fix(rds): proxy target group does not depend on database instances wh…

…en using writer property
aws · Sep 7, 2024 · f623a5a · f623a5a
1 parent 4b9643f
commit f623a5a
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 0 deletions.
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.proxy.ts
@@ -52,6 +52,22 @@ cluster.addProxy('Proxy2', {
   vpc,
 });
 
+// Has a `writer` property instead of the legacy `instanceProps`
+const clusterWithWriter = new rds.DatabaseCluster(stack, 'dbClusterWithWriter', {
+  engine: rds.DatabaseClusterEngine.auroraPostgres({
+    version: rds.AuroraPostgresEngineVersion.VER_14_5,
+  }),
+  vpc,
+  writer: rds.ClusterInstance.provisioned('writer'),
+  readers: [rds.ClusterInstance.provisioned('reader')],
+});
+
+new rds.DatabaseProxy(stack, 'Proxy3', {
+  proxyTarget: rds.ProxyTarget.fromCluster(clusterWithWriter),
+  secrets: [clusterWithWriter.secret!],
+  vpc,
+});
+
 new integ.IntegTest(app, 'database-proxy-integ-test', {
   testCases: [stack],
   diffAssets: true,

diff --git a/packages/aws-cdk-lib/aws-rds/lib/proxy.ts b/packages/aws-cdk-lib/aws-rds/lib/proxy.ts
@@ -533,9 +533,16 @@ export class DatabaseProxy extends DatabaseProxyBase
     // To avoid this, use `CfnResource.addDependency` to add dependencies on `DatabaseCluster` and `DBInstance`.
     bindResult.dbClusters?.forEach((cluster) => {
       cluster.node.children.forEach((child) => {
+        // Legacy case using the `instanceProps` property of `DatabaseCluster`.
         if (child instanceof CfnDBInstance) {
           proxyTargetGroup.addDependency(child);
         }
+        // The case of `AuroraClusterInstance` constructs passed via the `writer` and `readers` properties of `DatabaseCluster`.
+        // The `AuroraClusterInstance class is not exported, so we can't use `instanceof` to check the type.
+        const resource = child.node.defaultChild;
+        if (resource instanceof CfnDBInstance) {
+          proxyTargetGroup.addDependency(resource);
+        }
       });
       const clusterResource = cluster.node.defaultChild as cdk.CfnResource;
       if (clusterResource && cdk.CfnResource.isCfnResource(clusterResource)) {

diff --git a/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts b/packages/aws-cdk-lib/aws-rds/test/proxy.test.ts
@@ -558,6 +558,38 @@ describe('proxy', () => {
     });
   });
 
+  test('DBProxyTargetGroup should also have dependency on the proxy targets when using writer and readers properties instead of instanceProps', () => {
+    // GIVEN
+    const cluster = new rds.DatabaseCluster(stack, 'cluster', {
+      engine: rds.DatabaseClusterEngine.AURORA,
+      vpc,
+      writer: rds.ClusterInstance.provisioned('writer'),
+      readers: [rds.ClusterInstance.provisioned('reader')],
+    });
+
+    //WHEN
+    new rds.DatabaseProxy(stack, 'proxy', {
+      proxyTarget: rds.ProxyTarget.fromCluster(cluster),
+      secrets: [cluster.secret!],
+      vpc,
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResource('AWS::RDS::DBProxyTargetGroup', {
+      Properties: {
+        DBProxyName: {
+          Ref: 'proxy3A1DA9C7',
+        },
+        TargetGroupName: 'default',
+      },
+      DependsOn: [
+        'clusterreaderE226030A',
+        'cluster611F8AFF',
+        'clusterwriter3FDF01F3',
+      ],
+    });
+  });
+
   describe('clientPasswordAuthType', () => {
     test('create a DB proxy with specified client password authentication type', () => {
       // GIVEN