From e25b53e46bd71f4caa6492ca8a7923683bb76dc8 Mon Sep 17 00:00:00 2001
From: Luca Pizzini <lpizzini7@gmail.com>
Date: Mon, 18 Sep 2023 15:14:42 +0200
Subject: [PATCH] feat(rds): support CA certificate for cluster instances
(#27138)
Exposes the `caCertificate` property for an RDS cluster instance to allow specifying a custom CA identifier using the `CaCertificate` class.
Usage:
```
new DatabaseCluster(this, 'Database', {
engine: rds.DatabaseClusterEngine.auroraMysql({ version: rds.AuroraMysqlEngineVersion.VER_3_01_0 }),
writer: rds.ClusterInstance.provisioned('writer', {
caCertificate: rds.CaCertificate.RDS_CA_RDS2048_G1,
}),
readers: [
rds.ClusterInstance.serverlessV2('reader', {
caCertificate: rds.CaCertificate.of('custom-ca'),
}),
],
vpc,
});
```
Closes #26865.
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
...-instance-ca-certificate-integ.assets.json | 19 +
...nstance-ca-certificate-integ.template.json | 529 ++++++++++
.../cdk.out | 1 +
...efaultTestDeployAssertBEAA84EE.assets.json | 19 +
...aultTestDeployAssertBEAA84EE.template.json | 36 +
.../integ.json | 12 +
.../manifest.json | 273 ++++++
.../tree.json | 920 ++++++++++++++++++
.../integ.cluster-instance-ca-certificate.ts | 38 +
packages/aws-cdk-lib/aws-rds/README.md | 23 +-
.../aws-rds/lib/aurora-cluster-instance.ts | 16 +
.../aws-cdk-lib/aws-rds/lib/ca-certificate.ts | 47 +
packages/aws-cdk-lib/aws-rds/lib/index.ts | 1 +
packages/aws-cdk-lib/aws-rds/lib/instance.ts | 49 +-
.../aws-cdk-lib/aws-rds/test/cluster.test.ts | 50 +-
15 files changed, 1983 insertions(+), 50 deletions(-)
create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdk-rds-cluster-instance-ca-certificate-integ.assets.json
create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdk-rds-cluster-instance-ca-certificate-integ.template.json
create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdk.out
create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.assets.json
create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.template.json
create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/integ.json
create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/manifest.json
create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/tree.json
create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.ts
create mode 100644 packages/aws-cdk-lib/aws-rds/lib/ca-certificate.ts
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdk-rds-cluster-instance-ca-certificate-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdk-rds-cluster-instance-ca-certificate-integ.assets.json
new file mode 100644
index 0000000000000..e2dd9d3fae6aa
--- /dev/null
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdk-rds-cluster-instance-ca-certificate-integ.assets.json
@@ -0,0 +1,19 @@
+{
+ "version": "33.0.0",
+ "files": {
+ "35db2485b27a7c010fba355d9cf2e473972ef6e3a637a137233fc20f79ea36e6": {
+ "source": {
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ.template.json",
+ "packaging": "file"
+ },
+ "destinations": {
+ "current_account-current_region": {
+ "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+ "objectKey": "35db2485b27a7c010fba355d9cf2e473972ef6e3a637a137233fc20f79ea36e6.json",
+ "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+ }
+ }
+ }
+ },
+ "dockerImages": {}
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdk-rds-cluster-instance-ca-certificate-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdk-rds-cluster-instance-ca-certificate-integ.template.json
new file mode 100644
index 0000000000000..53e1215828b4a
--- /dev/null
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdk-rds-cluster-instance-ca-certificate-integ.template.json
@@ -0,0 +1,529 @@
+{
+ "Resources": {
+ "VPCB9E5F0B4": {
+ "Type": "AWS::EC2::VPC",
+ "Properties": {
+ "CidrBlock": "10.0.0.0/16",
+ "EnableDnsHostnames": true,
+ "EnableDnsSupport": true,
+ "InstanceTenancy": "default",
+ "Tags": [
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC"
+ }
+ ]
+ }
+ },
+ "VPCPublicSubnet1SubnetB4246D30": {
+ "Type": "AWS::EC2::Subnet",
+ "Properties": {
+ "AvailabilityZone": {
+ "Fn::Select": [
+ 0,
+ {
+ "Fn::GetAZs": ""
+ }
+ ]
+ },
+ "CidrBlock": "10.0.0.0/18",
+ "MapPublicIpOnLaunch": true,
+ "Tags": [
+ {
+ "Key": "aws-cdk:subnet-name",
+ "Value": "Public"
+ },
+ {
+ "Key": "aws-cdk:subnet-type",
+ "Value": "Public"
+ },
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1"
+ }
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "VPCPublicSubnet1RouteTableFEE4B781": {
+ "Type": "AWS::EC2::RouteTable",
+ "Properties": {
+ "Tags": [
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1"
+ }
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "VPCPublicSubnet1RouteTableAssociation0B0896DC": {
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
+ "Properties": {
+ "RouteTableId": {
+ "Ref": "VPCPublicSubnet1RouteTableFEE4B781"
+ },
+ "SubnetId": {
+ "Ref": "VPCPublicSubnet1SubnetB4246D30"
+ }
+ }
+ },
+ "VPCPublicSubnet1DefaultRoute91CEF279": {
+ "Type": "AWS::EC2::Route",
+ "Properties": {
+ "DestinationCidrBlock": "0.0.0.0/0",
+ "GatewayId": {
+ "Ref": "VPCIGWB7E252D3"
+ },
+ "RouteTableId": {
+ "Ref": "VPCPublicSubnet1RouteTableFEE4B781"
+ }
+ },
+ "DependsOn": [
+ "VPCVPCGW99B986DC"
+ ]
+ },
+ "VPCPublicSubnet1EIP6AD938E8": {
+ "Type": "AWS::EC2::EIP",
+ "Properties": {
+ "Domain": "vpc",
+ "Tags": [
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1"
+ }
+ ]
+ }
+ },
+ "VPCPublicSubnet1NATGatewayE0556630": {
+ "Type": "AWS::EC2::NatGateway",
+ "Properties": {
+ "AllocationId": {
+ "Fn::GetAtt": [
+ "VPCPublicSubnet1EIP6AD938E8",
+ "AllocationId"
+ ]
+ },
+ "SubnetId": {
+ "Ref": "VPCPublicSubnet1SubnetB4246D30"
+ },
+ "Tags": [
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1"
+ }
+ ]
+ },
+ "DependsOn": [
+ "VPCPublicSubnet1DefaultRoute91CEF279",
+ "VPCPublicSubnet1RouteTableAssociation0B0896DC"
+ ]
+ },
+ "VPCPublicSubnet2Subnet74179F39": {
+ "Type": "AWS::EC2::Subnet",
+ "Properties": {
+ "AvailabilityZone": {
+ "Fn::Select": [
+ 1,
+ {
+ "Fn::GetAZs": ""
+ }
+ ]
+ },
+ "CidrBlock": "10.0.64.0/18",
+ "MapPublicIpOnLaunch": true,
+ "Tags": [
+ {
+ "Key": "aws-cdk:subnet-name",
+ "Value": "Public"
+ },
+ {
+ "Key": "aws-cdk:subnet-type",
+ "Value": "Public"
+ },
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2"
+ }
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "VPCPublicSubnet2RouteTable6F1A15F1": {
+ "Type": "AWS::EC2::RouteTable",
+ "Properties": {
+ "Tags": [
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2"
+ }
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "VPCPublicSubnet2RouteTableAssociation5A808732": {
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
+ "Properties": {
+ "RouteTableId": {
+ "Ref": "VPCPublicSubnet2RouteTable6F1A15F1"
+ },
+ "SubnetId": {
