moved default monitoring role instantiation into AuroraCluster constr…

…uctor

packages/aws-cdk-lib/aws-rds/lib/aurora-cluster-instance.ts

@@ -7,7 +7,7 @@ import { PerformanceInsightRetention } from './props';
 import { CfnDBInstance } from './rds.generated';
 import { ISubnetGroup } from './subnet-group';
 import * as ec2 from '../../aws-ec2';
-import { IRole } from '../../aws-iam';
+import { IRole, ManagedPolicy, Role, ServicePrincipal } from '../../aws-iam';
 import * as kms from '../../aws-kms';
 import { IResource, Resource, Duration, RemovalPolicy, ArnFormat } from '../../core';
 
@@ -460,6 +460,17 @@ class AuroraClusterInstance extends Resource implements IAuroraClusterInstance {
       throw new Error('`enablePerformanceInsights` disabled, but `performanceInsightRetention` or `performanceInsightEncryptionKey` was set');
     }
 
+    // Generate default monitoring role if not provided
+    let monitoringRole = props.monitoringRole;
+    if (!props.monitoringRole && props.monitoringInterval && props.monitoringInterval.toSeconds()) {
+      monitoringRole = new Role(this, 'MonitoringRole', {
+        assumedBy: new ServicePrincipal('monitoring.rds.amazonaws.com'),
+        managedPolicies: [
+          ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonRDSEnhancedMonitoringRole'),
+        ],
+      });
+    }
+
     const instanceParameterGroup = props.parameterGroup ?? (
       props.parameters
         ? new ParameterGroup(props.cluster, 'InstanceParameterGroup', {
@@ -492,7 +503,7 @@ class AuroraClusterInstance extends Resource implements IAuroraClusterInstance {
         dbSubnetGroupName: props.isFromLegacyInstanceProps ? props.subnetGroup?.subnetGroupName : undefined,
         dbParameterGroupName: instanceParameterGroupConfig?.parameterGroupName,
         monitoringInterval: props.monitoringInterval && props.monitoringInterval.toSeconds(),
-        monitoringRoleArn: props.monitoringRole && props.monitoringRole.roleArn,
+        monitoringRoleArn: monitoringRole && monitoringRole.roleArn,
         autoMinorVersionUpgrade: props.autoMinorVersionUpgrade,
         allowMajorVersionUpgrade: props.allowMajorVersionUpgrade,
       });

packages/aws-cdk-lib/aws-rds/lib/cluster.ts

@@ -632,33 +632,23 @@ abstract class DatabaseClusterNew extends DatabaseClusterBase {
    *
    * @internal
    */
-  protected _createInstances(cluster: DatabaseClusterNew, props: DatabaseClusterProps): InstanceConfig {
+  protected _createInstances(props: DatabaseClusterProps): InstanceConfig {
     const instanceEndpoints: Endpoint[] = [];
     const instanceIdentifiers: string[] = [];
     const readers: IAuroraClusterInstance[] = [];
 
-    let monitoringRole = props.monitoringRole;
-    if (!props.monitoringRole && props.monitoringInterval && props.monitoringInterval.toSeconds()) {
-      monitoringRole = new Role(cluster, 'MonitoringRole', {
-        assumedBy: new ServicePrincipal('monitoring.rds.amazonaws.com'),
-        managedPolicies: [
-          ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonRDSEnhancedMonitoringRole'),
-        ],
-      });
-    }
-
     // need to create the writer first since writer is determined by what instance is first
     const writer = props.writer!.bind(this, this, {
       monitoringInterval: props.monitoringInterval,
-      monitoringRole: monitoringRole,
+      monitoringRole: props.monitoringRole,
       removalPolicy: props.removalPolicy ?? RemovalPolicy.SNAPSHOT,
       subnetGroup: this.subnetGroup,
       promotionTier: 0, // override the promotion tier so that writers are always 0
     });
     (props.readers ?? []).forEach(instance => {
       const clusterInstance = instance.bind(this, this, {
         monitoringInterval: props.monitoringInterval,
-        monitoringRole: monitoringRole,
+        monitoringRole: props.monitoringRole,
         removalPolicy: props.removalPolicy ?? RemovalPolicy.SNAPSHOT,
         subnetGroup: this.subnetGroup,
       });
@@ -999,7 +989,7 @@ export class DatabaseCluster extends DatabaseClusterNew {
       throw new Error('writer must be provided');
     }
 
-    const createdInstances = props.writer ? this._createInstances(this, props) : legacyCreateInstances(this, props, this.subnetGroup);
+    const createdInstances = props.writer ? this._createInstances(props) : legacyCreateInstances(this, props, this.subnetGroup);
     this.instanceIdentifiers = createdInstances.instanceIdentifiers;
     this.instanceEndpoints = createdInstances.instanceEndpoints;
   }
@@ -1196,7 +1186,7 @@ export class DatabaseClusterFromSnapshot extends DatabaseClusterNew {
     if ((props.writer || props.readers) && (props.instances || props.instanceProps)) {
       throw new Error('Cannot provide clusterInstances if instances or instanceProps are provided');
     }
-    const createdInstances = props.writer ? this._createInstances(this, props) : legacyCreateInstances(this, props, this.subnetGroup);
+    const createdInstances = props.writer ? this._createInstances(props) : legacyCreateInstances(this, props, this.subnetGroup);
     this.instanceIdentifiers = createdInstances.instanceIdentifiers;
     this.instanceEndpoints = createdInstances.instanceEndpoints;
   }

packages/aws-cdk-lib/aws-rds/test/cluster.test.ts

@@ -1602,7 +1602,7 @@ describe('cluster', () => {
     Template.fromStack(stack).hasResourceProperties('AWS::RDS::DBInstance', {
       MonitoringInterval: 60,
       MonitoringRoleArn: {
-        'Fn::GetAtt': ['DatabaseMonitoringRole576991DA', 'Arn'],
+        'Fn::GetAtt': ['DatabasewriterMonitoringRole23A1E3B6', 'Arn'],
       },
     });