From 65422077123fa5870106e29594b8f0392484da3f Mon Sep 17 00:00:00 2001 From: "Kenta Goto (k.goto)" <24818752+go-to-k@users.noreply.github.com> Date: Mon, 9 Sep 2024 19:27:30 +0900 Subject: [PATCH] fix(rds): proxy target group does not depend on database instances when using writer property for database cluster (#31354) ### Issue # (if applicable) Closes #31304 . ### Reason for this change Proxy Target Group should depend on and wait for Aurora instances to be ready before creating CloudFormation resource. (see the issue). Now, the dependency is added when using a legacy `instanceProps`, but not added when using a `writer` property. https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/proxy.ts#L535-L539 (The cluster has `CfnDBInstance` directly when using the `instanceProps`, but it has `AuroraClusterInstance` with `CfnDBInstance` as `defaultChild` when using the `writer`. So the cluster doesn't have the `CfnDBInstance` directly in the latter case.) ### Description of changes Added the dependency when using a `writer` property instead of `instanceProps`. ### Description of how you validated changes Both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-cdk-rds-proxy.assets.json | 6 +- .../aws-cdk-rds-proxy.template.json | 2910 ++++++++++------- .../test/integ.proxy.js.snapshot/cdk.out | 2 +- ...efaultTestDeployAssert1DC3D9D5.assets.json | 2 +- .../test/integ.proxy.js.snapshot/integ.json | 2 +- .../integ.proxy.js.snapshot/manifest.json | 154 +- .../test/integ.proxy.js.snapshot/tree.json | 1497 +++++++-- .../test/aws-rds/test/integ.proxy.ts | 24 + packages/aws-cdk-lib/aws-rds/lib/proxy.ts | 8 + .../aws-cdk-lib/aws-rds/test/proxy.test.ts | 80 + 10 files changed, 3320 insertions(+), 1365 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json index 45550d77e835b..455acf0505f1e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.0", + "version": "36.0.5", "files": { - "f68b974b928e0003a591e50a31664287bf09b26266fd62aff657be66a8ddd553": { + "24c50d70529cefe67615ea76909c26232656878d7c5606e5fe0bbe6313acc3af": { "source": { "path": "aws-cdk-rds-proxy.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "f68b974b928e0003a591e50a31664287bf09b26266fd62aff657be66a8ddd553.json", + "objectKey": "24c50d70529cefe67615ea76909c26232656878d7c5606e5fe0bbe6313acc3af.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json index 8d7cb0c299935..5f3722c21fa1f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json @@ -1,1191 +1,1869 @@ { - "Resources": { - "vpcA2121C38": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc" - } - ] + "Resources": { + "vpcA2121C38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc" + } + ] + } + }, + "vpcPublicSubnet1Subnet2E65531E": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" } + ] }, - "vpcPublicSubnet1Subnet2E65531E": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet1RouteTable48A2DF9B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet1RouteTableAssociation5D3F4579": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" }, - "vpcPublicSubnet1RouteTable48A2DF9B": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + } + } + }, + "vpcPublicSubnet1DefaultRoute10708846": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" }, - "vpcPublicSubnet1RouteTableAssociation5D3F4579": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - } - } + "RouteTableId": { + "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet1EIPDA49DCBE": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ] + } + }, + "vpcPublicSubnet1NATGateway9C16659E": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet1EIPDA49DCBE", + "AllocationId" + ] }, - "vpcPublicSubnet1DefaultRoute10708846": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - }, - "RouteTableId": { - "Ref": "vpcPublicSubnet1RouteTable48A2DF9B" - } - }, - "DependsOn": ["vpcVPCGW7984C166"] - }, - "vpcPublicSubnet1EIPDA49DCBE": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ] + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "vpcPublicSubnet1DefaultRoute10708846", + "vpcPublicSubnet1RouteTableAssociation5D3F4579" + ] + }, + "vpcPublicSubnet2Subnet009B674F": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" } + ] }, - "vpcPublicSubnet1NATGateway9C16659E": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": ["vpcPublicSubnet1EIPDA49DCBE", "AllocationId"] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet1" - } - ] - }, - "DependsOn": [ - "vpcPublicSubnet1DefaultRoute10708846", - "vpcPublicSubnet1RouteTableAssociation5D3F4579" - ] + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet2RouteTableEB40D4CB": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPublicSubnet2RouteTableAssociation21F81B59": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" }, - "vpcPublicSubnet2Subnet009B674F": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + } + } + }, + "vpcPublicSubnet2DefaultRouteA1EC0F60": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "vpcIGWE57CBDCA" }, - "vpcPublicSubnet2RouteTableEB40D4CB": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "RouteTableId": { + "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + } + }, + "DependsOn": [ + "vpcVPCGW7984C166" + ] + }, + "vpcPublicSubnet2EIP9B3743B1": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ] + } + }, + "vpcPublicSubnet2NATGateway9B8AE11A": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "vpcPublicSubnet2EIP9B3743B1", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + }, + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" + } + ] + }, + "DependsOn": [ + "vpcPublicSubnet2DefaultRouteA1EC0F60", + "vpcPublicSubnet2RouteTableAssociation21F81B59" + ] + }, + "vpcPrivateSubnet1Subnet934893E8": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" } + ] }, - "vpcPublicSubnet2RouteTableAssociation21F81B59": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - } + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet1RouteTableB41A48CC": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet1RouteTableAssociation67945127": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + } + } + }, + "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet1NATGateway9C16659E" + }, + "RouteTableId": { + "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" + } + } + }, + "vpcPrivateSubnet2Subnet7031C2BA": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet2RouteTable7280F23E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "vpcPrivateSubnet2RouteTableAssociation007E94D3": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + }, + "SubnetId": { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + } + }, + "vpcPrivateSubnet2DefaultRouteB0E07F99": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" }, - "vpcPublicSubnet2DefaultRouteA1EC0F60": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "vpcIGWE57CBDCA" - }, - "RouteTableId": { - "Ref": "vpcPublicSubnet2RouteTableEB40D4CB" + "RouteTableId": { + "Ref": "vpcPrivateSubnet2RouteTable7280F23E" + } + } + }, + "vpcIGWE57CBDCA": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-cdk-rds-proxy/vpc" + } + ] + } + }, + "vpcVPCGW7984C166": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "vpcIGWE57CBDCA" + }, + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "SecretEncryptionKey40C82244": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] } + }, + "Resource": "*" }, - "DependsOn": ["vpcVPCGW7984C166"] - }, - "vpcPublicSubnet2EIP9B3743B1": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ] - } - }, - "vpcPublicSubnet2NATGateway9B8AE11A": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "AllocationId": { - "Fn::GetAtt": ["vpcPublicSubnet2EIP9B3743B1", "AllocationId"] - }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - }, - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PublicSubnet2" - } - ] + { + "Action": [ + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Condition": { + "StringEquals": { + "kms:ViaService": { + "Fn::Join": [ + "", + [ + "secretsmanager.