Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_rds: DatabaseCluster s3ExportBuckets fails with AuroraMysqlEngineVersion.of(...) #33562

Open
1 task
k1e1n04 opened this issue Feb 23, 2025 · 3 comments · May be fixed by #33564
Open
1 task

aws_rds: DatabaseCluster s3ExportBuckets fails with AuroraMysqlEngineVersion.of(...) #33562

k1e1n04 opened this issue Feb 23, 2025 · 3 comments · May be fixed by #33564
Labels
@aws-cdk/aws-rds Related to Amazon Relational Database bug This issue is a bug. effort/medium Medium work item – several days of effort p2

Comments

@k1e1n04
Copy link

k1e1n04 commented Feb 23, 2025

Describe the bug

When using AuroraMysqlEngineVersion.of(...) instead of AuroraMysqlEngineVersion.VER_3_07_1, the s3ExportBuckets feature produces an incorrect CloudFormation configuration.

Specifically, the DBClusterParameterGroup gets an unexpected difference:
• AuroraMysqlEngineVersion.of(...) adds .aurora_select_into_s3_role
• AuroraMysqlEngineVersion.VER_3_07_1 adds .aws_default_s3_role

This affects the behavior of S3 export functionality and results in inconsistent CloudFormation stacks.

This issue appears related to Issue #19735.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

When specifying the engine version with AuroraMysqlEngineVersion.of(...), the s3ExportBuckets behavior should be the same as when using AuroraMysqlEngineVersion.VER_3_07_1.

Additionally, the DBClusterParameterGroup should have the same parameters, ensuring consistency.

Current Behavior

Using AuroraMysqlEngineVersion.of("8.0.mysql_aurora.3.07.1", "8.0") results in the following incorrect CloudFormation diff:

Resources
[+] AWS::S3::Bucket sampleBucket sampleBucket14E4F90B
[~] AWS::RDS::DBClusterParameterGroup sampleParameterGroup sampleParameterGroup4231F25B
 └─ [~] Parameters
     └─ [+] Added: .aurora_select_into_s3_role  <-- INCORRECT

However, when using AuroraMysqlEngineVersion.VER_3_07_1, the expected behavior occurs:

Resources
[+] AWS::S3::Bucket sampleBucket sampleBucket14E4F90B
[~] AWS::RDS::DBClusterParameterGroup sampleParameterGroup sampleParameterGroup4231F25B
 └─ [~] Parameters
     └─ [+] Added: .aws_default_s3_role  <-- CORRECT

This discrepancy causes s3ExportBuckets to behave inconsistently.

Reproduction Steps

The issue can be reproduced using the following CDK code:

Incorrect behavior (AuroraMysqlEngineVersion.of(...))

new DatabaseCluster(this, 'sampleId', {
  engine: DatabaseClusterEngine.auroraMysql({
      version: AuroraMysqlEngineVersion.of("8.0.mysql_aurora.3.07.1", "8.0")
  }),
  iamAuthentication: true,
  parameterGroup,
  vpc: props.vpc,
  defaultDatabaseName: "sampleDatabase",
  writer: ClusterInstance.provisioned('writerInstance', {
      instanceType: InstanceType.of(InstanceClass.BURSTABLE3, InstanceSize.MEDIUM),
  }),
  s3ExportBuckets: [
      new Bucket(this, "sampleBucket", {
          bucketName,
          removalPolicy: RemovalPolicy.DESTROY,
      })
  ]
});

Expected behavior (AuroraMysqlEngineVersion.VER_3_07_1)

new DatabaseCluster(this, 'sampleId', {
  engine: DatabaseClusterEngine.auroraMysql({
      version: AuroraMysqlEngineVersion.VER_3_07_1
  }),
  iamAuthentication: true,
  parameterGroup,
  vpc: props.vpc,
  defaultDatabaseName: "sampleDatabase",
  writer: ClusterInstance.provisioned('writerInstance', {
      instanceType: InstanceType.of(InstanceClass.BURSTABLE3, InstanceSize.MEDIUM),
  }),
  s3ExportBuckets: [
      new Bucket(this, "sampleBucket", {
          bucketName,
          removalPolicy: RemovalPolicy.DESTROY,
      })
  ]
});

Possible Solution

In cluster-engine.ts, update the of method to ensure that _combineImportAndExportRoles is correctly set based on the major version.

Specifically, if the major version is not "5.7", _combineImportAndExportRoles should be set to true.

Additional Information/Context

  • This issue is problematic because AuroraMysqlEngineVersion.of(...) is required for emergency upgrades, but it currently leads to incorrect behavior in s3ExportBuckets and parameter groups.
  • The behavior should be consistent regardless of how the engine version is specified.

CDK CLI Version

v2.177.0

Framework Version

No response

Node.js Version

v22.3.0

OS

macOS Sequoia 15.3

Language

TypeScript

Language Version

5.2.2

Other information

No response
@k1e1n04 k1e1n04 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Feb 23, 2025
@github-actions github-actions bot added the @aws-cdk/aws-rds Related to Amazon Relational Database label Feb 23, 2025
@k1e1n04 k1e1n04 linked a pull request Feb 23, 2025 that will close this issue
Open
1 task
@pahud pahud added investigating This issue is being investigated and/or work is in progress to resolve the issue. p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Feb 24, 2025
@pahud
Copy link
Contributor

pahud commented Feb 24, 2025

Looking into this.

@pahud
Copy link
Contributor

pahud commented Feb 24, 2025

Looks like when using the of()

aws-cdk/packages/aws-cdk-lib/aws-rds/lib/cluster-engine.ts

Lines 655 to 657 in 5eeee75

public static of(auroraMysqlFullVersion: string, auroraMysqlMajorVersion?: string): AuroraMysqlEngineVersion {
return new AuroraMysqlEngineVersion(auroraMysqlFullVersion, auroraMysqlMajorVersion);
}

this._combineImportAndExportRoles would always be undefined, which determines whether to use aws_default_s3_role or separate roles for S3 import/export.

I noticed #33564 is WIP, we'll reivew the PR when it's ready.

@pahud pahud removed the investigating This issue is being investigated and/or work is in progress to resolve the issue. label Feb 24, 2025
@k1e1n04
Copy link
Author

k1e1n04 commented Feb 25, 2025

Hi @pahud,
I’ve updated the PR to properly set _combineImportAndExportRoles in AuroraMysqlEngineVersion.of(), ensuring that the correct role configuration (aws_default_s3_role or separate roles) is used.

Could you please review when you have time? Let me know if there’s anything else needed.

Thanks!

@github-actions github-actions bot mentioned this issue Mar 1, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-rds Related to Amazon Relational Database bug This issue is a bug. effort/medium Medium work item – several days of effort p2
Projects
None yet
Milestone
No milestone
2 participants
@pahud @k1e1n04