Specify properties of the Secret as part of Database instance - Description, ExcludeCharacters
See original GitHub issueWhen doing new rds.DatabaseInstance(this, 'AppDb', { ... })
, a secret is automatically generated with the database’s connection info. This is super useful, but not quite sufficient for my use case. I’d like to be able to specify the secret properties when creating the RDS instance.
Use Case
I need to specify some other characters to exclude from the generated password (specifically ;
, since I’ll be assembling a semicolon-delimited connection string like Host=abc.com;Port=5432;Username=admin;Password=p@ssw0rd;
).
Proposed Solution
Add a secretProperties
property to the RDS DatabaseInstanceProps
that mixes in any specified options with the defaults when creating the DB secret, e.g.:
const appDbInstance = new DatabaseInstance(this, 'AppDb', {
databaseName: 'AppDb',
engine: DatabaseInstanceEngine.POSTGRES,
engineVersion: '10.9',
secretProperties: {
excludeCharacters: '"@/\\;'
}
});
Other
I would override this manually, but trying this only adds a property to the SecretTargetAttachment
not the Secret itself:
const cfnAppSecret = appDbInstance.secret!.node.defaultChild as CfnSecretTargetAttachment;
cfnAppSecret.addOverride('Properties.GenerateSecretString.ExcludeCharacters', '"@/\\;');
- 👋 I may be able to implement this feature request
- ⚠️ This feature might incur a breaking change
This is a 🚀 Feature Request
Issue Analytics
- State:
- Created 4 years ago
- Reactions:5
- Comments:13 (10 by maintainers)
Top GitHub Comments
You can do this as a workaround:
which will target the
AWS::SecretsManager::Secret
.@skinny85 I think the next and last step involves adding some plumbing to the Aurora module. I’ll take a stab at it tomorrow.