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" }, - "DependsOn": [ - "vpcPublicSubnet2DefaultRouteA1EC0F60", - "vpcPublicSubnet2RouteTableAssociation21F81B59" - ] - }, - "vpcPrivateSubnet1Subnet934893E8": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 0, + { + "Action": "kms:Decrypt", + "Condition": { + "StringEquals": { + "kms:ViaService": { + "Fn::Join": [ + "", + [ + "secretsmanager.", { - "Fn::GetAZs": "" - } + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] ] - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" + } } - } - }, - "vpcPrivateSubnet1RouteTableB41A48CC": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" + }, + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] } + }, + "Resource": "*" } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "dbInstanceSubnetGroupD062EC9E": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnet group for dbInstance database", + "SubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbInstanceSecurityGroupA58A00A3": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Security group for dbInstance database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbInstanceSecurityGroupfromawscdkrdsproxydbProxyProxySecurityGroupA345AFE5IndirectPortE3621D4F": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Instance from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] }, - "vpcPrivateSubnet1RouteTableAssociation67945127": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - } - } + "GroupId": { + "Fn::GetAtt": [ + "dbInstanceSecurityGroupA58A00A3", + "GroupId" + ] }, - "vpcPrivateSubnet1DefaultRoute1AA8E2E5": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet1NATGateway9C16659E" - }, - "RouteTableId": { - "Ref": "vpcPrivateSubnet1RouteTableB41A48CC" - } - } + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbProxyProxySecurityGroup16E727A7", + "GroupId" + ] }, - "vpcPrivateSubnet2Subnet7031C2BA": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "ToPort": { + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] + } + } + }, + "dbInstanceSecret032D3661": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] }, - "vpcPrivateSubnet2RouteTable7280F23E": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc/PrivateSubnet2" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "GenerateSecretString": { + "ExcludeCharacters": "\"@/\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"master\"}" }, - "vpcPrivateSubnet2RouteTableAssociation007E94D3": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - }, - "SubnetId": { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - } + "KmsKeyId": { + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbInstanceSecretAttachment88CFBDAE": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "dbInstanceSecret032D3661" }, - "vpcPrivateSubnet2DefaultRouteB0E07F99": { - "Type": "AWS::EC2::Route", - "Properties": { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "vpcPublicSubnet2NATGateway9B8AE11A" - }, - "RouteTableId": { - "Ref": "vpcPrivateSubnet2RouteTable7280F23E" - } - } + "TargetId": { + "Ref": "dbInstance4076B1EC" }, - "vpcIGWE57CBDCA": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-cdk-rds-proxy/vpc" - } - ] - } + "TargetType": "AWS::RDS::DBInstance" + } + }, + "dbInstance4076B1EC": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "AllocatedStorage": "100", + "CopyTagsToSnapshot": true, + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "dbInstanceSubnetGroupD062EC9E" }, - "vpcVPCGW7984C166": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "InternetGatewayId": { - "Ref": "vpcIGWE57CBDCA" - }, - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "Engine": "postgres", + "EngineVersion": "16.3", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbInstanceSecret032D3661" + }, + ":SecretString:password::}}" + ] + ] }, - "SecretEncryptionKey40C82244": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Condition": { - "StringEquals": { - "kms:ViaService": { - "Fn::Join": [ - "", - [ - "secretsmanager.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - }, - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": "kms:Decrypt", - "Condition": { - "StringEquals": { - "kms:ViaService": { - "Fn::Join": [ - "", - [ - "secretsmanager.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - }, - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - } + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbInstanceSecret032D3661" + }, + ":SecretString:username::}}" + ] + ] + }, + "StorageType": "gp2", + "VPCSecurityGroups": [ + { + "Fn::GetAtt": [ + "dbInstanceSecurityGroupA58A00A3", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbProxyIAMRole662F3AB8": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "dbProxyIAMRoleDefaultPolicy99AB98F3": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbInstanceSecretAttachment88CFBDAE" + } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "dbInstanceSubnetGroupD062EC9E": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Subnet group for dbInstance database", - "SubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } + { + "Action": "kms:Decrypt", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" ] + } } + ], + "Version": "2012-10-17" }, - "dbInstanceSecurityGroupA58A00A3": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Security group for dbInstance database", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "PolicyName": "dbProxyIAMRoleDefaultPolicy99AB98F3", + "Roles": [ + { + "Ref": "dbProxyIAMRole662F3AB8" + } + ] + } + }, + "dbProxyProxySecurityGroup16E727A7": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbProxy3B89EAF2": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "ClientPasswordAuthType": "POSTGRES_SCRAM_SHA_256", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbInstanceSecretAttachment88CFBDAE" } + } + ], + "DBProxyName": "awscdkrdsproxydbProxy0E60A1B7", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] }, - "dbInstanceSecurityGroupfromawscdkrdsproxydbProxyProxySecurityGroupA345AFE5IndirectPortE3621D4F": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "Description": "Allow connections to the database Instance from the Proxy", - "FromPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] - }, - "GroupId": { - "Fn::GetAtt": ["dbInstanceSecurityGroupA58A00A3", "GroupId"] - }, - "IpProtocol": "tcp", - "SourceSecurityGroupId": { - "Fn::GetAtt": ["dbProxyProxySecurityGroup16E727A7", "GroupId"] - }, - "ToPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] - } - } + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbProxyProxySecurityGroup16E727A7", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbProxyProxyTargetGroup8DA26A77": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": { + "ConnectionBorrowTimeout": 30, + "MaxConnectionsPercent": 50 }, - "dbInstanceSecret032D3661": { - "Type": "AWS::SecretsManager::Secret", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName" - } - ] - ] - }, - "GenerateSecretString": { - "ExcludeCharacters": "\"@/\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{\"username\":\"master\"}" - }, - "KmsKeyId": { - "Fn::GetAtt": ["SecretEncryptionKey40C82244", "Arn"] - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbInstanceSecretAttachment88CFBDAE": { - "Type": "AWS::SecretsManager::SecretTargetAttachment", - "Properties": { - "SecretId": { - "Ref": "dbInstanceSecret032D3661" - }, - "TargetId": { - "Ref": "dbInstance4076B1EC" - }, - "TargetType": "AWS::RDS::DBInstance" - } + "DBInstanceIdentifiers": [ + { + "Ref": "dbInstance4076B1EC" + } + ], + "DBProxyName": { + "Ref": "dbProxy3B89EAF2" }, - "dbInstance4076B1EC": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "AllocatedStorage": "100", - "CopyTagsToSnapshot": true, - "DBInstanceClass": "db.t3.medium", - "DBSubnetGroupName": { - "Ref": "dbInstanceSubnetGroupD062EC9E" - }, - "Engine": "postgres", - "EngineVersion": "16.3", - "MasterUserPassword": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbInstanceSecret032D3661" - }, - ":SecretString:password::}}" - ] - ] - }, - "MasterUsername": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbInstanceSecret032D3661" - }, - ":SecretString:username::}}" - ] - ] - }, - "StorageType": "gp2", - "VPCSecurityGroups": [ - { - "Fn::GetAtt": ["dbInstanceSecurityGroupA58A00A3", "GroupId"] - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbProxyIAMRole662F3AB8": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "rds.