I am creating a JDBC connection in Glue using secrets for username and password. I can see in the console that username is read correctly from the secret, so that's not a concern. Once I edit the details and enter the password in the console, it becomes valid. Is there something wrong with my approach?
glue.CfnConnection(
self,
id="JDBCConnection",
catalog_id=self.account,
connection_input=glue.CfnConnection.ConnectionInputProperty(
name="jdbc_connection",
connection_type="JDBC",
physical_connection_requirements=glue.CfnConnection.PhysicalConnectionRequirementsProperty(
subnet_id=cdk.Fn.import_value("PrivateSubnet1"),
security_group_id_list=[jdbc_connection_security_group.attr_group_id],
),
connection_properties={
"JDBC_CONNECTION_URL": "jdbc:<JDBC_URL>",
"USERNAME": "{{resolve:secretsmanager:jdbc_username}}",
"PASSWORD": "{{resolve:secretsmanager:jdbc_password}}",
},
),
)
In my case, I was missing the SSL and the availability zone. One tool I found useful is using the aws cli to get the information about a previously created (or cdk-created and console updated) valid connections.
$> aws glue get-connection --name <connection-name> --profile <profile-name>
This lists full information about an acceptable (working) connection.
{
"Connection": {
"Name": "<connection-name>",
"Description": "<description>",
"ConnectionType": "JDBC",
"ConnectionProperties": {
"JDBC_CONNECTION_URL": "<full-url>",
"JDBC_ENFORCE_SSL": "false",
"PASSWORD": "<password>",
"USERNAME": "<username>"
},
"PhysicalConnectionRequirements": {
"SubnetId": "<subnet>",
"SecurityGroupIdList": [
"<sec-group>",
"<sec-group>"
],
"AvailabilityZone": "us-west-2a"
},
"CreationTime": "<timestamp-w-tz>",
"LastUpdatedTime": "<timestamp-w-tz>"
}
}
I found out I was missing the ConnectionProperties key JDBC_ENFORNCE_SSL and PhysicalConnectionRequirements key AvailabilityZone.
Once I set them up in the CDK the created connection worked as expected.