(rds): DatabaseProxy does not support Secrets Manager Secrets that have been encrypted with a KMS key #28847
Labels
@aws-cdk/aws-rds
Related to Amazon Relational Database
bug
This issue is a bug.
needs-triage
This issue or PR still needs to be triaged.
Describe the bug
When creating a DatabaseProxy if the Secrets Manager Secret that holds the Credentials is encrypted with a KMS key any registered ProxyTarget(s) will fail to connect as they lack access to
kms:Decrypt
the secret using the encrypted key.When this occurs the following can be observed in the DatabaseProxy logs but only when
debugLogging
is settrue
.Expected Behavior
DatabaseProxy is able to use Secrets when they are encrypted with a KMS key.
Current Behavior
DatabaseProxy fails to successfully create
Reproduction Steps
Possible Solution
Submitted for the approval of the midnight society #28848
Additional Information/Context
No response
CDK CLI Version
2.122.0
Framework Version
No response
Node.js Version
20
OS
Mac
Language
TypeScript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: