amazon-web-servicesaws-cloudformationaws-glue

AWS Glue JDBC Connection created using Cloud Formation is not setting the password

If I create a Glue JDBC connection to a RDS Aurora instance, the connection does not work with the following error: InvalidInputException: Unable to resolve any valid connection. After checking it in AWS Console, I found that the password for the Glue Connection is not getting set by CloudFormation. And so, the connection does not work.

Here's the CloudFormation script to create the Glue Connection:

GlueConn:
    Type: "AWS::Glue::Connection"
    Properties:
        CatalogId: 6256161516
        ConnectionInput:
            Name: test-glue-conn
            ConnectionProperties:
                JDBC_CONNECTION_URL: "jdbc:postgresql://..." # Hidden for security
                JDBC_ENFORCE_SSL: "false"
                PASSWORD: password
                USERNAME: username
            ConnectionType: JDBC
            Description: "Glue Conn. for SO"
            PhysicalConnectionRequirements:
                AvailabilityZone: us-east-1
                SubnetId: ahbnr9ow3qhjojngovbme # Hidden for security
                SecurityGroupIdList:
                    - jhwgq9748jhognjmovjo # Hidden for security

After following a SO answer given at https://stackoverflow.com/a/69474820/8992678, I added AvailabilityZone under PhysicalConnectionRequirements. Also, I used AWS CLI to get the details of a working connection as suggested on SO.

After running AWS CLI to get the details of a Glue Connection, I found that AWS was adding a new key KAFKA_SSL_ENABLED: "false" under ConnectionProperties. Though I could not see the password yet in AWS Console if I edit this connection, I was able to resolve the earlier error to a new error message Failed to test connection test-conn due to FAILED status., which later resulted in Network error on some later tests.

Solution

  • I guess CloudFormation cannot create a Glue Connection for JDBC correctly; maybe it's a new or old bug AWS team to work on. I will raise an AWS Support ticket regarding this issue; will update this answer after hearing from them.

    Temporary solution: Meanwhile, If I create or update the Glue Connection using AWS CLI with the same details (including the password), then it works. So, I am going to add an additional step in CI/CD to run AWS CLI after the CloudFormation script as a temporary workaround until CloudFormation supports it better.