mongodb / awscdk-resources-mongodbatlas Goto Github PK

View Code? Open in Web Editor NEW

31.0 31.0 13.0 4.26 MB

MongoDB Atlas AWS CDK Resources

License: Apache License 2.0

JavaScript 0.65% TypeScript 98.77% Shell 0.33% Python 0.25%

awscdk-resources-mongodbatlas's People

Contributors

Stargazers

Watchers

Forkers

samkenxstream pahud randyridgley travishoover leifarriens zach-carr conleos-lrohr vc95 bettinatop22 wtrocki cmoyer2 swachter

awscdk-resources-mongodbatlas's Issues

CfnServerlessInstance does not return connection strings like CfnCluster does

Describe the bug
Using CfnServerlessInstance does not return connection strings for the database. On the other hand, CfnCluster does. Therefore, there is no way of getting connection strings for Serverless instances via CDK. This is pretty crucial for streamlining integrating Atlas constructs with other infrastructure.

Looking at the definitions in CloudFormation as well as the Go code in the repo, it seems that the MongoDB::Atlas::ServerlessInstance CFN resource would have the same ConnectionStrings attribute defined that should be populated. It's just not mapped to the CDK construct in the current?

To Reproduce
Create a CfnServerlessInstance. The construct does not contain connection strings. There does seem to be a connectionStrings under the props attribute of the construct that even has a ServerlessInstanceConnectionStrings type defined, but those do not get populated upon deployment. This is extremely confusing, since for CfnCluster there is a direct connectionStrings attribute available that gets populated upon deployment. Now it seems I have to create a CustomResource that fetches the connection strings from Atlas API just for the serverless instance.

Expected behavior
Expected to get connection strings after creating a Serverless Instance in Atlas.

Please complete the following information:

CFN resource version: 2.0.0
AWS region where you are running the CFN stack: eu-north-1
CDK constructor type and version: 3.0.0
Copy of the output of cdk synth: No errors by synth

Missing minimum oplog window feature for cluster configuration

Is your feature request related to a problem? Please describe. The current CDK implementation is missing the option to specify a minimum oplog window in combination with storage autoscaling. This feature was released with MDB 4.4 and is available in the UI. Please refer to the documentation.

Describe the solution you'd like
Implement the option in CDK.

Describe alternatives you've considered
There aren't any direct alternatives except for specifying the oplog size which doesn't allow for automatic adjustments and scaling of the oplog size and oplog window.

l3 resource atlas-basic-private-endpoint should allow adding more than one subnet

Is your feature request related to a problem? Please describe.
Currently, l3 resource atlas-basic-private-endpoint allows only a single subnet be specified in its privateEndpointProps property.

Describe the solution you'd like
Allow more than one subnet be specified in privateEndpointProps property.

Describe alternatives you've considered
Using l1 resources and configuring it all manually.

Additional context
Using l1 resources gives more control but takes a ton of convenience away.

CfnNetworkContainer requires providerName parameter despite it not being a valid prop

Describe the bug
When attempting to use the CfnNetworkContainer construct to get/create a network container for a cluster, the deployment for it fails with Resource handler returned message: "Unable to complete request: error Containers.ListAll err:providerName is required and must be specified". However, providerName is not a prop you can give to the construct.

To Reproduce
Try to deploy a CfnNetworkContainer construct using CDK to a MongoDB Atlas cluster.

Example:

new CfnNetworkContainer(scope, 'mongodb-atlas-vpc', {
  projectId: mongoDbCluster.mProject.attrId,
  regionName: 'EU_NORTH_1',
  atlasCidrBlock: '192.168.248.0/21',
  profile: props.stage,
  provisioned: true,
});

Expected behavior
Expected to be able to create/get a network container so I can initiate VPC peering via CDK. Expected to be able to pass providerName as a prop since it's apparently required for the Atlas API call.

Please complete the following information:

CFN resource version: 2.0.0
AWS region where you are running the CFN stack: eu-north-1
CDK constructor type and version:
- "awscdk-resources-mongodbatlas": "^3.0.0",
Copy of the output of cdk synth: Synth doesn't produce any errors

AtlasPrivateEndpoint cdk giving error : required key [ApiKeys] not found

import os

from aws_cdk import (
    Stack, aws_ec2 as ec2,
)

from bda_constructs.bda_constructs import vpc_lookup
from constructs import Construct

from awscdk_resources_mongodbatlas import (AdvancedRegionConfig, AdvancedReplicationSpec,
                                           Specs, AccessListDefinition, IpAccessListProps,
                                           ProjectProps, ClusterProps, AtlasBasic, PrivateEndpoint,
                                           AtlasBasicPrivateEndpoint, AtlasBasicProps, PrivateEndpointProps,
                                           ProjectApiKey)


class MongodbStack(Stack):

    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        org_id_var = self.node.try_get_context('org_id') or os.getenv('')
        region_var = self.node.try_get_context('region')
        profile_name_var = self.node.try_get_context('profile')
        ip_addr_var = self.node.try_get_context('ip_addr')
        ip_comment_var = self.node.try_get_context('ip_comment')
        vpc_id = self.node.try_get_context('vpc_id')
        subnets = self.node.try_get_context('subnets').split(",")

        region_configs_var = [
            AdvancedRegionConfig(analytics_specs=Specs(node_count=1, instance_size="M10", ebs_volume_type="STANDARD"),
                                 electable_specs=Specs(node_count=3, instance_size="M10", ebs_volume_type="STANDARD"),
                                 priority=7,
                                 region_name=region_var)]
        replication_specs_var = [AdvancedReplicationSpec(advanced_region_configs=region_configs_var, num_shards=1)]

        access_list_defs_var = [AccessListDefinition(ip_address=ip_addr_var, comment=ip_comment_var)]

        # atlas_basic_l3 = AtlasBasic(self, "AtlasBasic-py-l3",
        #                             cluster_props=ClusterProps(replication_specs=replication_specs_var),
        #                             project_props=ProjectProps(org_id=org_id_var),
        #                             ip_access_list_props=IpAccessListProps(access_list=access_list_defs_var),
        #                             profile=profile_name_var)

        atlas_basic_props = AtlasBasicProps(cluster_props=ClusterProps(replication_specs=replication_specs_var),
                                            project_props=ProjectProps(org_id=org_id_var),
                                            ip_access_list_props=IpAccessListProps(access_list=access_list_defs_var),
                                            profile=profile_name_var
                                            )

        private_endpoint_props = PrivateEndpointProps(private_endpoints=[PrivateEndpoint(
            vpc_id=vpc_id,
            subnet_ids=subnets
        )])

        instance = AtlasBasicPrivateEndpoint(self, "AtlasBasic-private-endpoint-py-l3",
                                             atlas_basic_props=atlas_basic_props,
                                             private_endpoint_props=private_endpoint_props,
                                             # profile=profile_name_var
                                             )


[100%] success: Published 3423c3404b6bf05515dd31cc027c045ff998d549b7b371f3db43415407d8b595:current_account-current_region
Mongodb2Stack: creating CloudFormation changeset...
[█████████████████████████████████▏························] (4/7)

4:25:40 PM | CREATE_FAILED        | MongoDB::Atlas::PrivateEndpoint     | AtlasBasic-private...ate-endpoint-py-l3
Properties validation failed for resource AtlasBasicprivateendpointpyl3privateendpointAtlasBasicprivateendpointpyl309D4273A with mes
sage:
#: required key [ApiKeys] not found
4:25:41 PM | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack          | Mongodb2Stack
The following resource(s) failed to create: [AtlasBasicprivateendpointpyl3atlasbasicAtlasBasicprivateendpointpyl3ipaccesslistatlasba
sicAtlasBasicprivateendpointpyl3D2A51065, AtlasBasicprivateendpointpyl3privateendpointAtlasBasicprivateendpointpyl309D4273A, AtlasBa
sicprivateendpointpyl3atlasbasicAtlasBasicprivateendpointpyl3dbuseratlasbasicAtlasBasicprivateendpointpyl3B2671B84, AtlasBasicprivat
eendpointpyl3atlasbasicAtlasBasicprivateendpointpyl3clusteratlasbasicAtlasBasicprivateendpointpyl39F42C400]. Rollback requested by u
ser.
4:25:41 PM | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack          | Mongodb2Stack
The following resource(s) failed to create: [AtlasBasicprivateendpointpyl3atlasbasicAtlasBasicprivateendpointpyl3ipaccesslistatlasba
sicAtlasBasicprivateendpointpyl3D2A51065, AtlasBasicprivateendpointpyl3privateendpointAtlasBasicprivateendpointpyl309D4273A, AtlasBa
sicprivateendpointpyl3atlasbasicAtlasBasicprivateendpointpyl3dbuseratlasbasicAtlasBasicprivateendpointpyl3B2671B84, AtlasBasicprivat
eendpointpyl3atlasbasicAtlasBasicprivateendpointpyl3clusteratlasbasicAtlasBasicprivateendpointpyl39F42C400]. Rollback requested by u
ser.

While the atlasbasic pick the api keys from profile

Publishing v3.0.1 to Maven Central failed

See https://github.com/mongodb/awscdk-resources-mongodbatlas/actions/runs/7062273574

Better documentation around CfnCluster's `versionReleaseSystem` property

I am trying to understand how to configure my cluster to use the rapid release version any guidance would be helpful.

bootstrap: AccessDeniedException to perform: secretsmanager:GetSecretValue

I am getting this error when I create the Project resource with a simple CFN template

{
    "Resources": {
     "L1Project": {
      "Type": "MongoDB::Atlas::Project",
      "Properties": {
       "Name": "demo-random-project",
       "OrgId": "<deducted>",
       "Profile": "development"
      }
     }
    }
   }

Resource handler returned message: "AccessDeniedException: User: arn:aws:sts::903779448426:assumed-role/MongoDB-Atlas-CDK-Excecution/8ce94db6-f347-1447-0e88-762666244885 is not authorized to perform: secretsmanager:GetSecretValue on resource: cfn/atlas/profile/development because no identity-based policy allows the secretsmanager:GetSecretValue action status code: 400, request id: 332c0e26-bdf4-4cc0-add0-805f2acf50e5" (RequestToken: 8ce94db6-f347-1447-0e88-762666244885, HandlerErrorCode: NotFound)

Looking at the mongodb exec role created by the MongoAtlasBootstrap class, I guess this is not requred.

awscdk-resources-mongodbatlas/src/l3-resources/atlas-bootstrap/index.ts

Line 86 in 5c57dc8

policyStatement.addSourceAccountCondition(Aws.ACCOUNT_ID);

As it builds the IAM policy like this

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Condition": {
                    "StringEquals": {
                        "aws:SourceAccount": "123456789012"
                    }
                },
                "Action": [
                    "secretsmanager:DescribeSecret",
                    "secretsmanager:GetSecretValue",
                    "ec2:CreateVpcEndpoint",
                    "ec2:DeleteVpcEndpoints",
                    "cloudformation:CreateResource",
                    "cloudformation:DeleteResource",
                    "cloudformation:GetResource",
                    "cloudformation:GetResourceRequestStatus",
                    "cloudformation:ListResources",
                    "cloudformation:UpdateResource",
                    "iam:AttachRolePolicy",
                    "iam:CreateRole",
                    "iam:DeleteRole",
                    "iam:GetRole",
                    "iam:GetRolePolicy",
                    "iam:ListAttachedRolePolicies",
                    "iam:ListRolePolicies",
                    "iam:PutRolePolicy"
                ],
                "Resource": "*",
                "Effect": "Allow"
            }
        ]
    }

If we look at the CFN document
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html
This condition is only required for role assuming to some specific role resources.

Publishing v1.0.1 to GitHub Go Module Repository failed

See https://github.com/mongodb/awscdk-resources-mongodbatlas/actions/runs/4746105941

Publishing v3.0.1 to Maven Central failed

See https://github.com/mongodb/awscdk-resources-mongodbatlas/actions/runs/7062273574

[Bug]: L1 resource name should not be randomized

Is there an existing issue for this?

I have searched the existing issues

CDK package version

latest

CFN Resource version

n/a

CFN Resource Region

n/a

Current Behavior

Some L3 classes are creating L1 resources with random name suffix if undefined, which is an anti-pattern in CDK.

For example:

awscdk-resources-mongodbatlas/src/l3-resources/atlas-serverless-basic/index.ts

Lines 95 to 97 in 5c57dc8

    
           name: 
        
             props.serverlessProps.name || 
        
             serverlessDefaults.serverlessName.concat(String(randomNumber())),

This means if I run cdk diff after a successful deployment without changing any props, cdk diff will indicate the resource would be replaced because the name would be changed.

This is very bad because the cluster or serverless instance would be destroyed with a new one created. You will lost all the data on it.

Generally, it's recommended to specify the name for L1 like

Option 1.

name: props.name

(just leave it as undefined and cloudformation will generate a random name for you)

Option 2.

name: props.name ?? `${id}-instance`

As the construct id would be static, you get a static unique ID like that.

AWS CDK code to reproduce the issue

n/a

Steps To Reproduce

n /a

cdk synth

n/a

Code of Conduct

I agree to follow this project's Code of Conduct

This is a test - Andrea

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

Go to '...'
Click on '....'
Scroll down to '....'
See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Please complete the following information:

CFN resource version
AWS region where you are running the CFN stack
CDK constructor type and version
Copy of the output of cdk synth

Additional context
Add any other context about the problem here.

[Bug]: `CfnTriggerProps` shows required properties as optional, appears to be out of date

Is there an existing issue for this?

I have searched the existing issues

CDK package version

3.1.0

CFN Resource version

trigger: v1.4.0

CFN Resource Region

us-east-1

Current Behavior

I had a big ole description written up for another issue related to creating triggers, then figured out the problem. But, while I'm here I figured I'd complain about something else 🤓.

I copy/pasted this example, (modifying the event processor section to use EventBridge in AWS), and got the following error after deploying with cdk deploy:

CREATE_FAILED        | MongoDB::Atlas::Trigger | ThirdPartyIntegration
Resource handler returned message: "POST https://realm.mongodb.com/api/admin/v3.0/groups/xxxxxxxxxxxxxxxxxxxxxxxx/apps/xxxxxxxxxxxxxxxxxxxxxxxx/trigger
s: 400 (request "") a trigger requires a name" (RequestToken: 79d8e8f8-261f-c721-83eb-e4149fd4de95, HandlerErrorCode: InvalidRequest)

Indeed, after specifying a name for the trigger, the deployment succeeded.

const trigger = new CfnTrigger(this, 'ThirdPartyIntegration', {
  ...,
  name: '<trigger_name>', // 👍🏻
  ...
})

Reviewing the type definition for CfnTriggerProps, I see:

export interface CfnTriggerProps {
    ...
    readonly name?: string;
    ...
}

Maybe it's required if using event bridge as the "event processor"? At any rate, the CDK docs and admin API docs do not seem to be in agreement.

Deployments take a long time, especially when dealing with rollbacks and addressing one hiccup at a time. Ensuring required fields are marked as such makes a difference. Thanks for your attention on this matter!

AWS CDK code to reproduce the issue

// lib/CdkTestingStack.ts
import * as cdk from 'aws-cdk-lib'
import { Construct } from 'constructs'
import { CfnTrigger, DatabaseConfigOperationTypes } from 'awscdk-resources-mongodbatlas'

interface AtlasStackProps {
  readonly projId: string
  readonly profile: string
  readonly appId: string
  readonly dbName: string
  readonly collection: string
  readonly serviceId: string
  readonly functionId: string
  readonly functionName: string
}

export class CdkTestingStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props)

    const atlasProps = this.getContextProps()

    const trigger = new CfnTrigger(this, 'ThirdPartyIntegration', {
      projectId: atlasProps.projId,
      profile: atlasProps.profile,
      type: 'DATABASE',
      appId: atlasProps.appId,
      // name: 'my-trigger-name-that-I-wish-was-optional',
      databaseTrigger: {
        operationTypes: [DatabaseConfigOperationTypes.INSERT],
        database: atlasProps.dbName,
        collection: atlasProps.collection,
        serviceId: atlasProps.serviceId,
      },
      eventProcessors: {
        awseventbridge: {
          awsConfig: {
            region: props?.env?.region,
            accountId: props?.env?.account,
          },
        },
      },
    })
  }

  getContextProps(): AtlasStackProps {
    const projId = this.node.tryGetContext('projId')
    if (!projId) {
      throw 'No context value specified for projId. Please specify via the cdk context.'
    }
    const appId = this.node.tryGetContext('appId')
    const profile = this.node.tryGetContext('profile') ?? 'default'
    const dbName = this.node.tryGetContext('dbName')
    const collection = this.node.tryGetContext('collection')
    const serviceId = this.node.tryGetContext('serviceId')

    return {
      projId,
      profile,
      appId,
      dbName,
      collection,
      serviceId,
    }
  }
}

// bin/app.ts
#!/usr/bin/env node
import 'source-map-support/register'
import * as cdk from 'aws-cdk-lib'
import { CdkTestingStack } from '../lib/CdkTestingStack'

const app = new cdk.App()

new CdkTestingStack(app, 'TriggerReproStack', {
  env: { account: '123456781011', region: 'us-east-1' },
})

Steps To Reproduce

In an empty folder, run npx cdk init app --language=typescript
Copy/paste the example code into lib/CdkTestingStack.ts and bin/app.ts, respectively.

Obtain context values from atlas cloud (i.e., appId, profile, dbName, etc.) and run the following command:

$ npx cdk deploy --context appId=xxxxxxxxxxxxxxxxxxxxxxxx \
  --context profile=default \
  --context dbName=mydb \
  --context collection=mycoll \
  --context serviceId=xxxxxxxxxxxxxxxxxxxxxxxx \
  --context projId=xxxxxxxxxxxxxxxxxxxxxxxx

cdk synth

> [email protected] cdk /Users/craig.blackburn/projects/ys/atlas-cdk-demo/apps/trigger-repro
> cdk "synth" "--profile" "dev" "--context" "appId=xxxxxxxxxxxxxxxxxxxxxxxx" "--context" "profile=default" "--context" "dbName=sample_training" "--context" "collection=zips" "--context" "projId=xxxxxxxxxxxxxxxxxxxxxxxx" "--context" "serviceId=xxxxxxxxxxxxxxxxxxxxxxxx"

Resources:
  ThirdPartyIntegration:
    Type: MongoDB::Atlas::Trigger
    Properties:
      Profile: default
      DatabaseTrigger:
        ServiceId: xxxxxxxxxxxxxxxxxxxxxxxx
        Database: sample_training
        Collection: zips
        OperationTypes:
          - INSERT
      Type: DATABASE
      EventProcessors:
        AWSEVENTBRIDGE:
          AWSConfig:
            AccountId: "xxxxxxxxxxxx"
            Region: us-east-1
      AppId: xxxxxxxxxxxxxxxxxxxxxxxx
      ProjectId: xxxxxxxxxxxxxxxxxxxxxxxx
    Metadata:
      aws:cdk:path: TriggerReproStack/ThirdPartyIntegration
  CDKMetadata:
    Type: AWS::CDK::Metadata
    Properties:
      Analytics: v2:deflate64:H4sIAAAAAAAA/zPSMzSy1DNQTCwv1k1OydbNyUzSqw4uSUzO1nFOywtKLc4vLUpOrdXJy09J1csq1i8ztNAzBGnIKs7M1C0qzSvJzE3VC4LQAH1hULFNAAAA
    Metadata:
      aws:cdk:path: TriggerReproStack/CDKMetadata/Default
Parameters:
  BootstrapVersion:
    Type: AWS::SSM::Parameter::Value<String>
    Default: /cdk-bootstrap/hnb659fds/version
    Description: Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]
Rules:
  CheckBootstrapVersion:
    Assertions:
      - Assert:
          Fn::Not:
            - Fn::Contains:
                - - "1"
                  - "2"
                  - "3"
                  - "4"
                  - "5"
                - Ref: BootstrapVersion
        AssertDescription: CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.

Code of Conduct

I agree to follow this project's Code of Conduct

This is a test - ANDREA TEST

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

Go to '...'
Click on '....'
Scroll down to '....'
See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Please complete the following information:

CFN resource version
AWS region where you are running the CFN stack
CDK constructor type and version
Copy of the output of cdk synth

Additional context
Add any other context about the problem here.

Not able to find connection Strings in atlasBasic Construct

For testing connection and proving IP access list, i started with AtlasBasic construct.


from aws_cdk import (
    Stack, CfnOutput
)
from constructs import Construct

from awscdk_resources_mongodbatlas import (AdvancedRegionConfig, AdvancedReplicationSpec,
                                           Specs, AccessListDefinition, IpAccessListProps,
                                           ProjectProps, ClusterProps, AtlasBasic, PrivateEndpoint,
                                           AtlasBasicPrivateEndpoint, AtlasBasicProps, PrivateEndpointProps)


class MongodbStack(Stack):

    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        org_id_var = self.node.try_get_context('org_id')
        region_var = self.node.try_get_context('region')
        profile_name_var = self.node.try_get_context('profile')
        ip_addr_var = self.node.try_get_context('ip_addr')
        ip_comment_var = self.node.try_get_context('ip_comment')
        # vpc_id = self.node.try_get_context('vpc_id')
        # subnets = self.node.try_get_context('subnets')

        region_configs_var = [
            AdvancedRegionConfig(analytics_specs=Specs(node_count=1, instance_size="M10", ebs_volume_type="STANDARD"),
                                 electable_specs=Specs(node_count=3, instance_size="M10", ebs_volume_type="STANDARD"),
                                 priority=7,
                                 region_name=region_var)]
        replication_specs_var = [AdvancedReplicationSpec(advanced_region_configs=region_configs_var, num_shards=1)]

        access_list_defs_var = [AccessListDefinition(ip_address=ip_addr_var, comment=ip_comment_var)]

        atlas_basic_l3 = AtlasBasic(self, "AtlasBasic-py-l3",
                                    cluster_props=ClusterProps(replication_specs=replication_specs_var),
                                    project_props=ProjectProps(org_id=org_id_var),
                                    ip_access_list_props=IpAccessListProps(access_list=access_list_defs_var),
                                    profile=profile_name_var)
        print(atlas_basic_l3.m_cluster.props)
        CfnOutput(self,
                  f"stdUrl",
                  description=f"URL of mongoDb url",
                  value=atlas_basic_l3.m_cluster.props.connection_strings.standard)
        CfnOutput(self,
                  f"stdSrvUrl",
                  description=f"Srv URL of mongoDb url",
                  value=atlas_basic_l3.m_cluster.props.connection_strings.standard_srv)

I followed new repo, i am not able to CfnOutput connection parameters. Getting Below problem. Please help.

(.venv) hdahiya@IN-HDAHIYA-T14:~/mongodb4$ cdk deploy --context org_id=640dba22c5b1cc609ab132d0 --context region=EU_WEST_1 --context profile=mycom-default --context ip_addr='103.65.30.238'
CfnClusterProps(name='atlas-cluster-9883149', project_id='${Token[TOKEN.651]}', cluster_type='REPLICASET', profile='mycom-default', replication_specs=[AdvancedReplicationSpec(advanced_region_configs=[AdvancedRegionConfig(analytics_specs=Specs(ebs_volume_type='STANDARD', instance_size='M10', node_count=1), electable_specs=Specs(ebs_volume_type='STANDARD', instance_size='M10', node_count=3), priority=7, region_name='EU_WEST_1')], num_shards=1)])
Traceback (most recent call last):
  File "/home/hdahiya/mongodb4/app.py", line 10, in <module>
    MongodbStack(app, "MongodbStack",
  File "/home/hdahiya/mongodb4/.venv/lib/python3.10/site-packages/jsii/_runtime.py", line 112, in __call__
    inst = super().__call__(*args, **kwargs)
  File "/home/hdahiya/mongodb4/mongodb/mongodb_stack.py", line 43, in __init__
    value=atlas_basic_l3.m_cluster.props.connection_strings.standard)
AttributeError: 'NoneType' object has no attribute 'standard'

Subprocess exited with error 1

Publishing v3.4.0 to NuGet Gallery failed

See https://github.com/mongodb/awscdk-resources-mongodbatlas/actions/runs/8846464872

Not existing Users are not created by ressource "AtlasBasic"

Is your feature request related to a problem? Please describe.
When I create an AtlasBasic ressource, I could configure "clusterProps, projectProps, ipaccesslistProps", those are created if they not exist in my account. However if I define "dbUserProps", the user is not created, if it does not exist, I simply get an error that says "user cannot be found".

Describe the solution you'd like
I would expect to create the user if it does not exist, since if I create a project and cluster with this ressource, I will have an henn egg problem with the user, since the project must already exist to create the user. This means I have to use 3 Ressources to create a cluster, even if there is a ressource that should manage that.

Describe alternatives you've considered
Alternative is to not create the user, but it should be documented and explained, why.

Additional context
Add any other context or screenshots about the feature request here.

create CfnDatabaseUser that uses AWS IAM Role for authentication

Is your feature request related to a problem? Please describe.

Maybe I overlooked something but it seems to me that its currently not possible to create a db user that can authenticate via IAM Role. CfnDatabaseUserPropsAwsiamType.ROLE is already available but where/how do you specify the ARN for that user?

Describe alternatives you've considered

use a regular user with username/password instead

Extend AtlasBasic DatabaseUserProps to support 'SecretValue'

I may be missing something (obvious), and apologies if I am... I am using AWS Secrets Manager in my CDK stack, generating a new secret as outlined here.

I am running into an issue where the AtlasBasic 'dbUserProps' interface will only accept a string, not a SecretValue (error shown is Type 'SecretValue' is not assignable to type 'string'):

...
// Create new Secret
const templatedSecret = new sm.Secret(this, "AtlasDbUser", {
  generateSecretString: {
    secretStringTemplate: JSON.stringify({
      username: `myUser`,
    }),
    generateStringKey: "password",
  },
});

// Create Atlas Project/ Cluster
const atlasDb = new AtlasBasic(this, "AtlasBasic", {
      dbUserProps: {
        username: templatedSecret.secretValueFromJson("username"), // <-- this causes an error as it is a SecretValue, not string
        password: templatedSecret.secretValueFromJson("password"), // <-- as above
        databaseName: context.atlasAuthenticationDatabaseName,
        roles: [
          {
            roleName: "dbOwner",
            databaseName: context.atlasDatabaseName,
          },
        ],
      },
 ...

I would like to to avoid the need to use 'unsafeUnwrap()' on the secret and just use the SecretValue. Using the toString() as outlined in the first link, also yields an error, pointing in the direction of 'secretValue.unsafeUnwrap()' but carries the warning "if you understand and accept the risks.."

In terms of alternatives. I want to avoid using 'unsafeUnwrap()' on the secret value for a variety of reasons outlined in the AWS docs. If there is another approach, that will ensure the secret does not end up in the IaC/ CI logs etc., then I'm happy to look at alternatives.

l3 resource atlas-basic-private-endpoint should allow changing securitygroup

Is your feature request related to a problem? Please describe.
Currently, l3 resource atlas-basic-private-endpoint doens't allow changing securitygroup used for ec2.CfnVPCEndpoint resource.

Describe the solution you'd like
Allow changing securitygroup for the encapsulated resource ec2.CfnVPCEndpoint.

Describe alternatives you've considered
Using l1 resources and configuring it all manually.

Additional context
Using l1 resources gives more control but takes a ton of convenience away.

MongoAtlasBootstrap construct

This feature request was added in issues/495

Idea

The atlas-basic construct is very handy for cluster creation and helps CDK users to jumpstart their mongoDB journey with CDK, however, there are some prerequisites AWS users have to complete before they are allowed to deploy it with atlas-basic or any other high level constructs:

They have to activate the CFN public extension and specify an execution role, which must have relevant trust policy with service principal defined, read the doc for more info.
They have to create a profile secret from ASW Secrets Manager with their Mongo Atlas public key and private key. They are encouraged to deploy this CFN template to generate the secret, which technically and preferably should be completed with AWS CDK as well.

I suggest to have a MongoAtlasBootstrap CDK construct that allows new AWS CDK users to achieve requirements in CDK.

For example:

const app = new cdk.App();
const env = { region: process.env.CDK_DEFAULT_REGION, account: process.env.CDK_DEFAULT_ACCOUNT }
const bootstrap = new cdk.Stack(app, 'mongo-cdk-bootstrap');
const demoStack = new cdk.Stack(app, 'mongo-cdk-demo', { env });


// bootstrap by creating the cfn extension execution role and profile secret.
new MongoAtlasBootstrap(bootstrap, 'mongoCdkBootstrap', { 
  roleName: 'cfn-ext-exec-role-for-mongo',
  secretProfile: 'my-profile',
});

const orgId = demoStack.node.tryGetContext('MONGO_ORG_ID') || process.env.MONGO_ORG_ID;

new AtlasBasic(demoStack, 'atlas-basic', {
  profile: 'pahud-profile',
  clusterProps: { replicationSpecs : replicationSpecs },
  projectProps: { orgId },
  ipAccessListProps,
});

When the user run npx cdk deloy mongo-cdk-bootstrap, the mongo-cdk-bootstrap stack will be deployed and 2 resources will be created:

CFN public extension execution role with well-defined policies and print out the AWS CLI commands to activate relevant mongo atlas extensions.
Create a dummy secret and print out the AWS CLI command prompt so you can update this secret with correct credentials.

The MongoAtlasBootstrap should be deployed in a separate stack only for the first time. I believe this would be very helpful to allow new CDK users to adopt mongo atlas clusters.

Proof of Concept

import { CfnOutput, SecretValue,
    aws_iam as iam,
    aws_secretsmanager as secretsmanager,
} from 'aws-cdk-lib';
import { Construct } from 'constructs';


export class MongoAtlasBootstrapProps {
    /**
     * The IAM role name for CloudFormation Extension Execution.
     * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html
     * 
     * @default auto generat the name.
     */
    readonly roleName?: string;
    /**
     * The secret profile name for MongoDB Atlas.
     * @default generate a dummy secret.
     * @see https://github.com/mongodb/mongodbatlas-cloudformation-resources/tree/master#2-configure-your-profile
     */
    readonly secretProfile?: string;
}

/**
 * Generate the CFN extension execution role.
 * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html
 */
export class MongoAtlasBootstrap extends Construct {
    readonly role: iam.IRole;
    constructor(scope: Construct, id: string, props?: MongoAtlasBootstrapProps){
        super(scope, id);

        this.role = new iam.Role(this, 'CfnExecRole', {
            assumedBy: new iam.ServicePrincipal('resources.cloudformation.amazonaws.com'),
            roleName: props?.roleName,
            managedPolicies: [
                iam.ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'),
            ],
        });

        if(props?.secretProfile) {
            new MongoSecretProfile(this, 'MongoSecretProfile', props?.secretProfile )
        }
        for (let x of ['Cluster', 'Project', 'DatabaseUser', 'ProjectIpAccessList'] ) {
            new CfnOutput(this, `ActivateCmd${x}`, { value: `aws cloudformation activate-type --type-name MongoDB::Atlas::${x} --publisher-id bb989456c78c398a858fef18f2ca1bfc1fbba082 --type RESOURCE --execution-role-arn ${this.role.roleArn}`})
        }
    }
}

export class MongoSecretProfile extends Construct {
    constructor(scope: Construct, id: string, profileName: string) {
        super(scope, id);
        // create a secret
        const secret = new secretsmanager.Secret(this, profileName, {
            secretName: `cfn/atlas/profile/${profileName}`,
            secretStringValue: SecretValue.unsafePlainText('{"PublicKey":"changeMe", "PrivateKey": "changeMe"}'),
        })
        new CfnOutput(this, 'SecretName', { value: secret.secretName });
        new CfnOutput(this, 'UpdateSecretCommand', {
            value: `aws secretsmanager update-secret --secret-id ${secret.secretName}`+ ' --secret-string "{\\"PublicKey\\":\\"${MONGO_ATLAS_PUBLIC_KEY}\\",\\"PrivateKey\\":\\"${MONGO_ATLAS_PRIVATE_KEY}\\"}"'
        })
    }
}

[Bug]: Error when trying to deploy a AtlasServerlessBasic construct

Is there an existing issue for this?

