search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.57k stars 3.88k forks source link

rds: secret rotation application should allow custom SemanticVersion #29531

Closed pahud closed 4 months ago

pahud commented 6 months ago

Describe the feature

The SemanticVersion is hardcoded in SecretApplocationRotation and here:

https://github.com/aws/aws-cdk/blob/1fdac0cbb71a84efd3f744ade6a4f49a452968e0/packages/aws-cdk-lib/aws-secretsmanager/lib/secret-rotation.ts#L167

There's no way to allow users to customize the SemanticVersion for that.

Use Case

Some versions might be deprecated because of Lambda runtime deprecation and we can't just update the CDK code for that.

Proposed Solution

We should allow user to specify their desired custom SemanticVersion.

Other Information

Before we have a PR for this, a workaround is like:

  1. look up the latest semanticVersion for the serverless application. For example, this returns the SemanticVersion for us-east-1.
aws serverlessrepo get-application --application-id arn:aws:serverlessrepo:us-east-1:297356227824:applications/SecretsManagerRDSMySQLRotationSingleUser --query ‘Version.SemanticVersion’
“1.1.431”
  1. Override the SemanticVersion with your custom version like:
export class DummyStack extends Stack {
  constructor(scope: Construct, id: string, props: StackProps) {
    super(scope, id, props);  

    const vpc = ec2.Vpc.fromLookup(this, 'Vpc', {isDefault: true });
    const instance = new rds.DatabaseInstance(this, 'Instance', {
      vpc,
      engine: rds.DatabaseInstanceEngine.MYSQL,
    });
    const rotation = instance.addRotationSingleUser();
    const secretRotation = instance.node.tryFindChild('RotationSingleUser') as secrets.SecretRotation;
    (secretRotation.node.defaultChild as sam.CfnApplication).addPropertyOverride('Location.SemanticVersion', '9999');
  }
}

In this sample, I am overriding the SemanticVersion to 9999.

  1. cdk synth and check the template you should see this
 "InstanceRotationSingleUser90E8AB49": {
   "Type": "AWS::Serverless::Application",
   "Properties": {
    "Location": {
     "ApplicationId": {
      "Fn::FindInMap": [
       "InstanceRotationSingleUserSARMappingFEA0C86E",
       {
        "Ref": "AWS::Partition"
       },
       "applicationId"
      ]
     },
     "SemanticVersion": "9999"
    },

Acknowledgements

CDK version used

2.132.0

Environment details (OS name and version, etc.)

all

pahud commented 6 months ago

related https://github.com/aws/aws-cdk/issues/18249

pahud commented 6 months ago

another workaround mentioned https://github.com/aws/aws-cdk/issues/18249#issuecomment-1005121223

github-actions[bot] commented 4 months ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.