(aws-rds): adding secret rotation via SAM application fails #19487
Labels
@aws-cdk/aws-rds
Related to Amazon Relational Database
bug
This issue is a bug.
needs-triage
This issue or PR still needs to be triaged.
What is the problem?
When adding a secret rotation to a database (in my case, ServerlessCluster) via the
.addRotationSingleUser()
method, CDK deployment fails because it cannot access the S3 bucket where the rotation lambda code is stored.The RDS method is still using the (old?) way of creating a rotation via a SAM application, and I recently updated my CDK from v1 to v2. Prior to that, it was working.
I know there was a soft intention to replace the application method of creating rotation lambdas with the hosted lambdas, but I didn't see anything about the old way being deprecated.
Reproduction Steps
What did you expect to happen?
Successful deployment (in particular, creation of rotation lambda from the SAM application).
What actually happened?
Rotation Lambda failed to create, it seems I can't access the bucket with its source code.
CDK CLI Version
2.16.0
Framework Version
No response
Node.js Version
16.13.1
OS
macOS
Language
Typescript
Language Version
3.9.10
Other information
I am running the deploy command using an Administrator role, though CloudFormation is assuming the generated roles from the bootstrap:
arn:aws:iam::<account id>:role/cdk-hnb659fds-cfn-exec-role-<account id>-<region>
.When I create a rotation using only the Secrets Manager construct (and use the hosted lambda properties instead of application), then it works.
The text was updated successfully, but these errors were encountered: