(rds): Add support for DB2 in Amazon RDS

[cedricmillet]

Describe the feature

Last month (27, Nov 2023) we announced the general availability of Amazon RDS for DB2. The purpose of this issue is to update DatabaseInstance (+ DatabaseInstanceEngine and related classes/interfaces) and add support for RDS with DB2.

Currently 2 versions are handled :

• db2-se-11-5 = DB2 Standard Edition v11.5
• db2-ae-11.5 = DB2 Advanced Edition v11.5

AWS RDS for DB2 official home page

Use Case

Use the AWS CDK to create a RDS Instance with DB2 engine. At the moment the only way to create a DB2 instance is to use CfnInstance with the right engine / engineVersion attributes pair. We also need to provide a CfnDBParameterGroup with a valid IBM license since only the BYOL (Bring Your Own License) mode is supported.

const cfnDBParameterGroup = new CfnDBParameterGroup(
      this,
      `MyParameterGroup`,
      {
        description: 'Intended to store IBM DB2 Licence',
        family: 'db2-se-11.5', // Full list with: aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" --engine db2-se
        dbParameterGroupName: `db-param-group-db2-ibm-licence`,
        parameters: {
          ['rds.ibm_customer_id']: 'YOUR_IBM_CUSTOMER_ID',
          ['rds.ibm_site_id']: 'YOUR_IBM_SITE_ID'
        }
      }
    );

const databaseInstance = new CfnDBInstance(this, `${id}Db2Instance`, {
      dbInstanceClass: 'db.m6i.large', // Minimal instance class for DB2 in AWS console
      engine: 'db2-se',
      engineVersion: '11.5',
      licenseModel: LicenseModel.BRING_YOUR_OWN_LICENSE,
      dbParameterGroupName: cfnDBParameterGroup.dbParameterGroupName,
      // ... other attributes (vpc, storage, dbName, master username/password...)
});

Proposed Solution

No response

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.116.1

Environment details (OS name and version, etc.)

Any environment

[pahud]

Sounds good! Thank you for your FR and contributions.

[cedricmillet]

Hello,
I'm currently working on a fix (commit link in my forked repo). I now should be able to create an instance with following code (using @aws-cdk-testing/framework-integ package) :

  // Generate & store db credentials with secrets manager
  const credentials = Credentials.fromGeneratedSecret(dbUsername, {
    secretName: `${stackId}SecretName`
  });

  // Create a param group intended to store IBM DB2 license
  const pGroup = new ParameterGroup(stack, `${stackId}ParamGroup`, {
    engine: DatabaseInstanceEngine.db2Se({ version: Db2EngineVersion.VER_11_5 }),
  })
  pGroup.addParameter("rds.ibm_customer_id", "XXXXXXXXX");
  pGroup.addParameter("rds.ibm_site_id", "XXXXXXXXXXX");
  
  // force cloud formation param group generation:
  // https://github.com/aws/aws-cdk/issues/9741
  pGroup.bindToInstance({}); 

  new DatabaseInstance(stack, `${stackId}DBInstance`, {
    vpc,
    engine: DatabaseInstanceEngine.db2Se({version: Db2EngineVersion.VER_11_5}),
    instanceType: InstanceType.of(InstanceClass.M6I, InstanceSize.LARGE),
    securityGroups: [securityGroup],
    vpcSubnets: { subnetType: SubnetType.PRIVATE_ISOLATED },
    port: dbPort,
    databaseName: dbName,
    monitoringInterval: Duration.seconds(30),
    storageEncrypted: true,
    backupRetention: Duration.days(30),
    removalPolicy: RemovalPolicy.DESTROY,
    credentials: credentials,
    licenseModel: LicenseModel.BRING_YOUR_OWN_LICENSE, // mandatory
    parameterGroup: pGroup,
    storageType: StorageType.IO1 // Prevent "Invalid storage type for DB engine db2-se: gp2"
  });

But I'm facing the following issue at the SecretTargetAttachment resource creation:

1:26:34 AM | CREATE_FAILED        | AWS::SecretsManager::SecretTargetAttachment | Db2Instance/Secret/Attachment
1:26:34 AM | CREATE_FAILED        | AWS::SecretsManager::SecretTargetAttachment | Db2InstanceSecretAttachmentXYZ
Unsupported engine db2-se for identifier my-test-stack-db2instanceXXX

The cloud formation stack deployment seems to fail because of an error thrown by the API. An update is probably necessary on the server side, out of the aws-cdk client scope.

[msambol]

@cedricmillet Want to submit a PR and I'll review?

[cedricmillet]

Yep @msambol but I’m waiting for a change on the server side before any PR. Thanks !

Edit: Even if the secret part is not yet ready (secrets manager's server side), I pushed a PR, you can take a look if your motivated @msambol : #28608

[ahilden]

@cedricmillet I'm looking for support to provision Db2 via cloudformation and found this issue and a intermediate PR that I think is mostly complete. Anything I can do to help get this support/PR included? Also, RDS for Db2 also now has AWS Marketplace integration as well in addition to BYOL, although my current use case I'm using (IBM) is BYOL.

[cedricmillet]

Hello @ahilden,
I don't really have the time to finish this PR at the moment, but you should be able to deploy any DB2 instance with current objects (the purpose of this PR was just to wrap L1 constructs into L2 to provide an abstract way to instanciante a database).

L1 constructs defined in my description (CfnDBParameterGroup + CfnDBInstance) are not enough for your use case ?