Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws_redshiftserverless): CfnNamespace missing adminPasswordSecretArn property #29930

Open
2 tasks
dossy opened this issue Apr 23, 2024 · 4 comments
Open
2 tasks

(aws_redshiftserverless): CfnNamespace missing adminPasswordSecretArn property #29930

dossy opened this issue Apr 23, 2024 · 4 comments
Labels
@aws-cdk/aws-secretsmanager Related to AWS Secrets Manager feature-request A feature should be added or improved. needs-cfn This issue is waiting on changes to CloudFormation before it can be addressed. p3

Comments

@dossy
Copy link

dossy commented Apr 23, 2024
edited
Loading

Describe the feature

CfnNamespace is missing attrNamespaceAdminPasswordSecretArn which is listed in NamespaceProperty.

Use Case

I need the Secret ARN that Redshift Serverless has created when manageAdminPassword = true, so that I can use the ARN in subsequent code.

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.138.0

Environment details (OS name and version, etc.)

macOS 13.6.4
@dossy dossy added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Apr 23, 2024
@github-actions github-actions bot added the @aws-cdk/aws-secretsmanager Related to AWS Secrets Manager label Apr 23, 2024
@pahud
Copy link
Contributor

pahud commented Apr 23, 2024

Looking at the return values of that resource in the CFN document, it does not have that attribute returned so I believe it's a limit of CFN.

Please cut a ticket to cloudformation-coverage-roadmap to help the cfn team prioritize. Meanwhile, I'll cut an internal ticket for that as well.

@pahud
Copy link
Contributor

pahud commented Apr 23, 2024

internal tracking: V1360162562

@pahud pahud added needs-cfn This issue is waiting on changes to CloudFormation before it can be addressed. p2 and removed needs-triage This issue or PR still needs to be triaged. labels Apr 23, 2024
@dossy dossy mentioned this issue Apr 24, 2024
Open
This was referenced Apr 26, 2024
Closed
Closed
Closed
Closed
@pahud
Copy link
Contributor

pahud commented Jun 3, 2024

Confirmed it's a limit of CFN. At this moment CDK would need custom resource for that.

@pahud pahud added p3 and removed p2 labels Jun 11, 2024
@Rizxcviii
Copy link
Contributor

Rizxcviii commented Jul 12, 2024
edited
Loading

You can use this for now if needed

// Custom resource role, for least privilege
const getNamespaceCRRole = new iam.Role(this, 'GetNamespaceRole', {
  assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
  inlinePolicies: {
    NamespaceCRPolicy: new iam.PolicyDocument({
      statements: [
        new iam.PolicyStatement({
          actions: ['redshift-serverless:GetNamespace'],
          resources: ['exmpleNamespaceArn'],
        }),
        new iam.PolicyStatement({
          actions: ['logs:CreateLogStream', 'logs:PutLogEvents'],
          resources: ['logGroupArn'],
        }),
      ],
    }),
  },
});

// custom resource def
const getNamespaceCR = new cr.AwsCustomResource(this, 'GetNamespaceCR', {
  onUpdate: {
    service: 'RedshiftServerless',
    action: 'GetNamespace',
    parameters: {
      namespaceName: props.namespaceName,
    },
    physicalResourceId: cr.PhysicalResourceId.of('exampleNamespaceName'),
  },
  role: getNamespaceCRRole.withoutPolicyUpdates(),
  functionName: props.getNamespaceFunctionName,
  logGroup: logGroupConstruct,
});

// importing the secret into the CDK, using the full secret ARN
this.redshiftAdminSecret = secretsmanager.Secret.fromSecretCompleteArn(
  this,
  'RedshiftAdminSecret',
  getNamespaceCR.getResponseField('namespace.adminPasswordSecretArn')
);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-secretsmanager Related to AWS Secrets Manager feature-request A feature should be added or improved. needs-cfn This issue is waiting on changes to CloudFormation before it can be addressed. p3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dossy @pahud @Rizxcviii