'What the difference between rds.DatabaseInstance and rds.IDatabaseInstance?

What I want to do is here

  • Making new RDS Aurora for Production
  • Using already exist RDS Mysql for Staging
  • I need to give these secret to ECS

My idea is here below,

Making dbCluster variable for storing both.

in Prod it store the DatabaseCluster and Stag it store rds.DatabaseInstance

This is my Staging environment

    public readonly dbCluster: rds.DatabaseCluster | rds.DatabaseInstance; 
    constructor(scope: Construct, id: string, props?: StackProps) {
      const existingDatabaseInstance = rds.DatabaseInstance.fromDatabaseInstanceAttributes(this,'mysqlrds',{
        instanceIdentifier: "XXXXXXXXXX",
        securityGroups: [],
        instanceEndpointAddress: "XXXXXXXXXX.cishneowmf1a.ap-northeast-1.rds.amazonaws.com",
        port: 3306
      });

then in another script.

I can give the secret to ECS, either it has rds.DatabaseCluster or rds.DatabaseInstance

    export interface CdkStFargateStackProps extends StackProps {
      readonly dbCluster: rds.DatabaseCluster | rds.DatabaseInstance;
        props!.dbCluster.secret?.grantRead(taskDefinitionAdmin.taskRole)

The problems are

  • rds.DatabaseInstance.fromDatabaseInstanceAttributes

returns IDatabaseInstance not DatabaseInstance.

  • IDatabaseInstance doesn't have secret

How can I solve this?

aws-cdk


Solution 1:[1]

How can I solve this?

Return a read-only reference to the RDS MySQL's secret using the Secret.fromSecretPartialArn static method. Pass the secret's ARN without the random suffix letters.

fromSecretPartialArn returns a class that implements the ISecret interface. It's the same type returned by the DatabaseCluster.secret property you are already using. Use its grantRead method, which grants read access to an IAM principal such as your taskDefinitionAdmin.taskRole, using its principal policy or resource policy.

What the difference between rds.DatabaseInstance and rds.IDatabaseInstance?

They belong to different CDK categories:

rds.DatabaseInstance is a Construct, Library classes that represent one or more concrete AWS resources.

rds.IDatabaseInstance is an Interface, whose names all begin with "I", define the absolute minimum functionality for the corresponding construct or other class. The CDK uses construct interfaces to represent AWS resources that are defined outside your AWS CDK app and referenced by methods such as Bucket.fromBucketArn().

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 fedonev

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function