From 8c0d28759388ce403eaeacbb415c33c81c409eea Mon Sep 17 00:00:00 2001 From: Luca Pizzini Date: Fri, 25 Aug 2023 10:38:13 +0200 Subject: [PATCH 1/7] feat(rds): support certificate autority --- ...efaultTestDeployAssert948327B8.assets.json | 19 + ...aultTestDeployAssert948327B8.template.json | 36 + ...eg-rds-instance-ca-certificate.assets.json | 19 + ...-rds-instance-ca-certificate.template.json | 508 ++++++++++ .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 261 +++++ .../tree.json | 897 ++++++++++++++++++ .../test/integ.instance-ca-certificate.ts | 25 + packages/aws-cdk-lib/aws-rds/README.md | 13 + packages/aws-cdk-lib/aws-rds/lib/cluster.ts | 2 +- packages/aws-cdk-lib/aws-rds/lib/instance.ts | 40 + .../aws-cdk-lib/aws-rds/test/instance.test.ts | 13 + 13 files changed, 1845 insertions(+), 1 deletion(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/InstanceCACertificateTestDefaultTestDeployAssert948327B8.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/InstanceCACertificateTestDefaultTestDeployAssert948327B8.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/cdk-integ-rds-instance-ca-certificate.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/cdk-integ-rds-instance-ca-certificate.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/InstanceCACertificateTestDefaultTestDeployAssert948327B8.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/InstanceCACertificateTestDefaultTestDeployAssert948327B8.assets.json new file mode 100644 index 0000000000000..78e89af85ff2f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/InstanceCACertificateTestDefaultTestDeployAssert948327B8.assets.json @@ -0,0 +1,19 @@ +{ + "version": "33.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "InstanceCACertificateTestDefaultTestDeployAssert948327B8.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/InstanceCACertificateTestDefaultTestDeployAssert948327B8.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/InstanceCACertificateTestDefaultTestDeployAssert948327B8.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/InstanceCACertificateTestDefaultTestDeployAssert948327B8.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/cdk-integ-rds-instance-ca-certificate.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/cdk-integ-rds-instance-ca-certificate.assets.json new file mode 100644 index 0000000000000..0954d6a14c825 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/cdk-integ-rds-instance-ca-certificate.assets.json @@ -0,0 +1,19 @@ +{ + "version": "33.0.0", + "files": { + "61808ca58c026d9643317e877071de364c62e20ab5d23ff2e501b45706986ca3": { + "source": { + "path": "cdk-integ-rds-instance-ca-certificate.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "61808ca58c026d9643317e877071de364c62e20ab5d23ff2e501b45706986ca3.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/cdk-integ-rds-instance-ca-certificate.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/cdk-integ-rds-instance-ca-certificate.template.json new file mode 100644 index 0000000000000..d080458d73481 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/cdk-integ-rds-instance-ca-certificate.template.json @@ -0,0 +1,508 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "cdk-integ-rds-instance-ca-certificate/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet1EIPD7E02669": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1NATGateway4D7517AA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1RouteTableAssociation97140677" + ] + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPrivateSubnet1Subnet536B997A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableB2C5B500": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "VpcPrivateSubnet1DefaultRouteBE02A9ED": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "VpcPrivateSubnet2Subnet3788AAA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableA678073B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "VpcPrivateSubnet2DefaultRoute060D2087": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "cdk-integ-rds-instance-ca-certificate/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "InstanceSubnetGroupF2CBA54F": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnet group for Instance database", + "SubnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ] + } + }, + "InstanceSecurityGroupB4E5FA83": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Security group for Instance database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "InstanceSecret478E0A47": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"postgres\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "InstanceSecretAttachment83BEE581": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "InstanceSecret478E0A47" + }, + "TargetId": { + "Ref": "InstanceC1063A87" + }, + "TargetType": "AWS::RDS::DBInstance" + } + }, + "InstanceC1063A87": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "AllocatedStorage": "100", + "CACertificateIdentifier": "rds-ca-rsa2048-g1", + "CopyTagsToSnapshot": true, + "DBInstanceClass": "db.t3.micro", + "DBSubnetGroupName": { + "Ref": "InstanceSubnetGroupF2CBA54F" + }, + "Engine": "postgres", + "EngineVersion": "14", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "InstanceSecret478E0A47" + }, + ":SecretString:password::}}" + ] + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "InstanceSecret478E0A47" + }, + ":SecretString:username::}}" + ] + ] + }, + "StorageType": "gp2", + "VPCSecurityGroups": [ + { + "Fn::GetAtt": [ + "InstanceSecurityGroupB4E5FA83", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Snapshot", + "DeletionPolicy": "Snapshot" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/cdk.out new file mode 100644 index 0000000000000..560dae10d018f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"33.