+ "Ref": "VPCPublicSubnet2Subnet74179F39"
+ }
+ }
+ },
+ "VPCPublicSubnet2DefaultRouteB7481BBA": {
+ "Type": "AWS::EC2::Route",
+ "Properties": {
+ "DestinationCidrBlock": "0.0.0.0/0",
+ "GatewayId": {
+ "Ref": "VPCIGWB7E252D3"
+ },
+ "RouteTableId": {
+ "Ref": "VPCPublicSubnet2RouteTable6F1A15F1"
+ }
+ },
+ "DependsOn": [
+ "VPCVPCGW99B986DC"
+ ]
+ },
+ "VPCPublicSubnet2EIP4947BC00": {
+ "Type": "AWS::EC2::EIP",
+ "Properties": {
+ "Domain": "vpc",
+ "Tags": [
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2"
+ }
+ ]
+ }
+ },
+ "VPCPublicSubnet2NATGateway3C070193": {
+ "Type": "AWS::EC2::NatGateway",
+ "Properties": {
+ "AllocationId": {
+ "Fn::GetAtt": [
+ "VPCPublicSubnet2EIP4947BC00",
+ "AllocationId"
+ ]
+ },
+ "SubnetId": {
+ "Ref": "VPCPublicSubnet2Subnet74179F39"
+ },
+ "Tags": [
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2"
+ }
+ ]
+ },
+ "DependsOn": [
+ "VPCPublicSubnet2DefaultRouteB7481BBA",
+ "VPCPublicSubnet2RouteTableAssociation5A808732"
+ ]
+ },
+ "VPCPrivateSubnet1Subnet8BCA10E0": {
+ "Type": "AWS::EC2::Subnet",
+ "Properties": {
+ "AvailabilityZone": {
+ "Fn::Select": [
+ 0,
+ {
+ "Fn::GetAZs": ""
+ }
+ ]
+ },
+ "CidrBlock": "10.0.128.0/18",
+ "MapPublicIpOnLaunch": false,
+ "Tags": [
+ {
+ "Key": "aws-cdk:subnet-name",
+ "Value": "Private"
+ },
+ {
+ "Key": "aws-cdk:subnet-type",
+ "Value": "Private"
+ },
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1"
+ }
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "VPCPrivateSubnet1RouteTableBE8A6027": {
+ "Type": "AWS::EC2::RouteTable",
+ "Properties": {
+ "Tags": [
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1"
+ }
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "VPCPrivateSubnet1RouteTableAssociation347902D1": {
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
+ "Properties": {
+ "RouteTableId": {
+ "Ref": "VPCPrivateSubnet1RouteTableBE8A6027"
+ },
+ "SubnetId": {
+ "Ref": "VPCPrivateSubnet1Subnet8BCA10E0"
+ }
+ }
+ },
+ "VPCPrivateSubnet1DefaultRouteAE1D6490": {
+ "Type": "AWS::EC2::Route",
+ "Properties": {
+ "DestinationCidrBlock": "0.0.0.0/0",
+ "NatGatewayId": {
+ "Ref": "VPCPublicSubnet1NATGatewayE0556630"
+ },
+ "RouteTableId": {
+ "Ref": "VPCPrivateSubnet1RouteTableBE8A6027"
+ }
+ }
+ },
+ "VPCPrivateSubnet2SubnetCFCDAA7A": {
+ "Type": "AWS::EC2::Subnet",
+ "Properties": {
+ "AvailabilityZone": {
+ "Fn::Select": [
+ 1,
+ {
+ "Fn::GetAZs": ""
+ }
+ ]
+ },
+ "CidrBlock": "10.0.192.0/18",
+ "MapPublicIpOnLaunch": false,
+ "Tags": [
+ {
+ "Key": "aws-cdk:subnet-name",
+ "Value": "Private"
+ },
+ {
+ "Key": "aws-cdk:subnet-type",
+ "Value": "Private"
+ },
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2"
+ }
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "VPCPrivateSubnet2RouteTable0A19E10E": {
+ "Type": "AWS::EC2::RouteTable",
+ "Properties": {
+ "Tags": [
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2"
+ }
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "VPCPrivateSubnet2RouteTableAssociation0C73D413": {
+ "Type": "AWS::EC2::SubnetRouteTableAssociation",
+ "Properties": {
+ "RouteTableId": {
+ "Ref": "VPCPrivateSubnet2RouteTable0A19E10E"
+ },
+ "SubnetId": {
+ "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A"
+ }
+ }
+ },
+ "VPCPrivateSubnet2DefaultRouteF4F5CFD2": {
+ "Type": "AWS::EC2::Route",
+ "Properties": {
+ "DestinationCidrBlock": "0.0.0.0/0",
+ "NatGatewayId": {
+ "Ref": "VPCPublicSubnet2NATGateway3C070193"
+ },
+ "RouteTableId": {
+ "Ref": "VPCPrivateSubnet2RouteTable0A19E10E"
+ }
+ }
+ },
+ "VPCIGWB7E252D3": {
+ "Type": "AWS::EC2::InternetGateway",
+ "Properties": {
+ "Tags": [
+ {
+ "Key": "Name",
+ "Value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC"
+ }
+ ]
+ }
+ },
+ "VPCVPCGW99B986DC": {
+ "Type": "AWS::EC2::VPCGatewayAttachment",
+ "Properties": {
+ "InternetGatewayId": {
+ "Ref": "VPCIGWB7E252D3"
+ },
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "DatabaseSubnets56F17B9A": {
+ "Type": "AWS::RDS::DBSubnetGroup",
+ "Properties": {
+ "DBSubnetGroupDescription": "Subnets for Database database",
+ "SubnetIds": [
+ {
+ "Ref": "VPCPublicSubnet1SubnetB4246D30"
+ },
+ {
+ "Ref": "VPCPublicSubnet2Subnet74179F39"
+ }
+ ]
+ }
+ },
+ "DatabaseSecurityGroup5C91FDCB": {
+ "Type": "AWS::EC2::SecurityGroup",
+ "Properties": {
+ "GroupDescription": "RDS security group",
+ "SecurityGroupEgress": [
+ {
+ "CidrIp": "0.0.0.0/0",
+ "Description": "Allow all outbound traffic by default",
+ "IpProtocol": "-1"
+ }
+ ],
+ "VpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "DatabaseB269D8BB": {
+ "Type": "AWS::RDS::DBCluster",
+ "Properties": {
+ "CopyTagsToSnapshot": true,
+ "DBClusterParameterGroupName": "default.aurora-mysql8.0",
+ "DBSubnetGroupName": {
+ "Ref": "DatabaseSubnets56F17B9A"
+ },
+ "Engine": "aurora-mysql",
+ "EngineVersion": "8.0.mysql_aurora.3.03.0",
+ "MasterUserPassword": "7959866cacc02c2d243ecfe177464fe6",
+ "MasterUsername": "admin",
+ "VpcSecurityGroupIds": [
+ {
+ "Fn::GetAtt": [
+ "DatabaseSecurityGroup5C91FDCB",
+ "GroupId"
+ ]
+ }
+ ]
+ },
+ "UpdateReplacePolicy": "Snapshot",
+ "DeletionPolicy": "Snapshot"
+ },
+ "DatabaseInstance1844F58FD": {
+ "Type": "AWS::RDS::DBInstance",
+ "Properties": {
+ "CACertificateIdentifier": "rds-ca-2019",
+ "DBClusterIdentifier": {
+ "Ref": "DatabaseB269D8BB"
+ },
+ "DBInstanceClass": "db.t3.medium",
+ "DBSubnetGroupName": {
+ "Ref": "DatabaseSubnets56F17B9A"
+ },
+ "Engine": "aurora-mysql",
+ "PubliclyAccessible": true
+ },
+ "DependsOn": [
+ "VPCPublicSubnet1DefaultRoute91CEF279",
+ "VPCPublicSubnet1RouteTableAssociation0B0896DC",
+ "VPCPublicSubnet2DefaultRouteB7481BBA",
+ "VPCPublicSubnet2RouteTableAssociation5A808732"
+ ],
+ "UpdateReplacePolicy": "Delete",
+ "DeletionPolicy": "Delete"
+ },
+ "DatabaseInstance2AA380DEE": {
+ "Type": "AWS::RDS::DBInstance",
+ "Properties": {
+ "CACertificateIdentifier": "rds-ca-2019",
+ "DBClusterIdentifier": {
+ "Ref": "DatabaseB269D8BB"
+ },
+ "DBInstanceClass": "db.t3.medium",
+ "DBSubnetGroupName": {
+ "Ref": "DatabaseSubnets56F17B9A"
+ },
+ "Engine": "aurora-mysql",
+ "PubliclyAccessible": true
+ },
+ "DependsOn": [
+ "VPCPublicSubnet1DefaultRoute91CEF279",
+ "VPCPublicSubnet1RouteTableAssociation0B0896DC",
+ "VPCPublicSubnet2DefaultRouteB7481BBA",
+ "VPCPublicSubnet2RouteTableAssociation5A808732"
+ ],
+ "UpdateReplacePolicy": "Delete",
+ "DeletionPolicy": "Delete"
+ }
+ },
+ "Parameters": {
+ "BootstrapVersion": {
+ "Type": "AWS::SSM::Parameter::Value<String>",
+ "Default": "/cdk-bootstrap/hnb659fds/version",
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+ }
+ },
+ "Rules": {
+ "CheckBootstrapVersion": {
+ "Assertions": [
+ {
+ "Assert": {
+ "Fn::Not": [
+ {
+ "Fn::Contains": [
+ [
+ "1",
+ "2",
+ "3",
+ "4",
+ "5"
+ ],
+ {
+ "Ref": "BootstrapVersion"
+ }
+ ]
+ }
+ ]
+ },