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } + "TargetGroupName": "default" + } + }, + "dbClusterSubnets03B9B0E1": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnets for dbCluster database", + "SubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterSecurityGroupCAA1A91F": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "RDS security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxyProxySecurityGroupFBC47B09IndirectPort152B2D99": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, - "dbProxyIAMRoleDefaultPolicy99AB98F3": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": { - "Ref": "dbInstanceSecretAttachment88CFBDAE" - } - }, - { - "Action": "kms:Decrypt", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": ["SecretEncryptionKey40C82244", "Arn"] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "dbProxyIAMRoleDefaultPolicy99AB98F3", - "Roles": [ - { - "Ref": "dbProxyIAMRole662F3AB8" - } - ] - } + "GroupId": { + "Fn::GetAtt": [ + "dbClusterSecurityGroupCAA1A91F", + "GroupId" + ] }, - "dbProxyProxySecurityGroup16E727A7": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "SecurityGroup for Database Proxy", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterProxyProxySecurityGroup170F327D", + "GroupId" + ] }, - "dbProxy3B89EAF2": { - "Type": "AWS::RDS::DBProxy", - "Properties": { - "Auth": [ - { - "AuthScheme": "SECRETS", - "ClientPasswordAuthType": "POSTGRES_SCRAM_SHA_256", - "IAMAuth": "DISABLED", - "SecretArn": { - "Ref": "dbInstanceSecretAttachment88CFBDAE" - } - } - ], - "DBProxyName": "awscdkrdsproxydbProxy0E60A1B7", - "EngineFamily": "POSTGRESQL", - "RequireTLS": true, - "RoleArn": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] - }, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": ["dbProxyProxySecurityGroup16E727A7", "GroupId"] - } - ], - "VpcSubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] - } + "ToPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] + } + } + }, + "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxy2ProxySecurityGroup5B77853FIndirectPort61009070": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, - "dbProxyProxyTargetGroup8DA26A77": { - "Type": "AWS::RDS::DBProxyTargetGroup", - "Properties": { - "ConnectionPoolConfigurationInfo": { - "ConnectionBorrowTimeout": 30, - "MaxConnectionsPercent": 50 - }, - "DBInstanceIdentifiers": [ - { - "Ref": "dbInstance4076B1EC" - } - ], - "DBProxyName": { - "Ref": "dbProxy3B89EAF2" - }, - "TargetGroupName": "default" - } + "GroupId": { + "Fn::GetAtt": [ + "dbClusterSecurityGroupCAA1A91F", + "GroupId" + ] }, - "dbClusterSubnets03B9B0E1": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Subnets for dbCluster database", - "SubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] - } + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterProxy2ProxySecurityGroupB44507AE", + "GroupId" + ] }, - "dbClusterSecurityGroupCAA1A91F": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "RDS security group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } - } + "ToPort": { + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] + } + } + }, + "dbClusterSecretCEA6D7B6": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] }, - "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxyProxySecurityGroupFBC47B09IndirectPort152B2D99": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "Description": "Allow connections to the database Cluster from the Proxy", - "FromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - }, - "GroupId": { - "Fn::GetAtt": ["dbClusterSecurityGroupCAA1A91F", "GroupId"] - }, - "IpProtocol": "tcp", - "SourceSecurityGroupId": { - "Fn::GetAtt": ["dbClusterProxyProxySecurityGroup170F327D", "GroupId"] - }, - "ToPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - } - } + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"postgres\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterSecretAttachmentAB67A752": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "dbClusterSecretCEA6D7B6" }, - "dbClusterSecurityGroupfromawscdkrdsproxydbClusterProxy2ProxySecurityGroup5B77853FIndirectPort61009070": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "Description": "Allow connections to the database Cluster from the Proxy", - "FromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - }, - "GroupId": { - "Fn::GetAtt": ["dbClusterSecurityGroupCAA1A91F", "GroupId"] - }, - "IpProtocol": "tcp", - "SourceSecurityGroupId": { - "Fn::GetAtt": ["dbClusterProxy2ProxySecurityGroupB44507AE", "GroupId"] - }, - "ToPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] - } - } + "TargetId": { + "Ref": "dbClusterE86E47AE" }, - "dbClusterSecretCEA6D7B6": { - "Type": "AWS::SecretsManager::Secret", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName" - } - ] - ] - }, - "GenerateSecretString": { - "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{\"username\":\"postgres\"}" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbClusterSecretAttachmentAB67A752": { - "Type": "AWS::SecretsManager::SecretTargetAttachment", - "Properties": { - "SecretId": { - "Ref": "dbClusterSecretCEA6D7B6" - }, - "TargetId": { - "Ref": "dbClusterE86E47AE" - }, - "TargetType": "AWS::RDS::DBCluster" - } + "TargetType": "AWS::RDS::DBCluster" + } + }, + "dbClusterE86E47AE": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-postgresql14", + "DBSubnetGroupName": { + "Ref": "dbClusterSubnets03B9B0E1" }, - "dbClusterE86E47AE": { - "Type": "AWS::RDS::DBCluster", - "Properties": { - "CopyTagsToSnapshot": true, - "DBClusterParameterGroupName": "default.aurora-postgresql14", - "DBSubnetGroupName": { - "Ref": "dbClusterSubnets03B9B0E1" - }, - "Engine": "aurora-postgresql", - "EngineVersion": "14.5", - "MasterUserPassword": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbClusterSecretCEA6D7B6" - }, - ":SecretString:password::}}" - ] - ] - }, - "MasterUsername": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "dbClusterSecretCEA6D7B6" - }, - ":SecretString:username::}}" - ] - ] - }, - "Port": 5432, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": ["dbClusterSecurityGroupCAA1A91F", "GroupId"] - } - ] - }, - "UpdateReplacePolicy": "Snapshot", - "DeletionPolicy": "Snapshot" - }, - "dbClusterInstance1BCE092AC": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "DBClusterIdentifier": { - "Ref": "dbClusterE86E47AE" - }, - "DBInstanceClass": "db.t3.medium", - "DBSubnetGroupName": { - "Ref": "dbClusterSubnets03B9B0E1" - }, - "Engine": "aurora-postgresql" - }, - "DependsOn": [ - "vpcPrivateSubnet1DefaultRoute1AA8E2E5", - "vpcPrivateSubnet1RouteTableAssociation67945127", - "vpcPrivateSubnet2DefaultRouteB0E07F99", - "vpcPrivateSubnet2RouteTableAssociation007E94D3" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbClusterInstance20BA1ECD9": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "DBClusterIdentifier": { - "Ref": "dbClusterE86E47AE" - }, - "DBInstanceClass": "db.t3.medium", - "DBSubnetGroupName": { - "Ref": "dbClusterSubnets03B9B0E1" - }, - "Engine": "aurora-postgresql" - }, - "DependsOn": [ - "vpcPrivateSubnet1DefaultRoute1AA8E2E5", - "vpcPrivateSubnet1RouteTableAssociation67945127", - "vpcPrivateSubnet2DefaultRouteB0E07F99", - "vpcPrivateSubnet2RouteTableAssociation007E94D3" - ], - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "dbClusterProxyIAMRole693E39F5": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "rds.