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/integ.json new file mode 100644 index 0000000000000..ef317ed514f91 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "33.0.0", + "testCases": { + "InstanceCACertificateTest/DefaultTest": { + "stacks": [ + "cdk-integ-rds-instance-ca-certificate" + ], + "assertionStack": "InstanceCACertificateTest/DefaultTest/DeployAssert", + "assertionStackName": "InstanceCACertificateTestDefaultTestDeployAssert948327B8" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/manifest.json new file mode 100644 index 0000000000000..96b1d085b4450 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/manifest.json @@ -0,0 +1,261 @@ +{ + "version": "33.0.0", + "artifacts": { + "cdk-integ-rds-instance-ca-certificate.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "cdk-integ-rds-instance-ca-certificate.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "cdk-integ-rds-instance-ca-certificate": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "cdk-integ-rds-instance-ca-certificate.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/61808ca58c026d9643317e877071de364c62e20ab5d23ff2e501b45706986ca3.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "cdk-integ-rds-instance-ca-certificate.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "cdk-integ-rds-instance-ca-certificate.assets" + ], + "metadata": { + "/cdk-integ-rds-instance-ca-certificate/Vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpc8378EB38" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1Subnet5C2D37C4" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTable6C95E38E" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTableAssociation97140677" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1EIPD7E02669" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1NATGateway4D7517AA" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2Subnet691E08A3" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTable94F7E489" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2DefaultRoute97F91067" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1Subnet536B997A" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableB2C5B500" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableAssociation70C59FA6" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1DefaultRouteBE02A9ED" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableA678073B" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2DefaultRoute060D2087" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIGWD7BA715C" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcVPCGWBF912B6E" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Instance/SubnetGroup/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceSubnetGroupF2CBA54F" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Instance/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceSecurityGroupB4E5FA83" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Instance/Secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceSecret478E0A47" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Instance/Secret/Attachment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceSecretAttachment83BEE581" + } + ], + "/cdk-integ-rds-instance-ca-certificate/Instance/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "InstanceC1063A87" + } + ], + "/cdk-integ-rds-instance-ca-certificate/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/cdk-integ-rds-instance-ca-certificate/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "cdk-integ-rds-instance-ca-certificate" + }, + "InstanceCACertificateTestDefaultTestDeployAssert948327B8.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "InstanceCACertificateTestDefaultTestDeployAssert948327B8.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "InstanceCACertificateTestDefaultTestDeployAssert948327B8": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "InstanceCACertificateTestDefaultTestDeployAssert948327B8.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "InstanceCACertificateTestDefaultTestDeployAssert948327B8.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "InstanceCACertificateTestDefaultTestDeployAssert948327B8.assets" + ], + "metadata": { + "/InstanceCACertificateTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/InstanceCACertificateTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "InstanceCACertificateTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/tree.json new file mode 100644 index 0000000000000..a44ed4a7fb99d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.js.snapshot/tree.json @@ -0,0 +1,897 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "cdk-integ-rds-instance-ca-certificate": { + "id": "cdk-integ-rds-instance-ca-certificate", + "path": "cdk-integ-rds-instance-ca-certificate", + "children": { + "Vpc": { + "id": "Vpc", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "cdk-integ-rds-instance-ca-certificate/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "tags": [ + { + "key": "Name", + "value": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "cdk-integ-rds-instance-ca-certificate/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "cdk-integ-rds-instance-ca-certificate/Vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0" + } + }, + "Instance": { + "id": "Instance", + "path": "cdk-integ-rds-instance-ca-certificate/Instance", + "children": { + "SubnetGroup": { + "id": "SubnetGroup", + "path": "cdk-integ-rds-instance-ca-certificate/Instance/SubnetGroup", + "children": { + "Default": { + "id": "Default", + "path": "cdk-integ-rds-instance-ca-certificate/Instance/SubnetGroup/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Subnet group for Instance database", + "subnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", + "version": "0.