I have searched the existing issues

CDK package version

v2.110.1

CFN Resource version

v2.1.0

CFN Resource Region

us-east-1

Current Behavior

I get this error when trying to use the Construct AtlasServerlessBasic: Resource handler returned message: "Unable to complete request: runtime error: invalid memory address or nil pointer dereference" (RequestToken: 1bfd9635-0a9e-bf60-9ef8-e7da011f65b0, HandlerErrorCode: GeneralServiceException)

I have just coppy/paste the serverless example avaible within this repo: https://github.com/mongodb/awscdk-resources-mongodbatlas/blob/main/examples/l3-resources/atlas-serverless-basic.ts

AWS CDK code to reproduce the issue

// This CDK L3 example creates a MongoDB Atlas project, cluster, databaseUser, and projectIpAccessList
import * as cdk from "aws-cdk-lib";
import { Construct } from "constructs";
import {
  AtlasServerlessBasic,
  ServerlessInstanceProviderSettingsProviderName,
} from "awscdk-resources-mongodbatlas";

interface AtlasStackProps {
  readonly orgId: string;
  readonly profile: string;
  readonly region: string;
  readonly ip: string;
  readonly continuousBackupEnabled: boolean;
  readonly terminationProtectionEnabled: boolean;
}

export class ToremoveStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const atlasProps = this.getContextProps();
    const atlasBasic = new AtlasServerlessBasic(this, "AtlasServerlessBasic", {
      serverlessProps: {
        projectId: atlasProps.orgId,
        profile: atlasProps.profile,
        continuousBackupEnabled: true,
        providerSettings: {
          providerName:
            ServerlessInstanceProviderSettingsProviderName.SERVERLESS,
        },
        terminationProtectionEnabled: true,
      },
      projectProps: {
        orgId: atlasProps.orgId,
      },

      ipAccessListProps: {
        accessList: [
          { ipAddress: atlasProps.ip, comment: "My first IP address" },
        ],
      },
      profile: atlasProps.profile,
    });
  }

  getContextProps(): AtlasStackProps {
    const orgId = this.node.tryGetContext("orgId");
    if (!orgId) {
      throw "No context value specified for orgId. Please specify via the cdk context.";
    }
    const profile = this.node.tryGetContext("profile") ?? "default";
    const terminationProtectionEnabled = this.node.tryGetContext(
      "terminationProtectionEnabled"
    );
    const continuousBackupEnabled = this.node.tryGetContext(
      "continuousBackupEnabled"
    );
    const region = this.node.tryGetContext("region") ?? "US_EAST_1";
    const ip = this.node.tryGetContext("ip");
    if (!ip) {
      throw "No context value specified for ip. Please specify via the cdk context.";
    }

    return {
      orgId,
      terminationProtectionEnabled,
      continuousBackupEnabled,
      profile,
      region,
      ip,
    };
  }
}

Steps To Reproduce

cdk deploy --context orgId="5aba5de1c0c6e3**********" --context ip="37...*"

cdk synth

Resources:
  AtlasServerlessBasicprojectAtlasServerlessBasic2405B456:
    Type: MongoDB::Atlas::Project
    Properties:
      Name: atlas-project-4172791
      OrgId: 5aba5de1c0c6e3**********
      Profile: default
    Metadata:
      aws:cdk:path: ToremoveStack/AtlasServerlessBasic/project-AtlasServerlessBasic
  AtlasServerlessBasicserverlessAtlasServerlessBasic7186EADE:
    Type: MongoDB::Atlas::ServerlessInstance
    Properties:
      ContinuousBackupEnabled: true
      Name: atlas-serverless-2479174
      ProjectID: 5aba5de1c0c6e3**********
      ProviderSettings:
        ProviderName: SERVERLESS
      TerminationProtectionEnabled: true
      Profile: default
    DependsOn:
      - AtlasServerlessBasicprojectAtlasServerlessBasic2405B456
    Metadata:
      aws:cdk:path: ToremoveStack/AtlasServerlessBasic/serverless-AtlasServerlessBasic
  AtlasServerlessBasicdbuserAtlasServerlessBasic9A045D20:
    Type: MongoDB::Atlas::DatabaseUser
    Properties:
      DatabaseName: admin
      Password: atlas-pwd
      ProjectId:
        Fn::GetAtt:
          - AtlasServerlessBasicprojectAtlasServerlessBasic2405B456
          - Id
      Roles:
        - DatabaseName: admin
          RoleName: atlasAdmin
      Username: atlas-user
      Profile: default
    DependsOn:
      - AtlasServerlessBasicprojectAtlasServerlessBasic2405B456
    Metadata:
      aws:cdk:path: ToremoveStack/AtlasServerlessBasic/db-user-AtlasServerlessBasic
  AtlasServerlessBasicipaccesslistAtlasServerlessBasic601CE395:
    Type: MongoDB::Atlas::ProjectIpAccessList
    Properties:
      AccessList:
        - Comment: My first IP address
          IPAddress: 37.174.230.4
      ProjectId:
        Fn::GetAtt:
          - AtlasServerlessBasicprojectAtlasServerlessBasic2405B456
          - Id
      Profile: default
    DependsOn:
      - AtlasServerlessBasicprojectAtlasServerlessBasic2405B456
    Metadata:
      aws:cdk:path: ToremoveStack/AtlasServerlessBasic/ip-access-list-AtlasServerlessBasic
  CDKMetadata:
    Type: AWS::CDK::Metadata
    Properties:
      Analytics: v2:deflate64:H4sIAAAAAAAA/yXGuw2AIBAA0Fno4QQqezbACRAwOdAj4aOFcXdjrN7ToNQMkrmrCR+y2HGFe+nOZ242srGVUX38bgoF7Fjo4VRChNSmU0tQEiRLDVHUQR2PCPb3Bfs2JZJaAAAA
    Metadata:
      aws:cdk:path: ToremoveStack/CDKMetadata/Default
    Condition: CDKMetadataAvailable
Conditions:
  CDKMetadataAvailable:
    Fn::Or:
      - Fn::Or:
          - Fn::Equals:
              - Ref: AWS::Region
              - af-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-east-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-northeast-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-northeast-2
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-southeast-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-southeast-2
          - Fn::Equals:
              - Ref: AWS::Region
              - ca-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - cn-north-1
          - Fn::Equals:
              - Ref: AWS::Region
              - cn-northwest-1
      - Fn::Or:
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-north-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-2
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-3
          - Fn::Equals:
              - Ref: AWS::Region
              - il-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - me-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - me-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - sa-east-1
      - Fn::Or:
          - Fn::Equals:
              - Ref: AWS::Region
              - us-east-1
          - Fn::Equals:
              - Ref: AWS::Region
              - us-east-2
          - Fn::Equals:
              - Ref: AWS::Region
              - us-west-1
          - Fn::Equals:
              - Ref: AWS::Region
              - us-west-2
Parameters:
  BootstrapVersion:
    Type: AWS::SSM::Parameter::Value<String>
    Default: /cdk-bootstrap/hnb659fds/version
    Description: Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]
Rules:
  CheckBootstrapVersion:
    Assertions:
      - Assert:
          Fn::Not:
            - Fn::Contains:
                - - "1"
                  - "2"
                  - "3"
                  - "4"
                  - "5"
                - Ref: BootstrapVersion
        AssertDescription: CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.

Code of Conduct

I agree to follow this project's Code of Conduct

CfnPrivateEndpoint for a dedicated cluster or serverless instance

According to the document, the private endpoint could for a dedicated cluster or a serverless instance.

Looking at CfnPrivateEndpoint, it's not clear to me how to control if it's provisioned for a dedicated cluster or a serverless instance.

If I create a PrivateEndpoint like this:

  EndpointEEF1FD8F:
    Type: MongoDB::Atlas::PrivateEndpoint
    Properties:
      Profile: my-mongo-profile
      GroupId:
        Fn::GetAtt:
          - ServerlessInstanceprojectServerlessInstanceFFBB5263
          - Id
      Region: us-east-1
      PrivateEndpoints:
        - VpcId: vpc-1f5b7e78
          SubnetIds:
            - subnet-071c85610846aa9c0
            - subnet-0ef7ac49e1edb06e4
            - subnet-0e2177a10a166f87d

And check the console, it 's actually a private endpoint for a dedicated cluster.

Please clarify how to create a private endpoint for a serverless instance instead.

To Reproduce
Steps to reproduce the behavior:
Create the CfnPrivateEndpoint as provided in:

awscdk-resources-mongodbatlas/examples/l1-resources/private-endpoint.ts

Lines 13 to 30 in 257987e

    
           export class CdkTestingStack extends cdk.Stack { 
        
             constructor(scope: Construct, id: string, props?: cdk.StackProps) { 
        
               super(scope, id, props); 
        
               const atlasProps = this.getContextProps(); 
        
               const myPrivateEndpoint = new CfnPrivateEndpoint (this, "privateEndpoint", { 
        
                 projectId: atlasProps.projId, 
        
                 profile:  atlasProps.profile, 
        
                 region: atlasProps.region, 
        
                 privateEndpoints: [ 
        
                     { 
        
                       vpcId: atlasProps.vpcId, 
        
                       subnetIds: [atlasProps.subnetId] 
        
                     } 
        
                 ], 
        
               }); 
        
             }

Expected behavior
To clarify how to control whether it's for a dedicated cluster or a serverless instance.

Screenshots
If applicable, add screenshots to help explain your problem.

Please complete the following information:

CFN resource version
AWS region where you are running the CFN stack
CDK constructor type and version
Copy of the output of cdk synth

Additional context
Add any other context about the problem here.

CDK deployment is requiring a non empty ip access list

Describe the bug

CDK deployment is requiring a non empty ip access list

To Reproduce
Steps to reproduce the behavior:

Deploy a basic mongo instance and set either:

ipAccessListProps: {
          accessList: [
          
          ],
        },

or don't set ipAccessListProps at all.

Expected behavior

The cluster stands up with no IP access provioned. E.g. we're using a private endpoint and don't want/need any IP access to the cluster.

We also tried expiring ip access as a short term solution, but it prevents stacks from deploying after the IP address has expired (we get errors like "You have no entry in the accesslist. You should use CREATE instead of UPDATE"

Screenshots

This issue was created to test the automation - TEST ANDREA

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

Go to '...'
Click on '....'
Scroll down to '....'
See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Please complete the following information:

CFN resource version
AWS region where you are running the CFN stack
CDK constructor type and version
Copy of the output of cdk synth

Additional context
Add any other context about the problem here.

Getting "Unable to complete request: runtime error: invalid memory address or nil pointer dereference"

Describe the bug

Trying to use AtlasServerlessBasic and getting Unable to complete request: runtime error: invalid memory address or nil pointer dereference.

To Reproduce

export class Database extends Construct {
	public readonly db: AtlasServerlessBasic;
	constructor(scope: Construct, id: string) {
		super(scope, id);

		this.db = new AtlasServerlessBasic(this, "Atlas", {
			projectProps: {
				orgId,
			},
			serverlessProps: {
				providerSettings: {
					providerName:
						ServerlessInstanceProviderSettingsProviderName.SERVERLESS,
					regionName: "us-east-1",
				},
			},
		});
	}
}

Result:

BackendStack: creating CloudFormation changeset...
8:35:44 PM | CREATE_FAILED        | MongoDB::Atlas::Project             | DbAtlasprojectAtlasD74EA035
Resource handler returned message: "Unable to complete request: runtime error: invalid memory address or nil pointer dereference" (
RequestToken: 76c88339-044c-f9f9-3ab2-252d1fc96525, HandlerErrorCode: GeneralServiceException)

Expected behavior
Properly deploy a AtlasServerlessBasic instance.

Please complete the following information:

CFN resource version : 2.0.0
AWS region where you are running the CFN stack: eu-west-3 (tried in us-east-1
CDK constructor type and version: awscdk-resources-mongodbatlas@npm:3.0.0
Copy of the output of cdk synth

CfnPrivateEndpoint - Error creating vcp Endpoint: MissingEndpoint: 'Endpoint' configuration is required for this service"

Describe the bug

When I create the private endpoint with CfnPrivateEndpoint, it returns the error

2:18:08 AM | CREATE_FAILED        | MongoDB::Atlas::PrivateEndpoint    | EndpointEEF1FD8F
Resource handler returned message: "Error creating vcp Endpoint: MissingEndpoint: 'Endpoint' configuration is required for this service" (RequestToken: 29ba9868-d806-8dd3-b458-caccedb2e7eb, HandlerErrorCode: G
eneralServiceException)

To Reproduce
Steps to reproduce the behavior:

new CfnPrivateEndpoint(demoStack, 'Resource', {
  groupId: serverless.project.projectId,
  region: 'US_EAST_1',
  profile: secretProfile,
  privateEndpoints: [
    {
      vpcId: 'vpc-1f5b7e78',
      subnetIds: [
        'subnet-071c85610846aa9c0',
        'subnet-0ef7ac49e1edb06e4',
        'subnet-0e2177a10a166f87d',
      ],
    },
  ],
});

Expected behavior
The private endpoint should be created.

Screenshots
If applicable, add screenshots to help explain your problem.

Looks like the Atlas Endpoint Service was created successfully but the cfn handler didn't create the awsvpc endpoint correctly but I am not sure.

Please complete the following information:

CFN resource version
AWS region where you are running the CFN stack
us-east-1
CDK constructor type and version
CfnPrivateEndpoint from awscdk-resources-mongodbatlas 1.0.2
Copy of the output of cdk synth

Resources:
 ServerlessInstanceprojectServerlessInstanceFFBB5263:
   Type: MongoDB::Atlas::Project
   Properties:
     Name: project-projectServerlessInstance
     OrgId: 618cb365c835351df903f6ba
     Profile: my-mongo-profile
   Metadata:
     aws:cdk:path: mongodb-demo-stack/ServerlessInstance/projectServerlessInstance/Resource
 ServerlessInstance12909029:
   Type: MongoDB::Atlas::ServerlessInstance
   Properties:
     ContinuousBackupEnabled: true
     Name: my-serverless-instance
     ProjectID:
       Fn::GetAtt:
         - ServerlessInstanceprojectServerlessInstanceFFBB5263
         - Id
     ProviderSettings:
       ProviderName: SERVERLESS
       RegionName: US_EAST_1
     TerminationProtectionEnabled: false
     Profile: my-mongo-profile
   Metadata:
     aws:cdk:path: mongodb-demo-stack/ServerlessInstance/Resource
 Resource:
   Type: MongoDB::Atlas::PrivateEndpoint
   Properties:
     Profile: my-mongo-profile
     GroupId:
       Fn::GetAtt:
         - ServerlessInstanceprojectServerlessInstanceFFBB5263
         - Id
     Region: US_EAST_1
     PrivateEndpoints:
       - VpcId: vpc-1f5b7e78
         SubnetIds:
           - subnet-071c85610846aa9c0
           - subnet-0ef7ac49e1edb06e4
           - subnet-0e2177a10a166f87d
   Metadata:
     aws:cdk:path: mongodb-demo-stack/Resource
 CDKMetadata:
   Type: AWS::CDK::Metadata
   Properties:
     Analytics: v2:deflate64:H4sIAAAAAAAA/zPSszDQM1BMLC/WTU7J1s3JTNKrDi5JTM7WCUotzi8tSk7VcU7L8y8tKSgtAbFgorU6efkpqXpZxfplhhZ6hmZ6hopZxZmZukWleSWZual6QRAaANHRqw5fAAAA
   Metadata:
     aws:cdk:path: mongodb-demo-stack/CDKMetadata/Default
Outputs:
 ServerlessInstanceConnectionStringB32B56D6:
   Value:
     Fn::GetAtt:
       - ServerlessInstance12909029
       - ConnectionStrings.StandardSrv
Parameters:
 BootstrapVersion:
   Type: AWS::SSM::Parameter::Value<String>
   Default: /cdk-bootstrap/hnb659fds/version
   Description: Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]
Rules:
 CheckBootstrapVersion:
   Assertions:
     - Assert:
         Fn::Not:
           - Fn::Contains:
               - - "1"
                 - "2"
                 - "3"
                 - "4"
                 - "5"
               - Ref: BootstrapVersion
       AssertDescription: CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.

Additional context
Add any other context about the problem here.

Creation of database trigger with match expression fails

Note: I also filed this issue under mongodbatlas-cloudformation-resources/issues/592 because I do not know if this is a CDK related problem or related to the underlying CloudFormation resources.

I try to use the CfnTrigger construct to create a database trigger:

new CfnTrigger(this, 'trigger', {
            name,
            projectId,
            appId,
            type: 'DATABASE',
            databaseTrigger: {
                serviceId,
                database,
                collection,
                operationTypes: [DatabaseConfigOperationTypes.UPDATE],
                match: {
                    $expr: {
                        $and: [
                            {
                                $eq: ['$fullDocument.availability.value', 'AVAILABLE']
                            },
                            {
                                $ne: ['$fullDocument.retailPrice', '$fullDocumentBeforeChange.retailPrice']
                            }
                        ]
                    }
                },
            },
            eventProcessors: {
                awseventbridge: {
                    awsConfig: {
                        region,
                        accountId
                    }
                }
            }
        });

Deploying this construct results in the following failure.

9:14:31 AM | CREATE_FAILED        | MongoDB::Atlas::Trigger | triggerCD2FF5BD
Resource handler returned message: "Unable to complete request: Marshaling: Unable to convert type
caused by: Unsupported type interface {}" (RequestToken: 993412b5-8ea7-4a60-c3f6-e7983d7e9c57, HandlerErrorCode: GeneralServiceException)

When the match property is removed then the trigger is deployed successfully.

AtlasServerlessBasic: regionName is required for providerSettings

Is there an existing issue for this?

I have searched the existing issues

CDK package version

v2.126.0

CFN Resource version

serverlessInstance 2.0

CFN Resource Region

us-east-1

Current Behavior

regionName is missing in the example:

providerSettings

And is getting this error when deploying in us-east-1 region.

11:01:01 AM | CREATE_FAILED        | MongoDB::Atlas::ServerlessInstance  | serverlessbasicser...rlessbasic9E036B18
Resource handler returned message: "https://cloud.mongodb.com/api/atlas/v2/groups/65b800f1217f9764a18e2170/serverless POST: HTTP 400 Bad Request
(Error code: "INVALID_REGION") Detail: No region  exists for provider AWS. Reason: Bad Request. Params: [ AWS]" (RequestToken: 9f51cf34-a9e0-e10
8-0d99-f87200345b7f, HandlerErrorCode: InvalidRequest)

Just add this property to fix it.

providerSettings: {
          providerName: ServerlessInstanceProviderSettingsProviderName.SERVERLESS,
          regionName: 'US_EAST_1',
        },

AWS CDK code to reproduce the issue

see above

Steps To Reproduce

see above

cdk synth

n/a

Code of Conduct

I agree to follow this project's Code of Conduct

How to expose CDC to kafka through CDK?

As we are required to plug Mongodb CDC to kafka. How to configure that through CDK please? We are using AtlasBasicPrivateEndpoint constrcut

Publishing v3.2.0 to Maven Central failed

See https://github.com/mongodb/awscdk-resources-mongodbatlas/actions/runs/8247417330

Internal Failure when creating CfnProject

Describe the bug
Getting the below error when attempting to create a CfnProject resource.

7:34:16 AM | CREATE_FAILED        | MongoDB::Atlas::Project     | EnvMongoAtlasEnvironmentProject69A3D7D5
Internal Failure

To Reproduce
Steps to reproduce the behavior:

After following all the prerequisites, setting up an Organization API Key, activating the cloudformation extensions etc...
Run the included (below) cdk construct, with env variables for the API public/private keys.
After a few minutes will receive the Internal Failure error.

Expected behavior
I am expecting the CDK to deploy successfully and to have a project created within Mongo Atlas.

