generating rds secret

austinloveless · Oct 6, 2021 · 313c264 · 313c264
1 parent 3b73324
commit 313c264
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 9 deletions.
diff --git a/cdk/bin/api.ts b/cdk/bin/api.ts
@@ -6,7 +6,6 @@ import { VpcStack } from "../lib/vpc-stack";
 import { RDSStack } from "../lib/rds-stack";
 
 const app = new cdk.App();
-const rdsPasswordArnSsmParamName = "rds-password-secret-arn" 
 
 // Basic networking
 const vpcStack = new VpcStack(app, "VPCStack");
@@ -15,7 +14,7 @@ const vpcStack = new VpcStack(app, "VPCStack");
 const rdsStack = new RDSStack(app, "RDSStack", {
   vpc: vpcStack.vpc,
   securityGroup: vpcStack.ingressSecurityGroup,
-  rdsPwdSecretArn: process.env.RDS_PWD_ARN || ""
+  stage: "standalone"
 });
 
 // Serverless Lambda/API Gateway Graphql API

diff --git a/cdk/lib/cdk-pipeline-stack.ts b/cdk/lib/cdk-pipeline-stack.ts
@@ -22,7 +22,7 @@ class AppStage extends Stage {
     this.rdsStack = new RDSStack(this, "RDSStack", {
       vpc: vpcStack.vpc,
       securityGroup: vpcStack.ingressSecurityGroup,
-      rdsPwdSecretArn: props?.rdsPasswordSecretArn || ""
+      stage: id
     });
 
     this.apiStack = new GraphqlApiStack(this, "APIStack", {

diff --git a/cdk/lib/rds-stack.ts b/cdk/lib/rds-stack.ts
@@ -1,6 +1,5 @@
 require("dotenv").config();
 import { Construct, Stack, StackProps, CfnOutput } from "@aws-cdk/core";
-import { StringParameter } from '@aws-cdk/aws-ssm';
 
 import {
   DatabaseInstance,
@@ -13,8 +12,8 @@ import { SecurityGroup, SubnetType, Vpc } from "@aws-cdk/aws-ec2";
 
 export interface RDSStackProps extends StackProps {
   vpc: Vpc;
-  securityGroup: SecurityGroup;
-  rdsPwdSecretArn: string;
+  securityGroup: SecurityGroup, 
+  stage: String
 }
 
 export class RDSStack extends Stack {
@@ -31,9 +30,18 @@ export class RDSStack extends Stack {
   constructor(scope: Construct, id: string, props: RDSStackProps) {
     super(scope, id, props);
 
-
-    this.rdsPassword = Secret.fromSecretAttributes(this, "rdsPassword", {
-      secretArn: props.rdsPwdSecretArn
+    const pwdId = `rds-password-${props.stage}`;
+    this.rdsPassword = new Secret(this, pwdId, {
+      secretName: pwdId,
+      generateSecretString: {
+        excludeCharacters: `/@" `,
+        excludePunctuation: true,
+        includeSpace: false,
+        excludeNumbers: false,
+        excludeLowercase: false,
+        excludeUppercase: false,
+        passwordLength: 24
+      }
     });
 
     this.postgresRDSInstance = new DatabaseInstance(