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "cdk-integ-rds-instance-ca-certificate/Instance/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-integ-rds-instance-ca-certificate/Instance/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Security group for Instance database", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Secret": { + "id": "Secret", + "path": "cdk-integ-rds-instance-ca-certificate/Instance/Secret", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-integ-rds-instance-ca-certificate/Instance/Secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "generateSecretString": { + "passwordLength": 30, + "secretStringTemplate": "{\"username\":\"postgres\"}", + "generateStringKey": "password", + "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", + "version": "0.0.0" + } + }, + "Attachment": { + "id": "Attachment", + "path": "cdk-integ-rds-instance-ca-certificate/Instance/Secret/Attachment", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-integ-rds-instance-ca-certificate/Instance/Secret/Attachment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::SecretTargetAttachment", + "aws:cdk:cloudformation:props": { + "secretId": { + "Ref": "InstanceSecret478E0A47" + }, + "targetId": { + "Ref": "InstanceC1063A87" + }, + "targetType": "AWS::RDS::DBInstance" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "cdk-integ-rds-instance-ca-certificate/Instance/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "allocatedStorage": "100", + "caCertificateIdentifier": "rds-ca-rsa2048-g1", + "copyTagsToSnapshot": true, + "dbInstanceClass": "db.t3.micro", + "dbSubnetGroupName": { + "Ref": "InstanceSubnetGroupF2CBA54F" + }, + "engine": "postgres", + "engineVersion": "14", + "masterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "InstanceSecret478E0A47" + }, + ":SecretString:username::}}" + ] + ] + }, + "masterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "InstanceSecret478E0A47" + }, + ":SecretString:password::}}" + ] + ] + }, + "storageType": "gp2", + "vpcSecurityGroups": [ + { + "Fn::GetAtt": [ + "InstanceSecurityGroupB4E5FA83", + "GroupId" + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.DatabaseInstance", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cdk-integ-rds-instance-ca-certificate/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cdk-integ-rds-instance-ca-certificate/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "InstanceCACertificateTest": { + "id": "InstanceCACertificateTest", + "path": "InstanceCACertificateTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "InstanceCACertificateTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "InstanceCACertificateTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.69" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "InstanceCACertificateTest/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "InstanceCACertificateTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "InstanceCACertificateTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.69" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.ts new file mode 100644 index 0000000000000..ec8e5bfe5d0f5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.ts @@ -0,0 +1,25 @@ +import { InstanceClass, InstanceSize, InstanceType, Vpc } from 'aws-cdk-lib/aws-ec2'; +import { App, Stack } from 'aws-cdk-lib'; +import * as integ from '@aws-cdk/integ-tests-alpha'; +import { CertificateIdentifier, DatabaseInstance, DatabaseInstanceEngine, PostgresEngineVersion } from 'aws-cdk-lib/aws-rds'; + +const app = new App(); + +const stack = new Stack(app, 'cdk-integ-rds-instance-ca-certificate'); + +const vpc = new Vpc(stack, 'Vpc', { maxAzs: 2, natGateways: 1, restrictDefaultSecurityGroup: false }); + +new DatabaseInstance(stack, 'Instance', { + engine: DatabaseInstanceEngine.postgres({ + version: PostgresEngineVersion.VER_14, + }), + instanceType: InstanceType.of(InstanceClass.T3, InstanceSize.MICRO), + vpc, + caCertificateIdentifier: CertificateIdentifier.RDS_CA_RSA2048_G1, +}); + +new integ.IntegTest(app, 'InstanceCACertificateTest', { + testCases: [stack], +}); + +app.synth(); diff --git a/packages/aws-cdk-lib/aws-rds/README.md b/packages/aws-cdk-lib/aws-rds/README.md index 9b38c6f29187a..34852409e84e1 100644 --- a/packages/aws-cdk-lib/aws-rds/README.md +++ b/packages/aws-cdk-lib/aws-rds/README.md @@ -465,6 +465,19 @@ const gp3Instance = new rds.DatabaseInstance(this, 'Gp3Instance', { }); ``` +Use the `caCertificateIdentifier` property to specify the [CA certificates](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) +to use for the instance: + +```ts +declare const vpc: ec2.Vpc; + +new rds.DatabaseInstance(this, 'Instance', { + engine: rds.DatabaseInstanceEngine.mysql({ version: rds.MysqlEngineVersion.VER_8_0_30 }), + vpc, + caCertificateIdentifier: rds.CertificateIdentifier.RDS_CA_RSA2048_G1, +}); +``` + ## Setting Public Accessibility You can set public accessibility for the database instance or cluster using the `publiclyAccessible` property. diff --git a/packages/aws-cdk-lib/aws-rds/lib/cluster.ts b/packages/aws-cdk-lib/aws-rds/lib/cluster.ts index fe87818884720..e6575d8a0a345 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/cluster.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/cluster.ts @@ -1122,7 +1122,7 @@ export interface DatabaseClusterFromSnapshotProps extends DatabaseClusterBasePro /** * A database cluster restored from a snapshot. * - * @resource AWS::RDS::DBInstance + * @resource AWS::RDS::DBCluster */ export class DatabaseClusterFromSnapshot extends DatabaseClusterNew { public readonly clusterIdentifier: string; diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance.ts b/packages/aws-cdk-lib/aws-rds/lib/instance.ts index 0df3c5d262595..b59aed6fa27d7 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/instance.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/instance.ts @@ -347,6 +347,31 @@ export enum NetworkType { DUAL = 'DUAL' } +/** + * The CA identifier of the DB instance + */ +export enum CertificateIdentifier { + /** + * rds-ca-2019 certificate authority + */ + RDS_CA_2019 = 'rds-ca-2019', + + /** + * rds-ca-ecc384-g1 certificate authority + */ + RDS_CA_ECC384_G1 = 'rds-ca-ecc384-g1', + + /** + * rds-ca-rsa4096-g1 certificate authority + */ + RDS_CA_RSA4096_G1 = 'rds-ca-rsa4096-g1', + + /** + * rds-ca-rsa2048-g1 certificate authority + */ + RDS_CA_RSA2048_G1 = 'rds-ca-rsa2048-g1', +} + /** * Construction properties for a DatabaseInstanceNew */ @@ -713,6 +738,20 @@ export interface DatabaseInstanceNewProps { * @default - IPV4 */ readonly networkType?: NetworkType; + + /** + * The identifier of the CA certificate for this DB instance. + * + * Specifying or updating this property triggers a reboot. + * + * For RDS DB engines: + * @see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html + * For Aurora DB engines: + * @see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html + * + * @default - rds-ca-2019 + */ + readonly caCertificateIdentifier?: CertificateIdentifier; } /** @@ -865,6 +904,7 @@ abstract class DatabaseInstanceNew extends DatabaseInstanceBase implements IData domain: this.domainId, domainIamRoleName: this.domainRole?.roleName, networkType: props.networkType, + caCertificateIdentifier: props.caCertificateIdentifier, }; } diff --git a/packages/aws-cdk-lib/aws-rds/test/instance.test.ts b/packages/aws-cdk-lib/aws-rds/test/instance.test.ts index fb89ad552dc7c..4a901ed240bc3 100644 --- a/packages/aws-cdk-lib/aws-rds/test/instance.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/instance.test.ts @@ -1917,6 +1917,19 @@ describe('instance', () => { }); }); + test('with CA certificate identifier', () => { + new rds.DatabaseInstance(stack, 'Instance', { + engine: rds.DatabaseInstanceEngine.mysql({ version: rds.MysqlEngineVersion.VER_8_0_30 }), + instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.SMALL), + vpc, + caCertificateIdentifier: rds.CertificateIdentifier.RDS_CA_RSA2048_G1, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::RDS::DBInstance', { + CACertificateIdentifier: 'rds-ca-rsa2048-g1', + }); + }); + test('throws with storage throughput and not GP3', () => { expect(() => new rds.DatabaseInstance(stack, 'Instance', { engine: rds.DatabaseInstanceEngine.mysql({ version: rds.MysqlEngineVersion.VER_8_0_30 }), From e0228568fe06c7f186605a61b63a3e95404df631 Mon Sep 17 00:00:00 2001 From: Luca Pizzini Date: Fri, 25 Aug 2023 16:56:23 +0200 Subject: [PATCH 2/7] changed names and CaCertificate structure --- .../test/integ.instance-ca-certificate.ts | 4 +-- packages/aws-cdk-lib/aws-rds/README.md | 16 ++++++++++-- packages/aws-cdk-lib/aws-rds/lib/instance.ts | 26 ++++++++++++------- .../aws-cdk-lib/aws-rds/test/instance.test.ts | 4 +-- 4 files changed, 34 insertions(+), 16 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.ts index ec8e5bfe5d0f5..d24654792c405 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.ts @@ -1,7 +1,7 @@ import { InstanceClass, InstanceSize, InstanceType, Vpc } from 'aws-cdk-lib/aws-ec2'; import { App, Stack } from 'aws-cdk-lib'; import * as integ from '@aws-cdk/integ-tests-alpha'; -import { CertificateIdentifier, DatabaseInstance, DatabaseInstanceEngine, PostgresEngineVersion } from 'aws-cdk-lib/aws-rds'; +import { CaCertificate, DatabaseInstance, DatabaseInstanceEngine, PostgresEngineVersion } from 'aws-cdk-lib/aws-rds'; const app = new App(); @@ -15,7 +15,7 @@ new DatabaseInstance(stack, 'Instance', { }), instanceType: InstanceType.of(InstanceClass.T3, InstanceSize.MICRO), vpc, - caCertificateIdentifier: CertificateIdentifier.RDS_CA_RSA2048_G1, + caCertificate: CaCertificate.rdsCaRsa2048G1(), }); new integ.IntegTest(app, 'InstanceCACertificateTest', { diff --git a/packages/aws-cdk-lib/aws-rds/README.md b/packages/aws-cdk-lib/aws-rds/README.md index 34852409e84e1..7e585015f773f 100644 --- a/packages/aws-cdk-lib/aws-rds/README.md +++ b/packages/aws-cdk-lib/aws-rds/README.md @@ -465,7 +465,7 @@ const gp3Instance = new rds.DatabaseInstance(this, 'Gp3Instance', { }); ``` -Use the `caCertificateIdentifier` property to specify the [CA certificates](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) +Use the `caCertificate` property to specify the [CA certificates](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) to use for the instance: ```ts @@ -474,7 +474,19 @@ declare const vpc: ec2.Vpc; new rds.DatabaseInstance(this, 'Instance', { engine: rds.DatabaseInstanceEngine.mysql({ version: rds.MysqlEngineVersion.VER_8_0_30 }), vpc, - caCertificateIdentifier: rds.CertificateIdentifier.RDS_CA_RSA2048_G1, + caCertificate: rds.CaCertificate.rdsCaRsa2048G1(), +}); +``` + +You can specify a custom CA certificate with: + +```ts +declare const vpc: ec2.Vpc; + +new rds.DatabaseInstance(this, 'Instance', { + engine: rds.DatabaseInstanceEngine.mysql({ version: rds.MysqlEngineVersion.VER_8_0_30 }), + vpc, + caCertificate: rds.CaCertificate('future-rds-ca'), }); ``` diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance.ts b/packages/aws-cdk-lib/aws-rds/lib/instance.ts index b59aed6fa27d7..b7c40b600a88b 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/instance.