[rds] Database Secret broken after upgrade to 1.67
See original GitHub issueAfter upgrading a stack from CDK 1.60 to 1.67 not only the password was regenerated without changing the database password (see https://github.com/aws/aws-cdk/issues/10716), also the values for host
, port
, dbName
are entirely missing. Our application cannot access the DB anymore as all connection data was pulled from Secret Manager.
It seems like the changed ExcludeCharacters
value caused a regenerate of the secret.
Environment
- CLI Version :
- Framework Version: 1.67.0
- Node.js Version: 14.11
- OS : MacOS 10.15.7
- Language (Version): TypeScript 4.0.3
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Reactions:12
- Comments:34 (25 by maintainers)
Top Results From Across the Web
Troubleshoot major version upgrade issues in RDS for ...
This procedure identifies any issues that might cause the upgrade to fail. It checks for potential incompatible conditions across all databases.
Read more >AWS: can't connect to RDS database from my machine
It turns out it is not that hard. Do these steps: Go to EC2 Dashboard; Go to Security Groups tab; Select and only...
Read more >Database password rotation with AWS Secrets Manager and ...
Depending on how serious you are about security you may want to consider setting up password rotation for databases. If you're on AWS...
Read more >Different ways to be authenticated in an RDS database - Blog
To rotate the database credentials with this authentication method and without ... After, a secret in AWS Secrets Manager must be created.
Read more >How to Connect to AWS RDS from AWS Lambda
You may be wondering why you need an internet connection, as we have both lambda and the RDS database in the same private...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@jogold Great tip, thanks so much!
The following worked for me:
This is how you can unblock yourself and upgrade (
database
is ards.DatabaseInstance
orrds.DatabaseCluster
in the code below).After this, if you need to reference your secret elsewhere in your code you can still use
database.secret
as it references the attachment and not the secret itself.(your old secret remains in place and linked to your instance/cluster but for the username only: its password is now useless, not in sync with your database anymore)