Blogpost: ECS Fargate Secret Usage, RDS part

rds-stack.ts

// file: lib/rds-stack.ts
import * as cdk from "@aws-cdk/core";
import * as ec2 from "@aws-cdk/aws-ec2";
import * as rds from "@aws-cdk/aws-rds";
import { DBCredentials} from "./db-credentials-stack";

export interface RDSStackProps extends cdk.StackProps {
  vpc: ec2.Vpc;
  credentials: DBCredentials;
}

export class RdsStack extends cdk.Stack {
  readonly postgreSQLinstance: rds.DatabaseInstance;
  private vpc: ec2.Vpc;

  constructor(scope: cdk.Construct, id: string, props: RDSStackProps) {
    super(scope, id, props);
    const username = props.credentials.username.secretValue.toString();
    const password = props.credentials.password.secretValue;
    const vpc = props.vpc;

    this.postgreSQLinstance = new rds.DatabaseInstance(this, "Postgres", {
      engine: rds.DatabaseInstanceEngine.POSTGRES,
      vpc: ec2.vpc,
      vpcPlacement: { subnetType: ec2.SubnetType.ISOLATED },
      masterUsername: username,
      masterUserPassword: password,
      // the following lines need to be changed for a REAL prod version
      deletionProtection: false,
      deleteAutomatedBackups: true,
      removalPolicy: cdk.RemovalPolicy.DESTROY,
    });
  }
}