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/instance.ts @@ -348,28 +348,34 @@ export enum NetworkType { } /** - * The CA identifier of the DB instance + * The CA certificate used for this DB instance. */ -export enum CertificateIdentifier { +export class CaCertificate { /** * rds-ca-2019 certificate authority */ - RDS_CA_2019 = 'rds-ca-2019', + static rdsCa2019() { return new CaCertificate('rds-ca-2019'); } /** * rds-ca-ecc384-g1 certificate authority */ - RDS_CA_ECC384_G1 = 'rds-ca-ecc384-g1', + static rdsCaEcc384G1() { return new CaCertificate('rds-ca-ecc384-g1'); } /** - * rds-ca-rsa4096-g1 certificate authority + * rds-ca-rsa2048-g1 certificate authority */ - RDS_CA_RSA4096_G1 = 'rds-ca-rsa4096-g1', + static rdsCaRsa2048G1() { return new CaCertificate('rds-ca-rsa2048-g1'); } /** - * rds-ca-rsa2048-g1 certificate authority + * rds-ca-rsa4096-g1 certificate authority */ - RDS_CA_RSA2048_G1 = 'rds-ca-rsa2048-g1', + static rdsCaRsa4096G1() { return new CaCertificate('rds-ca-rsa4096-g1'); } + + public readonly identifier: string; + + public constructor(identifier: string) { + this.identifier = identifier; + } } /** @@ -751,7 +757,7 @@ export interface DatabaseInstanceNewProps { * * @default - rds-ca-2019 */ - readonly caCertificateIdentifier?: CertificateIdentifier; + readonly caCertificate?: CaCertificate; } /** @@ -904,7 +910,7 @@ abstract class DatabaseInstanceNew extends DatabaseInstanceBase implements IData domain: this.domainId, domainIamRoleName: this.domainRole?.roleName, networkType: props.networkType, - caCertificateIdentifier: props.caCertificateIdentifier, + caCertificateIdentifier: props.caCertificate ? props.caCertificate.identifier : CaCertificate.rdsCa2019().identifier, }; } diff --git a/packages/aws-cdk-lib/aws-rds/test/instance.test.ts b/packages/aws-cdk-lib/aws-rds/test/instance.test.ts index 4a901ed240bc3..673dbc4fd6e59 100644 --- a/packages/aws-cdk-lib/aws-rds/test/instance.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/instance.test.ts @@ -1917,12 +1917,12 @@ describe('instance', () => { }); }); - test('with CA certificate identifier', () => { + test('with CA certificate', () => { new rds.DatabaseInstance(stack, 'Instance', { engine: rds.DatabaseInstanceEngine.mysql({ version: rds.MysqlEngineVersion.VER_8_0_30 }), instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.SMALL), vpc, - caCertificateIdentifier: rds.CertificateIdentifier.RDS_CA_RSA2048_G1, + caCertificate: rds.CaCertificate.rdsCaRsa2048G1(), }); Template.fromStack(stack).hasResourceProperties('AWS::RDS::DBInstance', { From 1ac08d28e6b24b7832b3336557700d32ef6e223a Mon Sep 17 00:00:00 2001 From: Luca Pizzini Date: Sat, 26 Aug 2023 15:06:32 +0200 Subject: [PATCH 3/7] fix integration tests --- .../aws-cdk-rds-integ-instance-create-grant.template.json | 1 + .../aws-cdk-rds-instance-dual-integ.template.json | 2 ++ .../aws-cdk-rds-fixed-username.template.json | 1 + .../cdk-integ-rds-instance-gp3.template.json | 1 + .../aws-cdk-rds-instance-s3-postgres-integ.template.json | 1 + .../aws-cdk-rds-instance-s3-integ.template.json | 1 + .../aws-cdk-rds-instance.template.json | 1 + .../aws-cdk-rds-proxy-sql-server.template.json | 1 + .../integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json | 1 + .../cdk-rds-read-replica.template.json | 4 ++++ 10 files changed, 14 insertions(+) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-create-grant.js.snapshot/aws-cdk-rds-integ-instance-create-grant.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-create-grant.js.snapshot/aws-cdk-rds-integ-instance-create-grant.template.json index dea087d59cb1b..5611f08535389 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-create-grant.js.snapshot/aws-cdk-rds-integ-instance-create-grant.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-create-grant.js.snapshot/aws-cdk-rds-integ-instance-create-grant.template.json @@ -578,6 +578,7 @@ "Properties": { "AllocatedStorage": "100", "BackupRetentionPeriod": 0, + "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.micro", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-dual.js.snapshot/aws-cdk-rds-instance-dual-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-dual.js.snapshot/aws-cdk-rds-instance-dual-integ.template.json index ebe52d21ae117..b6c5392756fb0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-dual.js.snapshot/aws-cdk-rds-instance-dual-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-dual.js.snapshot/aws-cdk-rds-instance-dual-integ.template.json @@ -388,6 +388,7 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "AllocatedStorage": "100", + "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.micro", "DBSubnetGroupName": { @@ -447,6 +448,7 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "AllocatedStorage": "100", + "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.micro", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-from-generated-password.js.snapshot/aws-cdk-rds-fixed-username.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-from-generated-password.js.snapshot/aws-cdk-rds-fixed-username.template.json index 5e73414b95fbe..e031c25cd1a4e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-from-generated-password.js.snapshot/aws-cdk-rds-fixed-username.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-from-generated-password.js.snapshot/aws-cdk-rds-fixed-username.template.json @@ -462,6 +462,7 @@ "Properties": { "AllocatedStorage": "100", "BackupRetentionPeriod": 0, + "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.small", "DBName": "CDKDB", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-gp3.js.snapshot/cdk-integ-rds-instance-gp3.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-gp3.js.snapshot/cdk-integ-rds-instance-gp3.template.json index 82e98dff43850..20ba12563da0b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-gp3.js.snapshot/cdk-integ-rds-instance-gp3.