From 952a95e53e99e640e87fc74cec141984cfc302e1 Mon Sep 17 00:00:00 2001
From: Jonathan Colbert <jonathan.colbert033@gmail.com>
Date: Thu, 1 Aug 2024 19:30:29 -0400
Subject: [PATCH] add check to prevent defining conflicting properties

---
 packages/aws-cdk-lib/aws-rds/lib/cluster.ts | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/packages/aws-cdk-lib/aws-rds/lib/cluster.ts b/packages/aws-cdk-lib/aws-rds/lib/cluster.ts
index 79afcba114085..5337608899f03 100644
--- a/packages/aws-cdk-lib/aws-rds/lib/cluster.ts
+++ b/packages/aws-cdk-lib/aws-rds/lib/cluster.ts
@@ -1188,6 +1188,20 @@ export class DatabaseCluster extends DatabaseClusterNew {
   constructor(scope: Construct, id: string, props: DatabaseClusterProps) {
     super(scope, id, props);
 
+    if (
+      props.manageMasterUserPassword &&
+      (
+        props.credentials?.excludeCharacters ||
+        props.credentials?.password ||
+        props.credentials?.replicaRegions ||
+        props.credentials?.secret ||
+        props.credentials?.secretName ||
+        props.credentials?.usernameAsString
+      )
+    ) {
+      throw new Error('Only the `username` and `encryptionKey` credentials properties may be used when `manageMasterUserPassword` is true');
+    }
+
     let cluster: CfnDBCluster;
     if (!props.manageMasterUserPassword) {
       const credentials = renderCredentials(this, props.engine, props.credentials);