From 96b2034c44b441a96cfe19855d343b0f983c8772 Mon Sep 17 00:00:00 2001 From: Adam Ruka Date: Fri, 25 Feb 2022 11:37:03 -0800 Subject: [PATCH] fix(rds): MySQL Cluster version 8.0 uses wrong Parameter for S3 import (#19145) There was recently a new major version of the Aurora MySQL released (8.0). Apparently, it requires a different Parameter for S3 imports (`aws_default_s3_role`) than `aurora_load_from_s3_role`, which the pre-8.0 versions use. Fixes #19126 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-rds/lib/cluster-engine.ts | 6 ++++- .../@aws-cdk/aws-rds/test/cluster.test.ts | 22 ++++++++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts b/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts index 6d7b0d361b4a5..65e7ed6496e97 100644 --- a/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts +++ b/packages/@aws-cdk/aws-rds/lib/cluster-engine.ts @@ -177,7 +177,11 @@ abstract class MySqlClusterEngineBase extends ClusterEngineBase { }) : config.parameterGroup); if (options.s3ImportRole) { - parameterGroup?.addParameter('aurora_load_from_s3_role', options.s3ImportRole.roleArn); + // major version 8.0 uses a different name for the S3 import parameter + const s3ImportParam = this.engineVersion?.majorVersion === '8.0' + ? 'aws_default_s3_role' + : 'aurora_load_from_s3_role'; + parameterGroup?.addParameter(s3ImportParam, options.s3ImportRole.roleArn); } if (options.s3ExportRole) { parameterGroup?.addParameter('aurora_select_into_s3_role', options.s3ExportRole.roleArn); diff --git a/packages/@aws-cdk/aws-rds/test/cluster.test.ts b/packages/@aws-cdk/aws-rds/test/cluster.test.ts index 4ee20a30daffd..bf597d08540e2 100644 --- a/packages/@aws-cdk/aws-rds/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-rds/test/cluster.test.ts @@ -1,6 +1,7 @@ import { Match, Template } from '@aws-cdk/assertions'; import * as ec2 from '@aws-cdk/aws-ec2'; import { ManagedPolicy, Role, ServicePrincipal } from '@aws-cdk/aws-iam'; +import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; import * as logs from '@aws-cdk/aws-logs'; import * as s3 from '@aws-cdk/aws-s3'; @@ -953,7 +954,6 @@ describe('cluster', () => { }); }); - test('addRotationSingleUser() with VPC interface endpoint', () => { // GIVEN const stack = new cdk.Stack(); @@ -1707,6 +1707,26 @@ describe('cluster', () => { Template.fromStack(stack).resourceCountIs('AWS::RDS::DBClusterParameterGroup', 0); }); + test('MySQL cluster in version 8.0 uses aws_default_s3_role as a Parameter for S3 import, instead of aurora_load_from_s3_role', () => { + // GIVEN + const stack = testStack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + // WHEN + new DatabaseCluster(stack, 'Database', { + instanceProps: { vpc }, + engine: DatabaseClusterEngine.auroraMysql({ version: AuroraMysqlEngineVersion.VER_3_01_0 }), + s3ImportRole: iam.Role.fromRoleArn(stack, 'S3ImportRole', 'arn:aws:iam::123456789012:role/my-role'), + }); + + Template.fromStack(stack).hasResourceProperties('AWS::RDS::DBClusterParameterGroup', { + Family: 'aurora-mysql8.0', + Parameters: { + aws_default_s3_role: 'arn:aws:iam::123456789012:role/my-role', + }, + }); + }); + test('throws when s3ExportRole and s3ExportBuckets properties are both specified', () => { // GIVEN const stack = testStack();