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-gp3.js.snapshot/cdk-integ-rds-instance-gp3.template.json @@ -425,6 +425,7 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "AllocatedStorage": "1000", + "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.small", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json index 0062655ad554e..86632e11f14fd 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json @@ -588,6 +588,7 @@ } } ], + "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.m5.large", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json index 044db26f317fb..d6e3bca521d79 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json @@ -606,6 +606,7 @@ } } ], + "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.m5.large", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json index 9d9a0d63f33b6..d50336f467ad4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json @@ -665,6 +665,7 @@ "AllocatedStorage": "100", "AutoMinorVersionUpgrade": true, "BackupRetentionPeriod": 7, + "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.medium", "DBName": "ORCL", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy-sql-server.js.snapshot/aws-cdk-rds-proxy-sql-server.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy-sql-server.js.snapshot/aws-cdk-rds-proxy-sql-server.template.json index fadcbd5802572..a42e920e84502 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy-sql-server.js.snapshot/aws-cdk-rds-proxy-sql-server.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy-sql-server.js.snapshot/aws-cdk-rds-proxy-sql-server.template.json @@ -492,6 +492,7 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "AllocatedStorage": "100", + "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.small", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json index cb67056386bd0..13bcd0c6aa60d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json @@ -492,6 +492,7 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "AllocatedStorage": "100", + "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.medium", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.read-replica.js.snapshot/cdk-rds-read-replica.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.read-replica.js.snapshot/cdk-rds-read-replica.template.json index dae065767e550..e6a6cb819ea3a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.read-replica.js.snapshot/cdk-rds-read-replica.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.read-replica.js.snapshot/cdk-rds-read-replica.template.json @@ -200,6 +200,7 @@ "Properties": { "AllocatedStorage": "100", "BackupRetentionPeriod": 5, + "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.small", "DBSubnetGroupName": { @@ -279,6 +280,7 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "CopyTagsToSnapshot": true, + "CACertificateIdentifier": "rds-ca-2019", "DBInstanceClass": "db.t3.small", "DBSubnetGroupName": { "Ref": "PostgresReplicaSubnetGroup301B59DA" @@ -391,6 +393,7 @@ "Properties": { "AllocatedStorage": "100", "BackupRetentionPeriod": 5, + "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.small", "DBSubnetGroupName": { @@ -480,6 +483,7 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "BackupRetentionPeriod": 3, + "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.small", "DBParameterGroupName": { From 2e6328eca24a1665b369dab9fe81b0a0a31d0efe Mon Sep 17 00:00:00 2001 From: Luca Pizzini Date: Sat, 26 Aug 2023 16:55:34 +0200 Subject: [PATCH 4/7] fixed README --- packages/aws-cdk-lib/aws-rds/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-rds/README.md b/packages/aws-cdk-lib/aws-rds/README.md index 7e585015f773f..ff608f265c6b3 100644 --- a/packages/aws-cdk-lib/aws-rds/README.md +++ b/packages/aws-cdk-lib/aws-rds/README.md @@ -486,7 +486,7 @@ declare const vpc: ec2.Vpc; new rds.DatabaseInstance(this, 'Instance', { engine: rds.DatabaseInstanceEngine.mysql({ version: rds.MysqlEngineVersion.VER_8_0_30 }), vpc, - caCertificate: rds.CaCertificate('future-rds-ca'), + caCertificate: new rds.CaCertificate('future-rds-ca'), }); ``` From 7002d6bd42e61058095fda9646b4afc948bd778b Mon Sep 17 00:00:00 2001 From: Luca Pizzini Date: Sun, 27 Aug 2023 10:55:25 +0200 Subject: [PATCH 5/7] updated CaCertificate implementation --- .../test/integ.instance-ca-certificate.ts | 2 +- packages/aws-cdk-lib/aws-rds/README.md | 4 +-- packages/aws-cdk-lib/aws-rds/lib/instance.ts | 28 ++++++++++++------- .../aws-cdk-lib/aws-rds/test/instance.test.ts | 2 +- 4 files changed, 22 insertions(+), 14 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.ts index d24654792c405..1dfdc825d6813 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-ca-certificate.ts @@ -15,7 +15,7 @@ new DatabaseInstance(stack, 'Instance', { }), instanceType: InstanceType.of(InstanceClass.T3, InstanceSize.MICRO), vpc, - caCertificate: CaCertificate.rdsCaRsa2048G1(), + caCertificate: CaCertificate.RDS_CA_RDS2048_G1, }); new integ.IntegTest(app, 'InstanceCACertificateTest', { diff --git a/packages/aws-cdk-lib/aws-rds/README.md b/packages/aws-cdk-lib/aws-rds/README.md index ff608f265c6b3..abc474a189999 100644 --- a/packages/aws-cdk-lib/aws-rds/README.md +++ b/packages/aws-cdk-lib/aws-rds/README.md @@ -474,7 +474,7 @@ declare const vpc: ec2.Vpc; new rds.DatabaseInstance(this, 'Instance', { engine: rds.DatabaseInstanceEngine.mysql({ version: rds.MysqlEngineVersion.VER_8_0_30 }), vpc, - caCertificate: rds.CaCertificate.rdsCaRsa2048G1(), + caCertificate: rds.CaCertificate.RDS_CA_RDS2048_G1, }); ``` @@ -486,7 +486,7 @@ declare const vpc: ec2.Vpc; new rds.DatabaseInstance(this, 'Instance', { engine: rds.DatabaseInstanceEngine.mysql({ version: rds.MysqlEngineVersion.VER_8_0_30 }), vpc, - caCertificate: new rds.CaCertificate('future-rds-ca'), + caCertificate: rds.CaCertificate.of('future-rds-ca'), }); ``` diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance.ts b/packages/aws-cdk-lib/aws-rds/lib/instance.ts index b7c40b600a88b..e8f2d52d7e3a0 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/instance.