aws-rds: Imported Database Cluster cannot grant data API access

[TonySherman]

Describe the bug

I am having the same issue as #30676 that was previously closed.

I am looking up a RDS Database Cluster to use as an AppSync datasource. The RDS Cluster does have Data API enabled and I can add it as a datasource in the AppSync console, however when I add the RDS datasource via cdk, I get the error:
RuntimeError: Error: Cannot grant Data API access when the Data API is disabled

Regression Issue

• Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

I should be able add a RDS datasource to an AppSync API by using the fromDatabaseClusterAttributes function.

Current Behavior

Error is thrown:
RuntimeError: Error: Cannot grant Data API access when the Data API is disabled

Reproduction Steps

# look up cluster
cluster = aws_rds.DatabaseCluster.from_database_cluster_attributes(
            self,
            'cluster',
            cluster_identifier='my-cluster',
        )

# add cluster as AppSync datasource
graph_api.add_rds_datasource(
            'rds-datasource',
            serverless_cluster=cluster,
            secret_store=my_secret,
        )

Possible Solution

No response

Additional Information/Context

#30676 explains this issue very well and what is causing it.

CDK CLI Version

2.151.0 (build b8289e2

Framework Version

No response

Node.js Version

v18.17.1

OS

MacOS

Language

Python

Language Version

Python 3.9

Other information

No response

[TonySherman]

@rahuldeverani curious if you were able to resolve this issue or how you worked around it (referring to #30676).

[TonySherman]

I was able to deploy a RDS datasource by using aws_appsync.CfnDataSource and creating a role manually with the data api permissions.

[TonySherman]

I've created an example repo to reproduce the issue that I'm seeing: https:/TonySherman/cdk-rds-appsync-example/tree/main

[xanderhades]

@ashishdhingra I'm having the same problem

The details in the previous github issue seem to be a good lead

This seems to be occurring due to this: https:/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/cluster.ts#L524 as imported cluster : https:/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/cluster.ts#L1065C16-L1065C39 will have enableDataApi set as false: https:/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/cluster.ts#L983

[ashishdhingra]

Reproducible. DatabaseCluster.fromDatabaseClusterAttributes() returns a new instance of ImportedDatabaseCluster. It doesn't appear to make any context lookup calls similar to what is mentioned at Context methods. So unsure DatabaseCluster.fromDatabaseClusterAttributes() could effectively be used for this scenario.

[TonySherman]

@kwwendt was able to provide another method of importing a cluster by using rds.ServerlessCluster.from_serverless_cluster_attributes . So it's possible this issue could be closed, however, a lot of the AppSync rds datasource examples use rds.ServerlessCluster as the example datasource. Maybe those should be updated?

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.