feat(rds): deletion protection for RDS cluster (#9871)

njlynch · web-flow · commit ef98b9f3b821 · 2020-08-24T18:30:57.000Z
Enable setting deletionProtection for a DatabaseCluster. Note - Marking as 'exempt-readme' as I don't think this is big enough to merit a README change. Feel free to disagree. fixes #6944 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/@aws-cdk/aws-rds/lib/cluster.ts b/packages/@aws-cdk/aws-rds/lib/cluster.ts
@@ -84,6 +84,13 @@ export interface DatabaseClusterProps {
    */
   readonly defaultDatabaseName?: string;
 
+  /**
+   * Indicates whether the DB cluster should have deletion protection enabled.
+   *
+   * @default false
+   */
+  readonly deletionProtection?: boolean;
+
   /**
    * Whether to enable storage encryption.
    *
@@ -425,6 +432,7 @@ export class DatabaseCluster extends DatabaseClusterBase {
       port: props.port ?? clusterEngineBindConfig.port,
       dbClusterParameterGroupName: clusterParameterGroupConfig?.parameterGroupName,
       associatedRoles: clusterAssociatedRoles.length > 0 ? clusterAssociatedRoles : undefined,
+      deletionProtection: props.deletionProtection,
       // Admin
       masterUsername: secret ? secret.secretValueFromJson('username').toString() : props.masterUser.username,
       masterUserPassword: secret
diff --git a/packages/@aws-cdk/aws-rds/test/test.cluster.ts b/packages/@aws-cdk/aws-rds/test/test.cluster.ts
@@ -1178,6 +1178,33 @@ export = {
     test.done();
   },
 
+  'can set deletion protection'(test: Test) {
+    // GIVEN
+    const stack = testStack();
+    const vpc = new ec2.Vpc(stack, 'VPC');
+
+    // WHEN
+    new DatabaseCluster(stack, 'Database', {
+      engine: DatabaseClusterEngine.AURORA,
+      masterUser: {
+        username: 'admin',
+        password: cdk.SecretValue.plainText('tooshort'),
+      },
+      instanceProps: {
+        instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL),
+        vpc,
+      },
+      deletionProtection: true,
+    });
+
+    // THEN
+    expect(stack).to(haveResourceLike('AWS::RDS::DBCluster', {
+      DeletionProtection: true,
+    }));
+
+    test.done();
+  },
+
   'does not throw (but adds a node error) if a (dummy) VPC does not have sufficient subnets'(test: Test) {
     // GIVEN
     const stack = testStack();