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/instance.ts @@ -354,28 +354,36 @@ export class CaCertificate { /** * rds-ca-2019 certificate authority */ - static rdsCa2019() { return new CaCertificate('rds-ca-2019'); } + public static readonly RDS_CA_2019 = CaCertificate.of('rds-ca-2019'); /** * rds-ca-ecc384-g1 certificate authority */ - static rdsCaEcc384G1() { return new CaCertificate('rds-ca-ecc384-g1'); } + public static readonly RDS_CA_ECC384_G1 = CaCertificate.of('rds-ca-ecc384-g1'); /** * rds-ca-rsa2048-g1 certificate authority */ - static rdsCaRsa2048G1() { return new CaCertificate('rds-ca-rsa2048-g1'); } + public static readonly RDS_CA_RDS2048_G1 = CaCertificate.of('rds-ca-rsa2048-g1'); /** * rds-ca-rsa4096-g1 certificate authority */ - static rdsCaRsa4096G1() { return new CaCertificate('rds-ca-rsa4096-g1'); } + public static readonly RDS_CA_RDS4096_G1 = CaCertificate.of('rds-ca-rsa4096-g1'); - public readonly identifier: string; - - public constructor(identifier: string) { - this.identifier = identifier; + /** + * Custom CA certificate + * + * @param identifier - CA certificate identifier + */ + public static of(identifier: string) { + return new CaCertificate(identifier); } + + /** + * @param identifier - CA certificate identifier + */ + private constructor(public readonly identifier: string) { } } /** @@ -755,7 +763,7 @@ export interface DatabaseInstanceNewProps { * For Aurora DB engines: * @see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html * - * @default - rds-ca-2019 + * @default - CaCertificate.RDS_CA_2019 */ readonly caCertificate?: CaCertificate; } @@ -910,7 +918,7 @@ abstract class DatabaseInstanceNew extends DatabaseInstanceBase implements IData domain: this.domainId, domainIamRoleName: this.domainRole?.roleName, networkType: props.networkType, - caCertificateIdentifier: props.caCertificate ? props.caCertificate.identifier : CaCertificate.rdsCa2019().identifier, + caCertificateIdentifier: props.caCertificate ? props.caCertificate.identifier : CaCertificate.RDS_CA_2019.identifier, }; } diff --git a/packages/aws-cdk-lib/aws-rds/test/instance.test.ts b/packages/aws-cdk-lib/aws-rds/test/instance.test.ts index 673dbc4fd6e59..8939490bd09c9 100644 --- a/packages/aws-cdk-lib/aws-rds/test/instance.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/instance.test.ts @@ -1922,7 +1922,7 @@ describe('instance', () => { engine: rds.DatabaseInstanceEngine.mysql({ version: rds.MysqlEngineVersion.VER_8_0_30 }), instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.SMALL), vpc, - caCertificate: rds.CaCertificate.rdsCaRsa2048G1(), + caCertificate: rds.CaCertificate.RDS_CA_RDS2048_G1, }); Template.fromStack(stack).hasResourceProperties('AWS::RDS::DBInstance', { From 45a169eb775b3e78e36279f2cad3bdb4947e52b6 Mon Sep 17 00:00:00 2001 From: Luca Pizzini Date: Mon, 28 Aug 2023 08:26:54 +0200 Subject: [PATCH 6/7] updated jsdoc reference --- packages/aws-cdk-lib/aws-rds/lib/instance.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance.ts b/packages/aws-cdk-lib/aws-rds/lib/instance.ts index e8f2d52d7e3a0..4f5bf9b66e4cb 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/instance.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/instance.ts @@ -349,6 +349,8 @@ export enum NetworkType { /** * The CA certificate used for this DB instance. + * + * @see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html */ export class CaCertificate { /** From 290d36e45a8c67188599dab4650088e593a4ecb7 Mon Sep 17 00:00:00 2001 From: Luca Pizzini Date: Mon, 28 Aug 2023 16:11:31 +0200 Subject: [PATCH 7/7] fixed caCertificate default and added toString class method --- ...dk-rds-integ-instance-create-grant.template.json | 1 - .../aws-cdk-rds-instance-dual-integ.template.json | 2 -- .../aws-cdk-rds-fixed-username.template.json | 1 - .../cdk-integ-rds-instance-gp3.template.json | 1 - ...cdk-rds-instance-s3-postgres-integ.template.json | 1 - .../aws-cdk-rds-instance-s3-integ.template.json | 1 - .../aws-cdk-rds-instance.template.json | 1 - .../aws-cdk-rds-proxy-sql-server.template.json | 1 - .../aws-cdk-rds-proxy.template.json | 1 - .../cdk-rds-read-replica.template.json | 4 ---- packages/aws-cdk-lib/aws-rds/lib/instance.ts | 13 ++++++++++--- 11 files changed, 10 insertions(+), 17 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-create-grant.js.snapshot/aws-cdk-rds-integ-instance-create-grant.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-create-grant.js.snapshot/aws-cdk-rds-integ-instance-create-grant.template.json index 5611f08535389..dea087d59cb1b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-create-grant.js.snapshot/aws-cdk-rds-integ-instance-create-grant.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-create-grant.js.snapshot/aws-cdk-rds-integ-instance-create-grant.template.json @@ -578,7 +578,6 @@ "Properties": { "AllocatedStorage": "100", "BackupRetentionPeriod": 0, - "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.micro", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-dual.js.snapshot/aws-cdk-rds-instance-dual-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-dual.js.snapshot/aws-cdk-rds-instance-dual-integ.template.json index b6c5392756fb0..ebe52d21ae117 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-dual.js.snapshot/aws-cdk-rds-instance-dual-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-dual.js.snapshot/aws-cdk-rds-instance-dual-integ.template.json @@ -388,7 +388,6 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "AllocatedStorage": "100", - "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.micro", "DBSubnetGroupName": { @@ -448,7 +447,6 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "AllocatedStorage": "100", - "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.micro", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-from-generated-password.js.snapshot/aws-cdk-rds-fixed-username.