Proxy Target Group should wait for Aurora writer instance to be ready before creating CloudFormation resource
Target Group does not wait for Aurora writer instance to be ready before creating CloudFormation resource. The following CloudFormation error is seen as the proxy target group moves to the CREATE_FAILED state:
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { NodejsFunction } from 'aws-cdk-lib/aws-lambda-nodejs';
import { Runtime, FunctionUrlAuthType, HttpMethod } from 'aws-cdk-lib/aws-lambda';
import { Credentials, DatabaseProxy, ClusterInstance } from 'aws-cdk-lib/aws-rds';
import { DatabaseCluster, DatabaseClusterEngine, ClientPasswordAuthType, ProxyTarget, AuroraPostgresEngineVersion } from 'aws-cdk-lib/aws-rds';
import {Vpc, SubnetType, SecurityGroup, InstanceType, InstanceClass, InstanceSize} from 'aws-cdk-lib/aws-ec2'
import * as path from 'path';
export class CdkAuroraLambdaStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Create a custom VPC
const vpc = new Vpc(this, 'AuroraVPC', {
natGateways: 1,
maxAzs: 2,
subnetConfiguration: [
{
cidrMask: 24,
name: 'AuroraPublicSubnet',
subnetType: SubnetType.PUBLIC,
},
{
cidrMask: 24,
name: 'AuroraSubnet',
subnetType: SubnetType.PRIVATE_ISOLATED,
},
],
});
// Create a security group for the Aurora Serverless v2 cluster
const dbSecurityGroup = new SecurityGroup(this, 'AuroraSecurityGroup', {
vpc,
description: 'Security group for Aurora Serverless v2 cluster',
allowAllOutbound: true,
});
// Create a security group for the Lambda functions
const lambdaSecurityGroup = new SecurityGroup(this, 'LambdaSecurityGroup', {
vpc,
description: 'Security group for Lambda functions',
});
// Allow the Lambda functions to access the Aurora Serverless v2 cluster
dbSecurityGroup.addIngressRule(lambdaSecurityGroup, cdk.aws_ec2.Port.tcp(5432));
// Create Aurora Serverless v2 cluster
const cluster = new DatabaseCluster(this, 'AuroraCluster', {
engine: DatabaseClusterEngine.auroraPostgres({ version: AuroraPostgresEngineVersion.VER_16_2 }),
credentials: Credentials.fromGeneratedSecret('AuroraSecret'),
defaultDatabaseName: 'AuroraDB',
serverlessV2MinCapacity: 0.5,
serverlessV2MaxCapacity: 10,
securityGroups: [dbSecurityGroup],
vpc, // Use the custom VPC
vpcSubnets: {
subnetType: SubnetType.PRIVATE_ISOLATED,
},
writer: ClusterInstance.provisioned("writer")
});
// Create a data proxy
const proxy = new DatabaseProxy(this, 'AuroraProxy', {
proxyTarget: ProxyTarget.fromCluster(cluster),
secrets: [cluster.secret!],
vpc,
clientPasswordAuthType: ClientPasswordAuthType.POSTGRES_MD5
});
```
You will get the `CREATE_FAILED` deployment as explained in the bug.
### Possible Solution
The Proxy Target Group needs to be aware and add a DependsOn for the writer instance. Currently it only depends on the Aurora Cluster. The writer instance is a seperate resource.
Adding `proxy.node.addDependency(cluster)` to the bottom of the code snipped from the repro steps resolves the issue for now. But the library should add this for you
### Additional Information/Context
_No response_
### CDK CLI Version
2.143.0
### Framework Version
2.143.0
### Node.js Version
v20.12.2
### OS
Mac
### Language
TypeScript
### Language Version
_No response_
### Other information
_No response_
Describe the bug
When following documentation for a
DatabaseClusterI get CloudFormation deployment errorsRegression Issue
Last Known Working CDK Version
No response
Expected Behavior
Proxy Target Group should wait for Aurora writer instance to be ready before creating CloudFormation resource
Current Behavior
Target Group does not wait for Aurora writer instance to be ready before creating CloudFormation resource. The following CloudFormation error is seen as the proxy target group moves to the
CREATE_FAILEDstate:Resource handler returned message: "DB Instance <writer instance name> is in an unsupported state - CONFIGURING_ENHANCED_MONITORING, needs to be in [AVAILABLE, MODIFYING, BACKING_UP, CREATING]Reproduction Steps
Deploy the following CDK (
2.143.0) (eu-central-1 if you want to match my region)