search

aws-amplify / amplify-category-api

The AWS Amplify CLI is a toolchain for simplifying serverless web and mobile development. This plugin provides functionality for the API category, allowing for the creation and management of GraphQL and REST based backends for your amplify project.
https://docs.amplify.aws/
Apache License 2.0
89 stars 79 forks source link

Adding RDS - No RDS Access Credentials found in the AWS Secret Manager #147

Open Rayv1 opened 3 years ago

Rayv1 commented 3 years ago

Before opening, please confirm:

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

14.17.6

Amplify CLI Version

6.3.1

What operating system are you using?

Ubuntu

Amplify Categories

storage

Amplify Commands

env

Describe the bug

Iam using CDK to deploy our RDS Serverless Cluster and related Secret Manager Secrets. When adding a new env to our App, i can select the RDS Cluster but not the related Secret and amplify throws "No RDS access credentials found in the AWS Secrect Manager." When looking at:

https://github.com/aws-amplify/amplify-cli/blob/81cc461ed5e02b2f296825283993ad026f1126d1/packages/amplify-category-api/src/provider-utils/awscloudformation/service-walkthroughs/appSync-rds-walkthrough.ts#L144-L147

It seems like the name has to be 'rds-db-credentials/${clusterResourceId}'. As we have a different naming convention, we cant name it like this. It would be nice if the secret is not found, that promptWalkthroughQuestion is started with all secrets found in the account.

Expected behavior

If no Secret found with specific name, start promptWalkthroughQuestion with all secrets

Reproduction steps

  1. Create RDS with Secret and name the secret different than 'rds-db-credentials/${clusterResourceId}'
  2. Add new env
  3. Select DB
  4. See Error

GraphQL schema(s)

```graphql # Put schemas below this line ```

Log output

``` # Put your logs below this line ```

Additional information

No response

yuth commented 3 years ago

I have marked this as a feature request. We will pick this up once the task gets prioritized.

Etep15 commented 3 years ago

I too have this issue.

So the fix, for now, is to name the Secrets Manager Secret as rds-db-credentials/]My ARN for my Secret] ? I haven't been able to get it to work this way either.

Rayv1 commented 3 years ago

@Etep15 yes that would be a solution. What I did is to pull the amplify-cli and build my own version without the above code. I then get the list of all Secrets and can select accordingly.

Etep15 commented 3 years ago

So for anyone else running into this issue the key is to use the RESOURCE_ID of the RDS serverless cluster.

Not the ARN and not the DB cluster ID.

On the web console go to your RDS and pick the "Configuration" tab. In there is "Resource ID". This is what you want to use. So when creating your secret in the Secrets Manager the name should look like...

rds-db-credentials/cluster-XXXXXXXXXXXXXXXXXXXX

Obviously all those X's will be replaced with what you have listed as your Resource ID.

Once you have the secret created, run amplify api add-graphql-datasource and it should be happy.