Merge branch 'cdk-aq1' of https://github.com/SyncrowIOT/backend into cdk-aq1

2025-07-10 07:07:21 +00:00 · 2025-07-08 04:26:51 -06:00
parent e4694db79c 13064296a7
commit 44f83ea54e
1 changed files with 17 additions and 18 deletions
--- a/infrastructure/stack.ts
+++ b/infrastructure/stack.ts
@ -100,23 +100,24 @@ export class BackendStack extends cdk.Stack {
      'Allow HTTPS traffic'
    );

-    // RDS Aurora Serverless v2 PostgreSQL
-    const dbCluster = new rds.DatabaseCluster(this, 'SyncrowDatabase', {
+    const dbCluster = rds.DatabaseCluster.fromDatabaseClusterAttributes(this, 'SyncrowDatabase', {
+      clusterIdentifier: 'syncrow-backend',
+      instanceIdentifiers: ['syncrowdatabase-instance-1'],
      engine: rds.DatabaseClusterEngine.auroraPostgres({
-        version: rds.AuroraPostgresEngineVersion.VER_15_4,
+        version: rds.AuroraPostgresEngineVersion.VER_16_6,
      }),
-      vpc: this.vpc,
-      securityGroups: [dbSecurityGroup],
-      serverlessV2MinCapacity: 0.5,
-      serverlessV2MaxCapacity: 4,
-      writer: rds.ClusterInstance.serverlessV2('writer'),
-      defaultDatabaseName: props?.databaseName || 'syncrow',
-      credentials: rds.Credentials.fromGeneratedSecret('syncrowadmin', {
-        secretName: 'syncrow-db-credentials',
-      }),
-      removalPolicy: cdk.RemovalPolicy.DESTROY,
+      port: 5432,
+      securityGroups: [
+        ec2.SecurityGroup.fromSecurityGroupId(this, 'ImportedDbSecurityGroup', 'sg-07e163f588b2bac25')
+      ],
+      clusterEndpointAddress: 'syncrowdatabase.cluster-criskv1sdkq4.me-central-1.rds.amazonaws.com',
    });

+    // Import the existing database secret separately
+    const dbSecret = rds.DatabaseSecret.fromSecretCompleteArn(this, 'ImportedDbSecret', 
+      'arn:aws:secretsmanager:me-central-1:482311766496:secret:rds!cluster-43ec14cd-9301-43e2-aa79-d330a429a126-v0JDQN'
+    );
+
    // ECR Repository for Docker images - import existing repository
    const ecrRepository = ecr.Repository.fromRepositoryName(this, 'SyncrowBackendRepo', 'syncrow-backend');

@ -175,7 +176,7 @@ export class BackendStack extends cdk.Stack {
          AZURE_POSTGRESQL_HOST: dbCluster.clusterEndpoint.hostname,
          AZURE_POSTGRESQL_PORT: '5432',
          AZURE_POSTGRESQL_DATABASE: props?.databaseName || 'syncrow',
-          AZURE_POSTGRESQL_USER: 'syncrowadmin',
+          AZURE_POSTGRESQL_USER: 'postgres',
          AZURE_POSTGRESQL_SSL: process.env.AZURE_POSTGRESQL_SSL || 'false',
          AZURE_POSTGRESQL_SYNC: process.env.AZURE_POSTGRESQL_SYNC || 'false',
          
@ -252,7 +253,7 @@ export class BackendStack extends cdk.Stack {
        },
        secrets: {
          AZURE_POSTGRESQL_PASSWORD: ecs.Secret.fromSecretsManager(
-            dbCluster.secret!,
+            dbSecret,
            'password'
          ),
        },
@ -297,9 +298,7 @@ export class BackendStack extends cdk.Stack {
    });

    // Grant ECS task access to RDS credentials
-    if (dbCluster.secret) {
-      dbCluster.secret.grantRead(fargateService.taskDefinition.taskRole);
-    }
+    dbSecret.grantRead(fargateService.taskDefinition.taskRole);

    this.apiUrl = 'https://api.syncrow.me';
    this.databaseEndpoint = dbCluster.clusterEndpoint.hostname;