chore(secrets): bump semanticVersion for aws-cn

[pahud]

Issue # (if applicable)

Similar to #28733 , this PR bumps the default version for aws-cn partition ro 1.1.237 as the current version comes with deprecated lambda python runtime.

aws --profile bjs serverlessrepo get-application --application-id arn:aws-cn:serverlessrepo:cn-north-1:193023089310:applications/SecretsManagerRDSPostgreSQLRotationSingleUser --query Version.SemanticVersion --output text
1.1.237

I was evaluating a fix for #30200 but unfortunately that would require a lot of refactor so I am opening this tiny PR to get it bumped.

internal tracking: P128811127

Closes #.

Reason for this change

Description of changes

Description of how you validated changes

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

How to find the serverless applicationId and semanticVersion

1. Go to the serverlessrepo console and search SecretsManagerRDSPostgreSQLRotationSingleUser. Make sure to check Show apps that create custom IAM roles or resource policies

2. Click into the application
3. Find the applicationId from the URL. For example, in us-east-1 the id is
   arn:aws:serverlessrepo:us-east-1:297356227824:applications/SecretsManagerRDSPostgreSQLRotationSingleUser
4. Find out the semanticVersion using AWS CLI:

$ appid='arn:aws:serverlessrepo:us-east-1:297356227824:applications/SecretsManagerRDSPostgreSQLRotationSingleUser'
$ aws serverlessrepo get-application --application-id $appid --query Version.SemanticVersion --output text

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[rstevens011]

I would recommend bumping the GovCloud version string as well while you’re at it.

[pahud]

Before the PR being merged, you have two workarounds:

Given:

const app = new App();

const stack = new Stack(app, 'demo-stack');

const vpc = new ec2.Vpc(stack, 'Vpc', { natGateways: 1 });
const instance = new rds.DatabaseInstance(stack, 'Instance', {
  vpc,
  engine: rds.DatabaseInstanceEngine.MARIADB,
});

OPTION 1:

// option 1: override by escape hatches
const cfnapp = instance.node.tryFindChild('rotationMulti') as sam.CfnApplication
const cfnmapping = cfnapp.node.tryFindChild('SARMapping') as CfnMapping
cfnmapping.setValue('aws-cn', 'semanticVersion', '1.1.237');

OPTION 2:

class MyAspect implements IAspect {
  public visit(node: IConstruct): void {
    if (node instanceof CfnMapping && node.node.id === 'SARMapping') {
      node.setValue('aws-cn', 'semanticVersion', '1.1.237');
    }
  }
}
Aspects.of(instance).add(new MyAspect());

On cdk synth, you will override the semanticVersion of the mapping:

    aws-cn:
      applicationId: arn:aws-cn:serverlessrepo:cn-north-1:193023089310:applications/SecretsManagerRDSMariaDBRotationMultiUser
      semanticVersion: 1.1.237

[pahud]

@rstevens011

Can I check current version of GovCloud without having an account on it?

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 2a97ea7
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.