rds.Credentials: cannot generate secret even having lots of characters excluded
See original GitHub issueWhat is the problem?
We are getting this error in cloudformation when trying to create a Postgres instance
Reason: The parameter MasterUserPassword is not a valid password. Only printable ASCII characters besides '/', '@', '"', ' ' may be used. (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: d463b57c-d017-415a-abd6-454db4b08d84)
but we have added all the possible character we could think of in the except. Being quick before cloudformation rolledback the secret, we could see all the secret contained were regular characters.
Reproduction Steps
This is how we generate the credentials
credentials = rds.Credentials.from_generated_secret(
username=GENERIC_USERNAME,
secret_name=secret_name,
# Excluding chars by PSQL url restrictions
exclude_characters="^ %+~`#$&*()|[]{}:;,-<>?!'/\\\",="
)
What did you expect to happen?
Create the master password for postgres
What actually happened?
It couldn’t create it
CDK CLI Version
1.125.0
Framework Version
No response
Node.js Version
The one used by codepipeline
OS
The one used by codepipeline
Language
Python
Language Version
No response
Other information
We are having this problem deploying from local and running a codepipeline deploying the cdk.
Issue Analytics
- State:
- Created 2 years ago
- Comments:17 (7 by maintainers)
Top Results From Across the Web
Managing an RDS Proxy - Amazon Relational Database Service
Learn how to modify RDS Proxy and tune it to suit your needs. ... make sure that each connection has identical settings such...
Read more >How to remove the RDS master user password from the ...
Generate the password RDS has some limits on what characters can be included in the password. The --exclude-characters argument tells Secret ...
Read more >aws rds default username
Register a server with the credentials created in step 2. We cannot use / " @ characters in the password. All it does...
Read more >MySQL Password Rotation with AWS Secrets Manager and ...
Even if that worked, there's another problem… (2) The MySQL provider has a tls option, but it only enables TLS. To make a...
Read more >How to store and rotate database credentials using AWS ...
So I have just configured a secret manager to store and even ... and Give Username and password of RDS which will make...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@skinny85 I’lll open a separate issue.
I actually only commented on this old issue, because I wanted “the next person” to have a slightly easier way to fix the problem 😃
There are two problems:
Having the same issue, but with mariaDB and passing the pattern to
secretsmanager.Secret
instead (as I need to also add a secret rotation schedule).Even with the suggested solution pattern (
^%+~
$&*()|[]{}:;,-<>?!'/\",=`) doesn’t fix the problem.My code: