To simplify, I have a VPC stack, an RDS stack, and a Lambda stack.
The Lambda stack depends on the RDS stack, and they both depend on the VPC stack, which is independent. However, AWS is telling me that the RDS and Lambda stacks depend on each other.
Here’s how it looks in the main file:
<code>vpc_stack = VPCStack(
app,
"VPCStack",
env=cdk.Environment(account=Cfg.ACCOUNT, region=Cfg.REGION),
)
rds_stack = RDSStack(
app,
"RDSStack",
vpc=vpc_stack.vpc,
env=cdk.Environment(account=Cfg.ACCOUNT, region=Cfg.REGION),
)
main_lambda_stack = MainLambdaStack(
app,
"MainLambdaStack",
vpc=vpc_stack.vpc,
rds_proxy=rds_stack.rds_proxy,
image_deleter_queue=bid_lambda_stack.image_deleter_queue,
redis_cluster=redis_stack.redis_cluster,
packages_bucket=s3_stack.packages_bucket,
sg_redis=redis_stack.sg_redis,
sg_rds_proxy=rds_stack.sg_rds_proxy,
images_bucket=s3_stack.user_images_bucket,
env=cdk.Environment(account=Cfg.ACCOUNT, region=Cfg.REGION),
)
</code>
<code>vpc_stack = VPCStack(
app,
"VPCStack",
env=cdk.Environment(account=Cfg.ACCOUNT, region=Cfg.REGION),
)
rds_stack = RDSStack(
app,
"RDSStack",
vpc=vpc_stack.vpc,
env=cdk.Environment(account=Cfg.ACCOUNT, region=Cfg.REGION),
)
main_lambda_stack = MainLambdaStack(
app,
"MainLambdaStack",
vpc=vpc_stack.vpc,
rds_proxy=rds_stack.rds_proxy,
image_deleter_queue=bid_lambda_stack.image_deleter_queue,
redis_cluster=redis_stack.redis_cluster,
packages_bucket=s3_stack.packages_bucket,
sg_redis=redis_stack.sg_redis,
sg_rds_proxy=rds_stack.sg_rds_proxy,
images_bucket=s3_stack.user_images_bucket,
env=cdk.Environment(account=Cfg.ACCOUNT, region=Cfg.REGION),
)
</code>
vpc_stack = VPCStack(
app,
"VPCStack",
env=cdk.Environment(account=Cfg.ACCOUNT, region=Cfg.REGION),
)
rds_stack = RDSStack(
app,
"RDSStack",
vpc=vpc_stack.vpc,
env=cdk.Environment(account=Cfg.ACCOUNT, region=Cfg.REGION),
)
main_lambda_stack = MainLambdaStack(
app,
"MainLambdaStack",
vpc=vpc_stack.vpc,
rds_proxy=rds_stack.rds_proxy,
image_deleter_queue=bid_lambda_stack.image_deleter_queue,
redis_cluster=redis_stack.redis_cluster,
packages_bucket=s3_stack.packages_bucket,
sg_redis=redis_stack.sg_redis,
sg_rds_proxy=rds_stack.sg_rds_proxy,
images_bucket=s3_stack.user_images_bucket,
env=cdk.Environment(account=Cfg.ACCOUNT, region=Cfg.REGION),
)
And the error itself is:
<code> RuntimeError: Error: 'RDSStack' depends on 'MainLambdaStack'
(RDSStack -> MainLambdaStack/LambdaSecurityGroup/Resource.GroupId).
Adding this dependency (MainLambdaStack -> RDSStack/RDSProxy/Resource.Endpoint)
would create a cyclic reference.
</code>
<code> RuntimeError: Error: 'RDSStack' depends on 'MainLambdaStack'
(RDSStack -> MainLambdaStack/LambdaSecurityGroup/Resource.GroupId).
Adding this dependency (MainLambdaStack -> RDSStack/RDSProxy/Resource.Endpoint)
would create a cyclic reference.
</code>
RuntimeError: Error: 'RDSStack' depends on 'MainLambdaStack'
(RDSStack -> MainLambdaStack/LambdaSecurityGroup/Resource.GroupId).
Adding this dependency (MainLambdaStack -> RDSStack/RDSProxy/Resource.Endpoint)
would create a cyclic reference.
But I simply cannot find any Lambda dependency in the RDS stack.
For more context here’s the entirety of the RDS stack:
<code>class RDSStack(Stack):
def __init__(
self, scope: Construct, construct_id: str, vpc: ec2.Vpc, **kwargs
) -> None:
super().__init__(scope, construct_id, **kwargs)
# RDS security group
sg_rds = ec2.SecurityGroup(
self,
"RDSSecurityGroup",
vpc=vpc,
description="Security group for RDS",
security_group_name="rds-sg",
)
# RDS Proxy security group
self.sg_rds_proxy = ec2.SecurityGroup(
self,
"RDSProxySecurityGroup",
vpc=vpc,
description="Security group for RDS Proxy",
security_group_name="rds-proxy-sg",
)
# RDS instance
rds_instance = rds.DatabaseInstance( # noqa: F841
self,
"RDSInstance",
engine=rds.DatabaseInstanceEngine.postgres(
version=rds.PostgresEngineVersion.VER_16_1
),
instance_type=ec2.InstanceType.of(
ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO
),
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
),
security_groups=[sg_rds],
removal_policy=RemovalPolicy.RETAIN,
allocated_storage=20,
auto_minor_version_upgrade=True,
enable_performance_insights=True,
monitoring_interval=Duration.minutes(10),
backup_retention=Duration.days(7),
)
# RDS Proxy
self.rds_proxy = rds.DatabaseProxy( # noqa: F841
self,
"RDSProxy",
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
),
security_groups=[self.sg_rds_proxy],
db_proxy_name="rds-proxy",
proxy_target=rds.ProxyTarget.from_instance(rds_instance),
secrets=[rds_instance.secret],
)
# RDS ingress from RDS Proxy
sg_rds.add_ingress_rule(
ec2.Peer.security_group_id(self.sg_rds_proxy.security_group_id),
ec2.Port.tcp(5432),
"Allow PostgreSQL traffic from RDS Proxy security group",
)
</code>
<code>class RDSStack(Stack):
def __init__(
self, scope: Construct, construct_id: str, vpc: ec2.Vpc, **kwargs
) -> None:
super().__init__(scope, construct_id, **kwargs)
# RDS security group
sg_rds = ec2.SecurityGroup(
self,
"RDSSecurityGroup",
vpc=vpc,
description="Security group for RDS",
security_group_name="rds-sg",
)
# RDS Proxy security group
self.sg_rds_proxy = ec2.SecurityGroup(
self,
"RDSProxySecurityGroup",
vpc=vpc,
description="Security group for RDS Proxy",
security_group_name="rds-proxy-sg",
)
# RDS instance
rds_instance = rds.DatabaseInstance( # noqa: F841
self,
"RDSInstance",
engine=rds.DatabaseInstanceEngine.postgres(
version=rds.PostgresEngineVersion.VER_16_1
),
instance_type=ec2.InstanceType.of(
ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO
),
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
),
security_groups=[sg_rds],
removal_policy=RemovalPolicy.RETAIN,
allocated_storage=20,
auto_minor_version_upgrade=True,
enable_performance_insights=True,
monitoring_interval=Duration.minutes(10),
backup_retention=Duration.days(7),
)
# RDS Proxy
self.rds_proxy = rds.DatabaseProxy( # noqa: F841
self,
"RDSProxy",
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
),
security_groups=[self.sg_rds_proxy],
db_proxy_name="rds-proxy",
proxy_target=rds.ProxyTarget.from_instance(rds_instance),
secrets=[rds_instance.secret],
)
# RDS ingress from RDS Proxy
sg_rds.add_ingress_rule(
ec2.Peer.security_group_id(self.sg_rds_proxy.security_group_id),
ec2.Port.tcp(5432),
"Allow PostgreSQL traffic from RDS Proxy security group",
)
</code>
class RDSStack(Stack):
def __init__(
self, scope: Construct, construct_id: str, vpc: ec2.Vpc, **kwargs
) -> None:
super().__init__(scope, construct_id, **kwargs)
# RDS security group
sg_rds = ec2.SecurityGroup(
self,
"RDSSecurityGroup",
vpc=vpc,
description="Security group for RDS",
security_group_name="rds-sg",
)
# RDS Proxy security group
self.sg_rds_proxy = ec2.SecurityGroup(
self,
"RDSProxySecurityGroup",
vpc=vpc,
description="Security group for RDS Proxy",
security_group_name="rds-proxy-sg",
)
# RDS instance
rds_instance = rds.DatabaseInstance( # noqa: F841
self,
"RDSInstance",
engine=rds.DatabaseInstanceEngine.postgres(
version=rds.PostgresEngineVersion.VER_16_1
),
instance_type=ec2.InstanceType.of(
ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO
),
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
),
security_groups=[sg_rds],
removal_policy=RemovalPolicy.RETAIN,
allocated_storage=20,
auto_minor_version_upgrade=True,
enable_performance_insights=True,
monitoring_interval=Duration.minutes(10),
backup_retention=Duration.days(7),
)
# RDS Proxy
self.rds_proxy = rds.DatabaseProxy( # noqa: F841
self,
"RDSProxy",
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
),
security_groups=[self.sg_rds_proxy],
db_proxy_name="rds-proxy",
proxy_target=rds.ProxyTarget.from_instance(rds_instance),
secrets=[rds_instance.secret],
)
# RDS ingress from RDS Proxy
sg_rds.add_ingress_rule(
ec2.Peer.security_group_id(self.sg_rds_proxy.security_group_id),
ec2.Port.tcp(5432),
"Allow PostgreSQL traffic from RDS Proxy security group",
)
Any help would be appreciated.