From 4fa7716e0bc50c06327bc30320c5871207a11c52 Mon Sep 17 00:00:00 2001 From: Michael Sambol Date: Sat, 7 Sep 2024 09:24:14 -0700 Subject: [PATCH 1/7] chore: fix spelling error of if (#31353) I saw this while reading the [EC2 instance docs](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Instance.html#userdatacausesreplacement). --- packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts | 2 +- packages/aws-cdk-lib/aws-ec2/lib/instance.ts | 2 +- packages/aws-cdk/lib/notices.ts | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts b/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts index 5bcce8cd0e4d0..aeb5bd31401d5 100644 --- a/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts +++ b/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts @@ -151,7 +151,7 @@ function calculateTemplateDiff(currentTemplate: { [key: string]: any }, newTempl /** * Replace all references to the given logicalID on the given template, in-place * - * Returns true iff any references were replaced. + * Returns true if any references were replaced. */ function propagateReplacedReferences(template: object, logicalId: string): boolean { let ret = false; diff --git a/packages/aws-cdk-lib/aws-ec2/lib/instance.ts b/packages/aws-cdk-lib/aws-ec2/lib/instance.ts index 2eb98ad26e6fa..8dbcbd58bd921 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/instance.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/instance.ts @@ -177,7 +177,7 @@ export interface InstanceProps { * UserData, which will cause CloudFormation to replace it if the UserData * changes. * - * @default - true iff `initOptions` is specified, false otherwise. + * @default - true if `initOptions` is specified, false otherwise. */ readonly userDataCausesReplacement?: boolean; diff --git a/packages/aws-cdk/lib/notices.ts b/packages/aws-cdk/lib/notices.ts index 1747369705fe1..747078e0a11da 100644 --- a/packages/aws-cdk/lib/notices.ts +++ b/packages/aws-cdk/lib/notices.ts @@ -255,7 +255,7 @@ export class NoticeFilter { } /** - * Returns true iff we should show this notice. + * Returns true if we should show this notice. */ apply(notice: Notice): boolean { if (this.acknowledgedIssueNumbers.has(notice.issueNumber)) { @@ -267,7 +267,7 @@ export class NoticeFilter { } /** - * Returns true iff we should show the notice. + * Returns true if we should show the notice. */ private applyVersion(notice: Notice, name: string, compareToVersion: string | undefined) { if (compareToVersion === undefined) { return false; } From 633904d9bf82901237fba7ab552c02261b627d21 Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Sun, 8 Sep 2024 15:55:42 +0900 Subject: [PATCH 2/7] chore(cognito): fix test case name for User Pool Domain (#31365) While working on #31351, I discovered. The test case name for `User Pool Domain` was incorrectly set as `User Pool Client`. It's likely that when the code was reused from `user-pool-client.test.ts`, the test case name wasn't updated. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts b/packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts index 109c357576c34..0f3439a3f68d2 100644 --- a/packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts +++ b/packages/aws-cdk-lib/aws-cognito/test/user-pool-domain.test.ts @@ -3,7 +3,7 @@ import { Certificate } from '../../aws-certificatemanager'; import { CfnParameter, Stack } from '../../core'; import { UserPool, UserPoolDomain } from '../lib'; -describe('User Pool Client', () => { +describe('User Pool Domain', () => { test('custom domain name', () => { // GIVEN const stack = new Stack(); From ab73e538b7b77df8f8e981de2152dde814f66a1d Mon Sep 17 00:00:00 2001 From: Michael Sambol Date: Sun, 8 Sep 2024 00:29:37 -0700 Subject: [PATCH 3/7] chore(stepfunctions-tasks): doc has incorrect api endpoint (#31364) Closes #30940. --- packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md index 2067a10332668..2bd0f0ea27132 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/README.md @@ -1363,7 +1363,7 @@ const connection = new events.Connection(this, 'Connection', { new tasks.HttpInvoke(this, 'Invoke HTTP API', { apiRoot: 'https://api.example.com', - apiEndpoint: sfn.TaskInput.fromText('https://api.example.com/path/to/resource'), + apiEndpoint: sfn.TaskInput.fromText('path/to/resource'), body: sfn.TaskInput.fromObject({ foo: 'bar' }), connection, headers: sfn.TaskInput.fromObject({ 'Content-Type': 'application/json' }), From 7abe8fcc83c1734c48a105b6f249c3ea42c71493 Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Mon, 9 Sep 2024 18:30:22 +0900 Subject: [PATCH 4/7] chore(rds): support 10.11.9, 10.6.19, 10.5.26 for MariaDB (#31366) Add new minor versions. Ref: [Amazon RDS for MariaDB supports minors 10.11.9, 10.6.19, 10.5.26](https://aws.amazon.com/about-aws/whats-new/2024/09/amazon-rds-mariadb-minors-10/) ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-rds/lib/instance-engine.ts | 6 +++ .../aws-rds/test/instance-engine.test.ts | 54 +++++++++++++++++++ 2 files changed, 60 insertions(+) diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts index e0bfec6452b62..dbe3d17992280 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts @@ -494,6 +494,8 @@ export class MariaDbEngineVersion { public static readonly VER_10_5_24 = MariaDbEngineVersion.of('10.5.24', '10.5'); /** Version "10.5.25". */ public static readonly VER_10_5_25 = MariaDbEngineVersion.of('10.5.25', '10.5'); + /** Version "10.5.26". */ + public static readonly VER_10_5_26 = MariaDbEngineVersion.of('10.5.26', '10.5'); /** Version "10.6" (only a major version, without a specific minor version). */ public static readonly VER_10_6 = MariaDbEngineVersion.of('10.6', '10.6'); @@ -539,6 +541,8 @@ export class MariaDbEngineVersion { public static readonly VER_10_6_17 = MariaDbEngineVersion.of('10.6.17', '10.6'); /** Version "10.6.18". */ public static readonly VER_10_6_18 = MariaDbEngineVersion.of('10.6.18', '10.6'); + /** Version "10.6.19". */ + public static readonly VER_10_6_19 = MariaDbEngineVersion.of('10.6.19', '10.6'); /** Version "10.11" (only a major version, without a specific minor version). */ public static readonly VER_10_11 = MariaDbEngineVersion.of('10.11', '10.11'); @@ -552,6 +556,8 @@ export class MariaDbEngineVersion { public static readonly VER_10_11_7 = MariaDbEngineVersion.of('10.11.7', '10.11'); /** Version "10.11.8". */ public static readonly VER_10_11_8 = MariaDbEngineVersion.of('10.11.8', '10.11'); + /** Version "10.11.9". */ + public static readonly VER_10_11_9 = MariaDbEngineVersion.of('10.11.9', '10.11'); /** * Create a new MariaDbEngineVersion with an arbitrary version. diff --git a/packages/aws-cdk-lib/aws-rds/test/instance-engine.test.ts b/packages/aws-cdk-lib/aws-rds/test/instance-engine.test.ts index 86d2b8b2dc574..107ff52094086 100644 --- a/packages/aws-cdk-lib/aws-rds/test/instance-engine.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/instance-engine.test.ts @@ -1,4 +1,5 @@ import { Template } from '../../assertions'; +import * as ec2 from '../../aws-ec2'; import * as iam from '../../aws-iam'; import * as cdk from '../../core'; import * as rds from '../lib'; @@ -262,4 +263,57 @@ describe('instance engine', () => { expect(engineConfig.features?.s3Export).toEqual('s3Export'); }); }); + + describe('MariaDB engine version', () => { + test.each([ + ['10.4', rds.MariaDbEngineVersion.VER_10_4], + ['10.4.29', rds.MariaDbEngineVersion.VER_10_4_29], + ['10.4.30', rds.MariaDbEngineVersion.VER_10_4_30], + ['10.4.31', rds.MariaDbEngineVersion.VER_10_4_31], + ['10.4.32', rds.MariaDbEngineVersion.VER_10_4_32], + ['10.4.33', rds.MariaDbEngineVersion.VER_10_4_33], + ['10.4.34', rds.MariaDbEngineVersion.VER_10_4_34], + ['10.5', rds.MariaDbEngineVersion.VER_10_5], + ['10.5.20', rds.MariaDbEngineVersion.VER_10_5_20], + ['10.5.21', rds.MariaDbEngineVersion.VER_10_5_21], + ['10.5.22', rds.MariaDbEngineVersion.VER_10_5_22], + ['10.5.23', rds.MariaDbEngineVersion.VER_10_5_23], + ['10.5.24', rds.MariaDbEngineVersion.VER_10_5_24], + ['10.5.25', rds.MariaDbEngineVersion.VER_10_5_25], + ['10.5.26', rds.MariaDbEngineVersion.VER_10_5_26], + ['10.6', rds.MariaDbEngineVersion.VER_10_6], + ['10.6.13', rds.MariaDbEngineVersion.VER_10_6_13], + ['10.6.14', rds.MariaDbEngineVersion.VER_10_6_14], + ['10.6.15', rds.MariaDbEngineVersion.VER_10_6_15], + ['10.6.16', rds.MariaDbEngineVersion.VER_10_6_16], + ['10.6.17', rds.MariaDbEngineVersion.VER_10_6_17], + ['10.6.18', rds.MariaDbEngineVersion.VER_10_6_18], + ['10.6.19', rds.MariaDbEngineVersion.VER_10_6_19], + ['10.11', rds.MariaDbEngineVersion.VER_10_11], + ['10.11.4', rds.MariaDbEngineVersion.VER_10_11_4], + ['10.11.5', rds.MariaDbEngineVersion.VER_10_11_5], + ['10.11.6', rds.MariaDbEngineVersion.VER_10_11_6], + ['10.11.7', rds.MariaDbEngineVersion.VER_10_11_7], + ['10.11.8', rds.MariaDbEngineVersion.VER_10_11_8], + ['10.11.9', rds.MariaDbEngineVersion.VER_10_11_9], + ])('is passed correctly for %s', (engineVersion, version) => { + + // WHEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + new rds.DatabaseInstance(stack, 'Instance', { + engine: rds.DatabaseInstanceEngine.mariaDb({ version }), + vpc, + }); + + // THEN + Template.fromStack(stack).hasResource('AWS::RDS::DBInstance', { + Properties: { + Engine: 'mariadb', + EngineVersion: engineVersion, + }, + }); + }); + }); }); From 65422077123fa5870106e29594b8f0392484da3f Mon Sep 17 00:00:00 2001 From: "Kenta Goto (k.goto)" <24818752+go-to-k@users.noreply.github.com> Date: Mon, 9 Sep 2024 19:27:30 +0900 Subject: [PATCH 5/7] fix(rds): proxy target group does not depend on database instances when using writer property for database cluster (#31354) ### Issue # (if applicable) Closes #31304 . ### Reason for this change Proxy Target Group should depend on and wait for Aurora instances to be ready before creating CloudFormation resource. (see the issue). Now, the dependency is added when using a legacy `instanceProps`, but not added when using a `writer` property. https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/proxy.ts#L535-L539 (The cluster has `CfnDBInstance` directly when using the `instanceProps`, but it has `AuroraClusterInstance` with `CfnDBInstance` as `defaultChild` when using the `writer`. So the cluster doesn't have the `CfnDBInstance` directly in the latter case.) ### Description of changes Added the dependency when using a `writer` property instead of `instanceProps`. ### Description of how you validated changes Both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-cdk-rds-proxy.assets.json | 6 +- .../aws-cdk-rds-proxy.template.json | 2910 ++++++++++------- .../test/integ.proxy.js.snapshot/cdk.out | 2 +- ...efaultTestDeployAssert1DC3D9D5.assets.json | 2 +- .../test/integ.proxy.js.snapshot/integ.json | 2 +- .../integ.proxy.js.snapshot/manifest.json | 154 +- .../test/integ.proxy.js.snapshot/tree.json | 1497 +++++++-- .../test/aws-rds/test/integ.proxy.ts | 24 + packages/aws-cdk-lib/aws-rds/lib/proxy.ts | 8 + .../aws-cdk-lib/aws-rds/test/proxy.test.ts | 80 + 10 files changed, 3320 insertions(+), 1365 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json index 45550d77e835b..455acf0505f1e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.0", + "version": "36.0.5", "files": { - "f68b974b928e0003a591e50a31664287bf09b26266fd62aff657be66a8ddd553": { + "24c50d70529cefe67615ea76909c26232656878d7c5606e5fe0bbe6313acc3af": { "source": { "path": "aws-cdk-rds-proxy.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "f68b974b928e0003a591e50a31664287bf09b26266fd62aff657be66a8ddd553.json", + "objectKey": "24c50d70529cefe67615ea76909c26232656878d7c5606e5fe0bbe6313acc3af.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json index 8d7cb0c299935..5f3722c21fa1f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json @@ -1,1191 +1,1869 @@ { - "Resources": { - "vpcA2121C38": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc" - } - ] + "Resources": { + "vpcA2121C38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc" + } + ] + } + }, + "vpcPublicSubnet1Subnet2E65531E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" } + ] }, - "vpcPublicSubnet1Subnet2E65531E": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet1RouteTable48A2DF9B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet1RouteTableAssociation5D3F4579": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" }, - "vpcPublicSubnet1RouteTable48A2DF9B": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + } + } + }, + "vpcPublicSubnet1DefaultRoute10708846": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" }, - "vpcPublicSubnet1RouteTableAssociation5D3F4579": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - } - } + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet1EIPDA49DCBE": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ] + } + }, + "vpcPublicSubnet1NATGateway9C16659E": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet1EIPDA49DCBE", + "AllocationId" + ] }, - "vpcPublicSubnet1DefaultRoute10708846": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - }, - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - } - }, - "DependsOn": ["vpcVPCGW7984C166"] - }, - "vpcPublicSubnet1EIPDA49DCBE": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ] + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1RouteTableAssociation5D3F4579" + ] + }, + "vpcPublicSubnet2Subnet009B674F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" } + ] }, - "vpcPublicSubnet1NATGateway9C16659E": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": ["vpcPublicSubnet1EIPDA49DCBE", "AllocationId"] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ] - }, - "DependsOn": [ - "vpcPublicSubnet1DefaultRoute10708846", - "vpcPublicSubnet1RouteTableAssociation5D3F4579" - ] + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet2RouteTableEB40D4CB": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet2RouteTableAssociation21F81B59": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" }, - "vpcPublicSubnet2Subnet009B674F": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + } + } + }, + "vpcPublicSubnet2DefaultRouteA1EC0F60": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" }, - "vpcPublicSubnet2RouteTableEB40D4CB": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet2EIP9B3743B1": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ] + } + }, + "vpcPublicSubnet2NATGateway9B8AE11A": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet2EIP9B3743B1", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2RouteTableAssociation21F81B59" + ] + }, + "vpcPrivateSubnet1Subnet934893E8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" } + ] }, - "vpcPublicSubnet2RouteTableAssociation21F81B59": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - } + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet1RouteTableB41A48CC": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet1RouteTableAssociation67945127": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + } + } + }, + "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet1NATGateway9C16659E" + }, + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + } + } + }, + "vpcPrivateSubnet2Subnet7031C2BA": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet2RouteTable7280F23E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet2RouteTableAssociation007E94D3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + } + }, + "vpcPrivateSubnet2DefaultRouteB0E07F99": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" }, - "vpcPublicSubnet2DefaultRouteA1EC0F60": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - }, - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + } + } + }, + "vpcIGWE57CBDCA": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc" + } + ] + } + }, + "vpcVPCGW7984C166": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "vpcIGWE57CBDCA" + }, + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "SecretEncryptionKey40C82244": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] } + }, + "Resource": "*" }, - "DependsOn": ["vpcVPCGW7984C166"] - }, - "vpcPublicSubnet2EIP9B3743B1": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ] - } - }, - "vpcPublicSubnet2NATGateway9B8AE11A": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": ["vpcPublicSubnet2EIP9B3743B1", "AllocationId"] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ] + { + "Action": [ + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Condition": { + "StringEquals": { + "kms:ViaService": { + "Fn::Join": [ + "", + [ + "secretsmanager.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" }, - "DependsOn": [ - "vpcPublicSubnet2DefaultRouteA1EC0F60", - "vpcPublicSubnet2RouteTableAssociation21F81B59" - ] - }, - "vpcPrivateSubnet1Subnet934893E8": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 0, + { + "Action": "kms:Decrypt", + "Condition": { + "StringEquals": { + "kms:ViaService": { + "Fn::Join": [ + "", + [ + "secretsmanager.", { - "Fn::GetAZs": "" - } + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] ] - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" + } } - } - }, - "vpcPrivateSubnet1RouteTableB41A48CC": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] } + }, + "Resource": "*" } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "dbInstanceSubnetGroupD062EC9E": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnet group for dbInstance database", + "SubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbInstanceSecurityGroupA58A00A3": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Security group for dbInstance database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbInstanceSecurityGroupfromawscdkrdsproxydbProxyProxySecurityGroupA345AFE5IndirectPortE3621D4F": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Instance from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] }, - "vpcPrivateSubnet1RouteTableAssociation67945127": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - } - } + "GroupId": { + "Fn::GetAtt": [ + "dbInstanceSecurityGroupA58A00A3", + "GroupId" + ] }, - "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet1NATGateway9C16659E" - }, - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - } - } + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbProxyProxySecurityGroup16E727A7", + "GroupId" + ] }, - "vpcPrivateSubnet2Subnet7031C2BA": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "ToPort": { + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] + } + } + }, + "dbInstanceSecret032D3661": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] }, - "vpcPrivateSubnet2RouteTable7280F23E": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "GenerateSecretString": { + "ExcludeCharacters": "\"@/\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"master\"}" }, - "vpcPrivateSubnet2RouteTableAssociation007E94D3": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - } + "KmsKeyId": { + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbInstanceSecretAttachment88CFBDAE": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "dbInstanceSecret032D3661" }, - "vpcPrivateSubnet2DefaultRouteB0E07F99": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" - }, - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - } - } + "TargetId": { + "Ref": "dbInstance4076B1EC" }, - "vpcIGWE57CBDCA": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc" - } - ] - } + "TargetType": "AWS::RDS::DBInstance" + } + }, + "dbInstance4076B1EC": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "AllocatedStorage": "100", + "CopyTagsToSnapshot": true, + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "dbInstanceSubnetGroupD062EC9E" }, - "vpcVPCGW7984C166": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "InternetGatewayId": { - "Ref": "vpcIGWE57CBDCA" - }, - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "Engine": "postgres", + "EngineVersion": "16.3", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbInstanceSecret032D3661" + }, + ":SecretString:password::}}" + ] + ] }, - "SecretEncryptionKey40C82244": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Condition": { - "StringEquals": { - "kms:ViaService": { - "Fn::Join": [ - "", - [ - "secretsmanager.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - }, - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": "kms:Decrypt", - "Condition": { - "StringEquals": { - "kms:ViaService": { - "Fn::Join": [ - "", - [ - "secretsmanager.