I successfully created an RDS instance and am able to connec Pulumi Community #getting-started

I successfully created an RDS instance and am able...

creamy-hamburger-70712

10/17/2023, 2:39 PM

I successfully created an RDS instance and am able to connect to it. Now I want to create a non-admin database role and a database owned by that role from pulumi. Once this is in place I intend to use Alembic to initialise my DB instance. There is a package that looks like the one that will do what I need, https://pypi.org/project/pulumi-postgresql/. It requires a number of config values to be set. Some of these values such as password or host url are created dynamically when the RDS instance is created. How can I set these config variables (

postgresql:host

etc) dynamically from Python code?

billowy-army-68599

10/17/2023, 2:43 PM

you need to create a provider, which language are you using?

billowy-army-68599

10/17/2023, 2:45 PM

ah, looks like python:

Copy code

database = aws.rds.Instance(
            f"my-db",
    # other options here
        )

db_provider = postgresql.Provider(
    "rds-db",
    host=database.address,
    port=database.port,
    username=database.username,
    password=database.password,
)

billowy-army-68599

10/17/2023, 2:47 PM

then once you’ve done that, pass the provider to the role, eg;

Copy code

postgres_db = postgresql.Database(
    "thedb",
    name="an internal db"
    owner=database.username,
    opts=pulumi.ResourceOptions(provider=db_provider, parent=db_provider),
)

creamy-hamburger-70712

10/17/2023, 2:52 PM

That looks much more sensible than the mess I've been gluing together 🙂 Let me try.

creamy-hamburger-70712

10/17/2023, 3:07 PM

While I am doing this, I notice a quirk in my code. I create a random password for the db master user with

aws.secretsmanager.get_random_password()

and the feed this value to

aws.rds.Instance(password=random_password.random_password)

The undesired side effect is that the password is re-generated every time i run

pulumi up

needlessly increasing my wait time. Is there a way to say "only generate a random password if the instance is being created but leave it unchanged otherwise"?

billowy-army-68599

10/17/2023, 3:41 PM

I’d use the pulumi-random provider for that instead

creamy-hamburger-70712

10/17/2023, 7:14 PM

With the help of docs and Pulumi's ChatGPT I ended up with

Copy code

random_password_provider = random.RandomPassword(
    random_password_resource_name,
    length=16,
    min_lower=1,
    min_numeric=1,
    min_special=1,
    min_upper=1,
    keepers={
        "engine": engine,
        "instance_class": db_instance_class,
        "username": master_db_username,
    },
)
aws.rds.Instance(
password=random_password_provider.result,
....
)

It's wild guess what may justify regeneration of the password. Is there a better way whereby Pulumi can decide to call the random password provider only when it is creating the

rds.Instance()

Open in Slack

Previous Next