Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[rds] How to setup SecretsManager name for "masterUser" ? #10586

Closed
Cloudrage opened this issue Sep 29, 2020 · 8 comments
Closed

[rds] How to setup SecretsManager name for "masterUser" ? #10586

Cloudrage opened this issue Sep 29, 2020 · 8 comments
Assignees
@skinny85
Labels
@aws-cdk/aws-rds Related to Amazon Relational Database guidance Question that needs advice or information.

Comments

@Cloudrage
Copy link

❓ General Issue

The Question

When creating a new rds.DatabaseCluster, I want to be able to set the name of the Secrets generated for the masterUser.
It's needed by a pipeline to get values from it but if the name is generated auto, I can't easily retrieve values directly (without a describe...).
I've seen that it's possible for additional Users, but for the Master ?
@Cloudrage Cloudrage added guidance Question that needs advice or information. needs-triage This issue or PR still needs to be triaged. labels Sep 29, 2020
@github-actions github-actions bot added the @aws-cdk/aws-rds Related to Amazon Relational Database label Sep 29, 2020
@skinny85
Copy link
Contributor

Hello @Cloudrage ,

you do that in the username property of the Login interface, which is the type of the masterUser property in DatabaseClusterProps:

    new rds.DatabaseCluster(this, 'Cluster', {
      // ...
      masterUser: {
        username: 'your-username-here',
      },
    });

Thanks,
Adam

@skinny85 skinny85 added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Sep 29, 2020
@Cloudrage
Copy link
Author

@skinny85 , thanks for your reply, but my question is about the name of the Secrets Generated on our behalf.
For example, CDK create a Secrets with name : DatabaseClusterSecret-nS6N22CBwDYx

But I want to set of name like rds-secrets for my Master User; see ?
It's possible when creating multiple Users and then, attach them to the RDS, but for the Master User, when I enable rotation of the pwd, it's saying that my RDS don't have a Secret and it can't add a rotation without Secrets.

@skinny85
Copy link
Contributor

skinny85 commented Sep 29, 2020
edited
Loading

@Cloudrage you can pass your own password property in masterUser - hopefully as a value from SecretsManager, to not put your passwords in plaintext in code - and this way, the CDK will not create the Secret for you.

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Sep 30, 2020
@Cloudrage
Copy link
Author

Of course, tested and it works.
But in that case, I can't addRotationSingleUser to my RDS, saying that no Secrets is attached to it.
And to be able to rotate Secret, I've to provide my own Lambda to do it instead of the one provided by default by RDS addRotationSingleUser.
So, you're saying that it's not possible to set Secrets Name by the one generated with RDS Construct for DB MasterUser; maybe a feature request ?

@skinny85
Copy link
Contributor

You're probably right. We recently made some large changes to this functionality in #7927 . These are not released yet, but I hope this will cover your use case!

@Cloudrage
Copy link
Author

If when adding our own Secrets to the RDS we can use addRotationSingleUser Method without issues, indeed :)

Thanks !

@Cloudrage
Copy link
Author

I confirm that CDK 1.66.0 do the job with credentials prop !

@github-actions
Copy link

github-actions bot commented Oct 5, 2020

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skinny85 skinny85

Labels
@aws-cdk/aws-rds Related to Amazon Relational Database guidance Question that needs advice or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@skinny85 @Cloudrage