Description
Describe the bug
When using AuroraMysqlEngineVersion.of(...) instead of AuroraMysqlEngineVersion.VER_3_07_1, the s3ExportBuckets feature produces an incorrect CloudFormation configuration.
Specifically, the DBClusterParameterGroup gets an unexpected difference:
• AuroraMysqlEngineVersion.of(...) adds .aurora_select_into_s3_role
• AuroraMysqlEngineVersion.VER_3_07_1 adds .aws_default_s3_role
This affects the behavior of S3 export functionality and results in inconsistent CloudFormation stacks.
This issue appears related to Issue #19735.
Regression Issue
- Select this option if this issue appears to be a regression.
Last Known Working CDK Version
No response
Expected Behavior
When specifying the engine version with AuroraMysqlEngineVersion.of(...), the s3ExportBuckets behavior should be the same as when using AuroraMysqlEngineVersion.VER_3_07_1.
Additionally, the DBClusterParameterGroup should have the same parameters, ensuring consistency.
Current Behavior
Using AuroraMysqlEngineVersion.of("8.0.mysql_aurora.3.07.1", "8.0") results in the following incorrect CloudFormation diff:
Resources
[+] AWS::S3::Bucket sampleBucket sampleBucket14E4F90B
[~] AWS::RDS::DBClusterParameterGroup sampleParameterGroup sampleParameterGroup4231F25B
└─ [~] Parameters
└─ [+] Added: .aurora_select_into_s3_role <-- INCORRECTHowever, when using AuroraMysqlEngineVersion.VER_3_07_1, the expected behavior occurs:
Resources
[+] AWS::S3::Bucket sampleBucket sampleBucket14E4F90B
[~] AWS::RDS::DBClusterParameterGroup sampleParameterGroup sampleParameterGroup4231F25B
└─ [~] Parameters
└─ [+] Added: .aws_default_s3_role <-- CORRECTThis discrepancy causes s3ExportBuckets to behave inconsistently.
Reproduction Steps
The issue can be reproduced using the following CDK code:
Incorrect behavior (AuroraMysqlEngineVersion.of(...))
new DatabaseCluster(this, 'sampleId', {
engine: DatabaseClusterEngine.auroraMysql({
version: AuroraMysqlEngineVersion.of("8.0.mysql_aurora.3.07.1", "8.0")
}),
iamAuthentication: true,
parameterGroup,
vpc: props.vpc,
defaultDatabaseName: "sampleDatabase",
writer: ClusterInstance.provisioned('writerInstance', {
instanceType: InstanceType.of(InstanceClass.BURSTABLE3, InstanceSize.MEDIUM),
}),
s3ExportBuckets: [
new Bucket(this, "sampleBucket", {
bucketName,
removalPolicy: RemovalPolicy.DESTROY,
})
]
});Expected behavior (AuroraMysqlEngineVersion.VER_3_07_1)
new DatabaseCluster(this, 'sampleId', {
engine: DatabaseClusterEngine.auroraMysql({
version: AuroraMysqlEngineVersion.VER_3_07_1
}),
iamAuthentication: true,
parameterGroup,
vpc: props.vpc,
defaultDatabaseName: "sampleDatabase",
writer: ClusterInstance.provisioned('writerInstance', {
instanceType: InstanceType.of(InstanceClass.BURSTABLE3, InstanceSize.MEDIUM),
}),
s3ExportBuckets: [
new Bucket(this, "sampleBucket", {
bucketName,
removalPolicy: RemovalPolicy.DESTROY,
})
]
});Possible Solution
In cluster-engine.ts, update the of method to ensure that _combineImportAndExportRoles is correctly set based on the major version.
Specifically, if the major version is not "5.7", _combineImportAndExportRoles should be set to true.
Additional Information/Context
- This issue is problematic because AuroraMysqlEngineVersion.of(...) is required for emergency upgrades, but it currently leads to incorrect behavior in s3ExportBuckets and parameter groups.
- The behavior should be consistent regardless of how the engine version is specified.
CDK CLI Version
v2.177.0
Framework Version
No response
Node.js Version
v22.3.0
OS
macOS Sequoia 15.3
Language
TypeScript
Language Version
5.2.2
Other information
No response