aws · jadamariano · Feb 9, 2024 · Feb 9, 2024 · Feb 9, 2024 · Feb 12, 2024
diff --git a/packages/aws-cdk-lib/aws-docdb/lib/cluster.ts b/packages/aws-cdk-lib/aws-docdb/lib/cluster.ts
@@ -410,6 +410,9 @@ export class DatabaseCluster extends DatabaseClusterBase {
       dbSubnetGroupDescription: `Subnets for ${id} database`,
       subnetIds,
     });
+    if (props.removalPolicy === RemovalPolicy.RETAIN) {
+      subnetGroup.applyRemovalPolicy(RemovalPolicy.RETAIN);
+    }
 
     // Create the security group for the DB cluster
     let securityGroup: ec2.ISecurityGroup;

diff --git a/packages/aws-cdk-lib/aws-docdb/test/cluster.test.ts b/packages/aws-cdk-lib/aws-docdb/test/cluster.test.ts
@@ -240,6 +240,26 @@ describe('DatabaseCluster', () => {
     });
   });
 
+  test('cluster with retain policy applies retain policy to DBSubnetGroup', () => {
+    // GIVEN
+    const stack = testStack();
+    const vpc = new ec2.Vpc(stack, 'VPC');
+
+    // WHEN
+    new DatabaseCluster(stack, 'Database', {
+      masterUser: { username: 'admin' },
+      instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL),
+      vpc,
+      removalPolicy: cdk.RemovalPolicy.RETAIN,
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResourceProperties('AWS::DocDB::DBSubnetGroup', {
+      DeletionPolicy: 'Retain',
+      UpdateReplacePolicy: 'Retain',
+    });
+  });
+
   test('creates a secret when master credentials are not specified', () => {
     // GIVEN
     const stack = testStack();