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdk.out
new file mode 100644
index 0000000000000..560dae10d018f
--- /dev/null
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdk.out
@@ -0,0 +1 @@
+{"version":"33.0.0"}
\ No newline at end of file
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.assets.json
new file mode 100644
index 0000000000000..872d9845cae0c
--- /dev/null
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.assets.json
@@ -0,0 +1,19 @@
+{
+ "version": "33.0.0",
+ "files": {
+ "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
+ "source": {
+ "path": "cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.template.json",
+ "packaging": "file"
+ },
+ "destinations": {
+ "current_account-current_region": {
+ "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+ "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
+ "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+ }
+ }
+ }
+ },
+ "dockerImages": {}
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.template.json
new file mode 100644
index 0000000000000..ad9d0fb73d1dd
--- /dev/null
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.template.json
@@ -0,0 +1,36 @@
+{
+ "Parameters": {
+ "BootstrapVersion": {
+ "Type": "AWS::SSM::Parameter::Value<String>",
+ "Default": "/cdk-bootstrap/hnb659fds/version",
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+ }
+ },
+ "Rules": {
+ "CheckBootstrapVersion": {
+ "Assertions": [
+ {
+ "Assert": {
+ "Fn::Not": [
+ {
+ "Fn::Contains": [
+ [
+ "1",
+ "2",
+ "3",
+ "4",
+ "5"
+ ],
+ {
+ "Ref": "BootstrapVersion"
+ }
+ ]
+ }
+ ]
+ },
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/integ.json
new file mode 100644
index 0000000000000..92407e0eb0d54
--- /dev/null
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/integ.json
@@ -0,0 +1,12 @@
+{
+ "version": "33.0.0",
+ "testCases": {
+ "cdk-rds-cluster-instance-ca-certificate-test/DefaultTest": {
+ "stacks": [
+ "cdk-rds-cluster-instance-ca-certificate-integ"
+ ],
+ "assertionStack": "cdk-rds-cluster-instance-ca-certificate-test/DefaultTest/DeployAssert",
+ "assertionStackName": "cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE"
+ }
+ }
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/manifest.json
new file mode 100644
index 0000000000000..d291234c243f0
--- /dev/null
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/manifest.json
@@ -0,0 +1,273 @@
+{
+ "version": "33.0.0",
+ "artifacts": {
+ "cdk-rds-cluster-instance-ca-certificate-integ.assets": {
+ "type": "cdk:asset-manifest",
+ "properties": {
+ "file": "cdk-rds-cluster-instance-ca-certificate-integ.assets.json",
+ "requiresBootstrapStackVersion": 6,
+ "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+ }
+ },
+ "cdk-rds-cluster-instance-ca-certificate-integ": {
+ "type": "aws:cloudformation:stack",
+ "environment": "aws://unknown-account/unknown-region",
+ "properties": {
+ "templateFile": "cdk-rds-cluster-instance-ca-certificate-integ.template.json",
+ "validateOnSynth": false,
+ "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
+ "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
+ "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/35db2485b27a7c010fba355d9cf2e473972ef6e3a637a137233fc20f79ea36e6.json",
+ "requiresBootstrapStackVersion": 6,
+ "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
+ "additionalDependencies": [
+ "cdk-rds-cluster-instance-ca-certificate-integ.assets"
+ ],
+ "lookupRole": {
+ "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
+ "requiresBootstrapStackVersion": 8,
+ "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+ }
+ },
+ "dependencies": [
+ "cdk-rds-cluster-instance-ca-certificate-integ.assets"
+ ],
+ "metadata": {
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/Resource": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCB9E5F0B4"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1/Subnet": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPublicSubnet1SubnetB4246D30"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1/RouteTable": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPublicSubnet1RouteTableFEE4B781"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1/RouteTableAssociation": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPublicSubnet1RouteTableAssociation0B0896DC"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1/DefaultRoute": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPublicSubnet1DefaultRoute91CEF279"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1/EIP": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPublicSubnet1EIP6AD938E8"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1/NATGateway": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPublicSubnet1NATGatewayE0556630"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2/Subnet": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPublicSubnet2Subnet74179F39"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2/RouteTable": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPublicSubnet2RouteTable6F1A15F1"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2/RouteTableAssociation": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPublicSubnet2RouteTableAssociation5A808732"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2/DefaultRoute": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPublicSubnet2DefaultRouteB7481BBA"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2/EIP": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPublicSubnet2EIP4947BC00"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2/NATGateway": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPublicSubnet2NATGateway3C070193"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1/Subnet": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPrivateSubnet1Subnet8BCA10E0"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1/RouteTable": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPrivateSubnet1RouteTableBE8A6027"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1/RouteTableAssociation": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPrivateSubnet1RouteTableAssociation347902D1"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1/DefaultRoute": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPrivateSubnet1DefaultRouteAE1D6490"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2/Subnet": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPrivateSubnet2SubnetCFCDAA7A"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2/RouteTable": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPrivateSubnet2RouteTable0A19E10E"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2/RouteTableAssociation": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPrivateSubnet2RouteTableAssociation0C73D413"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