CODEWITHSUNDEEP
amazon-web-servicesaws-glueaws-cdk
Keshav Potluri
Keshav Potluri

Reputation: 499

Using SSM Secret Strings to create a Glue Connection fails in CDK

I am using cdk to define my ETL pipelines. The first step of the pipeline is to create crawlers that connect to RDS instances via JDBC connections to fetch the schema metadata.

I am trying to create a glue.CfnConnection where I pass in the connectionProperties USERNAME and PASSWORD which need to be fetched from SSM as Secret Strings.

I tried various ways to fetch the secrets using ssm.StringParameter.valueForSecureStringParameter() as outlined here: https://docs.aws.amazon.com/cdk/latest/guide/get_ssm_value.html

I also tried using ssm.StringParameter.fromSecureStringParameterAttributes() as outlined here: https://docs.aws.amazon.com/cdk/api/latest/docs/aws-ssm-readme.html

When I synthesize the template it renders the values correctly for dynamic referencing:

"ConnectionProperties": {
  "JDBC_CONNECTION_URL": "url",
  "USERNAME": "{{resolve:ssm-secure:<secret-name>/username:version}}",
  "PASSWORD": "{{resolve:ssm-secure:<secret-name>/password:version}}"
}

But when I try to deploy this, I get the error: SSM Secure reference is not supported, which led me to this, which suggests dynamic referencing is not supported for all Cfn resources: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html

Is there a better way of doing this?

Upvotes: 2

Views: 1417

Answers (1)

Krzysztof Słowiński
Krzysztof Słowiński

Reputation: 7227

I am using SecretsManager to store username and password and that works for me:

"ConnectionProperties": {
  "JDBC_CONNECTION_URL": "url",
  "USERNAME": "{{resolve:secretsmanager:<secret-name>}}",
  "PASSWORD": "{{resolve:secretsmanager:<secret-name>}}"
}

Upvotes: 1

Related Questions