diff --git a/packages/@aws-cdk/aws-neptune/lib/cluster.ts b/packages/@aws-cdk/aws-neptune/lib/cluster.ts index 316795c23a491..f3c735b78f2c7 100644 --- a/packages/@aws-cdk/aws-neptune/lib/cluster.ts +++ b/packages/@aws-cdk/aws-neptune/lib/cluster.ts @@ -229,6 +229,12 @@ export interface IDatabaseCluster extends IResource, ec2.IConnectable { */ readonly clusterIdentifier: string; + /** + * Resource identifier of the cluster + * @attribute ClusterResourceId + */ + readonly clusterResourceIdentifier: string; + /** * The endpoint to use for read/write operations * @attribute Endpoint,Port @@ -266,6 +272,11 @@ export interface DatabaseClusterAttributes { */ readonly clusterIdentifier: string; + /** + * Resource Identifier for the cluster + */ + readonly clusterResourceIdentifier: string; + /** * Cluster endpoint address */ @@ -293,6 +304,7 @@ export abstract class DatabaseClusterBase extends Resource implements IDatabaseC defaultPort: this.defaultPort, }); public readonly clusterIdentifier = attrs.clusterIdentifier; + public readonly clusterResourceIdentifier = attrs.clusterResourceIdentifier; public readonly clusterEndpoint = new Endpoint(attrs.clusterEndpointAddress, attrs.port); public readonly clusterReadEndpoint = new Endpoint(attrs.readerEndpointAddress, attrs.port); protected enableIamAuthentication = true; @@ -306,6 +318,11 @@ export abstract class DatabaseClusterBase extends Resource implements IDatabaseC */ public abstract readonly clusterIdentifier: string; + /** + * Resource identifier of the cluster + */ + public abstract readonly clusterResourceIdentifier: string; + /** * The endpoint to use for read/write operations */ @@ -339,7 +356,7 @@ export abstract class DatabaseClusterBase extends Resource implements IDatabaseC 'neptune-db', Aws.REGION, Aws.ACCOUNT_ID, - `${this.clusterIdentifier}/*`, + `${this.clusterResourceIdentifier}/*`, ].join(':'), ], }); diff --git a/packages/@aws-cdk/aws-neptune/test/cluster.test.ts b/packages/@aws-cdk/aws-neptune/test/cluster.test.ts index 6bb933e34dab5..842b907e76ea0 100644 --- a/packages/@aws-cdk/aws-neptune/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-neptune/test/cluster.test.ts @@ -339,6 +339,7 @@ describe('DatabaseCluster', () => { const cluster = DatabaseCluster.fromDatabaseClusterAttributes(stack, 'Database', { clusterEndpointAddress: 'addr', clusterIdentifier: 'identifier', + clusterResourceIdentifier: 'resourceIdentifier', port: 3306, readerEndpointAddress: 'reader-address', securityGroup: ec2.SecurityGroup.fromSecurityGroupId(stack, 'SG', 'sg-123456789', { @@ -360,6 +361,7 @@ describe('DatabaseCluster', () => { const cluster = DatabaseCluster.fromDatabaseClusterAttributes(stack, 'Database', { clusterEndpointAddress: 'addr', clusterIdentifier: 'identifier', + clusterResourceIdentifier: 'resourceIdentifier', port: 3306, readerEndpointAddress: 'reader-address', securityGroup: ec2.SecurityGroup.fromSecurityGroupId(stack, 'SG', 'sg-123456789', { @@ -474,7 +476,29 @@ describe('DatabaseCluster', () => { Effect: 'Allow', Action: 'neptune-db:*', Resource: { - 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':neptune-db:', { Ref: 'AWS::Region' }, ':', { Ref: 'AWS::AccountId' }, ':', { Ref: 'ClusterEB0386A7' }, '/*']], + 'Fn::Join': [ + '', [ + 'arn:', { + Ref: 'AWS::Partition', + }, + ':neptune-db:', + { + Ref: 'AWS::Region', + }, + ':', + { + Ref: 'AWS::AccountId', + }, + ':', + { + 'Fn::GetAtt': [ + 'ClusterEB0386A7', + 'ClusterResourceId', + ], + }, + '/*', + ], + ], }, }], Version: '2012-10-17',