feat(rds): support CA certificate for cluster instances (#27138)

Exposes the `caCertificate` property for an RDS cluster instance to allow specifying a custom CA identifier using the `CaCertificate` class. Usage: ``` new DatabaseCluster(this, 'Database', { engine: rds.DatabaseClusterEngine.auroraMysql({ version: rds.AuroraMysqlEngineVersion.VER_3_01_0 }), writer: rds.ClusterInstance.provisioned('writer', { caCertificate: rds.CaCertificate.RDS_CA_RDS2048_G1, }), readers: [ rds.ClusterInstance.serverlessV2('reader', { caCertificate: rds.CaCertificate.of('custom-ca'), }), ], vpc, }); ``` Closes #26865. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Sep 18, 2023 · e25b53e · e25b53e
1 parent 34a0bc2
commit e25b53e
Show file tree

Hide file tree

Showing 15 changed files with 1,983 additions and 50 deletions.
diff --git a/...ance-ca-certificate.js.snapshot/cdk-rds-cluster-instance-ca-certificate-integ.assets.json b/...ance-ca-certificate.js.snapshot/cdk-rds-cluster-instance-ca-certificate-integ.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "33.0.0",
+  "files": {
+    "35db2485b27a7c010fba355d9cf2e473972ef6e3a637a137233fc20f79ea36e6": {
+      "source": {
+        "path": "cdk-rds-cluster-instance-ca-certificate-integ.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "35db2485b27a7c010fba355d9cf2e473972ef6e3a637a137233fc20f79ea36e6.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}