UNPKG

cdk-rds-sql

Version:

A CDK construct that allows creating roles or users and databases on Aurora Serverless PostgreSQL or MySQL/MariaDB clusters, as well as AWS DSQL clusters.

github.com/berenddeboer/cdk-rds-sql

berenddeboer/cdk-rds-sql

127 lines (126 loc) 4.53 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
import { Duration } from "aws-cdk-lib"; import * as dsql from "aws-cdk-lib/aws-dsql"; import { IVpc, SubnetSelection } from "aws-cdk-lib/aws-ec2"; import { IFunction } from "aws-cdk-lib/aws-lambda"; import * as lambda from "aws-cdk-lib/aws-lambda-nodejs"; import { NodejsFunctionProps } from "aws-cdk-lib/aws-lambda-nodejs"; import { IDatabaseCluster, IDatabaseInstance } from "aws-cdk-lib/aws-rds"; import { ISecret } from "aws-cdk-lib/aws-secretsmanager"; import { Construct } from "constructs"; export interface RdsSqlProps { /** * VPC network to place the provider lambda. * * Normally this is the VPC of your database. * Required when your database is only accessible in a VPC. * Not required for DSQL as it uses public endpoints with IAM authentication. * * @default - Function is not placed within a VPC. */ readonly vpc?: IVpc; /** * Where to place the network provider lambda within the VPC. * * @default - the isolated subnet if not specified */ readonly vpcSubnets?: SubnetSelection; /** * Your database cluster or instance. * Supports both traditional RDS/Aurora clusters and DSQL clusters. * - For RDS/Aurora: security groups will be configured to allow access * - For DSQL: IAM authentication will be used instead of secrets */ readonly cluster: IDatabaseCluster | IDatabaseInstance | dsql.CfnCluster; /** * Secret that grants access to your database. * * Usually this is your cluster's master secret. * Not required when relying on IAM authentication (such as DSQL). * * @default - undefined for DSQL clusters using IAM authentication */ readonly secret?: ISecret; /** * Timeout for lambda to do its work. * * @default - 5 minutes */ readonly timeout?: Duration; /** * Log SQL statements. This includes passwords. Use only for debugging. * * @default - false */ readonly logger?: boolean; /** * Additional function customization. * * This enables additional function customization such as the log group. However, * lambda function properties controlled by other {RdsSqlProps} parameters will trump * opions set via this parameter. * * @default - empty */ readonly functionProps?: NodejsFunctionProps; /** * Use SSL? * * @default - true */ readonly ssl?: boolean; } /** * Supported database engines */ export declare enum DatabaseEngine { POSTGRES = "postgres", MYSQL = "mysql", DSQL = "dsql" } export interface IProvider { readonly serviceToken: string; readonly handler: IFunction; readonly secret?: ISecret; readonly engine: string; readonly cluster?: IDatabaseCluster | IDatabaseInstance | dsql.CfnCluster; } export interface ProviderAttributes { /** * Either the ARN or name of the Lambda function. * Use functionArn for cross-account or cross-region scenarios. * Use functionName for same-account, same-region scenarios. */ readonly functionArn?: string; readonly functionName?: string; readonly engine: DatabaseEngine; /** * Optional cluster information for role creation. * * When importing a provider, cluster details are often not available. * However, some operations like role creation require cluster endpoint * information to build connection secrets. * * If you plan to create roles with the imported provider, you must * provide the cluster reference. If you only plan to use existing * roles, databases, schemas, or SQL operations, this can be omitted. */ readonly cluster?: IDatabaseCluster | IDatabaseInstance | dsql.CfnCluster; } export declare class Provider extends Construct implements IProvider { /** * Import an existing provider Lambda function */ static fromProviderAttributes(scope: Construct, id: string, attrs: ProviderAttributes): IProvider; readonly serviceToken: string; readonly secret?: ISecret; readonly handler: IFunction; readonly cluster?: IDatabaseCluster | IDatabaseInstance | dsql.CfnCluster; /** * The engine like "postgres" or "mysql" * * @default - if we cannot determine this "postgres" */ readonly engine: string; constructor(scope: Construct, id: string, props: RdsSqlProps); protected newCustomResourceHandler(scope: Construct, id: string, props: RdsSqlProps): lambda.NodejsFunction; }