generating rds secret

austinloveless · Oct 6, 2021 · 5844aca · 5844aca
1 parent 3b73324
commit 5844aca
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 11 deletions.
diff --git a/cdk/bin/api.ts b/cdk/bin/api.ts
@@ -6,16 +6,14 @@ import { VpcStack } from "../lib/vpc-stack";
 import { RDSStack } from "../lib/rds-stack";
 
 const app = new cdk.App();
-const rdsPasswordArnSsmParamName = "rds-password-secret-arn" 
 
 // Basic networking
 const vpcStack = new VpcStack(app, "VPCStack");
 
 // RDS Postgres
 const rdsStack = new RDSStack(app, "RDSStack", {
   vpc: vpcStack.vpc,
-  securityGroup: vpcStack.ingressSecurityGroup,
-  rdsPwdSecretArn: process.env.RDS_PWD_ARN || ""
+  securityGroup: vpcStack.ingressSecurityGroup
 });
 
 // Serverless Lambda/API Gateway Graphql API

diff --git a/cdk/lib/cdk-pipeline-stack.ts b/cdk/lib/cdk-pipeline-stack.ts
@@ -21,8 +21,7 @@ class AppStage extends Stage {
 
     this.rdsStack = new RDSStack(this, "RDSStack", {
       vpc: vpcStack.vpc,
-      securityGroup: vpcStack.ingressSecurityGroup,
-      rdsPwdSecretArn: props?.rdsPasswordSecretArn || ""
+      securityGroup: vpcStack.ingressSecurityGroup
     });
 
     this.apiStack = new GraphqlApiStack(this, "APIStack", {

diff --git a/cdk/lib/rds-stack.ts b/cdk/lib/rds-stack.ts
@@ -1,6 +1,5 @@
 require("dotenv").config();
 import { Construct, Stack, StackProps, CfnOutput } from "@aws-cdk/core";
-import { StringParameter } from '@aws-cdk/aws-ssm';
 
 import {
   DatabaseInstance,
@@ -14,7 +13,6 @@ import { SecurityGroup, SubnetType, Vpc } from "@aws-cdk/aws-ec2";
 export interface RDSStackProps extends StackProps {
   vpc: Vpc;
   securityGroup: SecurityGroup;
-  rdsPwdSecretArn: string;
 }
 
 export class RDSStack extends Stack {
@@ -30,10 +28,18 @@ export class RDSStack extends Stack {
 
   constructor(scope: Construct, id: string, props: RDSStackProps) {
     super(scope, id, props);
-
-
-    this.rdsPassword = Secret.fromSecretAttributes(this, "rdsPassword", {
-      secretArn: props.rdsPwdSecretArn
+
+    this.rdsPassword = new Secret(this, "rds-password", {
+      secretName: "rds-password",
+      generateSecretString: {
+        excludeCharacters: `/@" `,
+        excludePunctuation: true,
+        includeSpace: false,
+        excludeNumbers: false,
+        excludeLowercase: false,
+        excludeUppercase: false,
+        passwordLength: 24
+      }
     });
 
     this.postgresRDSInstance = new DatabaseInstance(