-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(rds): retain cluster and instances on deletion and replacement #2063
Conversation
Storage encryption with the default master key is now enabled by default when creating a new cluster. BREAKING CHANGE: Storage encryption is enabled by default (update requires replacement) BREAKING CHANGE: Replaced `kmsKeyArn: string` by `kmsKey: kms.IEncryptionKey` in `DatabaseClusterProps`
* | ||
* @default true | ||
*/ | ||
storageEncrypted?: boolean |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we have an issue with this default due to implicit costs to customers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Even when using the default master key? The cost is rather small compared to the cost of RDS. Isn't the CDK supposed to enforce best (security) practices?
But OK, I see that the same philosophy has been adopted for S3 buckets. You want me to change this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm also not sure I'm comfortable with replacing everyone's RDS instances. As far as I know, that will destroy their data, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you change the default I'm all for it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm also not sure I'm comfortable with replacing everyone's RDS instances. As far as I know, that will destroy their data, right?
Yes, and the solution lies in here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html for resources such as database instances
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My experience with RDS is limited, but is it possible to replace the database without loss of data? It doesn't look so, right?
I'm MAYBE willing to accept loss of availabillity (even though that's not great either), by means of a Delete-to-Snapshot and then Restore-from-Snapshot, but given that CloudFormation will do the CREATE before the DELETE, doesn't seem like we can sequence those correctly in one deployment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While you're in here, would you mind adding a property to control DeletionPoliycy and UpdateReplacePolicy? I'm horrified to see those aren't being set yet.
I think one property to control both policies should be fine, and it should default to Retain.
Add
deleteReplacePolicy
with a default ofRetain
to control both the deletion policy and the update replace policy of the cluster and its instances.Also replaced
kmsKeyArn: string
bykmsKey: kms.IEncryptionKey
and addstorageEncrypted
inDatabaseClusterProps
BREAKING CHANGE: Replaced
kmsKeyArn: string
bykmsKey: kms.IEncryptionKey
inDatabaseClusterProps
Pull Request Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.