https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# python
s
This message was deleted.
b
@aloof-tailor-28919 i believe you need to use 
rds_certificate.name
not the id
a
Thank you for responding! Unfortunately, I tried the Certificate "name" property but that did not work, and neither did the "certificate" property. However, I will go and try it again!
b
what error did you get?
are you able to post the full code?
a
To be more specific, the Certificate resource does not appear to have a "name" property per documentation at https://www.pulumi.com/registry/packages/aws/api-docs/acmpca/certificate/ So unsurprisingly, I got the error AttributeError: 'Certificate' object has no attribute 'name'
There is an input parameter resource_name, but trying to use that causes the error AttributeError: 'Certificate' object has no attribute 'resource_name'
Additionally, I tried passing the string that was used as the resource_name input. That didn't work either. I'll share the code:
# Certificate Authority for setting up SSL/TLS
certificate_authority = acmpca.CertificateAuthority(
'dataplatform_certificate_authority',
certificate_authority_configuration=acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs(
key_algorithm=CERTIFICATE_KEY_ALGORITHM,
signing_algorithm=CERTIFICATE_SIGNING_ALGORITHM,
subject=acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs(
common_name=CERTIFICATE_AUTHORITY_SUBJECT,
),
),
permanent_deletion_time_in_days=CERTIFICATE_AUTHORITY_PERMANENT_DELETION_IN_DAYS,
type='ROOT',
)
# Create self-signed root certificate for Certificate Authority
certificate_authority_root_certificate = acmpca.Certificate(
'dataplatform_ca_root_certificate',
certificate_authority_arn=certificate_authority.arn,
certificate_signing_request=certificate_authority.certificate_signing_request,
signing_algorithm=CERTIFICATE_SIGNING_ALGORITHM,
template_arn='arn:aws:acm-pca:::template/RootCACertificate/V1',
validity=acmpca.CertificateValidityArgs(
type='YEARS', value=ROOT_CERTIFICATE_VALIDITY_IN_YEARS
),
)
certificate_authority_certificate = acmpca.CertificateAuthorityCertificate(
'dataplatform_ca_certificate',
certificate_authority_arn=certificate_authority.arn,
certificate=certificate_authority_root_certificate.certificate,
certificate_chain=certificate_authority_root_certificate.certificate_chain,
)
# Certificate for database
rds_certificate = acmpca.Certificate(
'dataplatform-rds-certificate',
certificate_authority_arn=certificate_authority.arn,
certificate_signing_request=certificate_authority.certificate_signing_request,
signing_algorithm=CERTIFICATE_SIGNING_ALGORITHM,
template_arn='arn:aws:acm-pca:::template/EndEntityCertificate/V1',
validity=acmpca.CertificateValidityArgs(
type='YEARS', value=RDS_CERTIFICATE_VALIDITY_IN_YEARS
),
opts=ResourceOptions(depends_on=[certificate_authority_certificate]),
)
reporting_cluster = Cluster(
'dataplatform-reportingcluster',
engine=REPORTING_ENGINE,
engine_version=REPORTING_ENGINE_VERSION,
database_name='reportingstore',
cluster_identifier=f'dataplatform-reportingcluster',
master_password=REPORTING_PASSWORD,
master_username=REPORTING_USERNAME,
db_subnet_group_name=reporting_subnet_group.name,
deletion_protection=STORAGE_DELETION_PROTECTION,
skip_final_snapshot=SKIP_SNAPSHOTS,
vpc_security_group_ids=[reporting_cluster_security_group.id],
db_cluster_parameter_group_name=reporting_cluster_parameter_group.name,
enabled_cloudwatch_logs_exports=['postgresql'],
allow_major_version_upgrade=True,
apply_immediately=True,
preferred_maintenance_window=REPORTINGSTORE_MAINTENANCE_WINDOW,
kms_key_id=secret_key.arn,
storage_encrypted=True,
)
# writer instance
reporting_instance = ClusterInstance(
'dataplatform-initial',
identifier='dataplatform-initial',
cluster_identifier=reporting_cluster.id,
instance_class=REPORTING_WRITER_INSTANCE_CLASS,
engine=reporting_cluster.engine,
engine_version=reporting_cluster.engine_version,
performance_insights_enabled=REPORTINGSTORE_PERFORMANCE_INSIGHTS_ENABLED,
apply_immediately=True,
ca_cert_identifier='dataplatform-rds-certificate',
opts=ResourceOptions(depends_on=[rds_certificate]),
)
That caused the error "error modifying RDS Cluster Instance (dataplatform-initial): CertificateNotFound: Certificate not found: dataplatform-rds-certificate" @billowy-army-68599
b
i cant find any ecidence thus works with terraform either...
you're poistive its supported?
a
b
ah, why are you passing the signed certificate to the ca_cert_identifier? shouldn't that be the certificate_authority_certificate name you pass?
in the stackoverflow example you shared, they're just hardcoding the string for the name...
not passing an output to an inout
a
Agreed about the stackoverflow example. That's why I tried passing the string 'dataplatform-rds-certificate'.
"why are you passing the signed certificate to the ca_cert_identifier? shouldn't that be the certificate_authority_certificate name you pass?" I thought I needed a certificate created with 
template_arn='arn:aws:acm-pca:::template/EndEntityCertificate/V1'
to attach to the ClusterInstance
I just tried changing the certificate_authority_certificate resource_name to 'dataplatform-ca-certificate' and passing that same string to ca_cert_identifier. That produced a similar error, 
error modifying RDS Cluster Instance (dataplatform-initial): CertificateNotFound: Certificate not found: dataplatform-ca-certificate
b
I will have to try find some time to become familiar with this, I'm afraid. You shouldn't need to pass any strings around at all
a
Thank you for offering to help. Passing strings instead of a property seems un-Pulumi-like
13 Views
Open in Slack
PreviousNext
Powered by