Daniel Gato
02/18/2022, 4:24 PMMischa Spiegelmock
02/18/2022, 4:34 PM/**
* Generate a database connection string (DSN).
*/
makeDatabaseUrl() {
const dbUsername = this.secret?.secretValueFromJson("username")
const dbPassword = this.secret?.secretValueFromJson("password")
let url = `postgresql://${dbUsername}:${dbPassword}@${this.clusterEndpoint.hostname}/${this.defaultDatabaseName}`
if (this.prismaConnectionLimit) url += `?connection_limit=${this.prismaConnectionLimit}`
return url
}
Daniel Gato
02/18/2022, 4:37 PMMischa Spiegelmock
02/18/2022, 4:37 PMMischa Spiegelmock
02/18/2022, 4:37 PMDaniel Gato
02/18/2022, 4:38 PMMischa Spiegelmock
02/18/2022, 4:39 PMFrank
Daniel Gato
02/18/2022, 5:04 PMDaniel Gato
02/18/2022, 5:09 PMAshishkumar Pandey
02/18/2022, 5:10 PMDaniel Gato
02/18/2022, 9:09 PMAccessDeniedException:
User: arn:aws:sts::855659027122:assumed-role/dg-imac-xxx-core-realtimeLogConsumerServiceRoleC-1DSZ9HPI6CZOD/dg-imac-xxx-core-realtimeLogConsumer1BAE76E4-Dm6cPu8HKwSv
is not authorized to perform:
secretsmanager:GetSecretValue on resource:
arn:aws:secretsmanager:eu-central-1:855659027122:secret:AnalyticsRDSClusterSecretB1-WDS1YQ1WIwbO-rkrJNh because no identity-based policy allows the secretsmanager:GetSecretValue action
The function that is trying to read from the Database is attached to a Kinesis DataStream consumerAshishkumar Pandey
02/18/2022, 9:20 PMDaniel Gato
02/18/2022, 9:25 PMclusterArn
and secretArn
as well as setting the permission to cluster. But still missing secretsmanager:GetSecretValue
Ashishkumar Pandey
02/18/2022, 9:30 PMDaniel Gato
02/18/2022, 9:30 PM'secretsmanager:GetSecretValue',
and it works with itAshishkumar Pandey
02/18/2022, 9:31 PMFrank
secretsmanager:GetSecretValue
should be added automatically.Daniel Gato
02/18/2022, 10:51 PMconst modelsStream = new KinesisStream(this, 'ModelsStream');
// ...
modelsStream.addConsumers(this, {
realtimeLogConsumer: {
function: {
handler: 'src/functions/realtimeLog.main',
environment: {
ANALYTICS_DATABASE_SECRET_ARN: this.analyticsDatabase.secretArn,
ANALYTICS_DATABASE_CLUSTER_ARN: this.analyticsDatabase.clusterArn,
IP_LOOKUP_TABLE_NAME: this.ipLookupTable.tableName,
},
permissions: [
this.analyticsDatabase,
this.ipLookupTable,
'secretsmanager:GetSecretValue',
],
},
},
});
Frank
Daniel Gato
02/19/2022, 12:08 PM