2/DefaultRoute": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCPrivateSubnet2DefaultRouteF4F5CFD2"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/IGW": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCIGWB7E252D3"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/VPC/VPCGW": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "VPCVPCGW99B986DC"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/Database/Subnets/Default": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "DatabaseSubnets56F17B9A"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/Database/SecurityGroup/Resource": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "DatabaseSecurityGroup5C91FDCB"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/Database/Resource": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "DatabaseB269D8BB"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/Database/Instance1": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "DatabaseInstance1844F58FD"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/Database/Instance2": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "DatabaseInstance2AA380DEE"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/BootstrapVersion": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "BootstrapVersion"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-integ/CheckBootstrapVersion": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "CheckBootstrapVersion"
+ }
+ ]
+ },
+ "displayName": "cdk-rds-cluster-instance-ca-certificate-integ"
+ },
+ "cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.assets": {
+ "type": "cdk:asset-manifest",
+ "properties": {
+ "file": "cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.assets.json",
+ "requiresBootstrapStackVersion": 6,
+ "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+ }
+ },
+ "cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE": {
+ "type": "aws:cloudformation:stack",
+ "environment": "aws://unknown-account/unknown-region",
+ "properties": {
+ "templateFile": "cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.template.json",
+ "validateOnSynth": false,
+ "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
+ "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
+ "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
+ "requiresBootstrapStackVersion": 6,
+ "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
+ "additionalDependencies": [
+ "cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.assets"
+ ],
+ "lookupRole": {
+ "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
+ "requiresBootstrapStackVersion": 8,
+ "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+ }
+ },
+ "dependencies": [
+ "cdkrdsclusterinstancecacertificatetestDefaultTestDeployAssertBEAA84EE.assets"
+ ],
+ "metadata": {
+ "/cdk-rds-cluster-instance-ca-certificate-test/DefaultTest/DeployAssert/BootstrapVersion": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "BootstrapVersion"
+ }
+ ],
+ "/cdk-rds-cluster-instance-ca-certificate-test/DefaultTest/DeployAssert/CheckBootstrapVersion": [
+ {
+ "type": "aws:cdk:logicalId",
+ "data": "CheckBootstrapVersion"
+ }
+ ]
+ },
+ "displayName": "cdk-rds-cluster-instance-ca-certificate-test/DefaultTest/DeployAssert"
+ },
+ "Tree": {
+ "type": "cdk:tree",
+ "properties": {
+ "file": "tree.json"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/tree.json
new file mode 100644
index 0000000000000..517904880f5e3
--- /dev/null
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.js.snapshot/tree.json
@@ -0,0 +1,920 @@
+{
+ "version": "tree-0.1",
+ "tree": {
+ "id": "App",
+ "path": "",
+ "children": {
+ "cdk-rds-cluster-instance-ca-certificate-integ": {
+ "id": "cdk-rds-cluster-instance-ca-certificate-integ",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ",
+ "children": {
+ "VPC": {
+ "id": "VPC",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC",
+ "children": {
+ "Resource": {
+ "id": "Resource",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/Resource",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::VPC",
+ "aws:cdk:cloudformation:props": {
+ "cidrBlock": "10.0.0.0/16",
+ "enableDnsHostnames": true,
+ "enableDnsSupport": true,
+ "instanceTenancy": "default",
+ "tags": [
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC"
+ }
+ ]
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnVPC",
+ "version": "0.0.0"
+ }
+ },
+ "PublicSubnet1": {
+ "id": "PublicSubnet1",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1",
+ "children": {
+ "Subnet": {
+ "id": "Subnet",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1/Subnet",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::Subnet",
+ "aws:cdk:cloudformation:props": {
+ "availabilityZone": {
+ "Fn::Select": [
+ 0,
+ {
+ "Fn::GetAZs": ""
+ }
+ ]
+ },
+ "cidrBlock": "10.0.0.0/18",
+ "mapPublicIpOnLaunch": true,
+ "tags": [
+ {
+ "key": "aws-cdk:subnet-name",
+ "value": "Public"
+ },
+ {
+ "key": "aws-cdk:subnet-type",
+ "value": "Public"
+ },
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1"
+ }
+ ],
+ "vpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet",
+ "version": "0.0.0"
+ }
+ },
+ "Acl": {
+ "id": "Acl",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1/Acl",
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.Resource",
+ "version": "0.0.0"
+ }
+ },
+ "RouteTable": {
+ "id": "RouteTable",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1/RouteTable",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable",
+ "aws:cdk:cloudformation:props": {
+ "tags": [
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1"
+ }
+ ],
+ "vpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable",
+ "version": "0.0.0"
+ }
+ },
+ "RouteTableAssociation": {
+ "id": "RouteTableAssociation",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1/RouteTableAssociation",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation",
+ "aws:cdk:cloudformation:props": {
+ "routeTableId": {
+ "Ref": "VPCPublicSubnet1RouteTableFEE4B781"
+ },
+ "subnetId": {
+ "Ref": "VPCPublicSubnet1SubnetB4246D30"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation",
+ "version": "0.0.0"
+ }
+ },
+ "DefaultRoute": {
+ "id": "DefaultRoute",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1/DefaultRoute",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::Route",
+ "aws:cdk:cloudformation:props": {
+ "destinationCidrBlock": "0.0.0.0/0",
+ "gatewayId": {
+ "Ref": "VPCIGWB7E252D3"
+ },
+ "routeTableId": {
+ "Ref": "VPCPublicSubnet1RouteTableFEE4B781"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnRoute",
+ "version": "0.0.0"
+ }
+ },
+ "EIP": {
+ "id": "EIP",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1/EIP",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::EIP",
