https://pulumi.com logo
#getting-started
Title
# getting-started
c

creamy-hamburger-70712

10/17/2023, 2:39 PM
I successfully created an RDS instance and am able to connect to it. Now I want to create a non-admin database role and a database owned by that role from pulumi. Once this is in place I intend to use Alembic to initialise my DB instance. There is a package that looks like the one that will do what I need, https://pypi.org/project/pulumi-postgresql/. It requires a number of config values to be set. Some of these values such as password or host url are created dynamically when the RDS instance is created. How can I set these config variables (
postgresql:host
etc) dynamically from Python code?
b

billowy-army-68599

10/17/2023, 2:43 PM
you need to create a provider, which language are you using?
ah, looks like python:
Copy code
database = aws.rds.Instance(
            f"my-db",
    # other options here
        )

db_provider = postgresql.Provider(
    "rds-db",
    host=database.address,
    port=database.port,
    username=database.username,
    password=database.password,
)
then once you’ve done that, pass the provider to the role, eg;
Copy code
postgres_db = postgresql.Database(
    "thedb",
    name="an internal db"
    owner=database.username,
    opts=pulumi.ResourceOptions(provider=db_provider, parent=db_provider),
)
c

creamy-hamburger-70712

10/17/2023, 2:52 PM
That looks much more sensible than the mess I've been gluing together 🙂 Let me try.
While I am doing this, I notice a quirk in my code. I create a random password for the db master user with
aws.secretsmanager.get_random_password()
and the feed this value to
aws.rds.Instance(password=random_password.random_password)
The undesired side effect is that the password is re-generated every time i run
pulumi up
needlessly increasing my wait time. Is there a way to say "only generate a random password if the instance is being created but leave it unchanged otherwise"?
b

billowy-army-68599

10/17/2023, 3:41 PM
I’d use the pulumi-random provider for that instead
c

creamy-hamburger-70712

10/17/2023, 7:14 PM
With the help of docs and Pulumi's ChatGPT I ended up with
Copy code
random_password_provider = random.RandomPassword(
    random_password_resource_name,
    length=16,
    min_lower=1,
    min_numeric=1,
    min_special=1,
    min_upper=1,
    keepers={
        "engine": engine,
        "instance_class": db_instance_class,
        "username": master_db_username,
    },
)
aws.rds.Instance(
password=random_password_provider.result,
....
)
It's wild guess what may justify regeneration of the password. Is there a better way whereby Pulumi can decide to call the random password provider only when it is creating the
rds.Instance()
?