Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement: Request: Add support for RDS Proxy Target Groups #8159

Open
jrindy-iterable opened this issue Sep 26, 2024 · 0 comments
Open

Enhancement: Request: Add support for RDS Proxy Target Groups #8159

jrindy-iterable opened this issue Sep 26, 2024 · 0 comments
Labels
enhancement

Comments

@jrindy-iterable
Copy link

Request

It would be great if Moto added support for db proxy target groups. According to the RDS feature list it is missing both the describe and modify action: [ ] describe_db_proxy_target_groups & [] modify_db_proxy_target_group. Using the following code, Terraform eventually times out after a long while and gives the following error:

# Error
│ Error: updating RDS DB Proxy Default Target Group (testdb): operation error RDS: ModifyDBProxyTargetGroup, exceeded maximum number of attempts, 25, https response error StatusCode: 500, RequestID: , error while deserializing xml error response: XML syntax error on line 2: unquoted or missing attribute value in element
│ 
│   with aws_db_proxy_default_target_group.main,
│   on rds.tf line 30, in resource "aws_db_proxy_default_target_group" "main":
│   30: resource "aws_db_proxy_default_target_group" "main" {

Thank you!

Reproduction

providers.tf

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
}

provider "aws" {
  region                      = "us-east-1"
  s3_use_path_style           = true
  skip_credentials_validation = true
  skip_metadata_api_check     = true
  skip_requesting_account_id  = true

  endpoints {
    ec2            = "http://localhost:5000"
    iam            = "http://localhost:5000"
    rds            = "http://localhost:5000"
    secretsmanager = "http://localhost:5000"
  }

  access_key = "my-access-key"
  secret_key = "my-secret-key"
}

rds-prereqs.tf

data "aws_vpc" "default" {
  default = true
}

data "aws_subnets" "all" {
  filter {
    name   = "vpc-id"
    values = [data.aws_vpc.default.id]
  }
}

resource "random_string" "this" {
  length  = 4
  special = false
  upper   = false
}

resource "aws_secretsmanager_secret" "test" {
  name = "rds/test/test_admin"
}

resource "aws_secretsmanager_secret_version" "test" {
  secret_id = aws_secretsmanager_secret.test.id
  secret_string = jsonencode({
    username = "test_admin"
    password = "${random_string.this.result}"
  })
}

data "aws_iam_policy_document" "rds_trust_policy" {
  statement {
    effect = "Allow"

    principals {
      type        = "Service"
      identifiers = ["rds.amazonaws.com"]
    }

    actions = [
      "sts:AssumeRole",
    ]
  }
}

resource "aws_iam_role" "proxy" {
  assume_role_policy = data.aws_iam_policy_document.rds_trust_policy.json
  name               = "rds-proxy-${aws_db_instance.test.db_name}"
}

rds.tf

resource "aws_db_instance" "test" {
  allocated_storage   = 10
  db_name             = "testdb"
  engine              = "postgres"
  engine_version      = "15"
  instance_class      = "db.t3.micro"
  username            = "test"
  password            = random_string.this.result
  skip_final_snapshot = true
}

resource "aws_db_proxy" "main" {
  name                   = aws_db_instance.test.db_name
  debug_logging          = false
  engine_family          = "POSTGRESQL"
  idle_client_timeout    = 1800
  require_tls            = true
  role_arn               = aws_iam_role.proxy.arn
  vpc_security_group_ids = []
  vpc_subnet_ids         = data.aws_subnets.all.ids

  auth {
    auth_scheme = "SECRETS"
    description = "Secrets through IAM Authentication"
    iam_auth    = "REQUIRED"
    secret_arn  = aws_secretsmanager_secret.test.arn
  }
}

resource "aws_db_proxy_default_target_group" "main" {
  db_proxy_name = aws_db_proxy.main.name

  connection_pool_config {
    connection_borrow_timeout    = 120
    max_connections_percent      = 100
    max_idle_connections_percent = 50
    session_pinning_filters      = ["EXCLUDE_VARIABLE_SETS"]
  }
}

resource "aws_db_proxy_target" "main" {
  db_instance_identifier = aws_db_instance.test.identifier
  db_proxy_name          = aws_db_proxy.main.name
  target_group_name      = aws_db_proxy_default_target_group.main.name
}

Expectation

It would be exceptional if I could create an aws_db_proxy_default_target_group and aws_db_proxy_target with Terraform using Moto to mock AWS for testing purposes for code utilizing these resources. Thanks again!

Current Setup

A very basic docker-compose.yml file:

  moto-server:
    image: motoserver/moto:latest
    ports:
      - 5000:5000
    environment:
      - MOTO_IAM_LOAD_MANAGED_POLICIES=true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bblommers @jrindy-iterable