Hey all, I have this code and I am not seeing what I am doing wrong.
I am creating an RDS in CDK :
const secret = this.createDatabaseInstanceSecret(appName, props.deployEnv, rdsProps.masteruser);
const isProduction = props.deployEnv === 'prd'; // Check if the environment is production
// Create new RDS
const rdsInstance = new rds.DatabaseInstance(this, `${appName}-${props.deployEnv}-rds`, {
engine: rds.DatabaseInstanceEngine.mariaDb({
version: rds.MariaDbEngineVersion.of(rdsProps.mariaDbEngineVersion, mariaDbMajorVersion),
}),
instanceType: rdsInstanceType,
licenseModel: rds.LicenseModel.GENERAL_PUBLIC_LICENSE,
vpc: internalVpcId,
multiAz: multiAz,
allocatedStorage: 250,
maxAllocatedStorage: 500,
instanceIdentifier: `${appName}-${props.deployEnv}-${identifierPostfix}`,
storageType: rds.StorageType.GP2,
deletionProtection: isProduction, // Only enable deletion protection in production
storageEncrypted: false,
enablePerformanceInsights: false,
backupRetention: cdk.Duration.days(0),
autoMinorVersionUpgrade: true,
allowMajorVersionUpgrade: true,
vpcSubnets: { subnets: rdsISubnets },
credentials: rds.Credentials.fromSecret(secret), // Get both username and password from existing secret
securityGroups: [rdsSecuritygroup],
});
And for that secret it uses I have a create secret function:
private createDatabaseInstanceSecret(appName: string, deployEnv: string, masteruser: string): Secret {
console.log('Creating secret named: ' + appName + '-' + deployEnv + '-credentials');
// Create Secret key/user
const databaseCredentialsSecret = new Secret(this, `${appName}-${deployEnv}-rds-DBCredentialsSecret`, {
secretName: `${appName}-${deployEnv}-credentials`,
generateSecretString: {
secretStringTemplate: JSON.stringify({
userName: masteruser,
}),
excludePunctuation: true,
includeSpace: false,
generateStringKey: 'password',
},
});
// lets output a few properties to help use find the credentials
new cdk.CfnOutput(this, 'Secret Name', { value: databaseCredentialsSecret.secretName });
new cdk.CfnOutput(this, 'Secret ARN', { value: databaseCredentialsSecret.secretArn });
new cdk.CfnOutput(this, 'Secret Full ARN', { value: databaseCredentialsSecret.secretFullArn || '' });
new StringParameter(this, 'DBCredentialsArn', {
parameterName: `${appName}-${deployEnv}-credentials-arn`,
stringValue: databaseCredentialsSecret.secretArn,
});
return databaseCredentialsSecret;
}
But I get this error:
s (prdrdsBCCE71DD) Could not find a value associated with JSONKey in SecretString
❌ -prd/rds (-prd-rds) failed: Error: The stack named -prd-rds failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Could not find a value associated with JSONKey in SecretString
at FullCloudFormationDeployment.monitorDeployment (/usr/lib/node_modules/aws-cdk/lib/index.js:443:10236)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async Object.deployStack2 [as deployStack] (/usr/lib/node_modules/aws-cdk/lib/index.js:446:153718)
at async /usr/lib/node_modules/aws-cdk/lib/index.js:446:137166
❌ Deployment failed: Error: The stack named -prd-rds failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Could not find a value associated with JSONKey in SecretString
at FullCloudFormationDeployment.monitorDeployment (/usr/lib/node_modules/aws-cdk/lib/index.js:443:10236)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async Object.deployStack2 [as deployStack] (/usr/lib/node_modules/aws-cdk/lib/index.js:446:153718)
at async /usr/lib/node_modules/aws-cdk/lib/index.js:446:137166
The stack named -prd-rds failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Could not find a value associated with JSONKey in SecretString
AWS OFFICIALUpdated 3 years ago
