Revert "feat(rds): custom security groups for OptionGroups"

njlynch · njlynch · commit 07acac2be942 · 2020-08-27T16:42:43.000+01:00
This reverts commit ea1072d.
diff --git a/packages/@aws-cdk/aws-rds/README.md b/packages/@aws-cdk/aws-rds/README.md
@@ -324,27 +324,3 @@ const instance = new rds.DatabaseInstance(this, 'Instance', {
   // ...
 });
 ```
-
-### Option Groups
-
-Some DB engines offer additional features that make it easier to manage data and databases, and to provide additional security for your database.
-Amazon RDS uses option groups to enable and configure these features. An option group can specify features, called options,
-that are available for a particular Amazon RDS DB instance.
-
-```ts
-const vpc: ec2.IVpc = ...;
-const securityGroup: ec2.ISecurityGroup = ...;
-new rds.OptionGroup(stack, 'Options', {
-  engine: DatabaseInstanceEngine.oracleSe({
-    version: OracleLegacyEngineVersion.VER_11_2,
-  }),
-  configurations: [
-    {
-      name: 'OEM',
-      port: 5500,
-      vpc,
-      securityGroups: [securityGroup], // Optional - a default group will be created if not provided.
-    },
-  ],
-});
-```
diff --git a/packages/@aws-cdk/aws-rds/lib/option-group.ts b/packages/@aws-cdk/aws-rds/lib/option-group.ts
@@ -53,14 +53,6 @@ export interface OptionConfiguration {
    * @default - no VPC
    */
   readonly vpc?: ec2.IVpc;
-
-  /**
-   * Optional list of security groups to use for this option, if `vpc` is specified.
-   * If no groups are provided, a default one will be created.
-   *
-   * @default - a default group will be created if `port` or `vpc` are specified.
-   */
-  readonly securityGroups?: ec2.ISecurityGroup[];
 }
 
 /**
@@ -143,22 +135,20 @@ export class OptionGroup extends Resource implements IOptionGroup {
           throw new Error('`port` and `vpc` must be specified together.');
         }
 
-        const securityGroups = config.securityGroups && config.securityGroups.length > 0
-          ? config.securityGroups
-          : [new ec2.SecurityGroup(this, `SecurityGroup${config.name}`, {
-            description: `Security group for ${config.name} option`,
-            vpc: config.vpc,
-          })];
+        const securityGroup = new ec2.SecurityGroup(this, `SecurityGroup${config.name}`, {
+          description: `Security group for ${config.name} option`,
+          vpc: config.vpc,
+        });
 
         this.optionConnections[config.name] = new ec2.Connections({
-          securityGroups: securityGroups,
+          securityGroups: [securityGroup],
           defaultPort: ec2.Port.tcp(config.port),
         });
 
         configuration = {
           ...configuration,
           port: config.port,
-          vpcSecurityGroupMemberships: securityGroups.map(sg => sg.securityGroupId),
+          vpcSecurityGroupMemberships: [securityGroup.securityGroupId],
         };
       }
 
diff --git a/packages/@aws-cdk/aws-rds/test/test.option-group.ts b/packages/@aws-cdk/aws-rds/test/test.option-group.ts
@@ -36,7 +36,7 @@ export = {
     test.done();
   },
 
-  'option group with new security group'(test: Test) {
+  'option group with security groups'(test: Test) {
     // GIVEN
     const stack = new cdk.Stack();
     const vpc = new ec2.Vpc(stack, 'VPC');
@@ -96,51 +96,6 @@ export = {
     test.done();
   },
 
-  'option group with existing security group'(test: Test) {
-    // GIVEN
-    const stack = new cdk.Stack();
-    const vpc = new ec2.Vpc(stack, 'VPC');
-
-    // WHEN
-    const securityGroup = new ec2.SecurityGroup(stack, 'CustomSecurityGroup', { vpc });
-    new OptionGroup(stack, 'Options', {
-      engine: DatabaseInstanceEngine.oracleSe({
-        version: OracleLegacyEngineVersion.VER_11_2,
-      }),
-      configurations: [
-        {
-          name: 'OEM',
-          port: 1158,
-          vpc,
-          securityGroups: [securityGroup],
-        },
-      ],
-    });
-
-    // THEN
-    expect(stack).to(haveResource('AWS::RDS::OptionGroup', {
-      EngineName: 'oracle-se',
-      MajorEngineVersion: '11.2',
-      OptionGroupDescription: 'Option group for oracle-se 11.2',
-      OptionConfigurations: [
-        {
-          OptionName: 'OEM',
-          Port: 1158,
-          VpcSecurityGroupMemberships: [
-            {
-              'Fn::GetAtt': [
-                'CustomSecurityGroupE5E500E5',
-                'GroupId',
-              ],
-            },
-          ],
-        },
-      ],
-    }));
-
-    test.done();
-  },
-
   'throws when using an option with port and no vpc'(test: Test) {
     // GIVEN
     const stack = new cdk.Stack();
