I'm trying to set up AWS Glue to read from a RDS Postgres using CloudFormation. In order to do that I need to create a crawler using the JdbcTarget option. (Or do I not?)
Records:
Type: 'AWS::Glue::Crawler'
Properties:
DatabaseName: transact
Targets:
JdbcTargets:
- Path: "jdbc:postgresql://host:5432/database"
Role: !Ref ETLAgent
But creating the stack on CloudFormation wil fail with:
CREATE_FAILED | AWS::Glue::Crawler | Records | Connection name cannot be equal to null or empty. (Service: AWSGlue; Status Code: 400; Error Code: InvalidInputException;
Even though the docs say:
ConnectionName
The name of the connection to use for the JDBC target.
Required: No
What is the correct AWS Glue setup using CloudFormation that will allow me to read from RDS?
You're really missing the ConnectionName property, which should carry the name of connection resource which you're missing. The Path property you're setting is used to select the schemas/tables to crawl (dbname/%/% to include all). Consult CloudFormation docs on Crawler JDBCTarget for details.
Your template should look something like
MyDbConnection:
Type: "AWS::Glue::Connection"
Properties:
CatalogId: !Ref 'AWS::AccountId'
ConnectionInput:
Description: "JDBC Connection to my RDS DB"
PhysicalConnectionRequirements:
AvailabilityZone: "eu-central-1a"
SecurityGroupIdList:
- my-sec-group-id
SubnetId: my-subnet-id
ConnectionType: "JDBC"
ConnectionProperties:
"JDBC_CONNECTION_URL": "jdbc:postgresql://host:5432/database"
"USERNAME": "my-db-username"
"PASSWORD": "my-password"
Records:
Type: 'AWS::Glue::Crawler'
Properties:
DatabaseName: transact
Targets:
JdbcTargets:
- ConnectionName: !Ref MyDbConnection
Path: "database/%/%"
Role: !Ref ETLAgent
Related
I am trying to create a Document Db connection in Glue Cloudformation with secret manager dynamic reference
({{resolve:secretsmanager:${DBSecretManagerArn}:SecretString:username}})
During build there is no evaluation failure but before the job finishes it failed - An error occurred (ValidationError) when calling the UpdateStack operation: Given input did not match expected format. I haven't found much documentation online. Can someone please guide if you have faced such issues.
Some-Name:
Type: AWS::Glue::Connection
Properties:
CatalogId: !Ref AWS::AccountId
ConnectionInput:
Name: connection
Description: "Document DB database."
ConnectionType: MONGODB
ConnectionProperties:
CONNECTION_URL: !Ref ConnectionUri
USERNAME: !Sub '{{resolve:secretsmanager:${DBSecretManagerArn}:SecretString:username}}'
PASSWORD: !Ref Password
JDBC_ENFORCE_SSL: false
PhysicalConnectionRequirements:
AvailabilityZone: !Select
- 0
- Fn::GetAZs: !Ref 'AWS::Region'
SecurityGroupIdList:
- sg-some
SubnetId: !ImportValue some-value
I want to create a simple rds proxy. I use the attached cloudformation template. However aws cannot create resource "AWS::RDS::DBProxyTargetGroup". The error info is not enough for debugging: "Resource timed out waiting for completion". Please anyone provide me anwser?
Target group was created, but info was not updated in cloudformation event
rds_proxy_console
CF_event
failed event
Resources:
RDSProxy:
Type: "AWS::RDS::DBProxy"
Properties:
Auth:
- AuthScheme: SECRETS
IAMAuth: DISABLED
SecretArn: !Sub "arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:${SecretsManagerName}"
DBProxyName: !Ref ProxyName
EngineFamily: !Ref ProxyEngineFamily
RoleArn: !GetAtt SecretsManagerRole.Arn
VpcSecurityGroupIds: !Ref ProxyVpcSecurityGroupIds
VpcSubnetIds: !Ref ProxyVpcSubnetIds
RDSProxyTargetGroup:
Type: "AWS::RDS::DBProxyTargetGroup"
Properties:
DBClusterIdentifiers: !Ref ProxyTargetDBClusterIdentifiers
DBProxyName: !Ref RDSProxy
TargetGroupName: default
I am trying to create the glue security configuration using cloudformation script but I am getting the following error:
Property validation failure: [Value of property {/EncryptionConfiguration/S3Encryptions} does not match type {Array}]
What is the right way to give the S3encryption?
AWSTemplateFormatVersion: 2010-09-09
Description: Script creates resources for GlueSecurityConfiguration
Resources:
GlueSecurityConfiguration:
Type: AWS::Glue::SecurityConfiguration
Properties:
EncryptionConfiguration:
S3Encryptions:
KmsKeyArn: !Ref KMSArn
S3EncryptionMode: SSE-KMS
JobBookmarksEncryption:
KmsKeyArn: !Ref KMSArn
CloudWatchEncryption:
KmsKeyArn: !Ref KMSArn
Name: !Sub '${SystemValue}-${SubSystemValue}'
I think it should be
- KmsKeyArn: !Ref KMSArn
S3EncryptionMode: SSE-KMS
since S3Encryptions expects an array.
I have AWS SAM template, part of which looks like this:
# .......
InternalApiKey:
Type: AWS::ApiGateway::ApiKey
Properties:
Enabled: true
Name: !Sub internal_api_key_${Env}
Value: !Ref InternalApiKeyValue
StageKeys:
- RestApiId: !Ref ServerlessRestApi
StageName: Prod
InternalUsagePlan:
Type: AWS::ApiGateway::UsagePlan
Properties:
ApiStages:
- ApiId: !Ref ServerlessRestApi
Stage: Prod
InternalUsagePlanKey:
Type: AWS::ApiGateway::UsagePlanKey
Properties:
KeyId: !Ref InternalApiKey
KeyType: API_KEY
UsagePlanId: !Ref InternalUsagePlan
#......
Deploying this template as two distinct application (CloudFormation stack) with sam deploy --stack-name=stack-a and sam deploy --stack-name=stack-b fails with the following error even when api key names are different:
API Key already exists (Service: AmazonApiGateway; Status Code: 409; Error Code: ConflictException; Request ID:
redacted; Proxy:
null)
How can I deploy two stacks from this template?
A different key value and your problem will go away. So if you are setting the api key value yourself ensure they are unique. Not sure why that's a constraint between different stages.
Do you really have to provide a value for your key? It's an optional parameter. You can remove it from your template and AWS will generate a unique key for you in each deployment.
I am trying to create a database on glue using cloud formation but it fails with the below error. Am I missing something?
Property validation failure: [The property {/DatabaseInput} is required, The property {/CatalogId} is required]
This is how my template code block looks like
GlueDatabase:
Type: AWS::Glue::Database
Properties:
CatalogId: !Ref AWS::AccountId
DatabaseInput: !Ref TeamName
According to the docs the DatabaseInput should have the following structure:
GlueDatabase:
Type: AWS::Glue::Database
Properties:
CatalogId: !Ref AWS::AccountId
DatabaseInput:
Description: String
LocationUri: String
Name: String
Parameters: Json
Thus the question is, what TeamName is in your tempalte?