Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(rds): retain cluster and instances on deletion and replacement #2063

Merged
merged 4 commits into from
Mar 26, 2019

Conversation

jogold
Copy link
Contributor

@jogold jogold commented Mar 20, 2019

Add deleteReplacePolicy with a default of Retain to control both the deletion policy and the update replace policy of the cluster and its instances.

Also replaced kmsKeyArn: string by kmsKey: kms.IEncryptionKey and add storageEncrypted in DatabaseClusterProps

BREAKING CHANGE: Replaced kmsKeyArn: string by kmsKey: kms.IEncryptionKey in DatabaseClusterProps


Pull Request Checklist

  • Testing
    • Unit test added (prefer not to modify an existing test, otherwise, it's probably a breaking change)
    • CLI change?: coordinate update of integration tests with team
    • cdk-init template change?: coordinated update of integration tests with team
  • Docs
    • jsdocs: All public APIs documented
    • README: README and/or documentation topic updated
  • Title and Description
    • Change type: title prefixed with fix, feat will appear in changelog
    • Title: use lower-case and doesn't end with a period
    • Breaking?: last paragraph: "BREAKING CHANGE: <describe what changed + link for details>"
    • Issues: Indicate issues fixed via: "Fixes #xxx" or "Closes #xxx"
  • Sensitive Modules (requires 2 PR approvers)
    • IAM Policy Document (in @aws-cdk/aws-iam)
    • EC2 Security Groups and ACLs (in @aws-cdk/aws-ec2)
    • Grant APIs (only if not based on official documentation with a reference)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.

Storage encryption with the default master key is now enabled by default
when creating a new cluster.

BREAKING CHANGE: Storage encryption is enabled by default (update requires replacement)

BREAKING CHANGE: Replaced `kmsKeyArn: string` by `kmsKey: kms.IEncryptionKey` in `DatabaseClusterProps`
@jogold jogold requested a review from a team as a code owner March 20, 2019 20:35
*
* @default true
*/
storageEncrypted?: boolean
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we have an issue with this default due to implicit costs to customers.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even when using the default master key? The cost is rather small compared to the cost of RDS. Isn't the CDK supposed to enforce best (security) practices?

But OK, I see that the same philosophy has been adopted for S3 buckets. You want me to change this?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm also not sure I'm comfortable with replacing everyone's RDS instances. As far as I know, that will destroy their data, right?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you change the default I'm all for it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm also not sure I'm comfortable with replacing everyone's RDS instances. As far as I know, that will destroy their data, right?

Yes, and the solution lies in here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html for resources such as database instances

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My experience with RDS is limited, but is it possible to replace the database without loss of data? It doesn't look so, right?

I'm MAYBE willing to accept loss of availabillity (even though that's not great either), by means of a Delete-to-Snapshot and then Restore-from-Snapshot, but given that CloudFormation will do the CREATE before the DELETE, doesn't seem like we can sequence those correctly in one deployment.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While you're in here, would you mind adding a property to control DeletionPoliycy and UpdateReplacePolicy? I'm horrified to see those aren't being set yet.

I think one property to control both policies should be fine, and it should default to Retain.

@jogold jogold changed the title feat(rds): enable storage encryption by default refactor(rds): allow to reference a kms.IEncryptionKey for storage encryption Mar 21, 2019
@jogold jogold changed the title refactor(rds): allow to reference a kms.IEncryptionKey for storage encryption feat(rds): retain cluster and instances on deletion and replacement Mar 22, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants