Addressed review comments

Author: Tarun Belani

packages/@aws-cdk/aws-imagebuilder-alpha/README.md

@@ -53,7 +53,7 @@ Create a component with the required properties: platform and component data.
 
 ```ts
 const component = new imagebuilder.Component(this, 'MyComponent', {
-  platform: imagebuilder.OSVersion.LINUX,
+  platform: imagebuilder.Platform.LINUX,
   data: imagebuilder.ComponentData.fromJsonObject({
     schemaVersion: imagebuilder.ComponentSchemaVersion.V1_0,
     phases: [
@@ -82,7 +82,7 @@ Use `ComponentData.fromInline()` for existing YAML/JSON definitions:
 
 ```ts
 const component = new imagebuilder.Component(this, 'InlineComponent', {
-  platform: imagebuilder.OSVersion.LINUX,
+  platform: imagebuilder.Platform.LINUX,
   data: imagebuilder.ComponentData.fromInline(`
 name: my-component
 schemaVersion: 1.0
@@ -103,7 +103,7 @@ Most developer-friendly approach using objects:
 
 ```ts
 const component = new imagebuilder.Component(this, 'JsonComponent', {
-  platform: imagebuilder.OSVersion.LINUX,
+  platform: imagebuilder.Platform.LINUX,
   data: imagebuilder.ComponentData.fromJsonObject({
     schemaVersion: imagebuilder.ComponentSchemaVersion.V1_0,
     phases: [
@@ -131,7 +131,7 @@ For type-safe, CDK-native definitions with enhanced properties like `timeout` an
 
 ```ts  
 const component = new imagebuilder.Component(this, 'StructuredComponent', {
-  platform: imagebuilder.OSVersion.LINUX,
+  platform: imagebuilder.Platform.LINUX,
   data: imagebuilder.ComponentData.fromComponentDocumentJsonObject({
     schemaVersion: imagebuilder.ComponentSchemaVersion.V1_0,
     phases: [
@@ -161,23 +161,26 @@ For those components you want to upload or have uploaded to S3:
 ```ts
 // Upload a local file
 const componentFromAsset = new imagebuilder.Component(this, 'AssetComponent', {
-  platform: imagebuilder.OSVersion.LINUX,
+  platform: imagebuilder.Platform.LINUX,
   data: imagebuilder.ComponentData.fromAsset(this, 'ComponentAsset', './my-component.yml'),
 });
 
 // Reference an existing S3 object
 const bucket = s3.Bucket.fromBucketName(this, 'ComponentBucket', 'my-components-bucket');
 const componentFromS3 = new imagebuilder.Component(this, 'S3Component', {
-  platform: imagebuilder.OSVersion.LINUX,
+  platform: imagebuilder.Platform.LINUX,
   data: imagebuilder.ComponentData.fromS3(bucket, 'components/my-component.yml'),
 });
 ```
 
 #### Encrypt component data with a KMS key
 
+You can encrypt component data with a KMS key, so that only principals with access to decrypt with the key are able to
+access the component data.
+
 ```ts
 const component = new imagebuilder.Component(this, 'EncryptedComponent', {
-  platform: imagebuilder.OSVersion.LINUX,
+  platform: imagebuilder.Platform.LINUX,
   kmsKey: new kms.Key(this, 'ComponentKey'),
   data: imagebuilder.ComponentData.fromJsonObject({
     schemaVersion: imagebuilder.ComponentSchemaVersion.V1_0,
@@ -206,12 +209,12 @@ AWS provides a collection of managed components for common tasks:
 ```ts
 // Install AWS CLI v2
 const awsCliComponent = imagebuilder.AwsManagedComponent.awsCliV2(this, 'AwsCli', {
-  platform: imagebuilder.OSVersion.LINUX,
+  platform: imagebuilder.Platform.LINUX
 });
 
 // Update the operating system
 const updateComponent = imagebuilder.AwsManagedComponent.updateOS(this, 'UpdateOS', {
-  platform: imagebuilder.OSVersion.LINUX,
+  platform: imagebuilder.Platform.LINUX
 });
 
 // Reference any AWS-managed component by name

packages/@aws-cdk/aws-imagebuilder-alpha/lib/component.ts

@@ -67,7 +67,7 @@ export interface ComponentProps {
   /**
    * The operating system platform of the component.
    */
-  readonly platform: OSVersion;
+  readonly platform: Platform;
 
   /**
    * The name of the component.
@@ -143,7 +143,7 @@ export interface ComponentAttributes {
   /**
    * The version of the component
    *
-   * @default the latest version of the component, x.x.x
+   * @default - the latest version of the component, x.x.x
    */
   readonly componentVersion?: string;
 }
@@ -168,7 +168,7 @@ export interface AwsManagedComponentAttributes {
   /**
    * The version of the AWS-managed component
    *
-   * @default the latest version of the component, x.x.x
+   * @default - the latest version of the component, x.x.x
    */
   readonly componentVersion?: string;
 
@@ -180,7 +180,7 @@ export interface AwsManagedComponentAttributes {
    * @default - none if using `this.fromAwsManagedComponentAttributes()`, otherwise a platform is
    *            required when using the pre-defined managed component methods
    */
-  readonly platform?: OSVersion;
+  readonly platform?: Platform;
 }
 
 /**
@@ -200,7 +200,7 @@ export interface AwsMarketplaceComponentAttributes {
   /**
    * The version of the AWS Marketplace component
    *
-   * @default The latest version of the component, x.x.x
+   * @default - the latest version of the component, x.x.x
    */
   readonly componentVersion?: string;
 }
@@ -273,7 +273,7 @@ export interface ComponentDocumentStep {
   /**
    * The condition to apply to the step. If the condition is false, then the step is skipped
    *
-   * @default no condition is applied to the step and it gets executed
+   * @default - no condition is applied to the step and it gets executed
    */
   readonly if?: any;
 
@@ -282,7 +282,7 @@ export interface ComponentDocumentStep {
    *
    * @default None
    */
-  readonly loop?: any;
+  readonly loop?: ComponentDocumentLoop;
 
   /**
    * The timeout of the step
@@ -299,6 +299,53 @@ export interface ComponentDocumentStep {
   readonly onFailure?: ComponentOnFailure;
 }
 
+/**
+ * The looping construct of a component defines a repeated sequence of instructions
+ */
+export interface ComponentDocumentLoop {
+  /**
+   * The name of the loop, which can be used to reference
+   *
+   * @default loop
+   */
+  readonly name?: string;
+
+  /**
+   * The for loop iterates on a range of integers specified within a boundary outlined by the start and end of the
+   * variables
+   *
+   * @default - none if `forEach` is provided. otherwise, `for` is required.
+   */
+  readonly for?: ComponentDocumentForLoop;
+
+  /**
+   * The forEach loop iterates on an explicit list of values, which can be strings and chained expressions
+   *
+   * @default - none if `for` is provided. otherwise, `forEach` is required.
+   */
+  readonly forEach?: string[];
+}
+
+/**
+ * The for loop iterates on a range of integers specified within a boundary outlined by the start and end of the
+ * variables. The iterating values are in the set [start, end] and includes boundary values.
+ */
+export interface ComponentDocumentForLoop {
+  /**
+   * Starting value of iteration. Does not accept chaining expressions.
+   */
+  readonly start: number;
+  /**
+   * Ending value of iteration. Does not accept chaining expressions.
+   */
+  readonly end: number;
+  /**
+   * Difference by which an iterating value is updated through addition. It must be a negative or positive non-zero
+   * value. Does not accept chaining expressions.
+   */
+  readonly updateBy: number;
+}
+
 /**
  * The action for a step within the component document
  */
@@ -571,9 +618,11 @@ export abstract class ComponentData {
         steps: phase.steps.map((step) => ({
           name: step.name,
           action: step.action,
-          inputs: step.inputs,
           ...(step.onFailure !== undefined && { onFailure: step.onFailure }),
           ...(step.timeout !== undefined && { timeoutSeconds: step.timeout.toSeconds() }),
+          ...(step.if !== undefined && { if: step.if }),
+          ...(step.loop !== undefined && { loop: step.loop }),
+          inputs: step.inputs,
         })),
       })),
     });
@@ -700,7 +749,7 @@ export abstract class AwsManagedComponent {
       allowedPlatforms: [Platform.LINUX, Platform.WINDOWS],
     });
 
-    if (attrs.platform?.platform === Platform.WINDOWS) {
+    if (attrs.platform === Platform.WINDOWS) {
       return this.fromAwsManagedComponentAttributes(scope, id, {
         componentName: 'aws-cli-version-2-windows',
         componentVersion: attrs.componentVersion,
@@ -728,7 +777,7 @@ export abstract class AwsManagedComponent {
       allowedPlatforms: [Platform.LINUX, Platform.WINDOWS],
     });
 
-    if (attrs.platform?.platform === Platform.WINDOWS) {
+    if (attrs.platform === Platform.WINDOWS) {
       return this.fromAwsManagedComponentAttributes(scope, id, {
         componentName: 'hello-world-windows',
         componentVersion: attrs.componentVersion,
@@ -756,7 +805,7 @@ export abstract class AwsManagedComponent {
       allowedPlatforms: [Platform.LINUX, Platform.WINDOWS],
     });
 
-    if (attrs.platform?.platform === Platform.WINDOWS) {
+    if (attrs.platform === Platform.WINDOWS) {
       return this.fromAwsManagedComponentAttributes(scope, id, {
         componentName: 'python-3-windows',
         componentVersion: attrs.componentVersion,
@@ -784,7 +833,7 @@ export abstract class AwsManagedComponent {
       allowedPlatforms: [Platform.LINUX, Platform.WINDOWS],
     });
 
-    if (attrs.platform?.platform === Platform.WINDOWS) {
+    if (attrs.platform === Platform.WINDOWS) {
       return this.fromAwsManagedComponentAttributes(scope, id, {
         componentName: 'reboot-windows',
         componentVersion: attrs.componentVersion,
@@ -814,7 +863,7 @@ export abstract class AwsManagedComponent {
       allowedPlatforms: [Platform.LINUX, Platform.WINDOWS],
     });
 
-    if (attrs.platform?.platform === Platform.WINDOWS) {
+    if (attrs.platform === Platform.WINDOWS) {
       return this.fromAwsManagedComponentAttributes(scope, id, {
         componentName: 'stig-build-windows',
         componentVersion: attrs.componentVersion,
@@ -842,7 +891,7 @@ export abstract class AwsManagedComponent {
       allowedPlatforms: [Platform.LINUX, Platform.WINDOWS],
     });
 
-    if (attrs.platform?.platform === Platform.WINDOWS) {
+    if (attrs.platform === Platform.WINDOWS) {
       return this.fromAwsManagedComponentAttributes(scope, id, {
         componentName: 'update-windows',
         componentVersion: attrs.componentVersion,
@@ -923,7 +972,7 @@ export abstract class AwsManagedComponent {
       throw new cdk.ValidationError(`platform cannot be a token for ${component}`, scope);
     }
 
-    if (!allowedPlatforms.includes(attrs.platform.platform)) {
+    if (!allowedPlatforms.includes(attrs.platform)) {
       throw new cdk.ValidationError(`${attrs.platform} is not a supported platform for ${component}`, scope);
     }
   }
@@ -1061,6 +1110,11 @@ export class Component extends ComponentBase {
       ).resourceName!;
 
       const [componentNameFromArn, componentVersionFromArn] = (() => {
+        if (cdk.Token.isUnresolved(componentNameVersion)) {
+          const componentNameVersionSplit = cdk.Fn.split('/', componentNameVersion);
+          return [cdk.Fn.select(0, componentNameVersionSplit), cdk.Fn.select(1, componentNameVersionSplit)];
+        }
+
         const componentNameVersionSplit = componentNameVersion.split('/');
         return [componentNameVersionSplit[0], componentNameVersionSplit[1]];
       })();
@@ -1111,6 +1165,8 @@ export class Component extends ComponentBase {
    */
   public readonly componentType: string;
 
