Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
(rds): unable to alter master user password when using DatabaseClusterFromSnapshot with snapshotCredentials
See original GitHub issueDescribe the bug
About 2 months ago a this PR got merged, which states that we should be able to alter the master user password of the snapshot using the snapshotCredentials prop. However when using this prop CDK creates a new secret in Secrets Manager, but the master user password still remains unchanged. It seems like the DatabaseSecret that is created is not being used.
Looking at the code of the PR, the masterUserPassword gets changed in the cfnDbCluster while also having the snapshotIdentifier prop. However the docs state to NOT use the masterUserPassword prop together with the snapshotIdentifier prop.
Expected Behavior
When using the snapshotCredentials property with rds.SnapshotCredentials.fromGeneratedSecret() inside the DatabaseClusterFromSnapshot construct. I expect the master user password to be changed to the password that is generated in Secrets Manager.
Current Behavior
A DatabaseSecret is created inside Secrets Manger, however the master user password of the snapshot remains unchanged.
Reproduction Steps
- Create a RDS DB using Aurora Serverless using the
DatabaseClusterconstruct in CDK - Create snapshot
- Add
DatabaseClusterFromSnapshotconstruct to CDK using thesnapshotCredentialswithSnapshotCredentials.fromGeneratedSecret(), and remove theDatabaseClusterconstruct from CDK - Try logging in the DB as master user using the generated DatabaseSecret that is created from the
DatabaseClusterFromSnapshot
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.27.0
Framework Version
No response
Node.js Version
16
OS
Linux
Language
Typescript
Language Version
No response
Other information
No response
Issue Analytics
- State:
- Created a year ago
- Reactions:7
- Comments:13 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@MitchWijt I tried again today and it’s not working for me anymore. I’m not sure if something changed, or I just messed something up the last time I tried. After looking into it more, I’m not sure how it ever could have worked. In all of my testing, including with the integration test, it always uses the previous database password (which is inline with the documentation).
It seems like this issue impacts a significant number of customers, and I’ve tagged it as P1, which means it should be on our near-term roadmap.
We welcome community contributions! If you are able, we encourage you to contribute (https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) a bug fix or new feature to the CDK. If you decide to contribute, please start an engineering discussion in this issue to ensure there is a commonly understood design before submitting code. This will minimize the number of review cycles and get your code merged faster.
I’ve not looked too much into this yet, but RDS just announced a new integration with secretsmanager https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/