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - }, - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbInstanceSecret032D3661" + }, + ":SecretString:username::}}" + ] + ] + }, + "StorageType": "gp2", + "VPCSecurityGroups": [ + { + "Fn::GetAtt": [ + "dbInstanceSecurityGroupA58A00A3", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbProxyIAMRole662F3AB8": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "dbProxyIAMRoleDefaultPolicy99AB98F3": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbInstanceSecretAttachment88CFBDAE" + } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "dbInstanceSubnetGroupD062EC9E": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Subnet group for dbInstance database", - "SubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } + { + "Action": "kms:Decrypt", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" ] + } } + ], + "Version": "2012-10-17" }, - "dbInstanceSecurityGroupA58A00A3": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Security group for dbInstance database", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "PolicyName": "dbProxyIAMRoleDefaultPolicy99AB98F3", + "Roles": [ + { + "Ref": "dbProxyIAMRole662F3AB8" + } + ] + } + }, + "dbProxyProxySecurityGroup16E727A7": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbProxy3B89EAF2": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "ClientPasswordAuthType": "POSTGRES_SCRAM_SHA_256", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbInstanceSecretAttachment88CFBDAE" } + } + ], + "DBProxyName": "awscdkrdsproxydbProxy0E60A1B7", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] }, - "dbInstanceSecurityGroupfromawscdkrdsproxydbProxyProxySecurityGroupA345AFE5IndirectPortE3621D4F": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "Description": "Allow connections to the database Instance from the Proxy", - "FromPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] - }, - "GroupId": { - "Fn::GetAtt": ["dbInstanceSecurityGroupA58A00A3", "GroupId"] - }, - "IpProtocol": "tcp", - "SourceSecurityGroupId": { - "Fn::GetAtt": ["dbProxyProxySecurityGroup16E727A7", "GroupId"] - }, - "ToPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] - } - } + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbProxyProxySecurityGroup16E727A7", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbProxyProxyTargetGroup8DA26A77": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": { + "ConnectionBorrowTimeout": 30, + "MaxConnectionsPercent": 50 }, - "dbInstanceSecret032D3661": { - "Type": "AWS::SecretsManager::Secret", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName" - } - ] - ] - }, - "GenerateSecretString": { - "ExcludeCharacters": "\"@/\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{\"username\":\"master\"}" - }, - "KmsKeyId": { - "Fn::GetAtt": ["SecretEncryptionKey40C82244", "Arn"] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbInstanceSecretAttachment88CFBDAE": { - "Type": "AWS::SecretsManager::SecretTargetAttachment", - "Properties": { - "SecretId": { - "Ref": "dbInstanceSecret032D3661" - }, - "TargetId": { - "Ref": "dbInstance4076B1EC" - }, - "TargetType": "AWS::RDS::DBInstance" - } + "DBInstanceIdentifiers": [ + { + "Ref": "dbInstance4076B1EC" + } + ], + "DBProxyName": { + "Ref": "dbProxy3B89EAF2" }, - "dbInstance4076B1EC": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "AllocatedStorage": "100", - "CopyTagsToSnapshot": true, - "DBInstanceClass": "db.t3.medium", - "DBSubnetGroupName": { - "Ref": "dbInstanceSubnetGroupD062EC9E" - }, - "Engine": "postgres", - "EngineVersion": "16.3", - "MasterUserPassword": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbInstanceSecret032D3661" - }, - ":SecretString:password::}}" - ] - ] - }, - "MasterUsername": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbInstanceSecret032D3661" - }, - ":SecretString:username::}}" - ] - ] - }, - "StorageType": "gp2", - "VPCSecurityGroups": [ - { - "Fn::GetAtt": ["dbInstanceSecurityGroupA58A00A3", "GroupId"] - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbProxyIAMRole662F3AB8": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "rds.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } + "TargetGroupName": "default" + } + }, + "dbClusterSubnets03B9B0E1": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnets for dbCluster database", + "SubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterSecurityGroupCAA1A91F": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "RDS security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxyProxySecurityGroupFBC47B09IndirectPort152B2D99": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, - "dbProxyIAMRoleDefaultPolicy99AB98F3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": { - "Ref": "dbInstanceSecretAttachment88CFBDAE" - } - }, - { - "Action": "kms:Decrypt", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": ["SecretEncryptionKey40C82244", "Arn"] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "dbProxyIAMRoleDefaultPolicy99AB98F3", - "Roles": [ - { - "Ref": "dbProxyIAMRole662F3AB8" - } - ] - } + "GroupId": { + "Fn::GetAtt": [ + "dbClusterSecurityGroupCAA1A91F", + "GroupId" + ] }, - "dbProxyProxySecurityGroup16E727A7": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "SecurityGroup for Database Proxy", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterProxyProxySecurityGroup170F327D", + "GroupId" + ] }, - "dbProxy3B89EAF2": { - "Type": "AWS::RDS::DBProxy", - "Properties": { - "Auth": [ - { - "AuthScheme": "SECRETS", - "ClientPasswordAuthType": "POSTGRES_SCRAM_SHA_256", - "IAMAuth": "DISABLED", - "SecretArn": { - "Ref": "dbInstanceSecretAttachment88CFBDAE" - } - } - ], - "DBProxyName": "awscdkrdsproxydbProxy0E60A1B7", - "EngineFamily": "POSTGRESQL", - "RequireTLS": true, - "RoleArn": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] - }, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": ["dbProxyProxySecurityGroup16E727A7", "GroupId"] - } - ], - "VpcSubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] - } + "ToPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] + } + } + }, + "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxy2ProxySecurityGroup5B77853FIndirectPort61009070": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, - "dbProxyProxyTargetGroup8DA26A77": { - "Type": "AWS::RDS::DBProxyTargetGroup", - "Properties": { - "ConnectionPoolConfigurationInfo": { - "ConnectionBorrowTimeout": 30, - "MaxConnectionsPercent": 50 - }, - "DBInstanceIdentifiers": [ - { - "Ref": "dbInstance4076B1EC" - } - ], - "DBProxyName": { - "Ref": "dbProxy3B89EAF2" - }, - "TargetGroupName": "default" - } + "GroupId": { + "Fn::GetAtt": [ + "dbClusterSecurityGroupCAA1A91F", + "GroupId" + ] }, - "dbClusterSubnets03B9B0E1": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Subnets for dbCluster database", - "SubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] - } + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterProxy2ProxySecurityGroupB44507AE", + "GroupId" + ] }, - "dbClusterSecurityGroupCAA1A91F": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "RDS security group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "ToPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] + } + } + }, + "dbClusterSecretCEA6D7B6": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] }, - "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxyProxySecurityGroupFBC47B09IndirectPort152B2D99": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "Description": "Allow connections to the database Cluster from the Proxy", - "FromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - }, - "GroupId": { - "Fn::GetAtt": ["dbClusterSecurityGroupCAA1A91F", "GroupId"] - }, - "IpProtocol": "tcp", - "SourceSecurityGroupId": { - "Fn::GetAtt": ["dbClusterProxyProxySecurityGroup170F327D", "GroupId"] - }, - "ToPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - } - } + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"postgres\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterSecretAttachmentAB67A752": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "dbClusterSecretCEA6D7B6" }, - "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxy2ProxySecurityGroup5B77853FIndirectPort61009070": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "Description": "Allow connections to the database Cluster from the Proxy", - "FromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - }, - "GroupId": { - "Fn::GetAtt": ["dbClusterSecurityGroupCAA1A91F", "GroupId"] - }, - "IpProtocol": "tcp", - "SourceSecurityGroupId": { - "Fn::GetAtt": ["dbClusterProxy2ProxySecurityGroupB44507AE", "GroupId"] - }, - "ToPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - } - } + "TargetId": { + "Ref": "dbClusterE86E47AE" }, - "dbClusterSecretCEA6D7B6": { - "Type": "AWS::SecretsManager::Secret", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName" - } - ] - ] - }, - "GenerateSecretString": { - "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{\"username\":\"postgres\"}" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbClusterSecretAttachmentAB67A752": { - "Type": "AWS::SecretsManager::SecretTargetAttachment", - "Properties": { - "SecretId": { - "Ref": "dbClusterSecretCEA6D7B6" - }, - "TargetId": { - "Ref": "dbClusterE86E47AE" - }, - "TargetType": "AWS::RDS::DBCluster" - } + "TargetType": "AWS::RDS::DBCluster" + } + }, + "dbClusterE86E47AE": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-postgresql14", + "DBSubnetGroupName": { + "Ref": "dbClusterSubnets03B9B0E1" }, - "dbClusterE86E47AE": { - "Type": "AWS::RDS::DBCluster", - "Properties": { - "CopyTagsToSnapshot": true, - "DBClusterParameterGroupName": "default.aurora-postgresql14", - "DBSubnetGroupName": { - "Ref": "dbClusterSubnets03B9B0E1" - }, - "Engine": "aurora-postgresql", - "EngineVersion": "14.5", - "MasterUserPassword": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbClusterSecretCEA6D7B6" - }, - ":SecretString:password::}}" - ] - ] - }, - "MasterUsername": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbClusterSecretCEA6D7B6" - }, - ":SecretString:username::}}" - ] - ] - }, - "Port": 5432, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": ["dbClusterSecurityGroupCAA1A91F", "GroupId"] - } - ] - }, - "UpdateReplacePolicy": "Snapshot", - "DeletionPolicy": "Snapshot" - }, - "dbClusterInstance1BCE092AC": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "DBClusterIdentifier": { - "Ref": "dbClusterE86E47AE" - }, - "DBInstanceClass": "db.t3.medium", - "DBSubnetGroupName": { - "Ref": "dbClusterSubnets03B9B0E1" - }, - "Engine": "aurora-postgresql" - }, - "DependsOn": [ - "vpcPrivateSubnet1DefaultRoute1AA8E2E5", - "vpcPrivateSubnet1RouteTableAssociation67945127", - "vpcPrivateSubnet2DefaultRouteB0E07F99", - "vpcPrivateSubnet2RouteTableAssociation007E94D3" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbClusterInstance20BA1ECD9": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "DBClusterIdentifier": { - "Ref": "dbClusterE86E47AE" - }, - "DBInstanceClass": "db.t3.medium", - "DBSubnetGroupName": { - "Ref": "dbClusterSubnets03B9B0E1" - }, - "Engine": "aurora-postgresql" - }, - "DependsOn": [ - "vpcPrivateSubnet1DefaultRoute1AA8E2E5", - "vpcPrivateSubnet1RouteTableAssociation67945127", - "vpcPrivateSubnet2DefaultRouteB0E07F99", - "vpcPrivateSubnet2RouteTableAssociation007E94D3" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbClusterProxyIAMRole693E39F5": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "rds.