CODEWITHSUNDEEP
amazon-web-servicesaws-glueaws-cdkaws-glue-connection
Krzysztof Słowiński
Krzysztof Słowiński

Reputation: 7227

AWS Glue JDBC connection created with CDK needs password in the console before it becomes valid

I am creating a JDBC connection in Glue using secrets for username and password. I can see in the console that username is read correctly from the secret, so that's not a concern. Once I edit the details and enter the password in the console, it becomes valid. Is there something wrong with my approach?

glue.CfnConnection(
        self,
        id="JDBCConnection",
        catalog_id=self.account,
        connection_input=glue.CfnConnection.ConnectionInputProperty(
            name="jdbc_connection",
            connection_type="JDBC",
            physical_connection_requirements=glue.CfnConnection.PhysicalConnectionRequirementsProperty(
                subnet_id=cdk.Fn.import_value("PrivateSubnet1"),
                security_group_id_list=[jdbc_connection_security_group.attr_group_id],
            ),
            connection_properties={
                "JDBC_CONNECTION_URL": "jdbc:<JDBC_URL>",
                "USERNAME": "{{resolve:secretsmanager:jdbc_username}}",
                "PASSWORD": "{{resolve:secretsmanager:jdbc_password}}",
            },
        ),
)

Upvotes: 5

Views: 3993

Answers (3)

tamersalama
tamersalama

Reputation: 4143

In my case, I was missing the SSL and the availability zone. One tool I found useful is using the aws cli to get the information about a previously created (or cdk-created and console updated) valid connections.

$> aws glue get-connection --name <connection-name> --profile <profile-name>

This lists full information about an acceptable (working) connection.

{
    "Connection": {
        "Name": "<connection-name>",
        "Description": "<description>",
        "ConnectionType": "JDBC",
        "ConnectionProperties": {
            "JDBC_CONNECTION_URL": "<full-url>",
            "JDBC_ENFORCE_SSL": "false",
            "PASSWORD": "<password>",
            "USERNAME": "<username>"
        },
        "PhysicalConnectionRequirements": {
            "SubnetId": "<subnet>",
            "SecurityGroupIdList": [
                "<sec-group>",
                "<sec-group>"
            ],
            "AvailabilityZone": "us-west-2a"
        },
        "CreationTime": "<timestamp-w-tz>",
        "LastUpdatedTime": "<timestamp-w-tz>"
    }
}

I found out I was missing the ConnectionProperties key JDBC_ENFORNCE_SSL and PhysicalConnectionRequirements key AvailabilityZone.

Once I set them up in the CDK the created connection worked as expected.

Upvotes: 5

J.C.
J.C.

Reputation: 1

As written, when I edit the connection in the console, without changing anything (just press edit and save) the issue is solved I solved the issue as well.

Maybe the problem is the Require SSL connection. when I pressed edit and save in the console, Require SSL connection: False was added, but I have no idea about how to set this one by CDK.

Upvotes: 0

vj_p
vj_p

Reputation: 1

I got the same issue, but I realized that the issue was not with the password at all and it's how we are providing security groups and subnet values.

Once I changed all security groups and subnets as IResource(s) instead of strings it worked fine for me.

Upvotes: 0

Related Questions