Not able to grant lambda read access to Secrets manager AWS CDK GoLang

Question

modules imported



import (
    // "fmt"
    "fmt"
    "github.com/aws/aws-cdk-go/awscdk/v2"
    cdk "github.com/aws/aws-cdk-go/awscdk/v2"
    "github.com/aws/aws-cdk-go/awscdk/v2/awsec2"
    "github.com/aws/aws-cdk-go/awscdk/v2/awslambda"
    "github.com/aws/aws-cdk-go/awscdk/v2/awsrds"
    asset "github.com/aws/aws-cdk-go/awscdk/v2/awss3assets"
    "github.com/aws/aws-sdk-go-v2/aws"
    "github.com/aws/constructs-go/constructs/v10"
    "github.com/aws/jsii-runtime-go"
    // "reflect"
)

rds code

rds := awsrds.NewDatabaseInstance(stack, jsii.String("PostgresInstance"), &awsrds.DatabaseInstanceProps{
        Engine:            awsrds.DatabaseInstanceEngine_POSTGRES(),
        IamAuthentication: jsii.Bool(true),
        Vpc:               defaultVpc,
    })

lambda code

writerFunction := awslambda.NewFunction(stack, aws.String("writerFunction"),
        &awslambda.FunctionProps{
            Handler: aws.String("main"),
            Runtime: awslambda.Runtime_GO_1_X(),
            Code: awslambda.AssetCode_FromAsset(aws.String("./lambda"), &asset.AssetOptions{
                Bundling: &cdk.BundlingOptions{
                    Image: awslambda.Runtime_GO_1_X().BundlingImage(),
                    User:  aws.String("root"),
                    Command: &[]*string{
                        aws.String("bash"),
                        aws.String("-c"),
                        aws.String("go version && go build -o /asset-output/main"),
                    },
                },
            }),
            Environment: &map[string]*string{
                "mode":       jsii.String("writer"),
                "secretName": rds.Secret().SecretName(),
                "region":     jsii.String("xx"),
            },
        },
    )

attempting to grant lambda access to secrets manager

rds.Secret().GrantRead(writerFunction)

error i am facing during cdk diff or deploy

$ cdk diff      
# command-line-arguments
./test.go:85:25: not enough arguments in call to rds.Secret().GrantRead
        have (awslambda.Function)
        want (awsiam.IGrantable, *[]*string)

Function seems to implement IGrantable. But not sure where i am doing it wrong. I am using AWS CDK GoLang

Answer 1

You're missing a second argument, of type *[]*string for the versionStages. See on https://pkg.go.dev/github.com/aws/aws-cdk-go/awscdk/v2/awsrds#section-readme

// Grants reading the secret value to some role.
    GrantRead(grantee awsiam.IGrantable, versionStages *[]*string) awsiam.Grant

Not able to grant lambda read access to Secrets manager AWS CDK GoLang

Question

1 answers

solution1
0 2022-11-26 21:49:26

Not able to grant lambda read access to Secrets manager AWS CDK GoLang

Question

1 answers

solution1 0 2022-11-26 21:49:26

solution1
0 2022-11-26 21:49:26