4

I am creating a JDBC connection in Glue using secrets for username and password. I can see in the console that username is read correctly from the secret, so that's not a concern. Once I edit the details and enter the password in the console, it becomes valid. Is there something wrong with my approach?

glue.CfnConnection(
        self,
        id="JDBCConnection",
        catalog_id=self.account,
        connection_input=glue.CfnConnection.ConnectionInputProperty(
            name="jdbc_connection",
            connection_type="JDBC",
            physical_connection_requirements=glue.CfnConnection.PhysicalConnectionRequirementsProperty(
                subnet_id=cdk.Fn.import_value("PrivateSubnet1"),
                security_group_id_list=[jdbc_connection_security_group.attr_group_id],
            ),
            connection_properties={
                "JDBC_CONNECTION_URL": "jdbc:<JDBC_URL>",
                "USERNAME": "{{resolve:secretsmanager:jdbc_username}}",
                "PASSWORD": "{{resolve:secretsmanager:jdbc_password}}",
            },
        ),
)
Krzysztof Słowiński
  • 6,239
  • 8
  • 44
  • 62

3 Answers3

5

In my case, I was missing the SSL and the availability zone. One tool I found useful is using the aws cli to get the information about a previously created (or cdk-created and console updated) valid connections.

$> aws glue get-connection --name <connection-name> --profile <profile-name>

This lists full information about an acceptable (working) connection.

{
    "Connection": {
        "Name": "<connection-name>",
        "Description": "<description>",
        "ConnectionType": "JDBC",
        "ConnectionProperties": {
            "JDBC_CONNECTION_URL": "<full-url>",
            "JDBC_ENFORCE_SSL": "false",
            "PASSWORD": "<password>",
            "USERNAME": "<username>"
        },
        "PhysicalConnectionRequirements": {
            "SubnetId": "<subnet>",
            "SecurityGroupIdList": [
                "<sec-group>",
                "<sec-group>"
            ],
            "AvailabilityZone": "us-west-2a"
        },
        "CreationTime": "<timestamp-w-tz>",
        "LastUpdatedTime": "<timestamp-w-tz>"
    }
}

I found out I was missing the ConnectionProperties key JDBC_ENFORNCE_SSL and PhysicalConnectionRequirements key AvailabilityZone.

Once I set them up in the CDK the created connection worked as expected.

tamersalama
  • 4,093
  • 1
  • 32
  • 35
  • Thanks for this answer! When I was defining network connection I also needed to specify AZ so it makes sense it is the same case here. The only difference was that the network connection failed to deploy without AZ and JDBC deployed correctly. I will test this suggestion and mark your answer if it works. – Krzysztof Słowiński Oct 08 '21 at 08:02
0

I got the same issue, but I realized that the issue was not with the password at all and it's how we are providing security groups and subnet values.

Once I changed all security groups and subnets as IResource(s) instead of strings it worked fine for me.

vj_p
  • 1
  • 1
  • Interesting, the documentation is listing those values as strings, and they are correctly picked up. As written, when I edit the connection in the console, without changing anything (just press edit and save) the issue is solved. https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_glue/CfnConnection.html#aws_cdk.aws_glue.CfnConnection.PhysicalConnectionRequirementsProperty https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-glue.CfnConnection.PhysicalConnectionRequirementsProperty.html – Krzysztof Słowiński Aug 02 '21 at 14:03
  • Yes, it was some weird issue.. it was working for me when I enter the credentials directly in the console as well. – vj_p May 06 '22 at 23:52
0

As written, when I edit the connection in the console, without changing anything (just press edit and save) the issue is solved I solved the issue as well.

Maybe the problem is the Require SSL connection. when I pressed edit and save in the console, Require SSL connection: False was added, but I have no idea about how to set this one by CDK.

J.C.
  • 1
  • 2