Skip to content

Commit

Permalink
feat(rds): deletion protection for RDS cluster (#9871)
Browse files Browse the repository at this point in the history
Enable setting deletionProtection for a DatabaseCluster.

Note - Marking as 'exempt-readme' as I don't think this is big enough to merit
a README change. Feel free to disagree.

fixes #6944

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
njlynch authored Aug 24, 2020
1 parent 1c9b733 commit ef98b9f
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 0 deletions.
8 changes: 8 additions & 0 deletions packages/@aws-cdk/aws-rds/lib/cluster.ts
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,13 @@ export interface DatabaseClusterProps {
*/
readonly defaultDatabaseName?: string;

/**
* Indicates whether the DB cluster should have deletion protection enabled.
*
* @default false
*/
readonly deletionProtection?: boolean;

/**
* Whether to enable storage encryption.
*
Expand Down Expand Up @@ -425,6 +432,7 @@ export class DatabaseCluster extends DatabaseClusterBase {
port: props.port ?? clusterEngineBindConfig.port,
dbClusterParameterGroupName: clusterParameterGroupConfig?.parameterGroupName,
associatedRoles: clusterAssociatedRoles.length > 0 ? clusterAssociatedRoles : undefined,
deletionProtection: props.deletionProtection,
// Admin
masterUsername: secret ? secret.secretValueFromJson('username').toString() : props.masterUser.username,
masterUserPassword: secret
Expand Down
27 changes: 27 additions & 0 deletions packages/@aws-cdk/aws-rds/test/test.cluster.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1178,6 +1178,33 @@ export = {
test.done();
},

'can set deletion protection'(test: Test) {
// GIVEN
const stack = testStack();
const vpc = new ec2.Vpc(stack, 'VPC');

// WHEN
new DatabaseCluster(stack, 'Database', {
engine: DatabaseClusterEngine.AURORA,
masterUser: {
username: 'admin',
password: cdk.SecretValue.plainText('tooshort'),
},
instanceProps: {
instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL),
vpc,
},
deletionProtection: true,
});

// THEN
expect(stack).to(haveResourceLike('AWS::RDS::DBCluster', {
DeletionProtection: true,
}));

test.done();
},

'does not throw (but adds a node error) if a (dummy) VPC does not have sufficient subnets'(test: Test) {
// GIVEN
const stack = testStack();
Expand Down

0 comments on commit ef98b9f

Please sign in to comment.