From c9fa07cf59acf7069bd09a2ae912038a9c2253d7 Mon Sep 17 00:00:00 2001 From: Nick Lynch Date: Thu, 20 Aug 2020 14:48:47 +0100 Subject: [PATCH] feat(rds): deletion protection for RDS cluster Enable setting deletionProtection for a DatabaseCluster. Note - Marking as 'exempt-readme' as I don't think this is big enough to merit a README change. fixes #6944 --- packages/@aws-cdk/aws-rds/lib/cluster.ts | 8 ++++++ .../@aws-cdk/aws-rds/test/test.cluster.ts | 27 +++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/packages/@aws-cdk/aws-rds/lib/cluster.ts b/packages/@aws-cdk/aws-rds/lib/cluster.ts index d52fff47c476e..5417c0241612a 100644 --- a/packages/@aws-cdk/aws-rds/lib/cluster.ts +++ b/packages/@aws-cdk/aws-rds/lib/cluster.ts @@ -84,6 +84,13 @@ export interface DatabaseClusterProps { */ readonly defaultDatabaseName?: string; + /** + * Indicates whether the DB cluster should have deletion protection enabled. + * + * @default true + */ + readonly deletionProtection?: boolean; + /** * Whether to enable storage encryption. * @@ -425,6 +432,7 @@ export class DatabaseCluster extends DatabaseClusterBase { port: props.port ?? clusterEngineBindConfig.port, dbClusterParameterGroupName: clusterParameterGroupConfig?.parameterGroupName, associatedRoles: clusterAssociatedRoles.length > 0 ? clusterAssociatedRoles : undefined, + deletionProtection: props.deletionProtection, // Admin masterUsername: secret ? secret.secretValueFromJson('username').toString() : props.masterUser.username, masterUserPassword: secret diff --git a/packages/@aws-cdk/aws-rds/test/test.cluster.ts b/packages/@aws-cdk/aws-rds/test/test.cluster.ts index 105964b73e0c4..4414ed784b393 100644 --- a/packages/@aws-cdk/aws-rds/test/test.cluster.ts +++ b/packages/@aws-cdk/aws-rds/test/test.cluster.ts @@ -1178,6 +1178,33 @@ export = { test.done(); }, + 'can set deletion protection'(test: Test) { + // GIVEN + const stack = testStack(); + const vpc = new ec2.Vpc(stack, 'VPC'); + + // WHEN + new DatabaseCluster(stack, 'Database', { + engine: DatabaseClusterEngine.AURORA, + masterUser: { + username: 'admin', + password: cdk.SecretValue.plainText('tooshort'), + }, + instanceProps: { + instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL), + vpc, + }, + deletionProtection: true, + }); + + // THEN + expect(stack).to(haveResourceLike('AWS::RDS::DBCluster', { + DeletionProtection: true, + })); + + test.done(); + }, + 'does not throw (but adds a node error) if a (dummy) VPC does not have sufficient subnets'(test: Test) { // GIVEN const stack = testStack();