+ "aws:cdk:cloudformation:props": {
+ "domain": "vpc",
+ "tags": [
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1"
+ }
+ ]
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnEIP",
+ "version": "0.0.0"
+ }
+ },
+ "NATGateway": {
+ "id": "NATGateway",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1/NATGateway",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway",
+ "aws:cdk:cloudformation:props": {
+ "allocationId": {
+ "Fn::GetAtt": [
+ "VPCPublicSubnet1EIP6AD938E8",
+ "AllocationId"
+ ]
+ },
+ "subnetId": {
+ "Ref": "VPCPublicSubnet1SubnetB4246D30"
+ },
+ "tags": [
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet1"
+ }
+ ]
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet",
+ "version": "0.0.0"
+ }
+ },
+ "PublicSubnet2": {
+ "id": "PublicSubnet2",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2",
+ "children": {
+ "Subnet": {
+ "id": "Subnet",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2/Subnet",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::Subnet",
+ "aws:cdk:cloudformation:props": {
+ "availabilityZone": {
+ "Fn::Select": [
+ 1,
+ {
+ "Fn::GetAZs": ""
+ }
+ ]
+ },
+ "cidrBlock": "10.0.64.0/18",
+ "mapPublicIpOnLaunch": true,
+ "tags": [
+ {
+ "key": "aws-cdk:subnet-name",
+ "value": "Public"
+ },
+ {
+ "key": "aws-cdk:subnet-type",
+ "value": "Public"
+ },
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2"
+ }
+ ],
+ "vpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet",
+ "version": "0.0.0"
+ }
+ },
+ "Acl": {
+ "id": "Acl",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2/Acl",
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.Resource",
+ "version": "0.0.0"
+ }
+ },
+ "RouteTable": {
+ "id": "RouteTable",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2/RouteTable",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable",
+ "aws:cdk:cloudformation:props": {
+ "tags": [
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2"
+ }
+ ],
+ "vpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable",
+ "version": "0.0.0"
+ }
+ },
+ "RouteTableAssociation": {
+ "id": "RouteTableAssociation",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2/RouteTableAssociation",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation",
+ "aws:cdk:cloudformation:props": {
+ "routeTableId": {
+ "Ref": "VPCPublicSubnet2RouteTable6F1A15F1"
+ },
+ "subnetId": {
+ "Ref": "VPCPublicSubnet2Subnet74179F39"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation",
+ "version": "0.0.0"
+ }
+ },
+ "DefaultRoute": {
+ "id": "DefaultRoute",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2/DefaultRoute",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::Route",
+ "aws:cdk:cloudformation:props": {
+ "destinationCidrBlock": "0.0.0.0/0",
+ "gatewayId": {
+ "Ref": "VPCIGWB7E252D3"
+ },
+ "routeTableId": {
+ "Ref": "VPCPublicSubnet2RouteTable6F1A15F1"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnRoute",
+ "version": "0.0.0"
+ }
+ },
+ "EIP": {
+ "id": "EIP",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2/EIP",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::EIP",
+ "aws:cdk:cloudformation:props": {
+ "domain": "vpc",
+ "tags": [
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2"
+ }
+ ]
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnEIP",
+ "version": "0.0.0"
+ }
+ },
+ "NATGateway": {
+ "id": "NATGateway",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2/NATGateway",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway",
+ "aws:cdk:cloudformation:props": {
+ "allocationId": {
+ "Fn::GetAtt": [
+ "VPCPublicSubnet2EIP4947BC00",
+ "AllocationId"
+ ]
+ },
+ "subnetId": {
+ "Ref": "VPCPublicSubnet2Subnet74179F39"
+ },
+ "tags": [
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PublicSubnet2"
+ }
+ ]
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet",
+ "version": "0.0.0"
+ }
+ },
+ "PrivateSubnet1": {
+ "id": "PrivateSubnet1",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1",
+ "children": {
+ "Subnet": {
+ "id": "Subnet",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1/Subnet",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::Subnet",
+ "aws:cdk:cloudformation:props": {
+ "availabilityZone": {
+ "Fn::Select": [
+ 0,
+ {
+ "Fn::GetAZs": ""
+ }
+ ]
+ },
+ "cidrBlock": "10.0.128.0/18",
+ "mapPublicIpOnLaunch": false,
+ "tags": [
+ {
+ "key": "aws-cdk:subnet-name",
+ "value": "Private"
+ },
+ {
+ "key": "aws-cdk:subnet-type",
+ "value": "Private"
+ },
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1"
+ }
+ ],
+ "vpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet",
+ "version": "0.0.0"
+ }
+ },
+ "Acl": {
+ "id": "Acl",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1/Acl",
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.Resource",
+ "version": "0.0.0"
+ }
+ },
+ "RouteTable": {
+ "id": "RouteTable",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1/RouteTable",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable",
+ "aws:cdk:cloudformation:props": {
+ "tags": [
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1"
+ }
+ ],
+ "vpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable",
+ "version": "0.0.0"
+ }
+ },
+ "RouteTableAssociation": {
+ "id": "RouteTableAssociation",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1/RouteTableAssociation",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation",
+ "aws:cdk:cloudformation:props": {
+ "routeTableId": {
+ "Ref": "VPCPrivateSubnet1RouteTableBE8A6027"
+ },
+ "subnetId": {
+ "Ref": "VPCPrivateSubnet1Subnet8BCA10E0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation",
+ "version": "0.0.0"
+ }
+ },
+ "DefaultRoute": {
+ "id": "DefaultRoute",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet1/DefaultRoute",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::Route",
+ "aws:cdk:cloudformation:props": {
+ "destinationCidrBlock": "0.0.0.0/0",
+ "natGatewayId": {
+ "Ref": "VPCPublicSubnet1NATGatewayE0556630"
+ },
+ "routeTableId": {
+ "Ref": "VPCPrivateSubnet1RouteTableBE8A6027"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnRoute",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet",
+ "version": "0.0.0"
+ }
+ },
+ "PrivateSubnet2": {
+ "id": "PrivateSubnet2",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2",
+ "children": {
+ "Subnet": {
+ "id": "Subnet",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2/Subnet",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::Subnet",
+ "aws:cdk:cloudformation:props": {
+ "availabilityZone": {
+ "Fn::Select": [
+ 1,
+ {
+ "Fn::GetAZs": ""
+ }
+ ]
+ },
+ "cidrBlock": "10.0.192.0/18",
+ "mapPublicIpOnLaunch": false,
+ "tags": [
+ {
+ "key": "aws-cdk:subnet-name",
+ "value": "Private"
+ },
+ {
+ "key": "aws-cdk:subnet-type",
+ "value": "Private"
+ },
