在创建 RDS 实例后运行 AWS CDK 自定义资源以进行数据库设置
[英]Running AWS CDK custom resource for database setup after RDS instance is created
问题描述
How can I trigger a Lambda function using AWS CDK after an RDS instance is up?
在 RDS 实例启动后,如何使用 AWS CDK 触发 Lambda function?
I am setting up a system with an RDS instance and an EKS cluster using AWS CDK and Typescript.我正在使用 AWS CDK 和 Typescript 设置具有 RDS 实例和 EKS 集群的系统。 After the RDS instance is created, I would like to set up some users in the database instance to be used by microservices on EKS.创建RDS实例后,我想在数据库实例中设置一些用户,供EKS上的微服务使用。
I created a Custom Resource backed by a Lambda function for this, also implemented in Typescript.为此,我创建了一个由 Lambda function 支持的自定义资源,也在 Typescript 中实现。 The lambda function retrieves the secret generated by CDK for the RDS instance plus some secrets for my database users, connects to the database and creates the database users. lambda function 检索 CDK 为 RDS 实例生成的密码以及我的数据库用户的一些密码,连接到数据库并创建数据库用户。 Ideally, the custom resource runs after the database instance is up and before the microservices are installed.理想情况下,自定义资源在数据库实例启动之后和微服务安装之前运行。 How can I achieve this?我怎样才能做到这一点?
I haven't found a way to explicitly declare the dependency and my Lambda does not technically require a dependency (other than using secret.grantRead(lambda) ).我还没有找到明确声明依赖项的方法,而且我的 Lambda 在技术上不需要依赖项(除了使用secret.grantRead(lambda) )。 Just running a retry loop in Lambda until everything is up will likely not work thanks to the long creation times.由于创建时间长,仅在 Lambda 中运行重试循环直到一切就绪可能无法正常工作。 Any code snippets/examples/... greatly appreciated, I have only found references about the general approach so far.非常感谢任何代码片段/示例/...,到目前为止,我只找到了有关一般方法的参考资料。
Update with details in reply to @jogold: With更新详细信息以回复@jogold:与
const database = new rds.DatabaseInstance(this, 'db', {
instanceIdentifier: conf.systemName,
engine: rds.DatabaseInstanceEngine.POSTGRES,
instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO),
masterUsername: MASTER_USER,
allocatedStorage: 20, maxAllocatedStorage: 100,
multiAz: conf.isProduction,
storageEncrypted: true,
backupRetention: cdk.Duration.days(7),
deletionProtection: false,
vpc, securityGroups: [ rdsSG ]
});
CDK will generate a secret with some more or less random name with the access credentials to the database. CDK 将使用数据库的访问凭据生成具有或多或少随机名称的秘密。 I tried attaching the secret directly to my Lambda:我尝试将秘密直接附加到我的 Lambda:
new cdk.CustomResource(this, 'preinstall', {
serviceToken: preinstallProvider.serviceToken,
properties: { secret: database.secret }
});
But that gives me但这给了我
Error: Resolution error: Resolution error: Trying to resolve() a Construct at /Resources/${Token[td000.preinstall.Default.LogicalID.221]}/Properties/dbSecret/node/_actualNode.
Also, it looks like the interface ISecret doesn't have the ID/name of the secret, so I wouldn't know what to do with it in the Lambda.此外,看起来ISecret接口没有密钥的 ID/名称,所以我不知道在 Lambda 中如何处理它。
1 个解决方案
解决方案1
2 已采纳 2020-07-03 08:21:55
CDK will usually try to guess the dependencies for you and ensure that they're created in the correct order. CDK 通常会尝试为您猜测依赖项并确保它们以正确的顺序创建。 Where this doesn't work (as in your example), you can explicity declare that one resource depends on another.如果这不起作用(如您的示例中),您可以明确声明一个资源依赖于另一个资源。 For example:例如:
const customResource = new cdk.CustomResource(this, 'preinstall', {
serviceToken: preinstallProvider.serviceToken,
properties: { secret: database.secret }
});
customResource.node.addDependency(database);
See the docs for more details https://docs.aws.amazon.com/cdk/api/latest/docs/core-readme.html#construct-dependencies有关更多详细信息,请参阅文档https://docs.aws.amazon.com/cdk/api/latest/docs/core-readme.html#construct-dependencies
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.