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } + "Engine": "aurora-postgresql", + "EngineVersion": "14.5", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterSecretCEA6D7B6" + }, + ":SecretString:password::}}" + ] + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterSecretCEA6D7B6" + }, + ":SecretString:username::}}" + ] + ] + }, + "Port": 5432, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterSecurityGroupCAA1A91F", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" + }, + "dbClusterInstance1BCE092AC": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterE86E47AE" + }, + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "dbClusterSubnets03B9B0E1" + }, + "Engine": "aurora-postgresql" + }, + "DependsOn": [ + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterInstance20BA1ECD9": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterE86E47AE" + }, + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "dbClusterSubnets03B9B0E1" + }, + "Engine": "aurora-postgresql" + }, + "DependsOn": [ + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterProxyIAMRole693E39F5": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterProxyIAMRoleDefaultPolicyEEE23224": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterSecretAttachmentAB67A752" + } } + ], + "Version": "2012-10-17" }, - "dbClusterProxyIAMRoleDefaultPolicyEEE23224": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "dbClusterProxyIAMRoleDefaultPolicyEEE23224", - "Roles": [ - { - "Ref": "dbClusterProxyIAMRole693E39F5" - } - ] + "PolicyName": "dbClusterProxyIAMRoleDefaultPolicyEEE23224", + "Roles": [ + { + "Ref": "dbClusterProxyIAMRole693E39F5" + } + ] + } + }, + "dbClusterProxyProxySecurityGroup170F327D": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterProxyAB5F8181": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterSecretAttachmentAB67A752" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterProxyE88930B6", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterProxyIAMRole693E39F5", + "Arn" + ] }, - "dbClusterProxyProxySecurityGroup170F327D": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "SecurityGroup for Database Proxy", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterProxyProxySecurityGroup170F327D", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterProxyProxyTargetGroupB7010C0D": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterE86E47AE" + } + ], + "DBProxyName": { + "Ref": "dbClusterProxyAB5F8181" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterInstance1BCE092AC", + "dbClusterInstance20BA1ECD9", + "dbClusterE86E47AE" + ] + }, + "dbClusterProxy2IAMRole190D217C": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterSecretAttachmentAB67A752" + } + } + ], + "Version": "2012-10-17" }, - "dbClusterProxyAB5F8181": { - "Type": "AWS::RDS::DBProxy", - "Properties": { - "Auth": [ - { - "AuthScheme": "SECRETS", - "IAMAuth": "DISABLED", - "SecretArn": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "DBProxyName": "awscdkrdsproxydbClusterProxyE88930B6", - "EngineFamily": "POSTGRESQL", - "RequireTLS": true, - "RoleArn": { - "Fn::GetAtt": ["dbClusterProxyIAMRole693E39F5", "Arn"] - }, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": [ - "dbClusterProxyProxySecurityGroup170F327D", - "GroupId" - ] - } - ], - "VpcSubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] + "PolicyName": "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8", + "Roles": [ + { + "Ref": "dbClusterProxy2IAMRole190D217C" + } + ] + } + }, + "dbClusterProxy2ProxySecurityGroupB44507AE": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterProxy28BBD43D5": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterSecretAttachmentAB67A752" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterProxy27493E9A7", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterProxy2IAMRole190D217C", + "Arn" + ] }, - "dbClusterProxyProxyTargetGroupB7010C0D": { - "Type": "AWS::RDS::DBProxyTargetGroup", - "Properties": { - "ConnectionPoolConfigurationInfo": {}, - "DBClusterIdentifiers": [ - { - "Ref": "dbClusterE86E47AE" - } - ], - "DBProxyName": { - "Ref": "dbClusterProxyAB5F8181" - }, - "TargetGroupName": "default" - }, - "DependsOn": [ - "dbClusterInstance1BCE092AC", - "dbClusterInstance20BA1ECD9", - "dbClusterE86E47AE" + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterProxy2ProxySecurityGroupB44507AE", + "GroupId" ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterProxy2ProxyTargetGroup8BD48F57": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterE86E47AE" + } + ], + "DBProxyName": { + "Ref": "dbClusterProxy28BBD43D5" }, - "dbClusterProxy2IAMRole190D217C": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "rds.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterInstance1BCE092AC", + "dbClusterInstance20BA1ECD9", + "dbClusterE86E47AE" + ] + }, + "dbClusterWithWriterAndReadersSubnetsD9FBAD2A": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnets for dbClusterWithWriterAndReaders database", + "SubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "RDS security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxyProxy3ProxySecurityGroup211267B8IndirectPort9336325A": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8FIndirectPort905C5505": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AFIndirectPort5D2FF883": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "Allow connections to the database Cluster from the Proxy", + "FromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "GroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" + ] + }, + "ToPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "dbClusterWithWriterAndReadersSecret3ED37A64": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"postgres\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterWithWriterAndReadersSecretAttachment9F7B2148": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + "TargetId": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "TargetType": "AWS::RDS::DBCluster" + } + }, + "dbClusterWithWriterAndReaders6627D259": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-postgresql14", + "DBSubnetGroupName": { + "Ref": "dbClusterWithWriterAndReadersSubnetsD9FBAD2A" + }, + "Engine": "aurora-postgresql", + "EngineVersion": "14.5", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:password::}}" + ] + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:username::}}" + ] + ] + }, + "Port": 5432, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" + }, + "dbClusterWithWriterAndReaderswriter6BAC1240": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "DBInstanceClass": "db.t3.medium", + "Engine": "aurora-postgresql", + "PromotionTier": 0 + }, + "DependsOn": [ + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterWithWriterAndReadersreader042B2B99": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "DBInstanceClass": "db.t3.medium", + "Engine": "aurora-postgresql", + "PromotionTier": 2 + }, + "DependsOn": [ + "dbClusterWithWriterAndReaderswriter6BAC1240", + "vpcPrivateSubnet1DefaultRoute1AA8E2E5", + "vpcPrivateSubnet1RouteTableAssociation67945127", + "vpcPrivateSubnet2DefaultRouteB0E07F99", + "vpcPrivateSubnet2RouteTableAssociation007E94D3" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" }, - "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "dbClusterProxy2IAMRoleDefaultPolicyFD9414D8", - "Roles": [ - { - "Ref": "dbClusterProxy2IAMRole190D217C" - } - ] + "PolicyName": "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4", + "Roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterWithWriterAndReadersProxy4C6584761": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy401E48F9F", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2", + "Arn" + ] }, - "dbClusterProxy2ProxySecurityGroupB44507AE": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "SecurityGroup for Database Proxy", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Ref": "vpcA2121C38" - } + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy4ProxyTargetGroup69B133B1": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "DBProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy4C6584761" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterWithWriterAndReadersreader042B2B99", + "dbClusterWithWriterAndReaders6627D259", + "dbClusterWithWriterAndReaderswriter6BAC1240" + ] + }, + "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } } + ], + "Version": "2012-10-17" + } + } + }, + "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" }, - "dbClusterProxy28BBD43D5": { - "Type": "AWS::RDS::DBProxy", - "Properties": { - "Auth": [ - { - "AuthScheme": "SECRETS", - "IAMAuth": "DISABLED", - "SecretArn": { - "Ref": "dbClusterSecretAttachmentAB67A752" - } - } - ], - "DBProxyName": "awscdkrdsproxydbClusterProxy27493E9A7", - "EngineFamily": "POSTGRESQL", - "RequireTLS": true, - "RoleArn": { - "Fn::GetAtt": ["dbClusterProxy2IAMRole190D217C", "Arn"] - }, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": [ - "dbClusterProxy2ProxySecurityGroupB44507AE", - "GroupId" - ] - } - ], - "VpcSubnetIds": [ - { - "Ref": "vpcPrivateSubnet1Subnet934893E8" - }, - { - "Ref": "vpcPrivateSubnet2Subnet7031C2BA" - } - ] + "PolicyName": "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628", + "Roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "dbClusterWithWriterAndReadersProxy5FA5F5557": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" } + } + ], + "DBProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy5EFD158FA", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E", + "Arn" + ] }, - "dbClusterProxy2ProxyTargetGroup8BD48F57": { - "Type": "AWS::RDS::DBProxyTargetGroup", - "Properties": { - "ConnectionPoolConfigurationInfo": {}, - "DBClusterIdentifiers": [ - { - "Ref": "dbClusterE86E47AE" - } - ], - "DBProxyName": { - "Ref": "dbClusterProxy28BBD43D5" - }, - "TargetGroupName": "default" - }, - "DependsOn": [ - "dbClusterInstance1BCE092AC", - "dbClusterInstance20BA1ECD9", - "dbClusterE86E47AE" + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "dbClusterWithWriterAndReadersProxy5ProxyTargetGroupE76C811F": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "DBProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy5FA5F5557" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterWithWriterAndReadersreader042B2B99", + "dbClusterWithWriterAndReaders6627D259", + "dbClusterWithWriterAndReaderswriter6BAC1240" + ] + }, + "Proxy3IAMRole26B82D9F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" } + } + }, + "Proxy3IAMRoleDefaultPolicyEBD54677": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "Proxy3IAMRoleDefaultPolicyEBD54677", + "Roles": [ + { + "Ref": "Proxy3IAMRole26B82D9F" + } + ] + } }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + "Proxy3ProxySecurityGroupF29F0434": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SecurityGroup for Database Proxy", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "vpcA2121C38" } + } }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - ["1", "2", "3", "4", "5"], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } + "Proxy39463A146": { + "Type": "AWS::RDS::DBProxy", + "Properties": { + "Auth": [ + { + "AuthScheme": "SECRETS", + "IAMAuth": "DISABLED", + "SecretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "DBProxyName": "awscdkrdsproxyProxy396989E4B", + "EngineFamily": "POSTGRESQL", + "RequireTLS": true, + "RoleArn": { + "Fn::GetAtt": [ + "Proxy3IAMRole26B82D9F", + "Arn" + ] + }, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + } + ], + "VpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "Proxy3ProxyTargetGroup5A623A38": { + "Type": "AWS::RDS::DBProxyTargetGroup", + "Properties": { + "ConnectionPoolConfigurationInfo": {}, + "DBClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "DBProxyName": { + "Ref": "Proxy39463A146" + }, + "TargetGroupName": "default" + }, + "DependsOn": [ + "dbClusterWithWriterAndReadersreader042B2B99", + "dbClusterWithWriterAndReaders6627D259", + "dbClusterWithWriterAndReaderswriter6BAC1240" + ] + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } + ] } -} + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out index 1f0068d32659a..bd5311dc372de 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"36.0.5"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json index a2b39265333af..2f779cc54513c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/databaseproxyintegtestDefaultTestDeployAssert1DC3D9D5.assets.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json index 5edeed336de2c..86fe159acd460 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "testCases": { "database-proxy-integ-test/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json index d5cd0fa6a2610..bf694779d2b9d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.5", "artifacts": { "aws-cdk-rds-proxy.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f68b974b928e0003a591e50a31664287bf09b26266fd62aff657be66a8ddd553.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/24c50d70529cefe67615ea76909c26232656878d7c5606e5fe0bbe6313acc3af.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -358,6 +358,156 @@ "data": "dbClusterProxy2ProxyTargetGroup8BD48F57" } ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Subnets/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSubnetsD9FBAD2A" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroup1D462CCA" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxyProxy3ProxySecurityGroup211267B8IndirectPort9336325A" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8FIndirectPort905C5505" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecurityGroupfromawscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AFIndirectPort5D2FF883" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecret3ED37A64" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Attachment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReaders6627D259" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/writer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReaderswriter6BAC1240" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/reader/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersreader042B2B99" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxySecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4C6584761" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxyTargetGroup": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy4ProxyTargetGroup69B133B1" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxySecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5FA5F5557" + } + ], + "/aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxyTargetGroup": [ + { + "type": "aws:cdk:logicalId", + "data": "dbClusterWithWriterAndReadersProxy5ProxyTargetGroupE76C811F" + } + ], + "/aws-cdk-rds-proxy/Proxy3/IAMRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3IAMRole26B82D9F" + } + ], + "/aws-cdk-rds-proxy/Proxy3/IAMRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3IAMRoleDefaultPolicyEBD54677" + } + ], + "/aws-cdk-rds-proxy/Proxy3/ProxySecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3ProxySecurityGroupF29F0434" + } + ], + "/aws-cdk-rds-proxy/Proxy3/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy39463A146" + } + ], + "/aws-cdk-rds-proxy/Proxy3/ProxyTargetGroup": [ + { + "type": "aws:cdk:logicalId", + "data": "Proxy3ProxyTargetGroup5A623A38" + } + ], "/aws-cdk-rds-proxy/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json index 87d132f060e44..28db74f6c2be6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/tree.json @@ -31,8 +31,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PublicSubnet1": { @@ -75,16 +75,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PublicSubnet1/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -105,8 +105,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -124,8 +124,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -144,8 +144,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "EIP": { @@ -164,8 +164,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "NATGateway": { @@ -192,14 +192,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PublicSubnet2": { @@ -242,16 +242,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PublicSubnet2/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -272,8 +272,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -291,8 +291,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -311,8 +311,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "EIP": { @@ -331,8 +331,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "NATGateway": { @@ -359,14 +359,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PrivateSubnet1": { @@ -409,16 +409,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PrivateSubnet1/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -439,8 +439,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -458,8 +458,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -478,14 +478,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "PrivateSubnet2": { @@ -528,16 +528,16 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Acl": { "id": "Acl", "path": "aws-cdk-rds-proxy/vpc/PrivateSubnet2/Acl", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTable": { @@ -558,8 +558,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "RouteTableAssociation": { @@ -577,8 +577,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultRoute": { @@ -597,14 +597,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "IGW": { @@ -622,8 +622,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "VPCGW": { @@ -641,14 +641,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.Vpc", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SecretEncryptionKey": { @@ -753,7 +753,10 @@ "Effect": "Allow", "Principal": { "AWS": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] } }, "Resource": "*" @@ -764,14 +767,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.CfnKey", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_kms.Key", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "dbInstance": { @@ -800,14 +803,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SecurityGroup": { @@ -834,8 +837,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "from awscdkrdsproxydbProxyProxySecurityGroupA345AFE5:{IndirectPort}": { @@ -846,7 +849,10 @@ "aws:cdk:cloudformation:props": { "description": "Allow connections to the database Instance from the Proxy", "fromPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] }, "groupId": { "Fn::GetAtt": [ @@ -862,19 +868,22 @@ ] }, "toPort": { - "Fn::GetAtt": ["dbInstance4076B1EC", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbInstance4076B1EC", + "Endpoint.Port" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Secret": { @@ -905,13 +914,16 @@ "excludeCharacters": "\"@/\\" }, "kmsKeyId": { - "Fn::GetAtt": ["SecretEncryptionKey40C82244", "Arn"] + "Fn::GetAtt": [ + "SecretEncryptionKey40C82244", + "Arn" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Attachment": { @@ -934,20 +946,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -963,7 +975,7 @@ "Ref": "dbInstanceSubnetGroupD062EC9E" }, "engine": "postgres", - "EngineVersion": "16.3", + "engineVersion": "16.3", "masterUsername": { "Fn::Join": [ "", @@ -1000,14 +1012,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "dbProxy": { @@ -1022,8 +1034,8 @@ "id": "ImportIAMRole", "path": "aws-cdk-rds-proxy/dbProxy/IAMRole/ImportIAMRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1047,8 +1059,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultPolicy": { @@ -1095,20 +1107,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxySecurityGroup": { @@ -1135,14 +1147,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1165,7 +1177,10 @@ "engineFamily": "POSTGRESQL", "requireTls": true, "roleArn": { - "Fn::GetAtt": ["dbProxyIAMRole662F3AB8", "Arn"] + "Fn::GetAtt": [ + "dbProxyIAMRole662F3AB8", + "Arn" + ] }, "vpcSecurityGroupIds": [ { @@ -1186,8 +1201,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxyTargetGroup": { @@ -1212,14 +1227,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxyTargetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "dbCluster": { @@ -1248,14 +1263,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "SecurityGroup": { @@ -1282,8 +1297,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "from awscdkrdsproxydbClusterProxyProxySecurityGroupFBC47B09:{IndirectPort}": { @@ -1294,7 +1309,10 @@ "aws:cdk:cloudformation:props": { "description": "Allow connections to the database Cluster from the Proxy", "fromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, "groupId": { "Fn::GetAtt": [ @@ -1310,13 +1328,16 @@ ] }, "toPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "from awscdkrdsproxydbClusterProxy2ProxySecurityGroup5B77853F:{IndirectPort}": { @@ -1327,7 +1348,10 @@ "aws:cdk:cloudformation:props": { "description": "Allow connections to the database Cluster from the Proxy", "fromPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] }, "groupId": { "Fn::GetAtt": [ @@ -1343,27 +1367,30 @@ ] }, "toPort": { - "Fn::GetAtt": ["dbClusterE86E47AE", "Endpoint.Port"] + "Fn::GetAtt": [ + "dbClusterE86E47AE", + "Endpoint.Port" + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup": { "id": "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", "path": "aws-cdk-rds-proxy/dbCluster/AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Secret": { @@ -1396,8 +1423,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Attachment": { @@ -1420,20 +1447,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1485,8 +1512,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBCluster", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Instance1": { @@ -1506,8 +1533,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Instance2": { @@ -1527,8 +1554,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Proxy": { @@ -1543,8 +1570,8 @@ "id": "ImportIAMRole", "path": "aws-cdk-rds-proxy/dbCluster/Proxy/IAMRole/ImportIAMRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1568,8 +1595,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultPolicy": { @@ -1606,20 +1633,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxySecurityGroup": { @@ -1646,14 +1673,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1675,7 +1702,10 @@ "engineFamily": "POSTGRESQL", "requireTls": true, "roleArn": { - "Fn::GetAtt": ["dbClusterProxyIAMRole693E39F5", "Arn"] + "Fn::GetAtt": [ + "dbClusterProxyIAMRole693E39F5", + "Arn" + ] }, "vpcSecurityGroupIds": [ { @@ -1696,8 +1726,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxyTargetGroup": { @@ -1719,14 +1749,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxyTargetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Proxy2": { @@ -1741,8 +1771,8 @@ "id": "ImportIAMRole", "path": "aws-cdk-rds-proxy/dbCluster/Proxy2/IAMRole/ImportIAMRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1766,8 +1796,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "DefaultPolicy": { @@ -1804,20 +1834,20 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxySecurityGroup": { @@ -1844,14 +1874,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "Resource": { @@ -1897,8 +1927,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, "ProxyTargetGroup": { @@ -1920,84 +1950,1069 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.CfnDBProxyTargetGroup", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseProxy", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_rds.DatabaseCluster", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "aws-cdk-rds-proxy/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "aws-cdk-rds-proxy/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "database-proxy-integ-test": { - "id": "database-proxy-integ-test", - "path": "database-proxy-integ-test", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "database-proxy-integ-test/DefaultTest", + "dbClusterWithWriterAndReaders": { + "id": "dbClusterWithWriterAndReaders", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders", "children": { - "Default": { - "id": "Default", - "path": "database-proxy-integ-test/DefaultTest/Default", + "Subnets": { + "id": "Subnets", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Subnets", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Subnets/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Subnets