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2"
+ }
+ ],
+ "vpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet",
+ "version": "0.0.0"
+ }
+ },
+ "Acl": {
+ "id": "Acl",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2/Acl",
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.Resource",
+ "version": "0.0.0"
+ }
+ },
+ "RouteTable": {
+ "id": "RouteTable",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2/RouteTable",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable",
+ "aws:cdk:cloudformation:props": {
+ "tags": [
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2"
+ }
+ ],
+ "vpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable",
+ "version": "0.0.0"
+ }
+ },
+ "RouteTableAssociation": {
+ "id": "RouteTableAssociation",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2/RouteTableAssociation",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation",
+ "aws:cdk:cloudformation:props": {
+ "routeTableId": {
+ "Ref": "VPCPrivateSubnet2RouteTable0A19E10E"
+ },
+ "subnetId": {
+ "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation",
+ "version": "0.0.0"
+ }
+ },
+ "DefaultRoute": {
+ "id": "DefaultRoute",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/PrivateSubnet2/DefaultRoute",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::Route",
+ "aws:cdk:cloudformation:props": {
+ "destinationCidrBlock": "0.0.0.0/0",
+ "natGatewayId": {
+ "Ref": "VPCPublicSubnet2NATGateway3C070193"
+ },
+ "routeTableId": {
+ "Ref": "VPCPrivateSubnet2RouteTable0A19E10E"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnRoute",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet",
+ "version": "0.0.0"
+ }
+ },
+ "IGW": {
+ "id": "IGW",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/IGW",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway",
+ "aws:cdk:cloudformation:props": {
+ "tags": [
+ {
+ "key": "Name",
+ "value": "cdk-rds-cluster-instance-ca-certificate-integ/VPC"
+ }
+ ]
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway",
+ "version": "0.0.0"
+ }
+ },
+ "VPCGW": {
+ "id": "VPCGW",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/VPC/VPCGW",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment",
+ "aws:cdk:cloudformation:props": {
+ "internetGatewayId": {
+ "Ref": "VPCIGWB7E252D3"
+ },
+ "vpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.Vpc",
+ "version": "0.0.0"
+ }
+ },
+ "Database": {
+ "id": "Database",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/Database",
+ "children": {
+ "Subnets": {
+ "id": "Subnets",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/Database/Subnets",
+ "children": {
+ "Default": {
+ "id": "Default",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/Database/Subnets/Default",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup",
+ "aws:cdk:cloudformation:props": {
+ "dbSubnetGroupDescription": "Subnets for Database database",
+ "subnetIds": [
+ {
+ "Ref": "VPCPublicSubnet1SubnetB4246D30"
+ },
+ {
+ "Ref": "VPCPublicSubnet2Subnet74179F39"
+ }
+ ]
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_rds.SubnetGroup",
+ "version": "0.0.0"
+ }
+ },
+ "SecurityGroup": {
+ "id": "SecurityGroup",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/Database/SecurityGroup",
+ "children": {
+ "Resource": {
+ "id": "Resource",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/Database/SecurityGroup/Resource",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup",
+ "aws:cdk:cloudformation:props": {
+ "groupDescription": "RDS security group",
+ "securityGroupEgress": [
+ {
+ "cidrIp": "0.0.0.0/0",
+ "description": "Allow all outbound traffic by default",
+ "ipProtocol": "-1"
+ }
+ ],
+ "vpcId": {
+ "Ref": "VPCB9E5F0B4"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup",
+ "version": "0.0.0"
+ }
+ },
+ "AuroraMySqlDatabaseClusterEngineDefaultParameterGroup": {
+ "id": "AuroraMySqlDatabaseClusterEngineDefaultParameterGroup",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/Database/AuroraMySqlDatabaseClusterEngineDefaultParameterGroup",
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.Resource",
+ "version": "0.0.0"
+ }
+ },
+ "Resource": {
+ "id": "Resource",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/Database/Resource",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::RDS::DBCluster",
+ "aws:cdk:cloudformation:props": {
+ "copyTagsToSnapshot": true,
+ "dbClusterParameterGroupName": "default.aurora-mysql8.0",
+ "dbSubnetGroupName": {
+ "Ref": "DatabaseSubnets56F17B9A"
+ },
+ "engine": "aurora-mysql",
+ "engineVersion": "8.0.mysql_aurora.3.03.0",
+ "masterUsername": "admin",
+ "masterUserPassword": "7959866cacc02c2d243ecfe177464fe6",
+ "vpcSecurityGroupIds": [
+ {
+ "Fn::GetAtt": [
+ "DatabaseSecurityGroup5C91FDCB",
+ "GroupId"
+ ]
+ }
+ ]
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_rds.CfnDBCluster",
+ "version": "0.0.0"
+ }
+ },
+ "Instance1Wrapper": {
+ "id": "Instance1Wrapper",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/Database/Instance1Wrapper",
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.Resource",
+ "version": "0.0.0"
+ }
+ },
+ "Instance1": {
+ "id": "Instance1",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/Database/Instance1",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance",
+ "aws:cdk:cloudformation:props": {
+ "caCertificateIdentifier": "rds-ca-2019",
+ "dbClusterIdentifier": {
+ "Ref": "DatabaseB269D8BB"
+ },
+ "dbInstanceClass": "db.t3.medium",
+ "dbSubnetGroupName": {
+ "Ref": "DatabaseSubnets56F17B9A"
+ },
+ "engine": "aurora-mysql",
+ "publiclyAccessible": true
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance",
+ "version": "0.0.0"
+ }
+ },
+ "Instance2Wrapper": {
+ "id": "Instance2Wrapper",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/Database/Instance2Wrapper",
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.Resource",
+ "version": "0.0.0"
+ }
+ },
+ "Instance2": {
+ "id": "Instance2",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/Database/Instance2",
+ "attributes": {
+ "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance",
+ "aws:cdk:cloudformation:props": {
+ "caCertificateIdentifier": "rds-ca-2019",
+ "dbClusterIdentifier": {
+ "Ref": "DatabaseB269D8BB"
+ },
+ "dbInstanceClass": "db.t3.medium",
+ "dbSubnetGroupName": {
+ "Ref": "DatabaseSubnets56F17B9A"
+ },
+ "engine": "aurora-mysql",
+ "publiclyAccessible": true
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.aws_rds.DatabaseCluster",
+ "version": "0.0.0"
+ }
+ },
+ "BootstrapVersion": {
+ "id": "BootstrapVersion",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/BootstrapVersion",
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.CfnParameter",
+ "version": "0.0.0"
+ }
+ },
+ "CheckBootstrapVersion": {
+ "id": "CheckBootstrapVersion",