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } + "Engine": "aurora-postgresql", + "EngineVersion": "14.5", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterSecretCEA6D7B6" + }, + ":SecretString:password::}}" + ] + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterSecretCEA6D7B6" + }, + ":SecretString:username::}}" + ] + ] + }, + "Port": 5432, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterSecurityGroupCAA1A91F", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" + }, + "dbClusterInstance1BCE092AC": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterE86E47AE" + }, + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "dbClusterSubnets03B9B0E1" + }, + "Engine": "aurora-postgresql" + }, + "DependsOn": [ + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterInstance20BA1ECD9": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterE86E47AE" + }, + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "dbClusterSubnets03B9B0E1" + }, + "Engine": "aurora-postgresql" + }, + "DependsOn": [ + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterProxyIAMRole693E39F5": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterProxyIAMRoleDefaultPolicyEEE23224": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterSecretAttachmentAB67A752" + } } + ], + "Version": "2012-10-17" }, - "dbClusterProxyIAMRoleDefaultPolicyEEE23224": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "dbClusterProxyIAMRoleDefaultPolicyEEE23224", - "Roles": [ - { - "Ref": "dbClusterProxyIAMRole693E39F5" - } - ] + "PolicyName": "dbClusterProxyIAMRoleDefaultPolicyEEE23224", + "Roles": [ + { + "Ref": "dbClusterProxyIAMRole693E39F5" + } + ] + } + }, + "dbClusterProxyProxySecurityGroup170F327D": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterProxyAB5F8181": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterSecretAttachmentAB67A752" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterProxyE88930B6", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterProxyIAMRole693E39F5", + "Arn" + ] }, - "dbClusterProxyProxySecurityGroup170F327D": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "SecurityGroup for Database Proxy", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterProxyProxySecurityGroup170F327D", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterProxyProxyTargetGroupB7010C0D": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterE86E47AE" + } + ], + "DBProxyName": { + "Ref": "dbClusterProxyAB5F8181" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterInstance1BCE092AC", + "dbClusterInstance20BA1ECD9", + "dbClusterE86E47AE" + ] + }, + "dbClusterProxy2IAMRole190D217C": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterSecretAttachmentAB67A752" + } + } + ], + "Version": "2012-10-17" }, - "dbClusterProxyAB5F8181": { - "Type": "AWS::RDS::DBProxy", - "Properties": { - "Auth": [ - { - "AuthScheme": "SECRETS", - "IAMAuth": "DISABLED", - "SecretArn": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "DBProxyName": "awscdkrdsproxydbClusterProxyE88930B6", - "EngineFamily": "POSTGRESQL", - "RequireTLS": true, - "RoleArn": { - "Fn::GetAtt": ["dbClusterProxyIAMRole693E39F5", "Arn"] - }, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": [ - "dbClusterProxyProxySecurityGroup170F327D", - "GroupId" - ] - } - ], - "VpcSubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] + "PolicyName": "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8", + "Roles": [ + { + "Ref": "dbClusterProxy2IAMRole190D217C" + } + ] + } + }, + "dbClusterProxy2ProxySecurityGroupB44507AE": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterProxy28BBD43D5": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterSecretAttachmentAB67A752" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterProxy27493E9A7", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterProxy2IAMRole190D217C", + "Arn" + ] }, - "dbClusterProxyProxyTargetGroupB7010C0D": { - "Type": "AWS::RDS::DBProxyTargetGroup", - "Properties": { - "ConnectionPoolConfigurationInfo": {}, - "DBClusterIdentifiers": [ - { - "Ref": "dbClusterE86E47AE" - } - ], - "DBProxyName": { - "Ref": "dbClusterProxyAB5F8181" - }, - "TargetGroupName": "default" - }, - "DependsOn": [ - "dbClusterInstance1BCE092AC", - "dbClusterInstance20BA1ECD9", - "dbClusterE86E47AE" + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterProxy2ProxySecurityGroupB44507AE", + "GroupId" ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterProxy2ProxyTargetGroup8BD48F57": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterE86E47AE" + } + ], + "DBProxyName": { + "Ref": "dbClusterProxy28BBD43D5" }, - "dbClusterProxy2IAMRole190D217C": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "rds.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterInstance1BCE092AC", + "dbClusterInstance20BA1ECD9", + "dbClusterE86E47AE" + ] + }, + "dbClusterWithWriterAndReadersSubnetsD9FBAD2A": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnets for dbClusterWithWriterAndReaders database", + "SubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "RDS security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxyProxy3ProxySecurityGroup211267B8IndirectPort9336325A": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8FIndirectPort905C5505": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AFIndirectPort5D2FF883": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "dbClusterWithWriterAndReadersSecret3ED37A64": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"postgres\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterWithWriterAndReadersSecretAttachment9F7B2148": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + "TargetId": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "TargetType": "AWS::RDS::DBCluster" + } + }, + "dbClusterWithWriterAndReaders6627D259": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-postgresql14", + "DBSubnetGroupName": { + "Ref": "dbClusterWithWriterAndReadersSubnetsD9FBAD2A" + }, + "Engine": "aurora-postgresql", + "EngineVersion": "14.5", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:password::}}" + ] + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:username::}}" + ] + ] + }, + "Port": 5432, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" + }, + "dbClusterWithWriterAndReaderswriter6BAC1240": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "DBInstanceClass": "db.t3.medium", + "Engine": "aurora-postgresql", + "PromotionTier": 0 + }, + "DependsOn": [ + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterWithWriterAndReadersreader042B2B99": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "DBInstanceClass": "db.t3.medium", + "Engine": "aurora-postgresql", + "PromotionTier": 2 + }, + "DependsOn": [ + "dbClusterWithWriterAndReaderswriter6BAC1240", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" }, - "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8", - "Roles": [ - { - "Ref": "dbClusterProxy2IAMRole190D217C" - } - ] + "PolicyName": "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4", + "Roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterWithWriterAndReadersProxy4C6584761": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy401E48F9F", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2", + "Arn" + ] }, - "dbClusterProxy2ProxySecurityGroupB44507AE": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "SecurityGroup for Database Proxy", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy4ProxyTargetGroup69B133B1": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "DBProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy4C6584761" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterWithWriterAndReadersreader042B2B99", + "dbClusterWithWriterAndReaders6627D259", + "dbClusterWithWriterAndReaderswriter6BAC1240" + ] + }, + "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" }, - "dbClusterProxy28BBD43D5": { - "Type": "AWS::RDS::DBProxy", - "Properties": { - "Auth": [ - { - "AuthScheme": "SECRETS", - "IAMAuth": "DISABLED", - "SecretArn": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "DBProxyName": "awscdkrdsproxydbClusterProxy27493E9A7", - "EngineFamily": "POSTGRESQL", - "RequireTLS": true, - "RoleArn": { - "Fn::GetAtt": ["dbClusterProxy2IAMRole190D217C", "Arn"] - }, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": [ - "dbClusterProxy2ProxySecurityGroupB44507AE", - "GroupId" - ] - } - ], - "VpcSubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] + "PolicyName": "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628", + "Roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterWithWriterAndReadersProxy5FA5F5557": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy5EFD158FA", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E", + "Arn" + ] }, - "dbClusterProxy2ProxyTargetGroup8BD48F57": { - "Type": "AWS::RDS::DBProxyTargetGroup", - "Properties": { - "ConnectionPoolConfigurationInfo": {}, - "DBClusterIdentifiers": [ - { - "Ref": "dbClusterE86E47AE" - } - ], - "DBProxyName": { - "Ref": "dbClusterProxy28BBD43D5" - }, - "TargetGroupName": "default" - }, - "DependsOn": [ - "dbClusterInstance1BCE092AC", - "dbClusterInstance20BA1ECD9", - "dbClusterE86E47AE" + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy5ProxyTargetGroupE76C811F": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "DBProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy5FA5F5557" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterWithWriterAndReadersreader042B2B99", + "dbClusterWithWriterAndReaders6627D259", + "dbClusterWithWriterAndReaderswriter6BAC1240" + ] + }, + "Proxy3IAMRole26B82D9F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" } + } + }, + "Proxy3IAMRoleDefaultPolicyEBD54677": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "Proxy3IAMRoleDefaultPolicyEBD54677", + "Roles": [ + { + "Ref": "Proxy3IAMRole26B82D9F" + } + ] + } }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + "Proxy3ProxySecurityGroupF29F0434": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" } + } }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - ["1", "2", "3", "4", "5"], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } + "Proxy39463A146": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "DBProxyName": "awscdkrdsproxyProxy396989E4B", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "Proxy3IAMRole26B82D9F", + "Arn" + ] + }, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "Proxy3ProxyTargetGroup5A623A38": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "DBProxyName": { + "Ref": "Proxy39463A146" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterWithWriterAndReadersreader042B2B99", + "dbClusterWithWriterAndReaders6627D259", + "dbClusterWithWriterAndReaderswriter6BAC1240" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } + ] } -} + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out index 1f0068d32659a..bd5311dc372de 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json index a2b39265333af..2f779cc54513c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json index 5edeed336de2c..86fe159acd460 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "testCases": { "database-proxy-integ-test/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json index d5cd0fa6a2610..bf694779d2b9d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "artifacts": { "aws-cdk-rds-proxy.