Please complete the following information:

CFN resource version:

"node_modules/awscdk-resources-mongodbatlas": {
     "version": "3.0.0",
     "resolved": "https://registry.npmjs.org/awscdk-resources-mongodbatlas/-/awscdk-resources-mongodbatlas-3.0.0.tgz",
     "integrity": "sha512-qN6Or5seD2eYjzv6IaNh16+Zq8pxevI2WN9HoxL4ZCNJKq7TkCHO9NPGfu1a4jtmTW1xdNbztOin2rmj0r7ejQ==",
     "peerDependencies": {
       "aws-cdk-lib": "^2.103.0",
       "constructs": "^10.0.5"
     }
   },

AWS region where you are running the CFN stack: Ohio us-east-2
CDK constructor type and version: CfnProject
Copy of the output of cdk synth

Resources:
  EnvMongoAtlasEnvironmentSecretF9D8568A:
    Type: AWS::SecretsManager::Secret
    Properties:
      Description: Environment (my-env) Secret used for MongoDB Atlas Cloud Formation api keys.
      Name: cfn/atlas/profile/env-my-env
      SecretString: '{"PublicKey":"MY_PUB_KEY","PrivateKey":"MY_PRIV_KEY"}'
    UpdateReplacePolicy: Delete
    DeletionPolicy: Delete
    Metadata:
      aws:cdk:path: FooStack/Env/MongoAtlasEnvironmentSecret/Resource
  EnvMongoAtlasEnvironmentProject69A3D7D5:
    Type: MongoDB::Atlas::Project
    Properties:
      Name: TEST_PROJ
      OrgId: `MY_ORG_ID_HERE`
      ProjectSettings:
        IsCollectDatabaseSpecificsStatisticsEnabled: false
        IsDataExplorerEnabled: false
        IsExtendedStorageSizesEnabled: true
        IsPerformanceAdvisorEnabled: true
        IsRealtimePerformancePanelEnabled: false
        IsSchemaAdvisorEnabled: true
      Profile: env-my-env
      ProjectApiKeys:
        - Key: MY_PUB_KEY_HERE
          RoleNames:
            - GROUP_CLUSTER_MANAGER
      RegionUsageRestrictions: NONE
    UpdateReplacePolicy: Delete
    DeletionPolicy: Delete
    Metadata:
      aws:cdk:path: FooStack/Env/MongoAtlasEnvironmentProject
  CDKMetadata:
    Type: AWS::CDK::Metadata
    Properties:
      Analytics: v2:deflate64:H4sIAAAAAAAA/zPSMzQ00DNQTCwv1k1OydbNyUzSqw4uSUzO1gEKxRenJhellhTnJuYlpqcWAWXAfB3ntDwIqxbEDEotzi8tSk6t1cnLT0nVyyrWLzMy0DMHmppVnJmpW1SaV5KZm6oXBKEBtNn+OHIAAAA=
    Metadata:
      aws:cdk:path: FooStack/CDKMetadata/Default
Parameters:
  BootstrapVersion:
    Type: AWS::SSM::Parameter::Value<String>
    Default: /cdk-bootstrap/hnb659fds/version
    Description: Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]
Rules:
  CheckBootstrapVersion:
    Assertions:
      - Assert:
          Fn::Not:
            - Fn::Contains:
                - - "1"
                  - "2"
                  - "3"
                  - "4"
                  - "5"
                - Ref: BootstrapVersion
        AssertDescription: CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.

Additional context
Here is the CDK code that I am using...

    /********************************************************************/
    // ATLAS API KEY SECRET
    /********************************************************************/
    const mongoDBAtlasSecretShortProfileName = `env-${this.#_environmentName}`;
    const mongoDBAtlasSecretProfileName = `cfn/atlas/profile/${mongoDBAtlasSecretShortProfileName}`;

    //createMongoDBAtlasSecret
    const mongoDBAtlasSecret = new secretsmanager.Secret(this, 'MongoAtlasEnvironmentSecret', {
      secretName: mongoDBAtlasSecretProfileName,
      description: `Environment (${this.#_environmentName}) Secret used for MongoDB Atlas Cloud Formation api keys.`,
      secretObjectValue: {
        PublicKey: cdk.SecretValue.unsafePlainText(this.#_mongoPublicKey),
        PrivateKey: cdk.SecretValue.unsafePlainText(this.#_mongoPrivateKey),
      },
    });
    mongoDBAtlasSecret.applyRemovalPolicy(cdk.RemovalPolicy.DESTROY);


    /********************************************************************/
    // SETUP/RETRIEVE ATLAS PROJECT
    /********************************************************************/
    const atlasProject = new CfnProject(this, 'MongoAtlasEnvironmentProject', {
      name: this.#_projectName,
      orgId: this.#_organizationId,
      profile: mongoDBAtlasSecretShortProfileName,
      regionUsageRestrictions: 'NONE',
      projectSettings: {
        isPerformanceAdvisorEnabled: true,//Flag that indicates whether to enable the Performance Advisor and Profiler for the specified project.
        isSchemaAdvisorEnabled: true,//Flag that indicates whether to enable the Schema Advisor for the specified project.
        isExtendedStorageSizesEnabled: true, //Flag that indicates whether to enable extended storage sizes for the specified project.
        isCollectDatabaseSpecificsStatisticsEnabled: false,//Flag that indicates whether to collect database-specific metrics for the specified project.
        isDataExplorerEnabled: false,//Flag that indicates whether to enable the Data Explorer for the specified project.
        isRealtimePerformancePanelEnabled: false,//Flag that indicates whether to enable the Real Time Performance Panel for the specified project.
      },
      projectApiKeys: [
        {
          key: this.#_mongoPublicKey,
          roleNames: ["GROUP_CLUSTER_MANAGER"]
        }
      ]
    });
    atlasProject.applyRemovalPolicy(cdk.RemovalPolicy.DESTROY);

[Bug]: Create a MongoDB Atlas serverless cluster using CDK

Is there an existing issue for this?

I have searched the existing issues

CDK package version

v2.110.1

CFN Resource version

v2.110.1

CFN Resource Region

us-east-1

Current Behavior

I am using SST and not directly CDK but this is not related, it looks like the interface of AtlasServerlessBasic i found here: https://constructs.dev/packages/awscdk-resources-mongodbatlas/v/3.1.0/api/AtlasServerlessBasicProps?lang=typescript may have some issues

I get the following error: Template format error: Unrecognized resource types: [MongoDB::Atlas::Project, MongoDB::Atlas::DatabaseUser, MongoDB::Atlas::ProjectIpAccessList, MongoDB::Atlas::ServerlessInstance]

AWS CDK code to reproduce the issue

new AtlasServerlessBasic(this, "Database", {
  projectProps: {
    orgId: "5aba***********",
  },
  serverlessProps: {}
});

Steps To Reproduce

Instantiate a AtlasServerlessBasic Construct with all the required parameters

cdk synth

No response

Code of Conduct

I agree to follow this project's Code of Conduct

Interoperatibility of cdk stack with mongodb web ui

Hi,

As we are creating mongodb atlas stack from cdk. the same is not reflecting in mongo db ui once created. in my view. there should be interoperability between these 2 systems.

Testing creation of GH issue

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

Go to '...'
Click on '....'
Scroll down to '....'
See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Please complete the following information:

CFN resource version
AWS region where you are running the CFN stack
CDK constructor type and version
Copy of the output of cdk synth

Additional context
Add any other context about the problem here.

[Bug]: CfnAccessListApiKey L1 Construct is missing from exports

Is there an existing issue for this?

I have searched the existing issues

CDK package version

v3.1.2

CFN Resource version

v3.1.2

CFN Resource Region

eu-west-2

Current Behavior

When trying to import the CfnAccessListApiKey from awscdk-resources-mongodbatlas, there's an error in the IDE saying that

Module '"awscdk-resources-mongodbatlas"' has no exported member 'CfnAccessListApiKey'.

AWS CDK code to reproduce the issue

It's a very simple use case. If you just try to add an import statement like the following you'll see the problem

import { CfnAccessListApiKey } from 'awscdk-resources-mongodbatlas';

Possible problem:
The whole ./l1-resources/access-list-api-key directory has been missed from the exports.
As soon as I added it back to the src/index.ts for testing, the error disappeared.

Steps To Reproduce

import { CfnAccessListApiKey } from 'awscdk-resources-mongodbatlas';

cdk synth

n/a

Code of Conduct

I agree to follow this project's Code of Conduct

Publishing v3.1.1 to PyPI failed

See https://github.com/mongodb/awscdk-resources-mongodbatlas/actions/runs/7787267696

L2 constructs for Cluster, Project, ServerlessInstance, NetworkPeering and PrivateEndpoint etc.

Is your feature request related to a problem? Please describe.
At this moment, we are still missing a lot of frequent L2 constructs including Cluster, ServerlessInstance and Project.

The general idea of the L2 construct is:

It allows developer to create MongoDB Atlas resources with sensible defaults with very minimal required properties only for a single CfnResource.
It allows to create a "reference" object from existing resource with the from methods such as Xxx.fromAttributes() or Xxx.fromXxxId().
It offers opinionated construct methods such as Xxx.addCluster() or Xxx.addComponent().
As all L2s are extended from CfnResource, they inherit some build-in capabilities as static methods defined in the CfnResource class.

Let's take CfnProject for example, the L2 Project should look like this:

import { Resource, ResourceProps } from 'aws-cdk-lib';
import { CfnProject } from 'awscdk-resources-mongodbatlas';
import { Construct } from 'constructs';
import { ProjectOptions } from './types';

export interface IProject {
  readonly clusterCount?: number;
  readonly projectId: string;
  readonly projectName: string;
  readonly created?: string;
  readonly projectOwnerId: string;
}

export interface ProjectAttributes {
  readonly projectId: string;
  readonly projectName: string;
  readonly projectOwnerId: string;
}

export interface ProjectProps extends ResourceProps, ProjectOptions {
  readonly profile: string;
}

export class Project extends Resource implements IProject {
  public static fromProjectAttributes(scope: Construct, id: string, attrs: ProjectAttributes): IProject {
    class Import extends Resource {
      public projectId = attrs.projectId;
      public projectName = attrs.projectName;
      public projectOwnerId = attrs.projectOwnerId;
    };
    return new Import(scope, id);
  }
  readonly clusterCount?: number;
  readonly projectId: string;
  readonly created?: string;
  readonly projectOwnerId: string;
  readonly projectName: string;

  constructor(scope: Construct, id: string, props: ProjectProps) {
    super(scope, id);

    this.projectName = props.name ?? `project-${id}`;
    const resource = new CfnProject(this, 'Resource', {
      ...props,
      profile: props.profile,
      orgId: props.orgId,
      name: this.projectName,
    });
    this.clusterCount = resource.attrClusterCount;
    this.projectId = resource.attrId;
    this.created = resource.attrCreated;
    this.projectOwnerId = resource.attrProjectOwnerId;
  }
}

And customer can create a single Project by

const newProject = new Project(scope, id, {
  profile: 'default',
});

Or simply import an existing one as a reference object like

const existingProject = Project.fromProjectAttributes(scope, id, {
   projectId,
   projectName: 'my-manual-created-project',
   projectOwnerId: 'the-owner-id',
});

And when we create a single cluster in an existing project we should be allowed to

new Cluster(scope, id, {
    project: existingProject,
    ...