+ "path": "cdk-rds-cluster-instance-ca-certificate-integ/CheckBootstrapVersion",
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.CfnRule",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.Stack",
+ "version": "0.0.0"
+ }
+ },
+ "cdk-rds-cluster-instance-ca-certificate-test": {
+ "id": "cdk-rds-cluster-instance-ca-certificate-test",
+ "path": "cdk-rds-cluster-instance-ca-certificate-test",
+ "children": {
+ "DefaultTest": {
+ "id": "DefaultTest",
+ "path": "cdk-rds-cluster-instance-ca-certificate-test/DefaultTest",
+ "children": {
+ "Default": {
+ "id": "Default",
+ "path": "cdk-rds-cluster-instance-ca-certificate-test/DefaultTest/Default",
+ "constructInfo": {
+ "fqn": "constructs.Construct",
+ "version": "10.2.70"
+ }
+ },
+ "DeployAssert": {
+ "id": "DeployAssert",
+ "path": "cdk-rds-cluster-instance-ca-certificate-test/DefaultTest/DeployAssert",
+ "children": {
+ "BootstrapVersion": {
+ "id": "BootstrapVersion",
+ "path": "cdk-rds-cluster-instance-ca-certificate-test/DefaultTest/DeployAssert/BootstrapVersion",
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.CfnParameter",
+ "version": "0.0.0"
+ }
+ },
+ "CheckBootstrapVersion": {
+ "id": "CheckBootstrapVersion",
+ "path": "cdk-rds-cluster-instance-ca-certificate-test/DefaultTest/DeployAssert/CheckBootstrapVersion",
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.CfnRule",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.Stack",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase",
+ "version": "0.0.0"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "@aws-cdk/integ-tests-alpha.IntegTest",
+ "version": "0.0.0"
+ }
+ },
+ "Tree": {
+ "id": "Tree",
+ "path": "Tree",
+ "constructInfo": {
+ "fqn": "constructs.Construct",
+ "version": "10.2.70"
+ }
+ }
+ },
+ "constructInfo": {
+ "fqn": "aws-cdk-lib.App",
+ "version": "0.0.0"
+ }
+ }
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.ts
new file mode 100644
index 0000000000000..9820d4f375483
--- /dev/null
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-ca-certificate.ts
@@ -0,0 +1,38 @@
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as cdk from 'aws-cdk-lib';
+import { AuroraMysqlEngineVersion, CaCertificate, ClusterInstance, Credentials, DatabaseCluster, DatabaseClusterEngine } from 'aws-cdk-lib/aws-rds';
+import { IntegTest } from '@aws-cdk/integ-tests-alpha';
+
+const app = new cdk.App();
+const stack = new cdk.Stack(app, 'cdk-rds-cluster-instance-ca-certificate-integ');
+
+const vpc = new ec2.Vpc(stack, 'VPC', { maxAzs: 2, restrictDefaultSecurityGroup: false });
+
+const instanceProps = {
+ instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MEDIUM),
+ isFromLegacyInstanceProps: true,
+ caCertificate: CaCertificate.RDS_CA_2019,
+};
+
+new DatabaseCluster(stack, 'Database', {
+ engine: DatabaseClusterEngine.auroraMysql({
+ version: AuroraMysqlEngineVersion.VER_3_03_0,
+ }),
+ credentials: Credentials.fromUsername('admin', { password: cdk.SecretValue.unsafePlainText('7959866cacc02c2d243ecfe177464fe6') }),
+ vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC },
+ vpc,
+ writer: ClusterInstance.provisioned('Instance1', {
+ ...instanceProps,
+ }),
+ readers: [
+ ClusterInstance.provisioned('Instance2', {
+ ...instanceProps,
+ }),
+ ],
+});
+
+new IntegTest(app, 'cdk-rds-cluster-instance-ca-certificate-test', {
+ testCases: [stack],
+});
+
+app.synth();
diff --git a/packages/aws-cdk-lib/aws-rds/README.md b/packages/aws-cdk-lib/aws-rds/README.md
index 63b686489d115..3833ff16eaa3e 100644
--- a/packages/aws-cdk-lib/aws-rds/README.md
+++ b/packages/aws-cdk-lib/aws-rds/README.md
@@ -34,7 +34,7 @@ const cluster = new rds.DatabaseCluster(this, 'Database', {
});
```
-To adopt Aurora I/O-Optimized. Speicify `DBClusterStorageType.AURORA_IOPT1` on the `storageType` property.
+To adopt Aurora I/O-Optimized. Specify `DBClusterStorageType.AURORA_IOPT1` on the `storageType` property.
```ts
declare const vpc: ec2.Vpc;
@@ -297,6 +297,27 @@ DB instance to a status of `incompatible-parameters`. While the DB instance has
the incompatible-parameters status, some operations are blocked. For example,
you can't upgrade the engine version.
+#### CA certificate
+
+Use the `caCertificate` property to specify the [CA certificates](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html)
+to use for a cluster instances:
+
+```ts
+declare const vpc: ec2.Vpc;
+const cluster = new rds.DatabaseCluster(this, 'Database', {
+ engine: rds.DatabaseClusterEngine.auroraMysql({ version: rds.AuroraMysqlEngineVersion.VER_3_01_0 }),
+ writer: rds.ClusterInstance.provisioned('writer', {
+ caCertificate: rds.CaCertificate.RDS_CA_RDS2048_G1,
+ }),
+ readers: [
+ rds.ClusterInstance.serverlessV2('reader', {
+ caCertificate: rds.CaCertificate.of('custom-ca'),
+ }),
+ ],
+ vpc,
+});
+```
+
### Migrating from instanceProps
Creating instances in a `DatabaseCluster` using `instanceProps` & `instances` is
diff --git a/packages/aws-cdk-lib/aws-rds/lib/aurora-cluster-instance.ts b/packages/aws-cdk-lib/aws-rds/lib/aurora-cluster-instance.ts
index 684d0e9bb5a26..7e15711411d11 100644
--- a/packages/aws-cdk-lib/aws-rds/lib/aurora-cluster-instance.ts
+++ b/packages/aws-cdk-lib/aws-rds/lib/aurora-cluster-instance.ts
@@ -1,4 +1,5 @@
import { Construct } from 'constructs';
+import { CaCertificate } from './ca-certificate';
import { DatabaseCluster } from './cluster';
import { IDatabaseCluster } from './cluster-ref';
import { IParameterGroup, ParameterGroup } from './parameter-group';
@@ -292,6 +293,20 @@ export interface ClusterInstanceOptions {
* @default false
*/
readonly isFromLegacyInstanceProps?: boolean;
+
+ /**
+ * The identifier of the CA certificate for this DB cluster's instances.
+ *
+ * Specifying or updating this property triggers a reboot.
+ *
+ * For RDS DB engines:
+ * @see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html
+ * For Aurora DB engines:
+ * @see https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html
+ *
+ * @default - RDS will choose a certificate authority
+ */
+ readonly caCertificate?: CaCertificate;
}
/**
@@ -489,6 +504,7 @@ class AuroraClusterInstance extends Resource implements IAuroraClusterInstance {
monitoringRoleArn: props.monitoringRole && props.monitoringRole.roleArn,
autoMinorVersionUpgrade: props.autoMinorVersionUpgrade,
allowMajorVersionUpgrade: props.allowMajorVersionUpgrade,
+ caCertificateIdentifier: props.caCertificate && props.caCertificate.toString(),
});
// For instances that are part of a cluster:
//
diff --git a/packages/aws-cdk-lib/aws-rds/lib/ca-certificate.ts b/packages/aws-cdk-lib/aws-rds/lib/ca-certificate.ts
new file mode 100644
index 0000000000000..8c64714cdf9bb
--- /dev/null
+++ b/packages/aws-cdk-lib/aws-rds/lib/ca-certificate.ts
@@ -0,0 +1,47 @@
+/**
+ * The CA certificate used for a DB instance.