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f68b974b928e0003a591e50a31664287bf09b26266fd62aff657be66a8ddd553.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/24c50d70529cefe67615ea76909c26232656878d7c5606e5fe0bbe6313acc3af.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -358,6 +358,156 @@ "data": "dbClusterProxy2ProxyTargetGroup8BD48F57" } ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Subnets/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSubnetsD9FBAD2A" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroup1D462CCA" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxyProxy3ProxySecurityGroup211267B8IndirectPort9336325A" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8FIndirectPort905C5505" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AFIndirectPort5D2FF883" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecret3ED37A64" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Attachment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReaders6627D259" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/writer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReaderswriter6BAC1240" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/reader/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersreader042B2B99" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxySecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4C6584761" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxyTargetGroup": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4ProxyTargetGroup69B133B1" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxySecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5FA5F5557" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxyTargetGroup": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5ProxyTargetGroupE76C811F" + } + ], + "/aws-cdk-rds-proxy/Proxy3/IAMRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3IAMRole26B82D9F" + } + ], + "/aws-cdk-rds-proxy/Proxy3/IAMRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3IAMRoleDefaultPolicyEBD54677" + } + ], + "/aws-cdk-rds-proxy/Proxy3/ProxySecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3ProxySecurityGroupF29F0434" + } + ], + "/aws-cdk-rds-proxy/Proxy3/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy39463A146" + } + ], + "/aws-cdk-rds-proxy/Proxy3/ProxyTargetGroup": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3ProxyTargetGroup5A623A38" + } + ], "/aws-cdk-rds-proxy/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json index 87d132f060e44..28db74f6c2be6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json @@ -31,8 +31,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PublicSubnet1": { @@ -75,16 +75,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PublicSubnet1/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -105,8 +105,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -124,8 +124,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -144,8 +144,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "EIP": { @@ -164,8 +164,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "NATGateway": { @@ -192,14 +192,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PublicSubnet2": { @@ -242,16 +242,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PublicSubnet2/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -272,8 +272,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -291,8 +291,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -311,8 +311,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "EIP": { @@ -331,8 +331,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "NATGateway": { @@ -359,14 +359,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PrivateSubnet1": { @@ -409,16 +409,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PrivateSubnet1/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -439,8 +439,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -458,8 +458,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -478,14 +478,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PrivateSubnet2": { @@ -528,16 +528,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PrivateSubnet2/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -558,8 +558,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -577,8 +577,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -597,14 +597,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "IGW": { @@ -622,8 +622,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "VPCGW": { @@ -641,14 +641,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.Vpc", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SecretEncryptionKey": { @@ -753,7 +753,10 @@ "Effect": "Allow", "Principal": { "AWS": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] } }, "Resource": "*" @@ -764,14 +767,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnKey", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Key", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "dbInstance": { @@ -800,14 +803,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SecurityGroup": { @@ -834,8 +837,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "from awscdkrdsproxydbProxyProxySecurityGroupA345AFE5:{IndirectPort}": { @@ -846,7 +849,10 @@ "aws:cdk:cloudformation:props": { "description": "Allow connections to the database Instance from the Proxy", "fromPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] }, "groupId": { "Fn::GetAtt": [ @@ -862,19 +868,22 @@ ] }, "toPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Secret": { @@ -905,13 +914,16 @@ "excludeCharacters": "\"@/\\" }, "kmsKeyId": { - "Fn::GetAtt": ["SecretEncryptionKey40C82244", "Arn"] + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Attachment": { @@ -934,20 +946,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -963,7 +975,7 @@ "Ref": "dbInstanceSubnetGroupD062EC9E" }, "engine": "postgres", - "EngineVersion": "16.3", + "engineVersion": "16.3", "masterUsername": { "Fn::Join": [ "", @@ -1000,14 +1012,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "dbProxy": { @@ -1022,8 +1034,8 @@ "id": "ImportIAMRole", "path": "aws-cdk-rds-proxy/dbProxy/IAMRole/ImportIAMRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1047,8 +1059,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultPolicy": { @@ -1095,20 +1107,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxySecurityGroup": { @@ -1135,14 +1147,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1165,7 +1177,10 @@ "engineFamily": "POSTGRESQL", "requireTls": true, "roleArn": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] }, "vpcSecurityGroupIds": [ { @@ -1186,8 +1201,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxyTargetGroup": { @@ -1212,14 +1227,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxyTargetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "dbCluster": { @@ -1248,14 +1263,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SecurityGroup": { @@ -1282,8 +1297,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "from awscdkrdsproxydbClusterProxyProxySecurityGroupFBC47B09:{IndirectPort}": { @@ -1294,7 +1309,10 @@ "aws:cdk:cloudformation:props": { "description": "Allow connections to the database Cluster from the Proxy", "fromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, "groupId": { "Fn::GetAtt": [ @@ -1310,13 +1328,16 @@ ] }, "toPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "from awscdkrdsproxydbClusterProxy2ProxySecurityGroup5B77853F:{IndirectPort}": { @@ -1327,7 +1348,10 @@ "aws:cdk:cloudformation:props": { "description": "Allow connections to the database Cluster from the Proxy", "fromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, "groupId": { "Fn::GetAtt": [ @@ -1343,27 +1367,30 @@ ] }, "toPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup": { "id": "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", "path": "aws-cdk-rds-proxy/dbCluster/AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Secret": { @@ -1396,8 +1423,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Attachment": { @@ -1420,20 +1447,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1485,8 +1512,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBCluster", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Instance1": { @@ -1506,8 +1533,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Instance2": { @@ -1527,8 +1554,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Proxy": { @@ -1543,8 +1570,8 @@ "id": "ImportIAMRole", "path": "aws-cdk-rds-proxy/dbCluster/Proxy/IAMRole/ImportIAMRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1568,8 +1595,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultPolicy": { @@ -1606,20 +1633,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxySecurityGroup": { @@ -1646,14 +1673,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1675,7 +1702,10 @@ "engineFamily": "POSTGRESQL", "requireTls": true, "roleArn": { - "Fn::GetAtt": ["dbClusterProxyIAMRole693E39F5", "Arn"] + "Fn::GetAtt": [ + "dbClusterProxyIAMRole693E39F5", + "Arn" + ] }, "vpcSecurityGroupIds": [ { @@ -1696,8 +1726,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxyTargetGroup": { @@ -1719,14 +1749,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxyTargetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Proxy2": { @@ -1741,8 +1771,8 @@ "id": "ImportIAMRole", "path": "aws-cdk-rds-proxy/dbCluster/Proxy2/IAMRole/ImportIAMRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1766,8 +1796,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultPolicy": { @@ -1804,20 +1834,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxySecurityGroup": { @@ -1844,14 +1874,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1897,8 +1927,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxyTargetGroup": { @@ -1920,84 +1950,1069 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxyTargetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseCluster", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "aws-cdk-rds-proxy/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "aws-cdk-rds-proxy/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "database-proxy-integ-test": { - "id": "database-proxy-integ-test", - "path": "database-proxy-integ-test", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "database-proxy-integ-test/DefaultTest", + "dbClusterWithWriterAndReaders": { + "id": "dbClusterWithWriterAndReaders", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders", "children": { - "Default": { - "id": "Default", - "path": "database-proxy-integ-test/DefaultTest/Default", + "Subnets": { + "id": "Subnets", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Subnets", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Subnets/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Subnets for dbClusterWithWriterAndReaders database", + "subnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, "constructInfo": { "fqn": "constructs.Construct", "version": "10.3.0" } }, - "DeployAssert": { - "id": "DeployAssert", - "path": "database-proxy-integ-test/DefaultTest/DeployAssert", + "SecurityGroup": { + "id": "SecurityGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup", "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "database-proxy-integ-test/DefaultTest/DeployAssert/BootstrapVersion", + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "RDS security group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "database-proxy-integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}": { + "id": "from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Allow connections to the database Cluster from the Proxy", + "fromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "groupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + }, + "toPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}": { + "id": "from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Allow connections to the database Cluster from the Proxy", + "fromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "groupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + }, + "toPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}": { + "id": "from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Allow connections to the database Cluster from the Proxy", + "fromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "groupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" + ] + }, + "toPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup": { + "id": "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Secret": { + "id": "Secret", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "generateSecretString": { + "passwordLength": 30, + "secretStringTemplate": "{\"username\":\"postgres\"}", + "generateStringKey": "password", + "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Attachment": { + "id": "Attachment", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Attachment", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Attachment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::SecretTargetAttachment", + "aws:cdk:cloudformation:props": { + "secretId": { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + "targetId": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "targetType": "AWS::RDS::DBCluster" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBCluster", + "aws:cdk:cloudformation:props": { + "copyTagsToSnapshot": true, + "dbClusterParameterGroupName": "default.aurora-postgresql14", + "dbSubnetGroupName": { + "Ref": "dbClusterWithWriterAndReadersSubnetsD9FBAD2A" + }, + "engine": "aurora-postgresql", + "engineVersion": "14.5", + "masterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:username::}}" + ] + ] + }, + "masterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:password::}}" + ] + ] + }, + "port": 5432, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "writer": { + "id": "writer", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/writer", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/writer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "dbClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "dbInstanceClass": "db.t3.medium", + "engine": "aurora-postgresql", + "promotionTier": 0 + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "reader": { + "id": "reader", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/reader", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/reader/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "dbClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "dbInstanceClass": "db.t3.medium", + "engine": "aurora-postgresql", + "promotionTier": 2 + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Proxy4": { + "id": "Proxy4", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4", + "children": { + "IAMRole": { + "id": "IAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole", + "children": { + "ImportIAMRole": { + "id": "ImportIAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/ImportIAMRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4", + "roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxySecurityGroup": { + "id": "ProxySecurityGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxySecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxySecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "SecurityGroup for Database Proxy", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxy", + "aws:cdk:cloudformation:props": { + "auth": [ + { + "authScheme": "SECRETS", + "iamAuth": "DISABLED", + "secretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "dbProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy401E48F9F", + "engineFamily": "POSTGRESQL", + "requireTls": true, + "roleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2", + "Arn" + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + } + ], + "vpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxyTargetGroup": { + "id": "ProxyTargetGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxyTargetGroup", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxyTargetGroup", + "aws:cdk:cloudformation:props": { + "connectionPoolConfigurationInfo": {}, + "dbClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "dbProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy4C6584761" + }, + "targetGroupName": "default" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Proxy5": { + "id": "Proxy5", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5", + "children": { + "IAMRole": { + "id": "IAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole", + "children": { + "ImportIAMRole": { + "id": "ImportIAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/ImportIAMRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628", + "roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxySecurityGroup": { + "id": "ProxySecurityGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxySecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxySecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "SecurityGroup for Database Proxy", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxy", + "aws:cdk:cloudformation:props": { + "auth": [ + { + "authScheme": "SECRETS", + "iamAuth": "DISABLED", + "secretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "dbProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy5EFD158FA", + "engineFamily": "POSTGRESQL", + "requireTls": true, + "roleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E", + "Arn" + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" + ] + } + ], + "vpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxyTargetGroup": { + "id": "ProxyTargetGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxyTargetGroup", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxyTargetGroup", + "aws:cdk:cloudformation:props": { + "connectionPoolConfigurationInfo": {}, + "dbClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "dbProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy5FA5F5557" + }, + "targetGroupName": "default" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Proxy3": { + "id": "Proxy3", + "path": "aws-cdk-rds-proxy/Proxy3", + "children": { + "IAMRole": { + "id": "IAMRole", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole", + "children": { + "ImportIAMRole": { + "id": "ImportIAMRole", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/ImportIAMRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "Proxy3IAMRoleDefaultPolicyEBD54677", + "roles": [ + { + "Ref": "Proxy3IAMRole26B82D9F" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxySecurityGroup": { + "id": "ProxySecurityGroup", + "path": "aws-cdk-rds-proxy/Proxy3/ProxySecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/ProxySecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "SecurityGroup for Database Proxy", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxy", + "aws:cdk:cloudformation:props": { + "auth": [ + { + "authScheme": "SECRETS", + "iamAuth": "DISABLED", + "secretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "dbProxyName": "awscdkrdsproxyProxy396989E4B", + "engineFamily": "POSTGRESQL", + "requireTls": true, + "roleArn": { + "Fn::GetAtt": [ + "Proxy3IAMRole26B82D9F", + "Arn" + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + } + ], + "vpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxyTargetGroup": { + "id": "ProxyTargetGroup", + "path": "aws-cdk-rds-proxy/Proxy3/ProxyTargetGroup", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxyTargetGroup", + "aws:cdk:cloudformation:props": { + "connectionPoolConfigurationInfo": {}, + "dbClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "dbProxyName": { + "Ref": "Proxy39463A146" + }, + "targetGroupName": "default" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-rds-proxy/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-rds-proxy/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "database-proxy-integ-test": { + "id": "database-proxy-integ-test", + "path": "database-proxy-integ-test", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "database-proxy-integ-test/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "database-proxy-integ-test/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "database-proxy-integ-test/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "database-proxy-integ-test/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "database-proxy-integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -2022,8 +3037,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts index 53c0f38ed3d04..dfda38ebde6ed 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts @@ -52,6 +52,30 @@ cluster.addProxy('Proxy2', { vpc, }); +// With `writer` and `readers` properties instead of the legacy `instanceProps` +const clusterWithWriterAndReaders = new rds.DatabaseCluster(stack, 'dbClusterWithWriterAndReaders', { + engine: rds.DatabaseClusterEngine.auroraPostgres({ + version: rds.AuroraPostgresEngineVersion.VER_14_5, + }), + vpc, + writer: rds.ClusterInstance.provisioned('writer'), + readers: [rds.ClusterInstance.provisioned('reader')], +}); + +new rds.DatabaseProxy(stack, 'Proxy3', { + proxyTarget: rds.ProxyTarget.fromCluster(clusterWithWriterAndReaders), + secrets: [clusterWithWriterAndReaders.secret!], + vpc, +}); +clusterWithWriterAndReaders.addProxy('Proxy4', { + secrets: [clusterWithWriterAndReaders.secret!], + vpc, +}); +clusterWithWriterAndReaders.addProxy('Proxy5', { + secrets: [clusterWithWriterAndReaders.secret!], + vpc, +}); + new integ.IntegTest(app, 'database-proxy-integ-test', { testCases: [stack], diffAssets: true, diff --git a/packages/aws-cdk-lib/aws-rds/lib/proxy.ts b/packages/aws-cdk-lib/aws-rds/lib/proxy.ts index cf076a9668802..6c8ffe2fb1695 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/proxy.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/proxy.ts @@ -533,9 +533,17 @@ export class DatabaseProxy extends DatabaseProxyBase // To avoid this, use `CfnResource.addDependency` to add dependencies on `DatabaseCluster` and `DBInstance`. bindResult.dbClusters?.forEach((cluster) => { cluster.node.children.forEach((child) => { + // Legacy case using the `instanceProps` property of `DatabaseCluster`. if (child instanceof CfnDBInstance) { proxyTargetGroup.addDependency(child); } + // The case of `AuroraClusterInstance` constructs passed via the `writer` and `readers` properties of `DatabaseCluster`. + // We can't use the `AuroraClusterInstance` class to check the type with `instanceof` because the class is not exported. + // The `defaultChild` that the construct has should be a `CfnDBInstance`, so check it. + const resource = child.node.defaultChild; + if (resource instanceof CfnDBInstance) { + proxyTargetGroup.addDependency(resource); + } }); const clusterResource = cluster.node.defaultChild as cdk.CfnResource; if (clusterResource && cdk.CfnResource.isCfnResource(clusterResource)) { diff --git a/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts b/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts index 7c1d76a68a416..b8c31cdcb4595 100644 --- a/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts @@ -558,6 +558,86 @@ describe('proxy', () => { }); }); + test('DBProxyTargetGroup should have dependency on the proxy targets when using cluster with writer and readers properties', () => { + // GIVEN + const cluster = new rds.DatabaseCluster(stack, 'cluster', { + engine: rds.DatabaseClusterEngine.AURORA, + vpc, + writer: rds.ClusterInstance.provisioned('writer'), + readers: [rds.ClusterInstance.provisioned('reader')], + }); + + //WHEN + new rds.DatabaseProxy(stack, 'proxy', { + proxyTarget: rds.ProxyTarget.fromCluster(cluster), + secrets: [cluster.secret!], + vpc, + }); + + // THEN + Template.fromStack(stack).hasResource('AWS::RDS::DBProxyTargetGroup', { + Properties: { + DBProxyName: { + Ref: 'proxy3A1DA9C7', + }, + TargetGroupName: 'default', + }, + DependsOn: [ + 'clusterreaderE226030A', + 'cluster611F8AFF', + 'clusterwriter3FDF01F3', + ], + }); + }); + + test('Correct dependencies are created when multiple DatabaseProxy are created with addProxy for cluster with writer and readers properties', () => { + // GIVEN + const cluster = new rds.DatabaseCluster(stack, 'cluster', { + engine: rds.DatabaseClusterEngine.AURORA, + vpc, + writer: rds.ClusterInstance.provisioned('writer'), + readers: [rds.ClusterInstance.provisioned('reader')], + }); + + //WHEN + cluster.addProxy('Proxy', { + vpc, + secrets: [cluster.secret!], + }); + cluster.addProxy('Proxy2', { + vpc, + secrets: [cluster.secret!], + }); + + // THEN + Template.fromStack(stack).hasResource('AWS::RDS::DBProxyTargetGroup', { + Properties: { + DBProxyName: { + Ref: 'clusterProxy22303E35D', + }, + TargetGroupName: 'default', + }, + DependsOn: [ + 'clusterreaderE226030A', + 'cluster611F8AFF', + 'clusterwriter3FDF01F3', + ], + }); + Template.fromStack(stack).hasResource('AWS::RDS::DBProxyTargetGroup', { + Properties: { + DBProxyName: { + Ref: 'clusterProxyC4BEF551', + }, + TargetGroupName: 'default', + }, + DependsOn: [ + 'clusterreaderE226030A', + 'cluster611F8AFF', + 'clusterwriter3FDF01F3', + ], + }); + }); + describe('clientPasswordAuthType', () => { test('create a DB proxy with specified client password authentication type', () => { // GIVEN From c2889d8339d510f2ffd0eb304b8130db665abfe4 Mon Sep 17 00:00:00 2001 From: Michael Sambol Date: Mon, 9 Sep 2024 11:31:32 -0700 Subject: [PATCH 6/7] chore(neptune-alpha): add engine versions, instance types (#31363) Closes #31244. --- .../@aws-cdk/aws-neptune-alpha/lib/cluster.ts | 20 +++ .../aws-neptune-alpha/lib/instance.ts | 163 +++++++++++++++++- 2 files changed, 181 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts b/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts index cc68d8a49cefd..089333b436237 100644 --- a/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts +++ b/packages/@aws-cdk/aws-neptune-alpha/lib/cluster.ts @@ -76,6 +76,14 @@ export class EngineVersion { * Neptune engine version 1.2.1.0 */ public static readonly V1_2_1_0 = new EngineVersion('1.2.1.0'); + /** + * Neptune engine version 1.2.1.1 + */ + public static readonly V1_2_1_1 = new EngineVersion('1.2.1.1'); + /** + * Neptune engine version 1.2.1.2 + */ + public static readonly V1_2_1_2 = new EngineVersion('1.2.1.2'); /** * Neptune engine version 1.3.0.0 */ @@ -84,6 +92,18 @@ export class EngineVersion { * Neptune engine version 1.3.1.0 */ public static readonly V1_3_1_0 = new EngineVersion('1.3.1.0'); + /** + * Neptune engine version 1.3.2.0 + */ + public static readonly V1_3_2_0 = new EngineVersion('1.3.2.0'); + /** + * Neptune engine version 1.3.2.1 + */ + public static readonly V1_3_2_1 = new EngineVersion('1.3.2.1'); + /** + * Neptune engine version 1.3.3.0 + */ + public static readonly V1_3_3_0 = new EngineVersion('1.3.3.0'); /** * Constructor for specifying a custom engine version diff --git a/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts b/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts index eac8c65df3aa5..a3c8bae9cf389 100644 --- a/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts +++ b/packages/@aws-cdk/aws-neptune-alpha/lib/instance.ts @@ -12,6 +12,75 @@ import { IParameterGroup } from './parameter-group'; * used for defining `DatabaseInstanceProps.instanceType`. */ export class InstanceType { + /** + * db.x2g.large + */ + public static readonly X2G_LARGE = InstanceType.of('db.x2g.large'); + + /** + * db.x2g.xlarge + */ + public static readonly X2G_XLARGE = InstanceType.of('db.x2g.xlarge'); + + /** + * db.x2g.2xlarge + */ + public static readonly X2G_2XLARGE = InstanceType.of('db.x2g.2xlarge'); + + /** + * db.x2g.4xlarge + */ + public static readonly X2G_4XLARGE = InstanceType.of('db.x2g.4xlarge'); + + /** + * db.x2g.8xlarge + */ + public static readonly X2G_8XLARGE = InstanceType.of('db.x2g.8xlarge'); + + /** + * db.x2g.12xlarge + */ + public static readonly X2G_12XLARGE = InstanceType.of('db.x2g.12xlarge'); + + /** + * db.x2g.16xlarge + */ + public static readonly X2G_16XLARGE = InstanceType.of('db.x2g.16xlarge'); + + /** + * db.x2iedn.xlarge + */ + public static readonly X2IEDN_XLARGE = InstanceType.of('db.x2iedn.xlarge'); + + /** + * db.x2iedn.2xlarge + */ + public static readonly X2IEDN_2XLARGE = InstanceType.of('db.x2iedn.2xlarge'); + + /** + * db.x2iedn.4xlarge + */ + public static readonly X2IEDN_4XLARGE = InstanceType.of('db.x2iedn.4xlarge'); + + /** + * db.x2iedn.8xlarge + */ + public static readonly X2IEDN_8XLARGE = InstanceType.of('db.x2iedn.8xlarge'); + + /** + * db.x2iedn.16xlarge + */ + public static readonly X2IEDN_16XLARGE = InstanceType.of('db.x2iedn.16xlarge'); + + /** + * db.x2iedn.24xlarge + */ + public static readonly X2IEDN_24XLARGE = InstanceType.of('db.x2iedn.24xlarge'); + + /** + * db.x2iedn.32xlarge + */ + public static readonly X2IEDN_32XLARGE = InstanceType.of('db.x2iedn.32xlarge'); /** * db.r6g.large @@ -49,9 +118,49 @@ export class InstanceType { public static readonly R6G_16XLARGE = InstanceType.of('db.r6g.16xlarge'); /** - * db.t4g.medium + * db.r6i.large */ - public static readonly T4G_MEDIUM = InstanceType.of('db.t4g.medium'); + public static readonly R6I_LARGE = InstanceType.of('db.r6i.large'); + + /** + * db.r6i.xlarge + */ + public static readonly R6I_XLARGE = InstanceType.of('db.r6i.xlarge'); + + /** + * db.r6i.2xlarge + */ + public static readonly R6I_2XLARGE = InstanceType.of('db.r6i.2xlarge'); + + /** + * db.r6i.4xlarge + */ + public static readonly R6I_4XLARGE = InstanceType.of('db.r6i.4xlarge'); + + /** + * db.r6i.8xlarge + */ + public static readonly R6I_8XLARGE = InstanceType.of('db.r6i.8xlarge'); + + /** + * db.r6i.12xlarge + */ + public static readonly R6I_12XLARGE = InstanceType.of('db.r6i.12xlarge'); + + /** + * db.r6i.16xlarge + */ + public static readonly R6I_16XLARGE = InstanceType.of('db.r6i.16xlarge'); + + /** + * db.r6i.24xlarge + */ + public static readonly R6I_24XLARGE = InstanceType.of('db.r6i.24xlarge'); + + /** + * db.r6i.32xlarge + */ + public static readonly R6I_32XLARGE = InstanceType.of('db.r6i.32xlarge'); /** * db.r5.large @@ -83,11 +192,56 @@ export class InstanceType { */ public static readonly R5_12XLARGE = InstanceType.of('db.r5.12xlarge'); + /** + * db.r5.16xlarge + */ + public static readonly R5_16XLARGE = InstanceType.of('db.r5.16xlarge'); + /** * db.r5.24xlarge */ public static readonly R5_24XLARGE = InstanceType.of('db.r5.24xlarge'); + /** + * db.r5d.large + */ + public static readonly R5D_LARGE = InstanceType.of('db.r5d.large'); + + /** + * db.r5d.xlarge + */ + public static readonly R5D_XLARGE = InstanceType.of('db.r5d.xlarge'); + + /** + * db.r5d.2xlarge + */ + public static readonly R5D_2XLARGE = InstanceType.of('db.r5d.2xlarge'); + + /** + * db.r5d.4xlarge + */ + public static readonly R5D_4XLARGE = InstanceType.of('db.r5d.4xlarge'); + + /** + * db.r5d.8xlarge + */ + public static readonly R5D_8XLARGE = InstanceType.of('db.r5d.8xlarge'); + + /** + * db.r5d.12xlarge + */ + public static readonly R5D_12XLARGE = InstanceType.of('db.r5d.12xlarge'); + + /** + * db.r5d.16xlarge + */ + public static readonly R5D_16XLARGE = InstanceType.of('db.r5d.16xlarge'); + + /** + * db.r5d.24xlarge + */ + public static readonly R5D_24XLARGE = InstanceType.of('db.r5d.24xlarge'); + /** * db.r4.large */ @@ -113,6 +267,11 @@ export class InstanceType { */ public static readonly R4_8XLARGE = InstanceType.of('db.r4.8xlarge'); + /** + * db.t4g.medium + */ + public static readonly T4G_MEDIUM = InstanceType.of('db.t4g.medium'); + /** * db.t3.medium */ From 00043b7bcdc8c961aee4fe60b5f53c2e8a1766e1 Mon Sep 17 00:00:00 2001 From: Kazuho Cryer-Shinozuka Date: Tue, 10 Sep 2024 04:12:14 +0900 Subject: [PATCH 7/7] chore(ec2): add interface VPC endpoints (#31359) ### Issue # (if applicable) None ### Reason for this change There some interface vpc endpoints which is not supported by AWS CDK. ### Description of changes I've added the following VPC endpoints. - airflow.api-fips - airflow.env-fips - applicationinsights - emr-serverless-services.livy - pcs - pcs-fips - pi - pi-fips - q - rbin - service.user-subscriptions - ssm-fips - ssm-quicksetup - timestream-influxdb-fips - wellarchitected Since a PR has already been created for the following endpoints, this PR does not address them. - kinesis-streams-fips (#31350) - dynamodb (#30162) ### Description of how you validated changes These endpoints are obtained from AWS CLI. ```sh $ aws ec2 describe-vpc-endpoint-services --filters Name=service-type,Values=Interface Name=owner,Values=amazon --region us-east-1 --query ServiceNames ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts index 29ac27d97d8f2..2225a2ea48ef9 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts @@ -275,7 +275,9 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly ACCESS_ANALYZER = new InterfaceVpcEndpointAwsService('access-analyzer'); public static readonly ACCOUNT_MANAGEMENT = new InterfaceVpcEndpointAwsService('account'); public static readonly AIRFLOW_API = new InterfaceVpcEndpointAwsService('airflow.api'); + public static readonly AIRFLOW_API_FIPS = new InterfaceVpcEndpointAwsService('airflow.api-fips'); public static readonly AIRFLOW_ENV = new InterfaceVpcEndpointAwsService('airflow.env'); + public static readonly AIRFLOW_ENV_FIPS = new InterfaceVpcEndpointAwsService('airflow.env-fips'); public static readonly AIRFLOW_OPS = new InterfaceVpcEndpointAwsService('airflow.ops'); public static readonly APIGATEWAY = new InterfaceVpcEndpointAwsService('execute-api'); /** @deprecated - Use InterfaceVpcEndpointAwsService.APP_MESH_ENVOY_MANAGEMENT instead. */ @@ -323,6 +325,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly CODEWHISPERER = new InterfaceVpcEndpointAwsService('codewhisperer'); /** @deprecated - Use InterfaceVpcEndpointAwsService.CLOUDWATCH_MONITORING instead. */ public static readonly CLOUDWATCH = new InterfaceVpcEndpointAwsService('monitoring'); + public static readonly CLOUDWATCH_APPLICATION_INSIGHTS = new InterfaceVpcEndpointAwsService('applicationinsights'); public static readonly CLOUDWATCH_APPLICATION_SIGNALS = new InterfaceVpcEndpointAwsService('application-signals'); /** @deprecated - Use InterfaceVpcEndpointAwsService.EVENTBRIDGE instead. */ public static readonly CLOUDWATCH_EVENTS = new InterfaceVpcEndpointAwsService('events'); @@ -395,6 +398,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly EMR = new InterfaceVpcEndpointAwsService('elasticmapreduce'); public static readonly EMR_EKS = new InterfaceVpcEndpointAwsService('emr-containers'); public static readonly EMR_SERVERLESS = new InterfaceVpcEndpointAwsService('emr-serverless'); + public static readonly EMR_SERVERLESS_LIVY = new InterfaceVpcEndpointAwsService('emr-serverless-services.livy'); public static readonly EMR_WAL = new InterfaceVpcEndpointAwsService('emrwal.prod'); public static readonly ENTITY_RESOLUTION = new InterfaceVpcEndpointAwsService('entityresolution'); public static readonly EVENTBRIDGE = new InterfaceVpcEndpointAwsService('events'); @@ -485,6 +489,8 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly OMICS_TAGS = new InterfaceVpcEndpointAwsService('tags-omics'); public static readonly OMICS_WORKFLOWS = new InterfaceVpcEndpointAwsService('workflows-omics'); public static readonly PANORAMA = new InterfaceVpcEndpointAwsService('panorama'); + public static readonly PARALLEL_COMPUTING_SERVICE = new InterfaceVpcEndpointAwsService('pcs'); + public static readonly PARALLEL_COMPUTING_SERVICE_FIPS = new InterfaceVpcEndpointAwsService('pcs-fips'); public static readonly PAYMENT_CRYPTOGRAPHY_CONTROLPLANE = new InterfaceVpcEndpointAwsService('payment-cryptography.controlplane'); public static readonly PAYMENT_CRYTOGRAPHY_DATAPLANE = new InterfaceVpcEndpointAwsService('payment-cryptography.dataplane'); public static readonly PERSONALIZE = new InterfaceVpcEndpointAwsService('personalize'); @@ -505,12 +511,16 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly PROMETHEUS_WORKSPACES = new InterfaceVpcEndpointAwsService('aps-workspaces'); public static readonly PROTON = new InterfaceVpcEndpointAwsService('proton'); public static readonly Q_BUSSINESS = new InterfaceVpcEndpointAwsService('qbusiness', 'aws.api'); + public static readonly Q_DEVELOPER = new InterfaceVpcEndpointAwsService('q'); public static readonly Q_DEVELOPER_CODE_WHISPERER = new InterfaceVpcEndpointAwsService('codewhisperer'); public static readonly Q_DEVELOPER_QAPPS = new InterfaceVpcEndpointAwsService('qapps'); + public static readonly Q_USER_SUBSCRIPTIONS = new InterfaceVpcEndpointAwsService('service.user-subscriptions'); public static readonly QLDB = new InterfaceVpcEndpointAwsService('qldb.session'); public static readonly QUICKSIGHT_WEBSITE = new InterfaceVpcEndpointAwsService('quicksight-website'); public static readonly RDS = new InterfaceVpcEndpointAwsService('rds'); public static readonly RDS_DATA = new InterfaceVpcEndpointAwsService('rds-data'); + public static readonly RDS_PERFORMANCE_INSIGHTS = new InterfaceVpcEndpointAwsService('pi'); + public static readonly RDS_PERFORMANCE_INSIGHTS_FIPS = new InterfaceVpcEndpointAwsService('pi-fips'); public static readonly REDSHIFT = new InterfaceVpcEndpointAwsService('redshift'); public static readonly REDSHIFT_FIPS = new InterfaceVpcEndpointAwsService('redshift-fips'); public static readonly REDSHIFT_DATA = new InterfaceVpcEndpointAwsService('redshift-data'); @@ -523,6 +533,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly REKOGNITION_STREAMING_FIPS = new InterfaceVpcEndpointAwsService('streaming-rekognition-fips'); public static readonly REPOST_SPACE = new InterfaceVpcEndpointAwsService('repostspace'); public static readonly ROBOMAKER = new InterfaceVpcEndpointAwsService('robomaker'); + public static readonly RECYCLE_BIN = new InterfaceVpcEndpointAwsService('rbin'); public static readonly S3 = new InterfaceVpcEndpointAwsService('s3'); public static readonly S3_OUTPOSTS = new InterfaceVpcEndpointAwsService('s3-outposts'); public static readonly S3_MULTI_REGION_ACCESS_POINTS = new InterfaceVpcEndpointAwsService('s3-global.accesspoint', 'com.amazonaws', undefined, { global: true }); @@ -548,9 +559,11 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly SNS = new InterfaceVpcEndpointAwsService('sns'); public static readonly SQS = new InterfaceVpcEndpointAwsService('sqs'); public static readonly SSM = new InterfaceVpcEndpointAwsService('ssm'); + public static readonly SSM_FIPS = new InterfaceVpcEndpointAwsService('ssm-fips'); public static readonly SSM_MESSAGES = new InterfaceVpcEndpointAwsService('ssmmessages'); public static readonly SSM_CONTACTS = new InterfaceVpcEndpointAwsService('ssm-contacts'); public static readonly SSM_INCIDENTS = new InterfaceVpcEndpointAwsService('ssm-incidents'); + public static readonly SSM_QUICK_SETUP = new InterfaceVpcEndpointAwsService('ssm-quicksetup'); public static readonly STEP_FUNCTIONS = new InterfaceVpcEndpointAwsService('states'); public static readonly STEP_FUNCTIONS_SYNC = new InterfaceVpcEndpointAwsService('sync-states'); public static readonly STORAGE_GATEWAY = new InterfaceVpcEndpointAwsService('storagegateway'); @@ -562,12 +575,14 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ public static readonly TEXTRACT = new InterfaceVpcEndpointAwsService('textract'); public static readonly TEXTRACT_FIPS = new InterfaceVpcEndpointAwsService('textract-fips'); public static readonly TIMESTREAM_INFLUXDB = new InterfaceVpcEndpointAwsService('timestream-influxdb'); + public static readonly TIMESTREAM_INFLUXDB_FIPS = new InterfaceVpcEndpointAwsService('timestream-influxdb-fips'); public static readonly TRANSCRIBE = new InterfaceVpcEndpointAwsService('transcribe'); public static readonly TRANSCRIBE_STREAMING = new InterfaceVpcEndpointAwsService('transcribestreaming'); public static readonly TRANSFER = new InterfaceVpcEndpointAwsService('transfer'); public static readonly TRANSFER_SERVER = new InterfaceVpcEndpointAwsService('transfer.server'); public static readonly TRANSLATE = new InterfaceVpcEndpointAwsService('translate'); public static readonly TRUSTED_ADVISOR = new InterfaceVpcEndpointAwsService('trustedadvisor'); + public static readonly WELL_ARCHITECTED_TOOL = new InterfaceVpcEndpointAwsService('wellarchitected'); public static readonly WORKSPACES = new InterfaceVpcEndpointAwsService('workspaces'); public static readonly WORKSPACES_THIN_CLIENT = new InterfaceVpcEndpointAwsService('thinclient.api'); public static readonly XRAY = new InterfaceVpcEndpointAwsService('xray');