Similarly, if we need to build a VPC Peering with L2 construct, the DX should be like

// define my existing VPC
const vpc = ec2.Vpc.fromLookup(scope, 'Vpc', { isDefault: true});

// create a new VPC Peering for an existing project with an existing VPC from AWS.
new NetworkPeering(scope, id, {
    project: existingProject,
    vpc: existingVpc,
};

which implicitly assume routeTableCidrBlock as props.vpc.vpcCidrBlock and awsAccountId the deploying AWS account ID by default unless explicitly defined.

This makes the L2 experience consistent with AWS CDK if customers are running both AWS services such as Amazon API Gateway, AWS Lambda, Amazon ECS, Amazon EKS with MongoDB Atlas resources altogether in a single CDK application.

Describe the solution you'd like

As mentioned above, we should provide some most frequently used L2 constructs such as Cluster, Project, ServerlessInstance, etc.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

I will start working on PRs for some L2s mentioned above. The goal is to build seamless and consistent developer experience to create MongoDB Atlas resources in AWS.

Manage Shared instance

Is your feature request related to a problem? Please describe.
Is creating Shared M0 instance feasible ? if yes how ?

Describe the solution you'd like
Add new clusterType: "SHARED"

Need ability to lookup existing resources such as Project and Cluster

Is your feature request related to a problem? Please describe.
The AWS CDK allows you to access existing resources via static methods such as this one that allows you to lookup an existing VPC. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Vpc.html#static-fromwbrlookupscope-id-options

I need the ability to lookup existing projects, clusters etc to make modifications to them.

Describe the solution you'd like
Here is the scenario... I have one stack that lays down the main infrastructure of the application including the mongo Atlas Cluster. I then have individual stacks that are my deployable services that add database users, roles etc... to the project and cluster. It would be nice to look these up instead of passing direct handles to the Project and Cluster constructs.

Allow specifying tags for l3 atlas cluster resources

Is your feature request related to a problem? Please describe.
Currently specifying cluster tags is possible only in l1 resources and not possible in l3 resources.

Describe the solution you'd like
It would be nice to be able to tag cluster also using l3 resources.

Describe alternatives you've considered
Use l1 resources instead of l3.
Try to apply tags to the stack and pray they will be applied by CloudFormation.

[Bug]: Creating Cluster as per L1 Cluster example fails (COMPUTE_AUTO_SCALING_MAX_INSTANCE_SIZE_REQUIRED)

Is there an existing issue for this?

I have searched the existing issues

CDK package version

3.3.0

CFN Resource version

MongoDB::Atlas::Cluster v2.0.0

CFN Resource Region

eu-west-2

Current Behavior

When I deploy a cluster using the CfnCluster resource in CDK exactly as https://github.com/mongodb/awscdk-resources-mongodbatlas/blob/main/examples/l1-resources/cluster.ts the stack creation fails on creating the cluster itself with the error:

Resource handler returned message: "https://cloud.mongodb.com/api/atlas/v2/groups/661d67652954641210cbb2d1/clusters POST: HTTP 400 Bad Request (Error code: "COMPUTE_AUTO_SCALING_MAX_INSTANCE_SIZE_REQUIRED") Detail: Compute auto-scaling max instance size required. Reason: Bad Request. Params: []" (RequestToken: 6346e8cb-ec23-788c-b345-f53365eaab9d, HandlerErrorCode: InvalidRequest)

AWS CDK code to reproduce the issue

// This example creates a project and a cluster in Atlas using the L1 resources.
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { CfnProject, CfnCluster } from 'awscdk-resources-mongodbatlas';

interface AtlasStackProps {
  readonly orgId: string;
  readonly profile: string;
  readonly projName: string;
  readonly clusterName: string;
  readonly clusterType: string;
  readonly instanceSize: string;
  readonly region: string;
}

export class CdkTestingStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const atlasProps = this.getContextProps();

    const projectRes = new CfnProject(this, 'ProjectResource', {
      name: atlasProps.projName,
      orgId: atlasProps.orgId,
      profile: atlasProps.profile
    });

    const clusterRes = new CfnCluster(this, 'ClusterResource', {
      name: atlasProps.clusterName,
      projectId: projectRes.attrId,
      profile: atlasProps.profile,
      clusterType: atlasProps.clusterType,
      backupEnabled: true,
      pitEnabled: false,
      replicationSpecs: [{
        numShards: 1,
        advancedRegionConfigs: [{
          autoScaling: {
            diskGb: {
              enabled: true,
            },
            compute: {
              enabled: false,
              scaleDownEnabled: false,
            },
          },
          analyticsSpecs: {
            ebsVolumeType: "STANDARD",
            instanceSize: atlasProps.instanceSize,
            nodeCount: 3,
          },
          electableSpecs: {
            ebsVolumeType: "STANDARD",
            instanceSize: atlasProps.instanceSize,
            nodeCount: 3,
          },
          readOnlySpecs: {
            ebsVolumeType: "STANDARD",
            instanceSize: atlasProps.instanceSize,
            nodeCount: 3,
          },
          priority: 7,
          regionName: atlasProps.region,
        }]
      }]
    });

  }

  getContextProps(): AtlasStackProps {
    const orgId = this.node.tryGetContext('orgId');
    if (!orgId){
      throw "No context value specified for orgId. Please specify via the cdk context."
    }
    const projName = this.node.tryGetContext('projName') ?? 'test-proj';
    const profile = this.node.tryGetContext('profile') ?? 'default';
    const clusterName = this.node.tryGetContext('clusterName') ?? 'test-cluster';
    const clusterType = this.node.tryGetContext('clusterType') ?? 'REPLICASET';
    const instanceSize = this.node.tryGetContext('instanceSize') ?? "M10";
    const region = this.node.tryGetContext('region') ?? "US_EAST_1";

    return {
      projName,
      orgId,
      profile,
      clusterName,
      clusterType,
      instanceSize,
      region,
    }
  }
}

Steps To Reproduce

In AWS EU-WEST-2, running as an IAM role with full admin privileges,

cdk deploy ClusterStack --context orgId="myOrgId" --context profile="bitbucket"

Some resources create OK but the cluster always fails with this 400

cdk synth

PS C:\dev\mongodb-atlas\cdk> aws-vault exec sandbox-access -- cdk synth  ClusterStack --context orgId="61ba14795267585ea58d41e4" --context profile="bitbucket"
Resources:
  ProjectResource:
    Type: MongoDB::Atlas::Project
    Properties:
      Name: shared-cluster
      OrgId: 61ba14795267585ea58d41e4
      Profile: bitbucket
    Metadata:
      aws:cdk:path: ClusterStack/ProjectResource
  ClusterResource:
    Type: MongoDB::Atlas::Cluster
    Properties:
      BackupEnabled: false
      ClusterType: REPLICASET
      Profile: bitbucket
      ProjectId:
        Fn::GetAtt:
          - ProjectResource
          - Id
      Name: shared-cluster
      PitEnabled: false
      ReplicationSpecs:
        - NumShards: 1
          AdvancedRegionConfigs:
            - AutoScaling:
                DiskGB:
                  Enabled: true
                Compute:
                  Enabled: true
                  ScaleDownEnabled: false
              RegionName: EU_WEST_2
              AnalyticsSpecs:
                EbsVolumeType: STANDARD
                InstanceSize: M10
                NodeCount: 3
              ElectableSpecs:
                EbsVolumeType: STANDARD
                InstanceSize: M10
                NodeCount: 3
              Priority: 7
              ReadOnlySpecs:
                EbsVolumeType: STANDARD
                InstanceSize: M10
                NodeCount: 3
    Metadata:
      aws:cdk:path: ClusterStack/ClusterResource
  CDKMetadata:
    Type: AWS::CDK::Metadata
    Properties:
      Analytics: v2:deflate64:H4sIAAAAAAAA/zPSMzQ21zNQTCwv1k1OydbNyUzSqw4uSUzO1nFOywtKLc4vLUpOBbGd8/NSMksy8/NqdfLyU1L1sor1y4wM9AwN9QwVs4ozM3WLSvNKMnNT9YIgNAD3XMr5WgAAAA==
    Metadata:
      aws:cdk:path: ClusterStack/CDKMetadata/Default
    Condition: CDKMetadataAvailable
Conditions:
  CDKMetadataAvailable:
    Fn::Or:
      - Fn::Or:
          - Fn::Equals:
              - Ref: AWS::Region
              - af-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-east-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-northeast-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-northeast-2
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-southeast-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-southeast-2
          - Fn::Equals:
              - Ref: AWS::Region
              - ca-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - cn-north-1
          - Fn::Equals:
              - Ref: AWS::Region
              - cn-northwest-1
      - Fn::Or:
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-north-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-2
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-3
          - Fn::Equals:
              - Ref: AWS::Region
              - il-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - me-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - me-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - sa-east-1
      - Fn::Or:
          - Fn::Equals:
              - Ref: AWS::Region
              - us-east-1
          - Fn::Equals:
              - Ref: AWS::Region
              - us-east-2
          - Fn::Equals:
              - Ref: AWS::Region
              - us-west-1
          - Fn::Equals:
              - Ref: AWS::Region
              - us-west-2
Parameters:
  BootstrapVersion:
    Type: AWS::SSM::Parameter::Value<String>
    Default: /cdk-bootstrap/hnb659fds/version
    Description: Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]
Rules:
  CheckBootstrapVersion:
    Assertions:
            - Fn::Contains:
                - - "1"
                  - "2"
                  - "3"
                  - "4"
                  - "5"
                - Ref: BootstrapVersion
        AssertDescription: CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.       