+ *
+ * @see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
+ */
+export class CaCertificate {
+ /**
+ * rds-ca-2019 certificate authority
+ */
+ public static readonly RDS_CA_2019 = CaCertificate.of('rds-ca-2019');
+
+ /**
+ * rds-ca-ecc384-g1 certificate authority
+ */
+ public static readonly RDS_CA_ECC384_G1 = CaCertificate.of('rds-ca-ecc384-g1');
+
+ /**
+ * rds-ca-rsa2048-g1 certificate authority
+ */
+ public static readonly RDS_CA_RDS2048_G1 = CaCertificate.of('rds-ca-rsa2048-g1');
+
+ /**
+ * rds-ca-rsa4096-g1 certificate authority
+ */
+ public static readonly RDS_CA_RDS4096_G1 = CaCertificate.of('rds-ca-rsa4096-g1');
+
+ /**
+ * Custom CA certificate
+ *
+ * @param identifier - CA certificate identifier
+ */
+ public static of(identifier: string) {
+ return new CaCertificate(identifier);
+ }
+
+ /**
+ * @param identifier - CA certificate identifier
+ */
+ private constructor(private readonly identifier: string) { }
+
+ /**
+ * Returns the CA certificate identifier as a string
+ */
+ public toString(): string {
+ return this.identifier;
+ }
+}
diff --git a/packages/aws-cdk-lib/aws-rds/lib/index.ts b/packages/aws-cdk-lib/aws-rds/lib/index.ts
index fd7e157de0745..619251587537d 100644
--- a/packages/aws-cdk-lib/aws-rds/lib/index.ts
+++ b/packages/aws-cdk-lib/aws-rds/lib/index.ts
@@ -1,5 +1,6 @@
export * from './engine';
export * from './engine-version';
+export * from './ca-certificate';
export * from './cluster';
export * from './cluster-ref';
export * from './cluster-engine';
diff --git a/packages/aws-cdk-lib/aws-rds/lib/instance.ts b/packages/aws-cdk-lib/aws-rds/lib/instance.ts
index 1fab510aa69b6..336f6fac4fc19 100644
--- a/packages/aws-cdk-lib/aws-rds/lib/instance.ts
+++ b/packages/aws-cdk-lib/aws-rds/lib/instance.ts
@@ -1,4 +1,5 @@
import { Construct } from 'constructs';
+import { CaCertificate } from './ca-certificate';
import { DatabaseSecret } from './database-secret';
import { Endpoint } from './endpoint';
import { IInstanceEngine } from './instance-engine';
@@ -347,54 +348,6 @@ export enum NetworkType {
DUAL = 'DUAL'
}
-/**
- * The CA certificate used for this DB instance.
- *
- * @see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
- */
-export class CaCertificate {
- /**
- * rds-ca-2019 certificate authority
- */
- public static readonly RDS_CA_2019 = CaCertificate.of('rds-ca-2019');
-
- /**
- * rds-ca-ecc384-g1 certificate authority
- */
- public static readonly RDS_CA_ECC384_G1 = CaCertificate.of('rds-ca-ecc384-g1');
-
- /**
- * rds-ca-rsa2048-g1 certificate authority
- */
- public static readonly RDS_CA_RDS2048_G1 = CaCertificate.of('rds-ca-rsa2048-g1');
-
- /**
- * rds-ca-rsa4096-g1 certificate authority
- */
- public static readonly RDS_CA_RDS4096_G1 = CaCertificate.of('rds-ca-rsa4096-g1');
-
- /**
- * Custom CA certificate
- *
- * @param identifier - CA certificate identifier
- */
- public static of(identifier: string) {
- return new CaCertificate(identifier);
- }
-
- /**
- * @param identifier - CA certificate identifier
- */
- private constructor(private readonly identifier: string) { }
-
- /**
- * Returns the CA certificate identifier as a string
- */
- public toString(): string {
- return this.identifier;
- }
-}
-
/**
* Construction properties for a DatabaseInstanceNew
*/
diff --git a/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts b/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts
index 22e40c0b2ec51..0df1eb0c5a954 100644
--- a/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts
+++ b/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts
@@ -9,7 +9,7 @@ import { RemovalPolicy, Stack, Annotations as CoreAnnotations } from '../../core
import {
AuroraEngineVersion, AuroraMysqlEngineVersion, AuroraPostgresEngineVersion, CfnDBCluster, Credentials, DatabaseCluster,
DatabaseClusterEngine, DatabaseClusterFromSnapshot, ParameterGroup, PerformanceInsightRetention, SubnetGroup, DatabaseSecret,
- DatabaseInstanceEngine, SqlServerEngineVersion, SnapshotCredentials, InstanceUpdateBehaviour, NetworkType, ClusterInstance,
+ DatabaseInstanceEngine, SqlServerEngineVersion, SnapshotCredentials, InstanceUpdateBehaviour, NetworkType, ClusterInstance, CaCertificate,
} from '../lib';
describe('cluster new api', () => {
@@ -902,6 +902,54 @@ describe('cluster new api', () => {
'Reader InstanceSizes: m5.xlarge [ack: @aws-cdk/aws-rds:provisionedReadersDontMatchWriter]',
);
});
+
+ test('support CA certificate identifier on writer and readers', () => {
+ // GIVEN
+ const stack = testStack();
+ const vpc = new ec2.Vpc(stack, 'VPC');
+
+ // WHEN
+ new DatabaseCluster(stack, 'Database', {
+ engine: DatabaseClusterEngine.AURORA,
+ vpc,
+ writer: ClusterInstance.provisioned('writer', {
+ instanceType: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.XLARGE24 ),
+ caCertificate: CaCertificate.RDS_CA_RDS4096_G1,
+ }),
+ readers: [
+ ClusterInstance.serverlessV2('reader', {
+ caCertificate: CaCertificate.RDS_CA_RDS2048_G1,
+ }),
+ ClusterInstance.provisioned('reader2', {
+ promotionTier: 1,
+ instanceType: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.XLARGE24 ),
+ caCertificate: CaCertificate.of('custom-ca-id'),
+ }),
+ ],
+ });
+
+ // THEN
+ const template = Template.fromStack(stack);
+ template.resourceCountIs('AWS::RDS::DBInstance', 3);
+ template.hasResourceProperties('AWS::RDS::DBInstance', {
+ DBClusterIdentifier: { Ref: 'DatabaseB269D8BB' },
+ DBInstanceClass: 'db.m5.24xlarge',
+ PromotionTier: 0,
+ CACertificateIdentifier: 'rds-ca-rsa4096-g1',
+ });
+ template.hasResourceProperties('AWS::RDS::DBInstance', {
+ DBClusterIdentifier: { Ref: 'DatabaseB269D8BB' },
+ DBInstanceClass: 'db.serverless',
+ PromotionTier: 2,
+ CACertificateIdentifier: 'rds-ca-rsa2048-g1',
+ });
+ template.hasResourceProperties('AWS::RDS::DBInstance', {
+ DBClusterIdentifier: { Ref: 'DatabaseB269D8BB' },
+ DBInstanceClass: 'db.m5.24xlarge',
+ PromotionTier: 1,
+ CACertificateIdentifier: 'custom-ca-id',
+ });
+ });
});
});