Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DatabaseCluster(aws-rds): Using grantDataApiAccess method on imported cluster using DatabaseCluster.fromDatabaseClusterAttributes fails with the error: Cannot grant Data API access when the Data API is disabled #30676

Closed
rahuldeverani opened this issue Jun 26, 2024 · 3 comments
Assignees
Labels
@aws-cdk/aws-rds Related to Amazon Relational Database bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@rahuldeverani
Copy link

rahuldeverani commented Jun 26, 2024

Describe the bug

If we want to add a Appsync dataSource and provide RDS DB cluster as serverlessCluster prop , it fails with the error: Cannot grant Data API access when the Data API is disabled

Expected Behavior

It should not fail during synth

Current Behavior

This seems to be occurring due to this: https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/cluster.ts#L524 as imported cluster : https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/cluster.ts#L1065C16-L1065C39 will have enableDataApi set as false: https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/cluster.ts#L983

Reproduction Steps

        const dbCluster = DatabaseCluster.fromDatabaseClusterAttributes(this, 'dbcluster', {
      clusterIdentifier: <identifier> ,
    });

    
    const rdsDataSource = new appsync.RdsDataSource(this, 'vehicledata-rds-datasource', {
      api,
      name: 'rdsDataSource',
      description: 'Vehicle Aurora serverless V2',
      secretStore: dbSecretCredentials,
      serverlessCluster: dbCluster,
      databaseName: '<>',
      serviceRole: dataSourceRole,
    });

This also fails with this snippet:

          const dbCluster = DatabaseCluster.fromDatabaseClusterAttributes(this, 'dbcluster', {
            clusterIdentifier: '<>',
          });
          
          const consoleReadOnlyRole = new iam.Role(this, 'ConsoleReadOnlyRole', {
            assumedBy: new iam.ArnPrincipal('arn_for_trusted_principal'),
          });


        // Grant the grantee access to the Data API
        dbCluster.grantDataApiAccess(consoleReadOnlyRole);

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.138.0

Framework Version

No response

Node.js Version

v20.8.1

OS

MacOs

Language

TypeScript

Language Version

No response

Other information

No response

@rahuldeverani rahuldeverani added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 26, 2024
@github-actions github-actions bot added the @aws-cdk/aws-rds Related to Amazon Relational Database label Jun 26, 2024
@ashishdhingra ashishdhingra self-assigned this Jun 27, 2024
@ashishdhingra
Copy link
Contributor

ashishdhingra commented Jun 27, 2024

@rahuldeverani This doesn't appear to be an issue. Below are my findings:

  • Although, manually creating Aurora Postgres (serverless v2) cluster in us-west-2 region (refer Supported Regions and Aurora DB engines for RDS Data API) with Data API disabled and creating role succeeds via AWS console.
  • Creating API via Amazon AppSync and selecting the created RDS cluster with Data API disabled, gives the error in AWS console.
    Screenshot 2024-06-27 at 9 44 56 AM

After Data API is enabled in AWS console, we no longer get the mentioned error. So the validation check in the CDK package is in line with the behavior in AWS console.

Please let me know if you are noticing a different behavior in AWS console.

Thanks,
Ashish

@ashishdhingra ashishdhingra added p2 effort/small Small work item – less than a day of effort response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. p2 effort/small Small work item – less than a day of effort labels Jun 27, 2024
Copy link

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Jun 29, 2024
@github-actions github-actions bot added closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jul 4, 2024
@github-actions github-actions bot closed this as completed Jul 4, 2024
@aws-cdk-automation
Copy link
Collaborator

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

@aws aws locked as resolved and limited conversation to collaborators Jul 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
@aws-cdk/aws-rds Related to Amazon Relational Database bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Development

No branches or pull requests

3 participants