hosted functions use insecure python cryptography library

[michaelbrewer]

When setting up rotations via the hosted function like below:

from aws_cdk import core, aws_ec2 as ec2
from aws_cdk.aws_rds import DatabaseCluster, DatabaseClusterEngine, InstanceProps, AuroraEngineVersion
from aws_cdk.core import Duration


class Tmp2Stack(core.Stack):
    def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        vpc = ec2.Vpc(self, "VPC")

        db = DatabaseCluster(
            self,
            "Database",
            engine=DatabaseClusterEngine.aurora(version=AuroraEngineVersion.VER_1_22_2),
            instance_props=InstanceProps(vpc=vpc),
        )
        db.add_rotation_single_user(automatically_after=Duration.days(7))

Then the python 3.7 lambdas are insecure using 2017 version of python cryptography

[whygoyal]

Thank you for your feedback. We have noted this as a feature request.

[goyalya]

We investigated this further and it appears that there might be some issue with your lambda setup. If you are initiating the lambda from CFN, you have to update lambda in CFN or if it is from console, you should replace existing lambda with new lambda. If you need further assistance, please open a support case with AWS.

[michaelbrewer]

@goyalya - i will submit a synthed cfn example and share the generated stack, but this is not closed.