+  protected readonly kmsKey?: kms.IKey;
+
   public constructor(scope: Construct, id: string, props: ComponentProps) {
     super(scope, id, {
       physicalName:
@@ -1130,7 +1186,7 @@ export class Component extends ComponentBase {
     this.validateComponentName();
 
     props.supportedOsVersions?.forEach((osVersion) => {
-      if (osVersion.platform !== props.platform.platform) {
+      if (osVersion.platform !== props.platform) {
         throw new cdk.ValidationError(
           `os version ${osVersion.osVersion} is not compatible with platform ${props.platform}`,
           this,
@@ -1146,7 +1202,7 @@ export class Component extends ComponentBase {
       version: componentVersion,
       changeDescription: props.changeDescription,
       description: props.description,
-      platform: props.platform.platform,
+      platform: props.platform,
       kmsKeyId: props.kmsKey?.keyArn,
       tags: props.tags,
       ...(props.data.isS3Reference ? { uri: props.data.value } : { data: props.data.value }),
@@ -1164,6 +1220,17 @@ export class Component extends ComponentBase {
     this.componentVersion = componentVersion;
     this.encrypted = true; // Components are always encrypted
     this.componentType = component.attrType;
+    this.kmsKey = props.kmsKey;
+  }
+
+  /**
+   * Grant KMS key decrypt permissions to the given grantee. This applies only if a KMS key was provided to the
+   * component.
+   *
+   * @param grantee The principal
+   */
+  public grantDecrypt(grantee: iam.IGrantable): iam.Grant | undefined {
+    return this.kmsKey?.grantDecrypt(grantee);
   }
 
   private validateComponentName() {

packages/@aws-cdk/aws-imagebuilder-alpha/lib/os-version.ts

@@ -55,12 +55,12 @@ export class OSVersion {
   /**
    * OS version for macOS 14
    */
-  public static readonly MAC_OS_14 = new OSVersion(Platform.LINUX, 'macOS 14');
+  public static readonly MAC_OS_14 = new OSVersion(Platform.MAC_OS, 'macOS 14');
 
   /**
    * OS version for macOS 15
    */
-  public static readonly MAC_OS_15 = new OSVersion(Platform.LINUX, 'macOS 15');
+  public static readonly MAC_OS_15 = new OSVersion(Platform.MAC_OS, 'macOS 15');
 
   /**
    * OS version for all Red Hat Enterprise Linux images
@@ -110,24 +110,24 @@ export class OSVersion {
   /**
    * OS version for all Windows server images
    */
-  public static readonly WINDOWS_SERVER = new OSVersion(Platform.LINUX, 'Microsoft Windows Server');
+  public static readonly WINDOWS_SERVER = new OSVersion(Platform.WINDOWS, 'Microsoft Windows Server');
 
   /**
    * OS version for Windows Server 2016
    */
-  public static readonly WINDOWS_SERVER_2016 = new OSVersion(Platform.LINUX, 'Microsoft Windows Server 2016');
+  public static readonly WINDOWS_SERVER_2016 = new OSVersion(Platform.WINDOWS, 'Microsoft Windows Server 2016');
   /**
    * OS version for Windows Server 2019
    */
-  public static readonly WINDOWS_SERVER_2019 = new OSVersion(Platform.LINUX, 'Microsoft Windows Server 2019');
+  public static readonly WINDOWS_SERVER_2019 = new OSVersion(Platform.WINDOWS, 'Microsoft Windows Server 2019');
   /**
    * OS version for Windows Server 2022
    */
-  public static readonly WINDOWS_SERVER_2022 = new OSVersion(Platform.LINUX, 'Microsoft Windows Server 2022');
+  public static readonly WINDOWS_SERVER_2022 = new OSVersion(Platform.WINDOWS, 'Microsoft Windows Server 2022');
   /**
    * OS version for Windows Server 2025
    */
-  public static readonly WINDOWS_SERVER_2025 = new OSVersion(Platform.LINUX, 'Microsoft Windows Server 2025');
+  public static readonly WINDOWS_SERVER_2025 = new OSVersion(Platform.WINDOWS, 'Microsoft Windows Server 2025');
 
   /**
    * Constructs an OS version with a custom name