Open
Description
User Story - Business Need
We have established a connection to the ENP aurora database when the ENP app is deployed. This ticket aims to provide a way to ensure the connection is stable without needing to redeploy the tasks to re-establish that connection. To that end we'll need to connect the app to AWS Secrets Manager to retrieve the secrets. The value of the aurora db password will rotate on a regular basis so we will need to retrieve the new secret when that happens, but use cached results otherwise (see additional info below).
- Sync with Kyle when ticket is picked up.
- Ticket is understood, and QA has been contacted (if the ticket has a QA label).
User Story(ies)
As a backend engineer
I want to ensure a stable connect to the ENP aurora db
So that we can save data in the proper database when the time comes.
Additional Info and Resources
- See this article for information about setting up a DB connection using rotating keys with Secrets Manager and an Aurora DB.
- To implement this change we will need to add aws-secretsmanager-caching as a dependency to the project and use it to retrieve and cache the secret values when we create the db connection.
- You'll need to retrieve the db username and password (currently env var
DB_AUTH) from Secrets Manager. - The implementation will most likely require catching the appropriate database connection error in the asynccontextmanager (e.g.
get_read_session_with_context) and reestablishing the connection before returning a retryable error.
Acceptance Criteria
- The app still connects to the container db when running locally.
- When ENP API is deployed the app has connectivity to the ENP database.
- When secrets are rotated the app updates the session with the new credentials.
- This work is added to the sprint review slide deck (key win bullet point and demo slide)
QA Considerations
- The ENP API can connect to the ENP database when deployed.
- The connection is reestablished when secrets are updated. (Not sure if this can easily be tested.)
Activity