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-from-generated-password.js.snapshot/aws-cdk-rds-fixed-username.template.json index e031c25cd1a4e..5e73414b95fbe 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-from-generated-password.js.snapshot/aws-cdk-rds-fixed-username.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-from-generated-password.js.snapshot/aws-cdk-rds-fixed-username.template.json @@ -462,7 +462,6 @@ "Properties": { "AllocatedStorage": "100", "BackupRetentionPeriod": 0, - "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.small", "DBName": "CDKDB", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-gp3.js.snapshot/cdk-integ-rds-instance-gp3.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-gp3.js.snapshot/cdk-integ-rds-instance-gp3.template.json index 20ba12563da0b..82e98dff43850 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-gp3.js.snapshot/cdk-integ-rds-instance-gp3.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-gp3.js.snapshot/cdk-integ-rds-instance-gp3.template.json @@ -425,7 +425,6 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "AllocatedStorage": "1000", - "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.small", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json index 86632e11f14fd..0062655ad554e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json @@ -588,7 +588,6 @@ } } ], - "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.m5.large", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json index d6e3bca521d79..044db26f317fb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json @@ -606,7 +606,6 @@ } } ], - "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.m5.large", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json index 3607b92635ca1..b98255c467410 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance.lit.js.snapshot/aws-cdk-rds-instance.template.json @@ -665,7 +665,6 @@ "AllocatedStorage": "100", "AutoMinorVersionUpgrade": true, "BackupRetentionPeriod": 7, - "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.medium", "DBName": "ORCL", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy-sql-server.js.snapshot/aws-cdk-rds-proxy-sql-server.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy-sql-server.js.snapshot/aws-cdk-rds-proxy-sql-server.template.json index a42e920e84502..fadcbd5802572 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy-sql-server.js.snapshot/aws-cdk-rds-proxy-sql-server.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy-sql-server.js.snapshot/aws-cdk-rds-proxy-sql-server.template.json @@ -492,7 +492,6 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "AllocatedStorage": "100", - "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.small", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json index 13bcd0c6aa60d..cb67056386bd0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.js.snapshot/aws-cdk-rds-proxy.template.json @@ -492,7 +492,6 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "AllocatedStorage": "100", - "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.medium", "DBSubnetGroupName": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.read-replica.js.snapshot/cdk-rds-read-replica.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.read-replica.js.snapshot/cdk-rds-read-replica.template.json index e6a6cb819ea3a..dae065767e550 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.read-replica.js.snapshot/cdk-rds-read-replica.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.read-replica.js.snapshot/cdk-rds-read-replica.template.json @@ -200,7 +200,6 @@ "Properties": { "AllocatedStorage": "100", "BackupRetentionPeriod": 5, - "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.small", "DBSubnetGroupName": { @@ -280,7 +279,6 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "CopyTagsToSnapshot": true, - "CACertificateIdentifier": "rds-ca-2019", "DBInstanceClass": "db.t3.small", "DBSubnetGroupName": { "Ref": "PostgresReplicaSubnetGroup301B59DA" @@ -393,7 +391,6 @@ "Properties": { "AllocatedStorage": "100", "BackupRetentionPeriod": 5, - "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.small", "DBSubnetGroupName": { @@ -483,7 +480,6 @@ "Type": "AWS::RDS::DBInstance", "Properties": { "BackupRetentionPeriod": 3, - "CACertificateIdentifier": "rds-ca-2019", "CopyTagsToSnapshot": true, "DBInstanceClass": "db.t3.small", "DBParameterGroupName": { diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance.ts b/packages/aws-cdk-lib/aws-rds/lib/instance.ts index 4f5bf9b66e4cb..1fab510aa69b6 100644 --- a/packages/aws-cdk-lib/aws-rds/lib/instance.ts +++ b/packages/aws-cdk-lib/aws-rds/lib/instance.ts @@ -385,7 +385,14 @@ export class CaCertificate { /** * @param identifier - CA certificate identifier */ - private constructor(public readonly identifier: string) { } + private constructor(private readonly identifier: string) { } + + /** + * Returns the CA certificate identifier as a string + */ + public toString(): string { + return this.identifier; + } } /** @@ -765,7 +772,7 @@ export interface DatabaseInstanceNewProps { * For Aurora DB engines: * @see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html * - * @default - CaCertificate.RDS_CA_2019 + * @default - RDS will choose a certificate authority */ readonly caCertificate?: CaCertificate; } @@ -920,7 +927,7 @@ abstract class DatabaseInstanceNew extends DatabaseInstanceBase implements IData domain: this.domainId, domainIamRoleName: this.domainRole?.roleName, networkType: props.networkType, - caCertificateIdentifier: props.caCertificate ? props.caCertificate.identifier : CaCertificate.RDS_CA_2019.identifier, + caCertificateIdentifier: props.caCertificate ? props.caCertificate.toString() : undefined, }; }