PS C:\dev\mongodb-atlas\cdk> aws-vault exec sandbox-access -- cdk synth  ClusterStack --context orgId="61ba14795267585ea58d41e4" --context profile="bitbucket" >cloudformation.yml
                             ^C                                                                                                           
PS C:\dev\mongodb-atlas\cdk> aws-vault exec sandbox-access -- cdk synth  ClusterStack --context orgId="61ba14795267585ea58d41e4" --context profile="bitbucket"                    
Resources:
  ProjectResource:
    Type: MongoDB::Atlas::Project
    Properties:
      Name: shared-cluster
      OrgId: 61ba14795267585ea58d41e4
      Profile: bitbucket
    Metadata:
      aws:cdk:path: ClusterStack/ProjectResource
  ClusterResource:
    Type: MongoDB::Atlas::Cluster
    Properties:
      BackupEnabled: false
      ClusterType: REPLICASET
      Profile: bitbucket
      ProjectId:
        Fn::GetAtt:
          - ProjectResource
          - Id
      Name: shared-cluster
      PitEnabled: false
      ReplicationSpecs:
        - NumShards: 1
          AdvancedRegionConfigs:
            - AutoScaling:
                DiskGB:
                  Enabled: true
                Compute:
                  Enabled: true
                  ScaleDownEnabled: false
              RegionName: EU_WEST_2
              AnalyticsSpecs:
                EbsVolumeType: STANDARD
                InstanceSize: M10
                NodeCount: 3
              ElectableSpecs:
                EbsVolumeType: STANDARD
                InstanceSize: M10
                NodeCount: 3
              Priority: 7
              ReadOnlySpecs:
                EbsVolumeType: STANDARD
                InstanceSize: M10
                NodeCount: 3
    Metadata:
      aws:cdk:path: ClusterStack/ClusterResource
  CDKMetadata:
    Type: AWS::CDK::Metadata
    Properties:
      Analytics: v2:deflate64:H4sIAAAAAAAA/zPSMzQ21zNQTCwv1k1OydbNyUzSqw4uSUzO1nFOywtKLc4vLUpOBbGd8/NSMksy8/NqdfLyU1L1sor1y4wM9AwN9QwVs4ozM3WLSvNKMnNT9YIgNAD3XMr5WgAAAA==
    Metadata:
      aws:cdk:path: ClusterStack/CDKMetadata/Default
    Condition: CDKMetadataAvailable
Conditions:
  CDKMetadataAvailable:
    Fn::Or:
      - Fn::Or:
          - Fn::Equals:
              - Ref: AWS::Region
              - af-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-east-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-northeast-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-northeast-2
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-southeast-1
          - Fn::Equals:
              - Ref: AWS::Region
              - ap-southeast-2
          - Fn::Equals:
              - Ref: AWS::Region
              - ca-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - cn-north-1
          - Fn::Equals:
              - Ref: AWS::Region
              - cn-northwest-1
      - Fn::Or:
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-north-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-1
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-2
          - Fn::Equals:
              - Ref: AWS::Region
              - eu-west-3
          - Fn::Equals:
              - Ref: AWS::Region
              - il-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - me-central-1
          - Fn::Equals:
              - Ref: AWS::Region
              - me-south-1
          - Fn::Equals:
              - Ref: AWS::Region
              - sa-east-1
      - Fn::Or:
          - Fn::Equals:
              - Ref: AWS::Region
              - us-east-1
          - Fn::Equals:
              - Ref: AWS::Region
              - us-east-2
          - Fn::Equals:
              - Ref: AWS::Region
              - us-west-1
          - Fn::Equals:
              - Ref: AWS::Region
              - us-west-2
Parameters:
  BootstrapVersion:
    Type: AWS::SSM::Parameter::Value<String>
    Default: /cdk-bootstrap/hnb659fds/version
    Description: Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip] 
Rules:
  CheckBootstrapVersion:
    Assertions:
      - Assert:
          Fn::Not:
            - Fn::Contains:
                - - "1"
                  - "2"
                  - "3"
                  - "4"
                  - "5"
                - Ref: BootstrapVersion
        AssertDescription: CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.

Code of Conduct

I agree to follow this project's Code of Conduct

Can't create FederatedDatabaseInstance

Describe the bug
Getting

 ❌  dev-Backend failed: Error: The stack named dev-Backend failed to deploy: UPDATE_ROLLBACK_COMPLETE: Properties validation failed for resource DbFederatedDb5570C1CE with message:
#: required key [CloudProviderConfig/RoleId] not found
#: required key [CloudProviderConfig/TestS3Bucket] not found
#: required key [DataProcessRegion/Region] not found

Tried to not specifying it at all since it is listed as optional :

  "DbFederatedDb5570C1CE": {
   "Type": "MongoDB::Atlas::FederatedDatabaseInstance",
   "Properties": {
    "DataProcessRegion": {
     "CloudProvider": "AWS",
     "Region": "eu-west-1"
    },
    "ProjectId": "xxxxxxxxxxxxxxxxxxxx",
    "TenantName": "dev",
    "SkipRoleValidation": true,
    "Storage": {
     "Databases": [
...
     ],
     "Stores": [
      {
       "Name": "dev",
       "Provider": "atlas",
       "ClusterName": "dev",
       "ProjectId": "xxxxxxxxxxxxxxxxxxxx",
       "ReadPreference": {
        "Mode": "secondary",
        "TagSets": []
       }
      }
     ]
    },
    "Profile": "main"
   },
   "Metadata": {
    "aws:cdk:path": "dev-Backend/Db/FederatedDb"
   }
  },

Tried to give some values:

"DbFederatedDb5570C1CE": {
   "Type": "MongoDB::Atlas::FederatedDatabaseInstance",
   "Properties": {
    "CloudProviderConfig": {
     "ExternalId": "fed",
     "RoleId": "yyyyyyyyyyyyyyyyyyyyyy",
     "TestS3Bucket": "test-buck"
    },
    "DataProcessRegion": {
     "CloudProvider": "AWS",
     "Region": "eu-west-1"
    },
    "ProjectId": "xxxxxxxxxxxxxxxxxxxx",
    "TenantName": "dev",
    "SkipRoleValidation": true,
    "Storage": {
...
    },
    "Profile": "main"
   },
   "Metadata": {
    "aws:cdk:path": "dev-Backend/Db/FederatedDb"
   }
  },

To Reproduce
Steps to reproduce the behavior:

Create a CDK project with the following resource:

this.federatedInstance = new CfnFederatedDatabaseInstance(
			this,
			"FederatedDb",
			{
				projectId: this.projectId,
				tenantName: props.tenantName,
				profile: this.node.tryGetContext("mongoDBProfileName"),
				dataProcessRegion: {
					cloudProvider: "AWS",
					region: "eu-west-1",
				},
                      });

Expected behavior
Federated database created

Screenshots
If applicable, add screenshots to help explain your problem.

Please complete the following information:

CFN resource version: Release date 2023-10-27 18:42:59 UTC+0200
AWS region where you are running the CFN stack: eu-west-3
CDK constructor type and version: 3.0.0
Copy of the output of cdk synth

This is GitHub issue was created to test an automation - ANDREA TEST

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

Go to '...'
Click on '....'
Scroll down to '....'
See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Please complete the following information:

CFN resource version
AWS region where you are running the CFN stack
CDK constructor type and version
Copy of the output of cdk synth

Additional context
Add any other context about the problem here.

[Bug]: Fail to create CfnAuditing

Is there an existing issue for this?

I have searched the existing issues

CDK package version

v3.3.0

CFN Resource version

v2.81.0

CFN Resource Region

us-east-1

Current Behavior

We want to enable Auditing for our clusters by using CfnAuditing construct, however, we get required key [ProjectId] not found #: extraneous key [GroupId] is not permitted error from CloudFormation when deploying our stack.

AWS CDK code to reproduce the issue

new atlas_mongo.CfnAuditing(this, 'Auditing', {
      groupId: projectId,
});

Steps To Reproduce

Create CfnAuditing construct with groupId set to projectId

cdk synth

No response

Code of Conduct

I agree to follow this project's Code of Conduct

Getting 'Entry already exists in the access list' when trying to use CfnProjectIpAccessList Construct

Describe the bug

I am trying to update the IP Access List on an existing Atlas project.

Here is how I am instantiating the CfnProjectIpAccessList construct:

new CfnProjectIpAccessList(this, 'MongoDBAtlasAccess', {
      projectId: 'MY PROJECT ID HERE',
      profile: 'proof-of-concepts',
      accessList: [
        {
          ipAddress: '0.0.0.0',
          comment: 'HI'
        }
      ]
    }).applyRemovalPolicy(cdk.RemovalPolicy.DESTROY);

To Reproduce

When I run CDK deploy I get:

failed: Error: The stack named DeltaServicesInfraStack failed to deploy: UPDATE_ROLLBACK_COMPLETE: Resource handler returned message: "Entry already exists in the access list" (RequestToken: fb55c6d0-9725-ed8f-5bb7-f9b8d19215bc, HandlerErrorCode: AlreadyExists)

I have tried deleting all entries and also different IP addresses, no luck.

Expected behavior

I am expecting to have the CDK deploy successfully and all entries (like 0.0.0.0 above) be found in my Projects IP Access List.

Please complete the following information:

CFN resource version : "awscdk-resources-mongodbatlas": "1.1.0",
AWS region where you are running the CFN stack: OHIO us-east-2
CDK constructor type and version: CfnProjectIpAccessList
Copy of the output of cdk synth

Resources:
 MongoDBAtlasAccess:
   Type: MongoDB::Atlas::ProjectIpAccessList
   Properties:
     AccessList:
       - Comment: HI
         IPAddress: 0.0.0.0
     ProjectId: 64b9bb15ccb2981841f6f871
     Profile: proof-of-concepts
   UpdateReplacePolicy: Delete
   DeletionPolicy: Delete
   Metadata:
     aws:cdk:path: DeltaServicesInfraStack/MongoDBAtlasAccess
 CDKMetadata:
   Type: AWS::CDK::Metadata
   Properties:
     Analytics: v2:deflate64:H4sIAAAAAAAA/zPSszTRM1BMLC/WTU7J1s3JTNKrDi5JTM7WcU7LC0otzi8tSk6t1cnLT0nVyyrWLzMy0DMCqs8qzszULSrNK8nMTdULgtAAw7alW0sAAAA=
   Metadata:
     aws:cdk:path: DeltaServicesInfraStack/CDKMetadata/Default
Parameters:
 BootstrapVersion:
   Type: AWS::SSM::Parameter::Value<String>
   Default: /cdk-bootstrap/hnb659fds/version
   Description: Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]
Rules:
 CheckBootstrapVersion:
   Assertions:
     - Assert:
         Fn::Not:
           - Fn::Contains:
               - - "1"
                 - "2"
                 - "3"
                 - "4"
                 - "5"
               - Ref: BootstrapVersion
       AssertDescription: CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.

	name:
	props.serverlessProps.name \|\|
	serverlessDefaults.serverlessName.concat(String(randomNumber())),

	export class CdkTestingStack extends cdk.Stack {
	constructor(scope: Construct, id: string, props?: cdk.StackProps) {
	super(scope, id, props);

	const atlasProps = this.getContextProps();

	const myPrivateEndpoint = new CfnPrivateEndpoint (this, "privateEndpoint", {
	projectId: atlasProps.projId,
	profile: atlasProps.profile,
	region: atlasProps.region,
	privateEndpoints: [
	{
	vpcId: atlasProps.vpcId,
	subnetIds: [atlasProps.subnetId]
	}
	],
	});
	}