[aws-rds] Timed out waiting for target group (CfnDBProxyTargetGroup) to become available.

[civilizeddev]

There is no way to validate a wrong configuration on DBProxy's security group.

That is, there is no way to verify the connection from the proxy to the DB.

Originally posted by @tbrand in #8885 (comment)

The connection from the proxy to the DB should be once established on creating DB Target Group.

Or, it will time out on cdk deploy

With wrong security groups it may fail. It's okay.

But I'm afraid it would make cdk users confused and embarrassed.

Q. Is it possible to prevent cdk from waiting for the target group to become available? @nija-at

Reproduction Steps

1. Given an existing RDS instance(or cluster).
2. Create a DatabaseProxy from the instance(or cluster) with a security group but not accessible to the RDS instance.
3. $ cdk deploy

Error Log

After several minutes:

Timed out waiting for target group to become available.

Environment

• CLI Version : aws-cli/2.0.28 Python/3.8.3 Darwin/19.5.0 botocore/2.0.0dev32
• Framework Version: 1.49.1
• Node.js Version: v14.5.0
• OS : macos 10.15.5
• Language (Version): TypeScript 3.9.6

Other

In the Management Console, or with AWS CLI, you can create a proxy (no time out), but the target group will remain unavailable

---

This is 🐛 Bug Report

[skinny85]

Thanks @civilizeddev . Looks like we should create a new Security Group if one wasn't passed here.

[civilizeddev]

There is no way to verify that the target DB instance/cluster has an incoming rule accessible from the provided security groups.

[skinny85]

Hey @civilizeddev ,

I believe this was fixed in #12953. Can you verify?

Thanks,
Adam

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.