Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Error when adding s3ImportBucket to RDS Aurora Postgresql #8201

Closed
simon-dk opened this issue May 26, 2020 · 8 comments · Fixed by #10132
Closed

Error when adding s3ImportBucket to RDS Aurora Postgresql #8201

simon-dk opened this issue May 26, 2020 · 8 comments · Fixed by #10132
Assignees
Labels
@aws-cdk/aws-rds Related to Amazon Relational Database bug This issue is a bug. effort/small Small work item – less than a day of effort in-progress This issue is being actively worked on. p1
Milestone

Comments

@simon-dk
Copy link
Contributor

simon-dk commented May 26, 2020

When adding an s3ImportBucket to a standard (non-severless) RDS Aurora Postgresql cluster an error occurs.

When omitting the last line, the cluster works as expected.

    const importBucket = new s3.Bucket(this, 'importbucket');
    const cluster = new rds.DatabaseCluster(this, "Database", {
      engine: rds.DatabaseClusterEngine.AURORA_POSTGRESQL,
      masterUser: { username: "a-username-here" },
      instanceProps: {
        instanceType: ec2.InstanceType.of(
          ec2.InstanceClass.T3,
          ec2.InstanceSize.MEDIUM
        ),
        vpc: props?.vpc!,
        vpcSubnets: { subnetType: ec2.SubnetType.ISOLATED },
      },
      defaultDatabaseName: "a-db-name-here",

      parameterGroup: rds.ParameterGroup.fromParameterGroupName(
        this,
        "ParameterGroup",
        "default.aurora-postgresql11"
      ),
      instances: 1,
      s3ImportBuckets: [importBucket], // <- this creates an error
    });

The error-log shows an error regarding the feature-name:
The feature-name parameter must be provided with the current operation for the Aurora (PostgreSQL) engine. (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: XXX) new DatabaseCluster (/cdkpath/node_modules/@aws-cdk/aws-rds/lib/cluster.ts:438:21)

Environment

  • **CLI Version :1.41
  • **Framework Version:1.41
  • **OS :OSX
  • **Language :TypeScript

This is 🐛 Bug Report

@simon-dk simon-dk added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 26, 2020
@SomayaB SomayaB added @aws-cdk/aws-rds Related to Amazon Relational Database @aws-cdk/aws-s3 Related to Amazon S3 labels May 27, 2020
@nija-at nija-at added p2 and removed @aws-cdk/aws-s3 Related to Amazon S3 needs-triage This issue or PR still needs to be triaged. labels May 27, 2020
@nija-at
Copy link
Contributor

nija-at commented May 27, 2020

The bug is coming from somewhere in here -

if (s3ImportRole) {
clusterAssociatedRoles.push({ roleArn: s3ImportRole.roleArn });
}
if (s3ExportRole) {
clusterAssociatedRoles.push({ roleArn: s3ExportRole.roleArn });
}

We're only setting the roleArn in AssociatedRoles property. It's possible that Postgres requires the FeatureName property to also be set.

@simon-dk
Copy link
Contributor Author

I think you are right. Found a similar terraform issue that mentions that featureName should be present for PostgreSQL although CloudFormation documentations doesn’t set this as a required parameter: hashicorp/terraform-provider-aws#9552

@skinny85 skinny85 added this to the RDS to 'stable' milestone Jul 8, 2020
@nija-at nija-at assigned skinny85 and unassigned nija-at Jul 14, 2020
@skinny85 skinny85 added effort/small Small work item – less than a day of effort p1 and removed p2 labels Jul 20, 2020
@shivlaks shivlaks self-assigned this Jul 23, 2020
@skinny85 skinny85 removed their assignment Aug 14, 2020
@jonny-rimek
Copy link

jonny-rimek commented Aug 22, 2020

is their a workaround? I never tried manipulating the underlying CFN before like here, but I don't get how I can access the variable.

const cfn = auroraPostgres.node.defaultChild as CfnDBCluster
cfn.associatedRoles

as far as I can tell it's inside associatedRoles, but I have no idea how to access it.

Importing csv fiels is a central part of the project I'm building, so this is quite a bummer for me. Maybe it will be fixed in the next release or two, as it is in progress.

@simon-dk
Copy link
Contributor Author

simon-dk commented Aug 25, 2020

I ended up adding the role manually. So in my rds stack i have these lines. After deployment i go to the RDS aws console and add the s3import role manually. Still a bug though.

    const importBucket = new s3.Bucket(this, "importBucket", {});

    const role = new iam.Role(this, "Role", {
      assumedBy: new iam.ServicePrincipal("rds.amazonaws.com"), // required
    });

    role.addToPolicy(
      new iam.PolicyStatement({
        effect: iam.Effect.ALLOW,
        resources: [importBucket.bucketArn, `${importBucket.bucketArn}/*`],
        actions: ["s3:GetObject", "s3:ListBucket"],
      })
    );

    /* Database cluster */
    const cluster = new rds.DatabaseCluster(this, "Database", {
      engine: rds.DatabaseClusterEngine.AURORA_POSTGRESQL,

      masterUser: {
        username: "clusteradmin",
      },

      instanceProps: {
        instanceType: ec2.InstanceType.of(
          ec2.InstanceClass.T3,
          ec2.InstanceSize.MEDIUM
        ),
        vpc: props?.vpc!,
        vpcSubnets: {
          subnetType: ec2.SubnetType.ISOLATED,
        },
      },
      defaultDatabaseName: "main",

      parameterGroup: rds.ParameterGroup.fromParameterGroupName(
        this,
        "ParameterGroup",
        "default.aurora-postgresql11"
      ),
      instances: 1,
      removalPolicy: cdk.RemovalPolicy.RETAIN,
    });

@jonny-rimek
Copy link

thanks for sharing your workaround @Simon-SDK .

I don't understand why can't assign the role in CDK, can you elaborate, please?

@simon-dk
Copy link
Contributor Author

I believe the "import-role" featurename is a special IAM role that RDS Postgres uses to access S3, so although you can create the role, you cant assign it from CDK. And because CDK doesn't "know" that it should create the featurename when you add a importrole or importbuckets to your cluster the creation simply fails. So its just a bug :-)

@jonny-rimek
Copy link

@Simon-SDK it works like a charm thanks for your help. Pretty impressive how fast the import is. I load a ~7mb csv with 100k lines into the db in under a second, with the smallest instance.

looks like we can expect the fix soon a pr is open.

@simon-dk
Copy link
Contributor Author

simon-dk commented Sep 3, 2020

@jonny-rimek Glad I could help :-) The S3 import is wicked fast, you can import several gigabytes in a minute or so on a medium instance.

@SomayaB SomayaB added the in-progress This issue is being actively worked on. label Sep 3, 2020
@mergify mergify bot closed this as completed in #10132 Sep 17, 2020
mergify bot pushed a commit that referenced this issue Sep 17, 2020
…ostgres (#10132)

When the `s3ImportBuckets` or `s3ExportBuckets` properties are set, we also need
to include the name of the feature for the DB instance that the IAM role is to be associated with. 

Excluding the feature name causes a deploy-time failure as follows:
> The feature-name parameter must be provided with the current operation ...

Added an `EngineFeatures` struct to specify the feature name for `s3Import` and `s3Export`

Closes #4419
Closes #8201

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
@aws-cdk/aws-rds Related to Amazon Relational Database bug This issue is a bug. effort/small Small work item – less than a day of effort in-progress This issue is being actively worked on. p1
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants