[Bug]: Atlas CDK failure #508
Description
Is there an existing issue for this?
- I have searched the existing issues
CDK package version
3.13.0
CFN Resource version
Cluster: v2.6.0, DatabaseUser: v2.3.0, PrivateEndpointAWS: v1.0.0, Project: v2.4.0, ProjectIpAccessList: v2.0.0
CFN Resource Region
eu-central-1
Current Behavior
Failed to deploy MongoDB::Atlas::Project with "Internal error".
Nothing in MongoDb activity feed where the api key is being used.
AWS CDK code to reproduce the issue
// This example creates a project and a cluster in Atlas using the L1 resources.
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { AtlasBasicPrivateEndpoint } from 'awscdk-resources-mongodbatlas';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
interface AtlasStackProps extends cdk.StackProps {
readonly orgId: string;
readonly profile: string;
readonly clusterName: string;
readonly region: string;
// readonly ip: string;
readonly vpcId: string;
readonly subnetId: string;
}
export class AtlasStack extends cdk.Stack {
constructor(scope: Construct, id: string, props: AtlasStackProps) {
super(scope, id, props);
// Create a security group in the VPC to be used by the private endpoint
const securityGroup = new ec2.SecurityGroup(this, 'AtlasSecurityGroup', {
vpc: ec2.Vpc.fromLookup(this, 'VPC', { vpcId: props.vpcId }),
description: 'Security group for MongoDB Atlas Private Endpoint',
allowAllOutbound: false,
});
// const atlasProps = this.getContextProps();
new AtlasBasicPrivateEndpoint(this, 'AtlasBasic', {
atlasBasicProps: {
clusterProps: {
name: props.clusterName,
replicationSpecs: [
{
numShards: 1,
advancedRegionConfigs: [
{
analyticsSpecs: {
ebsVolumeType: "STANDARD",
instanceSize: "M10",
nodeCount: 1
},
electableSpecs: {
ebsVolumeType: "STANDARD",
instanceSize: "M10",
nodeCount: 3
},
priority: 7,
regionName: props.region,
}]
}]
},
projectProps: {
orgId: props.orgId,
},
ipAccessListProps: {
accessList:[]
}
},
privateEndpointProps: {
awsVpcId: props.vpcId,
awsSubnetId: props.subnetId,
},
profile: props.profile,
});
}
}Steps To Reproduce
- Setup API key in organisation. Add permission Organization Project Creator to API key.
- Setup a secret in secrets manager "cfn/atlas/profile/default" with sercret value { "PrivateKey": "xx", "PublicKey": "xx" }. Tag the resource mongodb-atlas-profile-keys: AtlasStack
- Deploy the CDK stack
new AtlasStack(app, 'AtlasStack', {
env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
orgId: 'xxxx',
vpcId: 'vpc-xxx',
subnetId: 'subnet-xxx',
profile: 'default',
clusterName: 'test-cluster',
region: 'eu-central-1',
});
cdk synth
{
"Resources": {
"AtlasSecurityGroup9D57FB42": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security group for MongoDB Atlas Private Endpoint",
"SecurityGroupEgress": [
{
"CidrIp": "255.255.255.255/32",
"Description": "Disallow all traffic",
"FromPort": 252,
"IpProtocol": "icmp",
"ToPort": 86
}
],
"VpcId": "vpc-xxx"
},
"Metadata": {
"aws:cdk:path": "AtlasStack/AtlasSecurityGroup/Resource"
}
},
"AtlasBasicatlasbasicAtlasBasicprojectatlasbasicAtlasBasicB1E81E5D": {
"Type": "MongoDB::Atlas::Project",
"Properties": {
"Name": "atlas-project-4748574",
"OrgId": "xxxx",
"Profile": "default"
},
"Metadata": {
"aws:cdk:path": "AtlasStack/AtlasBasic/atlas-basic-AtlasBasic/project-atlas-basic-AtlasBasic"
}
},
"AtlasBasicatlasbasicAtlasBasicclusteratlasbasicAtlasBasic3455CF71": {
"Type": "MongoDB::Atlas::Cluster",
"Properties": {
"ClusterType": "REPLICASET",
"Profile": "default",
"ProjectId": {
"Fn::GetAtt": [
"AtlasBasicatlasbasicAtlasBasicprojectatlasbasicAtlasBasicB1E81E5D",
"Id"
]
},
"Name": "test-cluster",
"ReplicationSpecs": [
{
"NumShards": 1,
"AdvancedRegionConfigs": [
{
"RegionName": "eu-central-1",
"AnalyticsSpecs": {
"EbsVolumeType": "STANDARD",
"InstanceSize": "M10",
"NodeCount": 1
},
"ElectableSpecs": {
"EbsVolumeType": "STANDARD",
"InstanceSize": "M10",
"NodeCount": 3
},
"Priority": 7
}
]
}
]
},
"Metadata": {
"aws:cdk:path": "AtlasStack/AtlasBasic/atlas-basic-AtlasBasic/cluster-atlas-basic-AtlasBasic"
}
},
"AtlasBasicatlasbasicAtlasBasicdbuseratlasbasicAtlasBasic84F099E3": {
"Type": "MongoDB::Atlas::DatabaseUser",
"Properties": {
"DatabaseName": "admin",
"Password": "atlas-pwd",
"ProjectId": {
"Fn::GetAtt": [
"AtlasBasicatlasbasicAtlasBasicprojectatlasbasicAtlasBasicB1E81E5D",
"Id"
]
},
"Roles": [
{
"DatabaseName": "admin",
"RoleName": "atlasAdmin"
}
],
"Username": "atlas-user",
"Profile": "default"
},
"Metadata": {
"aws:cdk:path": "AtlasStack/AtlasBasic/atlas-basic-AtlasBasic/db-user-atlas-basic-AtlasBasic"
}
},
"AtlasBasicatlasbasicAtlasBasicipaccesslistatlasbasicAtlasBasic7C70EAD2": {
"Type": "MongoDB::Atlas::ProjectIpAccessList",
"Properties": {
"AccessList": [],
"ProjectId": {
"Fn::GetAtt": [
"AtlasBasicatlasbasicAtlasBasicprojectatlasbasicAtlasBasicB1E81E5D",
"Id"
]
},
"Profile": "default"
},
"Metadata": {
"aws:cdk:path": "AtlasStack/AtlasBasic/atlas-basic-AtlasBasic/ip-access-list-atlas-basic-AtlasBasic"
}
},
"AtlasBasicatlasprivateendpointserviceAtlasBasic07EEFD67": {
"Type": "MongoDB::Atlas::PrivateEndpointService",
"Properties": {
"Profile": "default",
"ProjectId": {
"Fn::GetAtt": [
"AtlasBasicatlasbasicAtlasBasicprojectatlasbasicAtlasBasicB1E81E5D",
"Id"
]
},
"Region": "US_EAST_1",
"CloudProvider": "AWS"
},
"Metadata": {
"aws:cdk:path": "AtlasStack/AtlasBasic/atlas-private-endpoint-service-AtlasBasic"
}
},
"AtlasBasicawsprivateendpointserviceAtlasBasic5D5A9E21": {
"Type": "AWS::EC2::VPCEndpoint",
"Properties": {
"ServiceName": {
"Fn::GetAtt": [
"AtlasBasicatlasprivateendpointserviceAtlasBasic07EEFD67",
"EndpointServiceName"
]
},
"SubnetIds": [
"subnet-xxx"
],
"VpcEndpointType": "Interface",
"VpcId": "vpc-xxx"
},
"DependsOn": [
"AtlasBasicatlasprivateendpointserviceAtlasBasic07EEFD67"
],
"Metadata": {
"aws:cdk:path": "AtlasStack/AtlasBasic/aws-private-endpoint-service-AtlasBasic"
}
},
"AtlasBasicatlasprivateendpointAtlasBasic337D6009": {
"Type": "MongoDB::Atlas::PrivateEndpointAWS",
"Properties": {
"Profile": "default",
"ProjectId": {
"Fn::GetAtt": [
"AtlasBasicatlasbasicAtlasBasicprojectatlasbasicAtlasBasicB1E81E5D",
"Id"
]
},
"EndpointServiceId": {
"Fn::GetAtt": [
"AtlasBasicatlasprivateendpointserviceAtlasBasic07EEFD67",
"Id"
]
},
"Id": {
"Ref": "AtlasBasicawsprivateendpointserviceAtlasBasic5D5A9E21"
}
},
"DependsOn": [
"AtlasBasicawsprivateendpointserviceAtlasBasic5D5A9E21"
],
"Metadata": {
"aws:cdk:path": "AtlasStack/AtlasBasic/atlas-private-endpoint-AtlasBasic"
}
},
"CDKMetadata": {
"Type": "AWS::CDK::Metadata",
"Properties": {
"Analytics": "v2:deflate64:H4sIAAAAAAAA/1WMuwqDMBhGn8WMJf7VUDq4FSkdWxS6iJSYRIimSchFKeK7l16Gdjh8cPg4BEi+gyyhs08ZH1MlO1jqQNmIK+FNdEw0aIPwDy2ms78JRmCpBYtOhsfJmWibBU2WoeJ948IzJ22QRn8NVcrMB6XOMXQmao6Kniov1haXvf4LvcT1Uh41t0bqsK5YGy5g8NuJZJDvIUsGL2Xqog7yLqD67BMTW1eoywAAAA=="
},
"Metadata": {
"aws:cdk:path": "AtlasStack/CDKMetadata/Default"
}
}
},
"Parameters": {
"BootstrapVersion": {
"Type": "AWS::SSM::Parameter::Value<String>",
"Default": "/cdk-bootstrap/hnb659fds/version",
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
}
},
"Rules": {
"CheckBootstrapVersion": {
"Assertions": [
{
"Assert": {
"Fn::Not": [
{
"Fn::Contains": [
[
"1",
"2",
"3",
"4",
"5"
],
{
"Ref": "BootstrapVersion"
}
]
}
]
},
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
}
]
}
}
}Code of Conduct
- I agree to follow this project's Code of Conduct