AWS Glue使用Cloud Formation创建的JDBC连接未设置密码。

huangapple go评论62阅读模式
英文:

AWS Glue JDBC Connection created using Cloud Formation is not setting the password

问题

如果我创建一个连接到RDS Aurora实例的Glue JDBC连接,连接不会正常工作,出现以下错误:InvalidInputException: 无法解析任何有效的连接。在AWS控制台中检查后,我发现CloudFormation没有设置Glue连接的密码。因此,连接无法正常工作。

以下是创建Glue连接的CloudFormation脚本:

GlueConn:
	Type: "AWS::Glue::Connection"
	Properties:
		CatalogId: 6256161516
		ConnectionInput:
			Name: test-glue-conn
			ConnectionProperties:
				JDBC_CONNECTION_URL: "jdbc:postgresql://..." # 为了安全起见隐藏
				JDBC_ENFORCE_SSL: "false"
				PASSWORD: password
				USERNAME: username
			ConnectionType: JDBC
			Description: "Glue Conn. for SO"
			PhysicalConnectionRequirements:
				AvailabilityZone: us-east-1
				SubnetId: ahbnr9ow3qhjojngovbme # 为了安全起见隐藏
				SecurityGroupIdList:
					- jhwgq9748jhognjmovjo # 为了安全起见隐藏

在遵循https://stackoverflow.com/a/69474820/8992678提供的SO答案后,我在PhysicalConnectionRequirements下添加了AvailabilityZone。此外,我使用了AWS CLI来获取一个工作连接的详细信息,正如SO上建议的那样。

运行AWS CLI以获取Glue连接的详细信息后,我发现AWS在ConnectionProperties下添加了一个新的键KAFKA_SSL_ENABLED: "false"。尽管在AWS控制台中编辑此连接时我尚不能看到密码,但我能够将早期的错误解决为新的错误消息Failed to test connection test-conn due to FAILED status.,后来在一些后续测试中导致了Network error

英文:

If I create a Glue JDBC connection to a RDS Aurora instance, the connection does not work with the following error: InvalidInputException: Unable to resolve any valid connection. After checking it in AWS Console, I found that the password for the Glue Connection is not getting set by CloudFormation. And so, the connection does not work.

Here's the CloudFormation script to create the Glue Connection:

GlueConn:
	Type: "AWS::Glue::Connection"
	Properties:
		CatalogId: 6256161516
		ConnectionInput:
			Name: test-glue-conn
			ConnectionProperties:
				JDBC_CONNECTION_URL: "jdbc:postgresql://..." # Hidden for security
				JDBC_ENFORCE_SSL: "false"
				PASSWORD: password
				USERNAME: username
			ConnectionType: JDBC
			Description: "Glue Conn. for SO"
			PhysicalConnectionRequirements:
				AvailabilityZone: us-east-1
				SubnetId: ahbnr9ow3qhjojngovbme # Hidden for security
				SecurityGroupIdList:
					- jhwgq9748jhognjmovjo # Hidden for security

After following a SO answer given at https://stackoverflow.com/a/69474820/8992678, I added AvailabilityZone under PhysicalConnectionRequirements. Also, I used AWS CLI to get the details of a working connection as suggested on SO.

After running AWS CLI to get the details of a Glue Connection, I found that AWS was adding a new key KAFKA_SSL_ENABLED: "false" under ConnectionProperties. Though I could not see the password yet in AWS Console if I edit this connection, I was able to resolve the earlier error to a new error message Failed to test connection test-conn due to FAILED status., which later resulted in Network error on some later tests.

答案1

得分: 1

我猜测CloudFormation无法正确创建JDBC的Glue连接;也许这是AWS团队需要解决的新旧问题。我将提出一个AWS支持工单来解决这个问题;在听取他们的回复后,我会更新这个答案。

临时解决方案:与此同时,如果我使用AWS CLI创建或更新Glue连接,并使用相同的详细信息(包括密码),那么它可以正常工作。因此,我打算在CloudFormation脚本后添加一个额外的步骤,作为临时解决方案来运行AWS CLI,直到CloudFormation更好地支持它。

英文:

I guess CloudFormation cannot create a Glue Connection for JDBC correctly; maybe it's a new or old bug AWS team to work on. I will raise an AWS Support ticket regarding this issue; will update this answer after hearing from them.

Temporary solution: Meanwhile, If I create or update the Glue Connection using AWS CLI with the same details (including the password), then it works. So, I am going to add an additional step in CI/CD to run AWS CLI after the CloudFormation script as a temporary workaround until CloudFormation supports it better.

huangapple
  • 本文由 发表于 2023年5月15日 13:56:38
  • 转载请务必保留本文链接:https://go.coder-hub.com/76251216.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定