(documentDB): (Expose CACertificateIdentifier in L2 Construct) #28356
Labels
@aws-cdk/aws-docdb
Related to Amazon DocumentDB
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
p2
Comments
HaaLeo
added
feature-request
|
Yeah it would be great to expose that as an optional property. Aside from Aspects, another option is like this: export class DemoStack extends Stack {
readonly fn: lambda.IFunction;
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);
const cluster = new docdb.DatabaseCluster(this, 'Database', {
masterUser: {
username: 'myuser', // NOTE: 'admin' is reserved by DocumentDB
excludeCharacters: '\"@/:', // optional, defaults to the set "\"@/" and is also used for eventually created rotations
secretName: '/myapp/mydocdb/masteruser', // optional, if you prefer to specify the secret name
},
instanceType: ec2.InstanceType.of(ec2.InstanceClass.MEMORY5, ec2.InstanceSize.LARGE),
instances: 3,
vpcSubnets: {
subnetType: ec2.SubnetType.PUBLIC,
},
vpc: getDefaultVpc(this),
});
this.overrideCustomProperty('AWS::DocDB::DBInstance', 'CACertificateIdentifier', 'rds-ca-rsa2048-g1', [cluster]);
}
private overrideCustomProperty(resourceType: string, overrideKey: string, overrideValue: string, children?: IConstruct[]) {
(children ?? this.node.children).forEach((child) => {
if(CfnResource.isCfnResource(child) && child.cfnResourceType == resourceType ) {
child.addPropertyOverride(overrideKey, overrideValue)
} else {
this.overrideCustomProperty(resourceType, overrideKey, overrideValue, child.node.children)
}
})
}
}And you can run multiple |
pahud
added
p2
effort/medium
mergify bot
pushed a commit
that referenced
this issue
May 9, 2024
Exposes the [CaCertificateIdentifier](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbinstance.html#cfn-docdb-dbinstance-cacertificateidentifier) property of [AWS::DocDB::DBInstance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbinstance.html) in the L2 constructs `DatabaseCluster` and `DatabaseInstance` of `aws_docdb`. This allows specifying a custom CA identifier using the CaCertificate class. Usage with `DatabaseCluster`: ```typescript new DatabaseCluster(stack, 'Database', { // ... instanceType: InstanceType.of(InstanceClass.R5, InstanceSize.LARGE), instanceCaCertificate: CaCertificate.RDS_CA_RSA4096_G1, // ... }); ``` Usage with `DatabaseInstance`: ```typescript new DatabaseInstance(stack, 'Instance', { cluster: databaseCluster, instanceType: InstanceType.of(InstanceClass.R5, InstanceSize.LARGE), caCertificate: CaCertificate.RDS_CA_RSA4096_G1, }); ``` This is modelled on #27138. Closes #28356. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
This was referenced Jun 22, 2024
This was referenced Jul 5, 2024
This was referenced Jul 16, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature
Pls expose the CloudFormation CACertificateIdentifier property on the L2 construct
docDb.DatabaseClusterUse Case
With that one does not have to use
Aspectsto set the ca certificateProposed Solution
If one can guide me I might be able to submit a PR myself.
Other Information
Right now one can use
Aspectsas a workaround:Acknowledgements
CDK version used
2.100.0
Environment details (OS name and version, etc.)
macOS 14.2
The text was updated successfully, but these errors were encountered: