Home/iptv-manager-service
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed database credential retrieval
All checks were successful
AWS Deploy on Push / build (push) Successful in 2m41s
Details

Browse Source
This commit is contained in:
Stefano Fiorini
2025-05-21 15:05:12 -05:00
parent c6f7e9cb2b
commit 5767124031
2 changed files with 42 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
app/utils/database.py
View File

@@ -1,14 +1,24 @@
import os
import boto3
from sqlalchemy import create_engine from sqlalchemy import create_engine
from sqlalchemy.ext.declarative import declarative_base from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import sessionmaker from sqlalchemy.orm import sessionmaker
import os from functools import lru_cache
DATABASE_URL = ( @lru_cache(maxsize=1)
f"postgresql://{os.getenv('DB_USER')}:{os.getenv('DB_PASSWORD')}" def get_db_credentials():
f"@{os.getenv('DB_HOST')}/{os.getenv('DB_NAME')}" """Fetch and cache DB credentials from SSM Parameter Store"""
) ssm = boto3.client('ssm')
try:
host = ssm.get_parameter(Name='/iptv-updater/DB_HOST', WithDecryption=True)['Parameter']['Value']
user = ssm.get_parameter(Name='/iptv-updater/DB_USER', WithDecryption=True)['Parameter']['Value']
password = ssm.get_parameter(Name='/iptv-updater/DB_PASSWORD', WithDecryption=True)['Parameter']['Value']
dbname = ssm.get_parameter(Name='/iptv-updater/DB_NAME', WithDecryption=True)['Parameter']['Value']
return f"postgresql://{user}:{password}@{host}/{dbname}"
except Exception as e:
raise RuntimeError(f"Failed to fetch DB credentials from SSM: {str(e)}")
engine = create_engine(DATABASE_URL) engine = create_engine(get_db_credentials())
# Create all tables # Create all tables
from app.models import Base from app.models import Base

32
infrastructure/stack.py
View File

@@ -7,6 +7,7 @@ from aws_cdk import (
aws_iam as iam, aws_iam as iam,
aws_cognito as cognito, aws_cognito as cognito,
aws_rds as rds, aws_rds as rds,
aws_ssm as ssm,
CfnOutput CfnOutput
) )
from constructs import Construct from constructs import Construct
@@ -224,13 +225,32 @@ class IptvUpdaterStack(Stack):
) )
) )
# Update instance with userdata and DB connection info # Store DB connection info in SSM Parameter Store
userdata.add_commands( ssm.StringParameter(self, "DBHostParam",
f'echo "DB_HOST={db.db_instance_endpoint_address}" >> /etc/environment', parameter_name="/iptv-updater/DB_HOST",
f'echo "DB_NAME=iptv_updater" >> /etc/environment', string_value=db.db_instance_endpoint_address
f'echo "DB_USER={db.secret.secret_value_from_json("username").to_string()}" >> /etc/environment',
f'echo "DB_PASSWORD={db.secret.secret_value_from_json("password").to_string()}" >> /etc/environment'
) )
ssm.StringParameter(self, "DBNameParam",
parameter_name="/iptv-updater/DB_NAME",
string_value="iptv_updater"
)
ssm.StringParameter(self, "DBUserParam",
parameter_name="/iptv-updater/DB_USER",
string_value=db.secret.secret_value_from_json("username").to_string()
)
ssm.StringParameter(self, "DBPassParam",
parameter_name="/iptv-updater/DB_PASSWORD",
string_value=db.secret.secret_value_from_json("password").to_string()
)
# Add SSM read permissions to instance role
role.add_managed_policy(
iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonSSMReadOnlyAccess"
)
)
# Update instance with userdata
instance.add_user_data(userdata.render()) instance.add_user_data(userdata.render())
# Outputs # Outputs