[rds]: ability to specify the name for the automatically generated master password in AWS Secrets Manager

[sunshineo]

This was requested in https://github.com/aws/aws-cdk/issues/8984 . But the issue was closed. I looked at the merge request, it seems to provide a way to specify the secret name when attach new secret to the RDS. But what we would prefer is set the name for the auto generated master password that saved in AWS Secrets Manager

@CONJAUMCGCG @hedrall

[skinny85]

Hey @sunshineo ,

thanks for opening the issue. The issue you linked to was closed, because the PR adding that feature was merged (#13626), although not yet released.

Does #13626 cover what you need, or are you looking for something else?

Thanks, Adam

[github-actions[bot]]

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

[sunshineo]

@skinny85 #13626 does not cover what we need. It does not cover what #8984 ask for. #8984 should not have been closed by #13626

One more time: When create an RDS, By default, the master password will be generated and stored in AWS Secrets Manager with auto-generated description.

The name of that secret is auto-generated as well, we want to be able to specify that name

[skinny85]

@sunshineo can you show what code you are using for creating the Cluster?

[sunshineo]

  const vpc = new ec2.Vpc(stack, 'VPC');
  const cluster = new rds.DatabaseCluster(stack, 'Database', {
    engine: rds.DatabaseClusterEngine.auroraMysql({ version: rds.AuroraMysqlEngineVersion.VER_2_08_1 }),
    instances: 3,
    instanceProps: {
      vpcSubnets: {
        subnetType: ec2.SubnetType.PUBLIC,
      },
      vpc,
    },
  })
  cluster.connections.allowFromAnyIpv4(
    new ec2.Port({
      stringRepresentation: '3306',
      protocol: ec2.Protocol.TCP,
      fromPort: 3306,
      toPort: 3306
    }),
    'Open to everyone')
  // We cannot control the name of the rds secret yet
  // This is a workaround to save the secret full arn with a fixed name
  new ssm.StringParameter(stack, 'temporal-rds-secret-full-arn', {
    description: 'The name of the secret for the rds',
    // This will be the name used by cdk8s project to setup temporal
    parameterName: 'temporal-rds-secret-full-arn',
    stringValue: cluster.secret?.secretFullArn || 'nosecret',
    simpleName: true,
  })

[skinny85]

So, using #13626 , you can now do:

        const cluster = new rds.DatabaseCluster(this, 'Database', {
             // other properties same as above...
            credentials: rds.Credentials.fromUsername('admin', {
                secretName: 'my-secret-name',
            }),
        });

Which I believe solves your problem? Or does it not?

[sunshineo]

@skinny85 It works. Thank you very much! I guess I did not understand the merge request. However I do get a deprecated warning on fromUsername

[sunshineo]

I should use fromGeneratedSecret

[github-actions[bot]]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

[sunshineo]

Shit, adding this will destroy the old db and create a new one

[github-actions[bot]]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.