From eaf0f51c1c7569fc73562f86a96f3cde048c114b Mon Sep 17 00:00:00 2001 From: Juho Makinen Date: Thu, 28 Nov 2024 18:09:52 +1100 Subject: [PATCH 1/2] fix: enable IAM auth in the CF --- cmd/ftl-provisioner-cloudformation/postgres.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/cmd/ftl-provisioner-cloudformation/postgres.go b/cmd/ftl-provisioner-cloudformation/postgres.go index 0367c518eb..fb7866b275 100644 --- a/cmd/ftl-provisioner-cloudformation/postgres.go +++ b/cmd/ftl-provisioner-cloudformation/postgres.go @@ -27,13 +27,14 @@ func (p *PostgresTemplater) AddToTemplate(template *goformation.Template) error clusterID := cloudformationResourceID(p.resourceID, "cluster") instanceID := cloudformationResourceID(p.resourceID, "instance") template.Resources[clusterID] = &rds.DBCluster{ - Engine: ptr("aurora-postgresql"), - MasterUsername: ptr("root"), - ManageMasterUserPassword: ptr(true), - DBSubnetGroupName: ptr(p.config.DatabaseSubnetGroupARN), - VpcSecurityGroupIds: []string{p.config.DatabaseSecurityGroup}, - EngineMode: ptr("provisioned"), - Port: ptr(5432), + Engine: ptr("aurora-postgresql"), + MasterUsername: ptr("root"), + ManageMasterUserPassword: ptr(true), + DBSubnetGroupName: ptr(p.config.DatabaseSubnetGroupARN), + VpcSecurityGroupIds: []string{p.config.DatabaseSecurityGroup}, + EngineMode: ptr("provisioned"), + Port: ptr(5432), + EnableIAMDatabaseAuthentication: ptr(true), ServerlessV2ScalingConfiguration: &rds.DBCluster_ServerlessV2ScalingConfiguration{ MinCapacity: ptr(0.5), MaxCapacity: ptr(10.0), From c2de70b6677f27334828c564225f0f2446712b3b Mon Sep 17 00:00:00 2001 From: Juho Makinen Date: Thu, 28 Nov 2024 18:14:39 +1100 Subject: [PATCH 2/2] fix: fix grant --- cmd/ftl-provisioner-cloudformation/postgres.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/ftl-provisioner-cloudformation/postgres.go b/cmd/ftl-provisioner-cloudformation/postgres.go index fb7866b275..774960e2ea 100644 --- a/cmd/ftl-provisioner-cloudformation/postgres.go +++ b/cmd/ftl-provisioner-cloudformation/postgres.go @@ -93,7 +93,7 @@ func PostgresPostUpdate(ctx context.Context, secrets *secretsmanager.Client, byN return fmt.Errorf("failed to create database: %w", err) } } - if _, err := db.ExecContext(ctx, "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ftluser;"); err != nil { + if _, err := db.ExecContext(ctx, "GRANT ALL ON SCHEMA public TO ftluser; GRANT ALL PRIVILEGES ON DATABASE "+resourceID+" TO ftluser;"); err != nil { return fmt.Errorf("failed to grant FTL user privileges: %w", err) } }