feat(rds): add support for monitoring to database cluster

Lets a user specify a monitoring interval period. This change will also auto-generate a valid Role to manage DB instances monitoring. This change adds an optional prop `monitoringInterval` closes #2826
aws · Jun 21, 2019 · 90530f9 · 90530f9
1 parent ad72271
commit 90530f9
Show file tree

Hide file tree

Showing 3 changed files with 83 additions and 2 deletions.
diff --git a/packages/@aws-cdk/aws-rds/lib/cluster.ts b/packages/@aws-cdk/aws-rds/lib/cluster.ts
@@ -1,7 +1,8 @@
 import ec2 = require('@aws-cdk/aws-ec2');
+import { ManagedPolicy, Role, ServicePrincipal } from '@aws-cdk/aws-iam';
 import kms = require('@aws-cdk/aws-kms');
 import secretsmanager = require('@aws-cdk/aws-secretsmanager');
-import { Construct,   RemovalPolicy, Resource, Token } from '@aws-cdk/cdk';
+import { Construct, Duration, RemovalPolicy, Resource, Token } from '@aws-cdk/cdk';
 import { DatabaseClusterAttributes, IDatabaseCluster } from './cluster-ref';
 import { DatabaseSecret } from './database-secret';
 import { Endpoint } from './endpoint';
@@ -128,6 +129,14 @@ export interface DatabaseClusterProps {
    * @default - Retain cluster.
    */
   readonly removalPolicy?: RemovalPolicy
+
+  /**
+   * The interval, in seconds, between points when Amazon RDS collects enhanced
+   * monitoring metrics for the DB instances.
+   *
+   * @default no enhanced monitoring
+   */
+  readonly monitoringInterval?: Duration;
 }
 
 /**
@@ -345,6 +354,17 @@ export class DatabaseCluster extends DatabaseClusterBase {
 
     // Get the actual subnet objects so we can depend on internet connectivity.
     const internetConnected = props.instanceProps.vpc.selectSubnets(props.instanceProps.vpcSubnets).internetConnectivityEstablished;
+
+    let monitoringRole;
+    if (props.monitoringInterval && props.monitoringInterval.toSeconds()) {
+      monitoringRole = new Role(this, "MonitoringRole", {
+        assumedBy: new ServicePrincipal("monitoring.rds.amazonaws.com"),
+        managedPolicies: [
+          ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonRDSEnhancedMonitoringRole')
+        ]
+      });
+    }
+
     for (let i = 0; i < instanceCount; i++) {
       const instanceIndex = i + 1;
 
@@ -366,6 +386,8 @@ export class DatabaseCluster extends DatabaseClusterBase {
         // This is already set on the Cluster. Unclear to me whether it should be repeated or not. Better yes.
         dbSubnetGroupName: subnetGroup.ref,
         dbParameterGroupName: props.instanceProps.parameterGroup && props.instanceProps.parameterGroup.parameterGroupName,
+        monitoringInterval: props.monitoringInterval && props.monitoringInterval.toSeconds(),
+        monitoringRoleArn: monitoringRole && monitoringRole.roleArn
       });
 
       instance.applyRemovalPolicy(props.removalPolicy, {

diff --git a/packages/@aws-cdk/aws-rds/lib/instance.ts b/packages/@aws-cdk/aws-rds/lib/instance.ts
@@ -484,7 +484,7 @@ abstract class DatabaseInstanceNew extends DatabaseInstanceBase implements IData
     this.securityGroupId = this.securityGroup.securityGroupId;
 
     let monitoringRole;
-    if (props.monitoringInterval) {
+    if (props.monitoringInterval && props.monitoringInterval.toSeconds()) {
       monitoringRole = new iam.Role(this, 'MonitoringRole', {
         assumedBy: new iam.ServicePrincipal('monitoring.rds.amazonaws.com'),
         managedPolicies: [iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonRDSEnhancedMonitoringRole')],

diff --git a/packages/@aws-cdk/aws-rds/test/test.cluster.ts b/packages/@aws-cdk/aws-rds/test/test.cluster.ts
@@ -344,6 +344,65 @@ export = {
       stack.resolve(cluster.clusterReadEndpoint)
     );
 
+    test.done();
+  },
+
+  "cluster with enabled monitoring"(test: Test) {
+    // GIVEN
+    const stack = testStack();
+    const vpc = new ec2.Vpc(stack, "VPC");
+
+    // WHEN
+    new DatabaseCluster(stack, "Database", {
+      engine: DatabaseClusterEngine.Aurora,
+      instances: 1,
+      masterUser: {
+        username: "admin"
+      },
+      instanceProps: {
+        instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL),
+        vpc
+      },
+      monitoringInterval: cdk.Duration.minutes(1),
+    });
+
+    // THEN
+    expect(stack).to(haveResource("AWS::RDS::DBInstance", {
+      MonitoringInterval: 60,
+      MonitoringRoleArn: {
+        "Fn::GetAtt": ["DatabaseMonitoringRole576991DA", "Arn"]
+      }
+    }, ResourcePart.Properties));
+
+    expect(stack).to(haveResource("AWS::IAM::Role", {
+      AssumeRolePolicyDocument: {
+        Statement: [
+          {
+            Action: "sts:AssumeRole",
+            Effect: "Allow",
+            Principal: {
+              Service: "monitoring.rds.amazonaws.com"
+            }
+          }
+        ],
+        Version: "2012-10-17"
+      },
+      ManagedPolicyArns: [
+        {
+          "Fn::Join": [
+            "",
+            [
+              "arn:",
+              {
+                Ref: "AWS::Partition"
+              },
+              ":iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
+            ]
+          ]
+        }
+      ]
+    }));
+
     test.done();
   }
 };