Skip to content

(aws-rds): ClusterInstance promotionTier validation missing lower bound check (allows negative values) #37518

Open
#37519
Open
(aws-rds): ClusterInstance promotionTier validation missing lower bound check (allows negative values)#37518
#37519
Labels
@aws-cdk/aws-rdsRelated to Amazon Relational DatabasebugThis issue is a bug.needs-triageThis issue or PR still needs to be triaged.
@yasomaru

Description

@yasomaru
yasomaru
opened on Apr 4, 2026

Describe the bug

ClusterInstance's promotionTier validation only checks the upper bound (> 15) but does not reject negative values. The valid range is 0–15 per AWS documentation,but a negative value like -1 passes CDK synth silently and fails at deploy time.
packages/aws-cdk-lib/aws-rds/lib/aurora-cluster-instance.ts (L520–523)

  this.tier = props.promotionTier ?? 2;
  if (this.tier > 15) {
    throw new ValidationError(lit`PromotionTier`, 'promotionTier must be between
  0-15', this);
  }

  The error message says "must be between 0-15", but the condition only checks >
  15.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Library Version

No response

Expected Behavior

Setting promotionTier: -1 (or any negative value) should throw a validation error at synth time, consistent with the existing error message.

Current Behavior

Negative values pass CDK validation without error and are sent to CloudFormation, which rejects them at deploy time.

Reproduction Steps

import * as cdk from 'aws-cdk-lib';
import * as ec2 from 'aws-cdk-lib/aws-ec2';
import * as rds from 'aws-cdk-lib/aws-rds';

const app = new cdk.App();
const stack = new cdk.Stack(app, 'TestStack');
const vpc = new ec2.Vpc(stack, 'Vpc');

new rds.DatabaseCluster(stack, 'Cluster', {
  engine: rds.DatabaseClusterEngine.auroraMysql({
    version: rds.AuroraMysqlEngineVersion.VER_3_08_0,
  }),
  vpc,
  writer: rds.ClusterInstance.provisioned('Writer'),
  readers: [
    rds.ClusterInstance.provisioned('Reader', {
      promotionTier: -1, // Invalid value, but synth succeeds
    }),
  ],
});

app.synth();
// => No error. CloudFormation template contains PromotionTier: -1
//
// Compare: promotionTier: 16 correctly throws "promotionTier must be between
0-15"

Possible Solution

No response

Additional Information/Context

No response

AWS CDK Library version (aws-cdk-lib)

2.248.0

AWS CDK CLI version

2.248.0

Node.js Version

Node.js Version: v18

OS

N/A

Language

TypeScript

Language Version

No response

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-rdsRelated to Amazon Relational DatabasebugThis issue is a bug.needs-triageThis issue or PR still needs to be triaged.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions