UNPKG

cdk-rds-sql

Version:

A CDK construct that allows creating roles and databases an on Aurora Serverless Postgresql cluster.

github.com/berenddeboer/cdk-rds-sql

berenddeboer/cdk-rds-sql

63 lines 11.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
"use strict"; var _a; Object.defineProperty(exports, "__esModule", { value: true }); exports.Role = void 0; const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti"); const aws_cdk_lib_1 = require("aws-cdk-lib"); const aws_secretsmanager_1 = require("aws-cdk-lib/aws-secretsmanager"); const constructs_1 = require("constructs"); const role_custom_resource_1 = require("./role.custom-resource"); class Role extends constructs_1.Construct { constructor(scope, id, props) { if ((props.database && props.databaseName) || (!props.database && !props.databaseName)) throw "Specify either database or databaseName"; super(scope, id); const host = props.provider.cluster.clusterEndpoint ? props.provider.cluster.clusterEndpoint.hostname : props.provider.cluster.instanceEndpoint.hostname; const port = props.provider.cluster.clusterEndpoint ? props.provider.cluster.clusterEndpoint.port : props.provider.cluster.instanceEndpoint.port; const identifier = props.provider.cluster.clusterIdentifier ? props.provider.cluster.clusterIdentifier : props.provider.cluster.instanceIdentifier; this.secret = new aws_secretsmanager_1.Secret(this, "Secret", { secretName: props.secretName, encryptionKey: props.encryptionKey, description: `Generated secret for postgres role ${props.roleName}`, generateSecretString: { passwordLength: 30, secretStringTemplate: JSON.stringify({ dbClusterIdentifier: identifier, engine: "postgres", host: host, port: port, username: props.roleName, dbname: props.database ? props.database.databaseName : props.databaseName, }), generateStringKey: "password", excludeCharacters: " %+~`#$&*()|[]{}:;<>?!'/@\"\\", }, removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY, }); const role = new role_custom_resource_1.Role(this, "PostgresRole", { provider: props.provider, roleName: props.roleName, passwordArn: this.secret.secretArn, database: props.database, databaseName: props.databaseName, }); role.node.addDependency(this.secret); this.roleName = props.roleName; this.secret.grantRead(props.provider.handler); if (this.secret.encryptionKey) { // It seems we need to grant explicit permission this.secret.encryptionKey.grantDecrypt(props.provider.handler); } } } exports.Role = Role; _a = JSII_RTTI_SYMBOL_1; Role[_a] = { fqn: "cdk-rds-sql.Role", version: "5.0.0" }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm9sZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9yb2xlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsNkNBQTJDO0FBRzNDLHVFQUFnRTtBQUNoRSwyQ0FBc0M7QUFHdEMsaUVBQW1FO0FBa0RuRSxNQUFhLElBQUssU0FBUSxzQkFBUztJQVdqQyxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQWdCO1FBQ3hELElBQ0UsQ0FBQyxLQUFLLENBQUMsUUFBUSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUM7WUFDdEMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxRQUFRLElBQUksQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDO1lBRXhDLE1BQU0seUNBQXlDLENBQUE7UUFDakQsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQTtRQUVoQixNQUFNLElBQUksR0FBSSxLQUFLLENBQUMsUUFBUSxDQUFDLE9BQTRCLENBQUMsZUFBZTtZQUN2RSxDQUFDLENBQUUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUE0QixDQUFDLGVBQWUsQ0FBQyxRQUFRO1lBQ3ZFLENBQUMsQ0FBRSxLQUFLLENBQUMsUUFBUSxDQUFDLE9BQTZCLENBQUMsZ0JBQWdCLENBQUMsUUFBUSxDQUFBO1FBRTNFLE1BQU0sSUFBSSxHQUFJLEtBQUssQ0FBQyxRQUFRLENBQUMsT0FBNEIsQ0FBQyxlQUFlO1lBQ3ZFLENBQUMsQ0FBRSxLQUFLLENBQUMsUUFBUSxDQUFDLE9BQTRCLENBQUMsZUFBZSxDQUFDLElBQUk7WUFDbkUsQ0FBQyxDQUFFLEtBQUssQ0FBQyxRQUFRLENBQUMsT0FBNkIsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUE7UUFFdkUsTUFBTSxVQUFVLEdBQUksS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUE0QixDQUFDLGlCQUFpQjtZQUMvRSxDQUFDLENBQUUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUE0QixDQUFDLGlCQUFpQjtZQUNoRSxDQUFDLENBQUUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUE2QixDQUFDLGtCQUFrQixDQUFBO1FBRXBFLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSwyQkFBTSxDQUFDLElBQUksRUFBRSxRQUFRLEVBQUU7WUFDdkMsVUFBVSxFQUFFLEtBQUssQ0FBQyxVQUFVO1lBQzVCLGFBQWEsRUFBRSxLQUFLLENBQUMsYUFBYTtZQUNsQyxXQUFXLEVBQUUsc0NBQXNDLEtBQUssQ0FBQyxRQUFRLEVBQUU7WUFDbkUsb0JBQW9CLEVBQUU7Z0JBQ3BCLGNBQWMsRUFBRSxFQUFFO2dCQUNsQixvQkFBb0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDO29CQUNuQyxtQkFBbUIsRUFBRSxVQUFVO29CQUMvQixNQUFNLEVBQUUsVUFBVTtvQkFDbEIsSUFBSSxFQUFFLElBQUk7b0JBQ1YsSUFBSSxFQUFFLElBQUk7b0JBQ1YsUUFBUSxFQUFFLEtBQUssQ0FBQyxRQUFRO29CQUN4QixNQUFNLEVBQUUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxZQUFZO2lCQUMxRSxDQUFDO2dCQUNGLGlCQUFpQixFQUFFLFVBQVU7Z0JBQzdCLGlCQUFpQixFQUFFLCtCQUErQjthQUNuRDtZQUNELGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87U0FDckMsQ0FBQyxDQUFBO1FBQ0YsTUFBTSxJQUFJLEdBQUcsSUFBSSwyQkFBa0IsQ0FBQyxJQUFJLEVBQUUsY0FBYyxFQUFFO1lBQ3hELFFBQVEsRUFBRSxLQUFLLENBQUMsUUFBUTtZQUN4QixRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDeEIsV0FBVyxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsU0FBUztZQUNsQyxRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDeEIsWUFBWSxFQUFFLEtBQUssQ0FBQyxZQUFZO1NBQ2pDLENBQUMsQ0FBQTtRQUNGLElBQUksQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQTtRQUNwQyxJQUFJLENBQUMsUUFBUSxHQUFHLEtBQUssQ0FBQyxRQUFRLENBQUE7UUFDOUIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQTtRQUM3QyxJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsYUFBYSxFQUFFO1lBQzdCLGdEQUFnRDtZQUNoRCxJQUFJLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQTtTQUMvRDtJQUNILENBQUM7O0FBaEVILG9CQWlFQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IFJlbW92YWxQb2xpY3kgfSBmcm9tIFwiYXdzLWNkay1saWJcIlxuaW1wb3J0ICogYXMga21zIGZyb20gXCJhd3MtY2RrLWxpYi9hd3Mta21zXCJcbmltcG9ydCB7IElEYXRhYmFzZUNsdXN0ZXIsIElEYXRhYmFzZUluc3RhbmNlIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1yZHNcIlxuaW1wb3J0IHsgSVNlY3JldCwgU2VjcmV0IH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1zZWNyZXRzbWFuYWdlclwiXG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tIFwiY29uc3RydWN0c1wiXG5pbXBvcnQgeyBJRGF0YWJhc2UgfSBmcm9tIFwiLi9kYXRhYmFzZVwiXG5pbXBvcnQgeyBQcm92aWRlciB9IGZyb20gXCIuL3Byb3ZpZGVyXCJcbmltcG9ydCB7IFJvbGUgYXMgQ3VzdG9tUmVzb3VyY2VSb2xlIH0gZnJvbSBcIi4vcm9sZS5jdXN0b20tcmVzb3VyY2VcIlxuXG5leHBvcnQgaW50ZXJmYWNlIFJvbGVQcm9wcyB7XG4gIC8qKlxuICAgKiBQcm92aWRlci5cbiAgICovXG4gIHJlYWRvbmx5IHByb3ZpZGVyOiBQcm92aWRlclxuXG4gIC8qKlxuICAgKiBTUUwuXG4gICAqL1xuICByZWFkb25seSByb2xlTmFtZTogc3RyaW5nXG5cbiAgLyoqXG4gICAqIE9wdGlvbmFsIGRhdGFiYXNlIHRoaXMgdXNlciBpcyBleHBlY3RlZCB0byB1c2UuXG4gICAqXG4gICAqIElmIHRoZSBkYXRhYmFzZSBleGlzdHMsIGNvbm5lY3QgcHJpdmlsZWdlcyBhcmUgZ3JhbnRlZC5cbiAgICpcbiAgICogU3BlY2lmeSBub25lIG9mIGBkYXRhYmFzZWAgb3IgYGRhdGFiYXNlTmFtZWAgb3Igb25seSBvbmUgb2YgdGhlbS5cbiAgICpcbiAgICogQGRlZmF1bHQgbm8gY29ubmVjdGlvbiB0byBhbnkgZGF0YWJhc2UgaXMgZ3JhbnRlZFxuICAgKi9cbiAgcmVhZG9ubHkgZGF0YWJhc2U/OiBJRGF0YWJhc2VcblxuICAvKipcbiAgICogT3B0aW9uYWwgZGF0YWJhc2UgbmFtZSB0aGlzIHVzZXIgaXMgZXhwZWN0ZWQgdG8gdXNlLlxuICAgKlxuICAgKiBJZiB0aGUgZGF0YWJhc2UgZXhpc3RzLCBjb25uZWN0IHByaXZpbGVnZXMgYXJlIGdyYW50ZWQuXG4gICAqXG4gICAqIFNwZWNpZnkgbm9uZSBvZiBgZGF0YWJhc2VgIG9yIGBkYXRhYmFzZU5hbWVgIG9yIG9ubHkgb25lIG9mIHRoZW0uXG4gICAqXG4gICAqIEBkZWZhdWx0IG5vIGNvbm5lY3Rpb24gdG8gYW55IGRhdGFiYXNlIGlzIGdyYW50ZWRcbiAgICovXG4gIHJlYWRvbmx5IGRhdGFiYXNlTmFtZT86IHN0cmluZ1xuXG4gIC8qKlxuICAgKiBBIG5ldyBzZWNyZXQgaXMgY3JlYXRlZCBmb3IgdGhpcyB1c2VyLlxuICAgKlxuICAgKiBPcHRpb25hbGx5IGVuY3J5cHQgaXQgd2l0aCB0aGUgZ2l2ZW4ga2V5LlxuICAgKi9cbiAgcmVhZG9ubHkgZW5jcnlwdGlvbktleT86IGttcy5JS2V5XG5cbiAgLyoqXG4gICAqIEEgbmV3IHNlY3JldCBpcyBjcmVhdGVkIGZvciB0aGlzIHVzZXIuXG4gICAqXG4gICAqIE9wdGlvbmFsbHkgYWRkIHNlY3JldCBuYW1lIHRvIHRoZSBzZWNyZXQuXG4gICAqL1xuICByZWFkb25seSBzZWNyZXROYW1lPzogc3RyaW5nXG59XG5cbmV4cG9ydCBjbGFzcyBSb2xlIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgLyoqXG4gICAqIFRoZSByb2xlIG5hbWUuXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgcm9sZU5hbWU6IHN0cmluZ1xuXG4gIC8qKlxuICAgKiBUaGUgZ2VuZXJhdGVkIHNlY3JldC5cbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBzZWNyZXQ6IElTZWNyZXRcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogUm9sZVByb3BzKSB7XG4gICAgaWYgKFxuICAgICAgKHByb3BzLmRhdGFiYXNlICYmIHByb3BzLmRhdGFiYXNlTmFtZSkgfHxcbiAgICAgICghcHJvcHMuZGF0YWJhc2UgJiYgIXByb3BzLmRhdGFiYXNlTmFtZSlcbiAgICApXG4gICAgICB0aHJvdyBcIlNwZWNpZnkgZWl0aGVyIGRhdGFiYXNlIG9yIGRhdGFiYXNlTmFtZVwiXG4gICAgc3VwZXIoc2NvcGUsIGlkKVxuXG4gICAgY29uc3QgaG9zdCA9IChwcm9wcy5wcm92aWRlci5jbHVzdGVyIGFzIElEYXRhYmFzZUNsdXN0ZXIpLmNsdXN0ZXJFbmRwb2ludFxuICAgICAgPyAocHJvcHMucHJvdmlkZXIuY2x1c3RlciBhcyBJRGF0YWJhc2VDbHVzdGVyKS5jbHVzdGVyRW5kcG9pbnQuaG9zdG5hbWVcbiAgICAgIDogKHByb3BzLnByb3ZpZGVyLmNsdXN0ZXIgYXMgSURhdGFiYXNlSW5zdGFuY2UpLmluc3RhbmNlRW5kcG9pbnQuaG9zdG5hbWVcblxuICAgIGNvbnN0IHBvcnQgPSAocHJvcHMucHJvdmlkZXIuY2x1c3RlciBhcyBJRGF0YWJhc2VDbHVzdGVyKS5jbHVzdGVyRW5kcG9pbnRcbiAgICAgID8gKHByb3BzLnByb3ZpZGVyLmNsdXN0ZXIgYXMgSURhdGFiYXNlQ2x1c3RlcikuY2x1c3RlckVuZHBvaW50LnBvcnRcbiAgICAgIDogKHByb3BzLnByb3ZpZGVyLmNsdXN0ZXIgYXMgSURhdGFiYXNlSW5zdGFuY2UpLmluc3RhbmNlRW5kcG9pbnQucG9ydFxuXG4gICAgY29uc3QgaWRlbnRpZmllciA9IChwcm9wcy5wcm92aWRlci5jbHVzdGVyIGFzIElEYXRhYmFzZUNsdXN0ZXIpLmNsdXN0ZXJJZGVudGlmaWVyXG4gICAgICA/IChwcm9wcy5wcm92aWRlci5jbHVzdGVyIGFzIElEYXRhYmFzZUNsdXN0ZXIpLmNsdXN0ZXJJZGVudGlmaWVyXG4gICAgICA6IChwcm9wcy5wcm92aWRlci5jbHVzdGVyIGFzIElEYXRhYmFzZUluc3RhbmNlKS5pbnN0YW5jZUlkZW50aWZpZXJcblxuICAgIHRoaXMuc2VjcmV0ID0gbmV3IFNlY3JldCh0aGlzLCBcIlNlY3JldFwiLCB7XG4gICAgICBzZWNyZXROYW1lOiBwcm9wcy5zZWNyZXROYW1lLFxuICAgICAgZW5jcnlwdGlvbktleTogcHJvcHMuZW5jcnlwdGlvbktleSxcbiAgICAgIGRlc2NyaXB0aW9uOiBgR2VuZXJhdGVkIHNlY3JldCBmb3IgcG9zdGdyZXMgcm9sZSAke3Byb3BzLnJvbGVOYW1lfWAsXG4gICAgICBnZW5lcmF0ZVNlY3JldFN0cmluZzoge1xuICAgICAgICBwYXNzd29yZExlbmd0aDogMzAsIC8vIE9yYWNsZSBwYXNzd29yZCBjYW5ub3QgaGF2ZSBtb3JlIHRoYW4gMzAgY2hhcmFjdGVyc1xuICAgICAgICBzZWNyZXRTdHJpbmdUZW1wbGF0ZTogSlNPTi5zdHJpbmdpZnkoe1xuICAgICAgICAgIGRiQ2x1c3RlcklkZW50aWZpZXI6IGlkZW50aWZpZXIsXG4gICAgICAgICAgZW5naW5lOiBcInBvc3RncmVzXCIsXG4gICAgICAgICAgaG9zdDogaG9zdCxcbiAgICAgICAgICBwb3J0OiBwb3J0LFxuICAgICAgICAgIHVzZXJuYW1lOiBwcm9wcy5yb2xlTmFtZSxcbiAgICAgICAgICBkYm5hbWU6IHByb3BzLmRhdGFiYXNlID8gcHJvcHMuZGF0YWJhc2UuZGF0YWJhc2VOYW1lIDogcHJvcHMuZGF0YWJhc2VOYW1lLFxuICAgICAgICB9KSxcbiAgICAgICAgZ2VuZXJhdGVTdHJpbmdLZXk6IFwicGFzc3dvcmRcIixcbiAgICAgICAgZXhjbHVkZUNoYXJhY3RlcnM6IFwiICUrfmAjJCYqKCl8W117fTo7PD4/IScvQFxcXCJcXFxcXCIsXG4gICAgICB9LFxuICAgICAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5ERVNUUk9ZLFxuICAgIH0pXG4gICAgY29uc3Qgcm9sZSA9IG5ldyBDdXN0b21SZXNvdXJjZVJvbGUodGhpcywgXCJQb3N0Z3Jlc1JvbGVcIiwge1xuICAgICAgcHJvdmlkZXI6IHByb3BzLnByb3ZpZGVyLFxuICAgICAgcm9sZU5hbWU6IHByb3BzLnJvbGVOYW1lLFxuICAgICAgcGFzc3dvcmRBcm46IHRoaXMuc2VjcmV0LnNlY3JldEFybixcbiAgICAgIGRhdGFiYXNlOiBwcm9wcy5kYXRhYmFzZSxcbiAgICAgIGRhdGFiYXNlTmFtZTogcHJvcHMuZGF0YWJhc2VOYW1lLFxuICAgIH0pXG4gICAgcm9sZS5ub2RlLmFkZERlcGVuZGVuY3kodGhpcy5zZWNyZXQpXG4gICAgdGhpcy5yb2xlTmFtZSA9IHByb3BzLnJvbGVOYW1lXG4gICAgdGhpcy5zZWNyZXQuZ3JhbnRSZWFkKHByb3BzLnByb3ZpZGVyLmhhbmRsZXIpXG4gICAgaWYgKHRoaXMuc2VjcmV0LmVuY3J5cHRpb25LZXkpIHtcbiAgICAgIC8vIEl0IHNlZW1zIHdlIG5lZWQgdG8gZ3JhbnQgZXhwbGljaXQgcGVybWlzc2lvblxuICAgICAgdGhpcy5zZWNyZXQuZW5jcnlwdGlvbktleS5ncmFudERlY3J5cHQocHJvcHMucHJvdmlkZXIuaGFuZGxlcilcbiAgICB9XG4gIH1cbn1cbiJdfQ==