Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

RDS: Allow enabling deletion protection for an RDS cluster #6944

Closed
1 of 2 tasks
blimmer opened this issue Mar 23, 2020 · 3 comments · Fixed by #9871
Closed
1 of 2 tasks

RDS: Allow enabling deletion protection for an RDS cluster #6944

blimmer opened this issue Mar 23, 2020 · 3 comments · Fixed by #9871
Assignees
@skinny85
Labels
@aws-cdk/aws-rds Related to Amazon Relational Database effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. in-progress This issue is being actively worked on.
Milestone
[GA] RDS

Comments

@blimmer
Copy link
Contributor

blimmer commented Mar 23, 2020

As of now, it doesn't appear that I can enable "Deletion Protection" for my RDS cluster via CDK.

There is an option provided in the DatabaseInstanceNewProps interface, but that's not exposed at the cluster level.

I am able to turn this on via the console:

Screen_Shot_2020-03-23_at_10_42_34_AM

and it also is a supported value in the AWS::RDS::DBCluster CloudFormation template according to the docs.

Use Case

I would like to prevent my production database cluster from being accidentally deleted due to a mistake in our CDK definitions. If a developer's intention is truly to delete the cluster, I'd like to require them to deploy a change disabling deletion protection, and then proceed with their delete.

Proposed Solution

I propose that we add an optional deletionProtection? boolean attribute to DatabaseClusterProps. To match the default behavior of the CloudFormation template (and to provide better backwards compatibility), this property would be false by default (not specified in the CloudFormation template output at all). If the user specifies true, we would emit DeletionProtection: true in the produced CloudFormation template.

Other

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@blimmer blimmer added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Mar 23, 2020
@blimmer
Copy link
Contributor Author

blimmer commented Mar 23, 2020

For those looking for a workaround in the meantime, you can set this parameter in CDK by accessing the CFN doc:

const cluster = new DatabaseCluster(/* params */);
const cfn = cluster.node.defaultChild as CfnDBCluster;
cfn.deletionProtection = true;

@SomayaB SomayaB added the @aws-cdk/aws-rds Related to Amazon Relational Database label Mar 25, 2020
@nija-at nija-at added effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Mar 26, 2020
@skinny85 skinny85 added this to the RDS to 'stable' milestone Jul 8, 2020
@nija-at nija-at assigned skinny85 and unassigned nija-at Jul 14, 2020
@wswoodruff
Copy link

Does deletionProtection default to true for you now? It does when I create a DatabaseInstance — discussion on secure defaults on this thread #5282

@skinny85
Copy link
Contributor

skinny85 commented Aug 5, 2020

Does deletionProtection default to true for you now? It does when I create a DatabaseInstance — discussion on secure defaults on this thread #5282

It does default to true for Instance. It's not currently surfaced for Cluster, and thus defaults to false for it.

njlynch added a commit that referenced this issue Aug 20, 2020
@njlynch
feat(rds): deletion protection for RDS cluster
c9fa07c 
Enable setting deletionProtection for a DatabaseCluster.

Note - Marking as 'exempt-readme' as I don't think this is big enough to merit
a README change.

fixes #6944
@njlynch njlynch mentioned this issue Aug 20, 2020
Merged
@SomayaB SomayaB added the in-progress This issue is being actively worked on. label Aug 20, 2020
@jonny-rimek jonny-rimek mentioned this issue Aug 22, 2020
Closed
@mergify mergify bot closed this as completed in #9871 Aug 24, 2020
mergify bot pushed a commit that referenced this issue Aug 24, 2020
@njlynch
feat(rds): deletion protection for RDS cluster (#9871)
ef98b9f 
Enable setting deletionProtection for a DatabaseCluster.

Note - Marking as 'exempt-readme' as I don't think this is big enough to merit
a README change. Feel free to disagree.

fixes #6944

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@skinny85 skinny85

Labels
@aws-cdk/aws-rds Related to Amazon Relational Database effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. in-progress This issue is being actively worked on.
Projects
None yet
Milestone
[GA] RDS
Development

Successfully merging a pull request may close this issue.

feat(rds): deletion protection for RDS cluster aws/aws-cdk
5 participants
@skinny85 @blimmer @wswoodruff @nija-at @SomayaB