aloof-tailor-28919
06/24/2022, 11:19 PMrds_certificate = acmpca.Certificate(
'my_rds_certificate',
certificate_authority_arn=certificate_authority.arn,
certificate_signing_request=certificate_authority.certificate_signing_request,
signing_algorithm=CERTIFICATE_SIGNING_ALGORITHM,
template_arn='arn:aws:acm-pca:::template/EndEntityCertificate/V1',
validity=acmpca.CertificateValidityArgs(type='YEARS', value=RDS_CERTIFICATE_VALIDITY_IN_YEARS),
opts=ResourceOptions(depends_on=[certificate_authority_certificate]),
)
As far as I can tell, step two works - I don't get any errors when running it.
My third step is to try to attach that rds_certificate to a ClusterInstance, which looks like this:
reporting_instance = ClusterInstance(
'clusterinstance-initial',
identifier='clusterinstance-initial',
cluster_identifier=reporting_cluster.id,
instance_class=REPORTING_WRITER_INSTANCE_CLASS,
engine=reporting_cluster.engine,
engine_version=reporting_cluster.engine_version,
performance_insights_enabled=PERFORMANCE_INSIGHTS_ENABLED,
apply_immediately=True,
ca_cert_identifier=rds_certificate.id,
)
That's where my code fails. I can create the ClusterInstance if I don't include the final parameter, ca_cert_identifier. When I try the above code, I get this error: "InvalidParameterValue: The parameter CertificateIdentifier is not a valid identifier because it is longer than 63 characters."
Now, the id value is definitely longer than 63 characters - in fact, it's 142 characters. That's not abnormal for an id value.
I am not sure whether I should be passing some other value instead of rds_certificate.id?
I tried the Certificate "name" property but that did not work, and neither did the "certificate" property. Everything I can find via searching the web refers to using this parameter in Terraform, where the id value is a value such as 'rds-ca-2017'. However, id values in Pulumi are not so short!
Has anyone used the ca_cert_identifier parameter successfully? I would love any advice. Thanks!billowy-army-68599
06/29/2022, 5:15 PMrds_certificate.name
not the idaloof-tailor-28919
06/29/2022, 5:16 PMbillowy-army-68599
06/29/2022, 5:16 PMaloof-tailor-28919
06/29/2022, 5:24 PM# Certificate Authority for setting up SSL/TLS
certificate_authority = acmpca.CertificateAuthority(
'dataplatform_certificate_authority',
certificate_authority_configuration=acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs(
key_algorithm=CERTIFICATE_KEY_ALGORITHM,
signing_algorithm=CERTIFICATE_SIGNING_ALGORITHM,
subject=acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs(
common_name=CERTIFICATE_AUTHORITY_SUBJECT,
),
),
permanent_deletion_time_in_days=CERTIFICATE_AUTHORITY_PERMANENT_DELETION_IN_DAYS,
type='ROOT',
)
# Create self-signed root certificate for Certificate Authority
certificate_authority_root_certificate = acmpca.Certificate(
'dataplatform_ca_root_certificate',
certificate_authority_arn=certificate_authority.arn,
certificate_signing_request=certificate_authority.certificate_signing_request,
signing_algorithm=CERTIFICATE_SIGNING_ALGORITHM,
template_arn='arn:aws:acm-pca:::template/RootCACertificate/V1',
validity=acmpca.CertificateValidityArgs(
type='YEARS', value=ROOT_CERTIFICATE_VALIDITY_IN_YEARS
),
)
certificate_authority_certificate = acmpca.CertificateAuthorityCertificate(
'dataplatform_ca_certificate',
certificate_authority_arn=certificate_authority.arn,
certificate=certificate_authority_root_certificate.certificate,
certificate_chain=certificate_authority_root_certificate.certificate_chain,
)
# Certificate for database
rds_certificate = acmpca.Certificate(
'dataplatform-rds-certificate',
certificate_authority_arn=certificate_authority.arn,
certificate_signing_request=certificate_authority.certificate_signing_request,
signing_algorithm=CERTIFICATE_SIGNING_ALGORITHM,
template_arn='arn:aws:acm-pca:::template/EndEntityCertificate/V1',
validity=acmpca.CertificateValidityArgs(
type='YEARS', value=RDS_CERTIFICATE_VALIDITY_IN_YEARS
),
opts=ResourceOptions(depends_on=[certificate_authority_certificate]),
)
reporting_cluster = Cluster(
'dataplatform-reportingcluster',
engine=REPORTING_ENGINE,
engine_version=REPORTING_ENGINE_VERSION,
database_name='reportingstore',
cluster_identifier=f'dataplatform-reportingcluster',
master_password=REPORTING_PASSWORD,
master_username=REPORTING_USERNAME,
db_subnet_group_name=reporting_subnet_group.name,
deletion_protection=STORAGE_DELETION_PROTECTION,
skip_final_snapshot=SKIP_SNAPSHOTS,
vpc_security_group_ids=[reporting_cluster_security_group.id],
db_cluster_parameter_group_name=reporting_cluster_parameter_group.name,
enabled_cloudwatch_logs_exports=['postgresql'],
allow_major_version_upgrade=True,
apply_immediately=True,
preferred_maintenance_window=REPORTINGSTORE_MAINTENANCE_WINDOW,
kms_key_id=secret_key.arn,
storage_encrypted=True,
)
# writer instance
reporting_instance = ClusterInstance(
'dataplatform-initial',
identifier='dataplatform-initial',
cluster_identifier=reporting_cluster.id,
instance_class=REPORTING_WRITER_INSTANCE_CLASS,
engine=reporting_cluster.engine,
engine_version=reporting_cluster.engine_version,
performance_insights_enabled=REPORTINGSTORE_PERFORMANCE_INSIGHTS_ENABLED,
apply_immediately=True,
ca_cert_identifier='dataplatform-rds-certificate',
opts=ResourceOptions(depends_on=[rds_certificate]),
)
billowy-army-68599
06/29/2022, 6:10 PMaloof-tailor-28919
06/29/2022, 6:14 PMbillowy-army-68599
06/29/2022, 6:16 PMaloof-tailor-28919
06/29/2022, 6:21 PMtemplate_arn='arn:aws:acm-pca:::template/EndEntityCertificate/V1'
to attach to the ClusterInstanceerror modifying RDS Cluster Instance (dataplatform-initial): CertificateNotFound: Certificate not found: dataplatform-ca-certificate
billowy-army-68599
06/29/2022, 6:34 PMaloof-tailor-28919
06/29/2022, 6:35 PM