for dbClusterWithWriterAndReaders database", + "subnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, "constructInfo": { "fqn": "constructs.Construct", "version": "10.3.0" } }, - "DeployAssert": { - "id": "DeployAssert", - "path": "database-proxy-integ-test/DefaultTest/DeployAssert", + "SecurityGroup": { + "id": "SecurityGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup", "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "database-proxy-integ-test/DefaultTest/DeployAssert/BootstrapVersion", + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "RDS security group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "database-proxy-integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}": { + "id": "from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxyProxy3ProxySecurityGroup211267B8:{IndirectPort}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Allow connections to the database Cluster from the Proxy", + "fromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "groupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + }, + "toPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}": { + "id": "from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy4ProxySecurityGroup4989CF8F:{IndirectPort}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Allow connections to the database Cluster from the Proxy", + "fromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "groupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + }, + "toPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}": { + "id": "from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/SecurityGroup/from awscdkrdsproxydbClusterWithWriterAndReadersProxy5ProxySecurityGroupF30773AF:{IndirectPort}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "Allow connections to the database Cluster from the Proxy", + "fromPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + }, + "groupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" + ] + }, + "toPort": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReaders6627D259", + "Endpoint.Port" + ] + } + } + }, "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup": { + "id": "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Secret": { + "id": "Secret", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "generateSecretString": { + "passwordLength": 30, + "secretStringTemplate": "{\"username\":\"postgres\"}", + "generateStringKey": "password", + "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Attachment": { + "id": "Attachment", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Attachment", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Secret/Attachment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::SecretTargetAttachment", + "aws:cdk:cloudformation:props": { + "secretId": { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + "targetId": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "targetType": "AWS::RDS::DBCluster" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBCluster", + "aws:cdk:cloudformation:props": { + "copyTagsToSnapshot": true, + "dbClusterParameterGroupName": "default.aurora-postgresql14", + "dbSubnetGroupName": { + "Ref": "dbClusterWithWriterAndReadersSubnetsD9FBAD2A" + }, + "engine": "aurora-postgresql", + "engineVersion": "14.5", + "masterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:username::}}" + ] + ] + }, + "masterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "dbClusterWithWriterAndReadersSecret3ED37A64" + }, + ":SecretString:password::}}" + ] + ] + }, + "port": 5432, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersSecurityGroup1D462CCA", + "GroupId" + ] + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "writer": { + "id": "writer", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/writer", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/writer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "dbClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "dbInstanceClass": "db.t3.medium", + "engine": "aurora-postgresql", + "promotionTier": 0 + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "reader": { + "id": "reader", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/reader", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/reader/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "dbClusterIdentifier": { + "Ref": "dbClusterWithWriterAndReaders6627D259" + }, + "dbInstanceClass": "db.t3.medium", + "engine": "aurora-postgresql", + "promotionTier": 2 + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Proxy4": { + "id": "Proxy4", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4", + "children": { + "IAMRole": { + "id": "IAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole", + "children": { + "ImportIAMRole": { + "id": "ImportIAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/ImportIAMRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/IAMRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "dbClusterWithWriterAndReadersProxy4IAMRoleDefaultPolicy8019C3D4", + "roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxySecurityGroup": { + "id": "ProxySecurityGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxySecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxySecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "SecurityGroup for Database Proxy", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxy", + "aws:cdk:cloudformation:props": { + "auth": [ + { + "authScheme": "SECRETS", + "iamAuth": "DISABLED", + "secretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "dbProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy401E48F9F", + "engineFamily": "POSTGRESQL", + "requireTls": true, + "roleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4IAMRoleA63955A2", + "Arn" + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy4ProxySecurityGroupEDC85546", + "GroupId" + ] + } + ], + "vpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxyTargetGroup": { + "id": "ProxyTargetGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy4/ProxyTargetGroup", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxyTargetGroup", + "aws:cdk:cloudformation:props": { + "connectionPoolConfigurationInfo": {}, + "dbClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "dbProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy4C6584761" + }, + "targetGroupName": "default" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Proxy5": { + "id": "Proxy5", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5", + "children": { + "IAMRole": { + "id": "IAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole", + "children": { + "ImportIAMRole": { + "id": "ImportIAMRole", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/ImportIAMRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/IAMRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "dbClusterWithWriterAndReadersProxy5IAMRoleDefaultPolicy0CD3B628", + "roles": [ + { + "Ref": "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxySecurityGroup": { + "id": "ProxySecurityGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxySecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxySecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "SecurityGroup for Database Proxy", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxy", + "aws:cdk:cloudformation:props": { + "auth": [ + { + "authScheme": "SECRETS", + "iamAuth": "DISABLED", + "secretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "dbProxyName": "awscdkrdsproxydbClusterWithWriterAndReadersProxy5EFD158FA", + "engineFamily": "POSTGRESQL", + "requireTls": true, + "roleArn": { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5IAMRole760AB64E", + "Arn" + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "dbClusterWithWriterAndReadersProxy5ProxySecurityGroupE59314C4", + "GroupId" + ] + } + ], + "vpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxyTargetGroup": { + "id": "ProxyTargetGroup", + "path": "aws-cdk-rds-proxy/dbClusterWithWriterAndReaders/Proxy5/ProxyTargetGroup", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxyTargetGroup", + "aws:cdk:cloudformation:props": { + "connectionPoolConfigurationInfo": {}, + "dbClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "dbProxyName": { + "Ref": "dbClusterWithWriterAndReadersProxy5FA5F5557" + }, + "targetGroupName": "default" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Proxy3": { + "id": "Proxy3", + "path": "aws-cdk-rds-proxy/Proxy3", + "children": { + "IAMRole": { + "id": "IAMRole", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole", + "children": { + "ImportIAMRole": { + "id": "ImportIAMRole", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/ImportIAMRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/IAMRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "Proxy3IAMRoleDefaultPolicyEBD54677", + "roles": [ + { + "Ref": "Proxy3IAMRole26B82D9F" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxySecurityGroup": { + "id": "ProxySecurityGroup", + "path": "aws-cdk-rds-proxy/Proxy3/ProxySecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/ProxySecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "SecurityGroup for Database Proxy", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "vpcA2121C38" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-rds-proxy/Proxy3/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxy", + "aws:cdk:cloudformation:props": { + "auth": [ + { + "authScheme": "SECRETS", + "iamAuth": "DISABLED", + "secretArn": { + "Ref": "dbClusterWithWriterAndReadersSecretAttachment9F7B2148" + } + } + ], + "dbProxyName": "awscdkrdsproxyProxy396989E4B", + "engineFamily": "POSTGRESQL", + "requireTls": true, + "roleArn": { + "Fn::GetAtt": [ + "Proxy3IAMRole26B82D9F", + "Arn" + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "Proxy3ProxySecurityGroupF29F0434", + "GroupId" + ] + } + ], + "vpcSubnetIds": [ + { + "Ref": "vpcPrivateSubnet1Subnet934893E8" + }, + { + "Ref": "vpcPrivateSubnet2Subnet7031C2BA" + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "ProxyTargetGroup": { + "id": "ProxyTargetGroup", + "path": "aws-cdk-rds-proxy/Proxy3/ProxyTargetGroup", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBProxyTargetGroup", + "aws:cdk:cloudformation:props": { + "connectionPoolConfigurationInfo": {}, + "dbClusterIdentifiers": [ + { + "Ref": "dbClusterWithWriterAndReaders6627D259" + } + ], + "dbProxyName": { + "Ref": "Proxy39463A146" + }, + "targetGroupName": "default" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-rds-proxy/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-rds-proxy/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "database-proxy-integ-test": { + "id": "database-proxy-integ-test", + "path": "database-proxy-integ-test", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "database-proxy-integ-test/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "database-proxy-integ-test/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "database-proxy-integ-test/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "database-proxy-integ-test/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "database-proxy-integ-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" } } }, @@ -2022,8 +3037,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.3.0" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts index 53c0f38ed3d04..dfda38ebde6ed 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts @@ -52,6 +52,30 @@ cluster.addProxy('Proxy2', { vpc, }); +// With `writer` and `readers` properties instead of the legacy `instanceProps` +const clusterWithWriterAndReaders = new rds.DatabaseCluster(stack, 'dbClusterWithWriterAndReaders', { + engine: rds.DatabaseClusterEngine.auroraPostgres({ + version: rds.AuroraPostgresEngineVersion.VER_14_5, + }), + vpc, + writer: rds.ClusterInstance.provisioned('writer'), + readers: [rds.ClusterInstance.provisioned('reader')], +}); + +new rds.DatabaseProxy(stack, 'Proxy3', { + proxyTarget: rds.ProxyTarget.fromCluster(clusterWithWriterAndReaders), + secrets: [clusterWithWriterAndReaders.secret!], + vpc, +}); +clusterWithWriterAndReaders.addProxy('Proxy4', { + secrets: [clusterWithWriterAndReaders.secret!], + vpc, +}); +clusterWithWriterAndReaders.addProxy('Proxy5', { + secrets: [clusterWithWriterAndReaders.secret!], + vpc, +}); + new integ.IntegTest(app, 'database-proxy-integ-test', { testCases: [stack], diffAssets: true, diff --git a/packages/aws-cdk-lib/aws-rds/lib/proxy.ts b/packages/aws-cdk-lib/aws-rds/lib/proxy.ts index cf076a9668802..6c8ffe2fb1695 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/proxy.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/proxy.ts @@ -533,9 +533,17 @@ export class DatabaseProxy extends DatabaseProxyBase // To avoid this, use `CfnResource.addDependency` to add dependencies on `DatabaseCluster` and `DBInstance`. bindResult.dbClusters?.forEach((cluster) => { cluster.node.children.forEach((child) => { + // Legacy case using the `instanceProps` property of `DatabaseCluster`. if (child instanceof CfnDBInstance) { proxyTargetGroup.addDependency(child); } + // The case of `AuroraClusterInstance` constructs passed via the `writer` and `readers` properties of `DatabaseCluster`. + // We can't use the `AuroraClusterInstance` class to check the type with `instanceof` because the class is not exported. + // The `defaultChild` that the construct has should be a `CfnDBInstance`, so check it. + const resource = child.node.defaultChild; + if (resource instanceof CfnDBInstance) { + proxyTargetGroup.addDependency(resource); + } }); const clusterResource = cluster.node.defaultChild as cdk.CfnResource; if (clusterResource && cdk.CfnResource.isCfnResource(clusterResource)) { diff --git a/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts b/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts index 7c1d76a68a416..b8c31cdcb4595 100644 --- a/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts @@ -558,6 +558,86 @@ describe('proxy', () => { }); }); + test('DBProxyTargetGroup should have dependency on the proxy targets when using cluster with writer and readers properties', () => { + // GIVEN + const cluster = new rds.DatabaseCluster(stack, 'cluster', { + engine: rds.DatabaseClusterEngine.AURORA, + vpc, + writer: rds.ClusterInstance.provisioned('writer'), + readers: [rds.ClusterInstance.provisioned('reader')], + }); + + //WHEN + new rds.DatabaseProxy(stack, 'proxy', { + proxyTarget: rds.ProxyTarget.fromCluster(cluster), + secrets: [cluster.secret!], + vpc, + }); + + // THEN + Template.fromStack(stack).hasResource('AWS::RDS::DBProxyTargetGroup', { + Properties: { + DBProxyName: { + Ref: 'proxy3A1DA9C7', + }, + TargetGroupName: 'default', + }, + DependsOn: [ + 'clusterreaderE226030A', + 'cluster611F8AFF', + 'clusterwriter3FDF01F3', + ], + }); + }); + + test('Correct dependencies are created when multiple DatabaseProxy are created with addProxy for cluster with writer and readers properties', () => { + // GIVEN + const cluster = new rds.DatabaseCluster(stack, 'cluster', { + engine: rds.DatabaseClusterEngine.AURORA, + vpc, + writer: rds.ClusterInstance.provisioned('writer'), + readers: [rds.ClusterInstance.provisioned('reader')], + }); + + //WHEN + cluster.addProxy('Proxy', { + vpc, + secrets: [cluster.secret!], + }); + cluster.addProxy('Proxy2', { + vpc, + secrets: [cluster.secret!], + }); + + // THEN + Template.fromStack(stack).hasResource('AWS::RDS::DBProxyTargetGroup', { + Properties: { + DBProxyName: { + Ref: 'clusterProxy22303E35D', + }, + TargetGroupName: 'default', + }, + DependsOn: [ + 'clusterreaderE226030A', + 'cluster611F8AFF', + 'clusterwriter3FDF01F3', + ], + }); + Template.fromStack(stack).hasResource('AWS::RDS::DBProxyTargetGroup', { + Properties: { + DBProxyName: { + Ref: 'clusterProxyC4BEF551', + }, + TargetGroupName: 'default', + }, + DependsOn: [ + 'clusterreaderE226030A', + 'cluster611F8AFF', + 'clusterwriter3FDF01F3', + ], + }); + }); + describe('clientPasswordAuthType', () => { test('create a DB proxy with specified client password authentication type', () => { // GIVEN