to check current groups
+    mock_cognito.admin_list_groups_for_user.assert_called_once()
+    # Should add user to default group since they have no custom:chatbot_role
+    mock_cognito.admin_add_user_to_group.assert_called_once_with(
+        UserPoolId="us-east-1_testpool",
+        Username="test-user-123",
+        GroupName="user",  # default group
+    )