Skip to content

Latest commit

 

History

History
389 lines (235 loc) · 15.3 KB

API.md

File metadata and controls

389 lines (235 loc) · 15.3 KB

API Reference

Constructs

RdsSanitizedSnapshotter

A process to create sanitized snapshots of RDS instance or cluster, optionally on a schedule.

The process is handled by a step function.

  1. Snapshot the source database
  2. Optionally re-encrypt the snapshot with a different key in case you want to share it with an account that doesn't have access to the original key
  3. Create a temporary database
  4. Run a Fargate task to connect to the temporary database and execute an arbitrary SQL script to sanitize it
  5. Snapshot the sanitized database
  6. Clean-up temporary snapshots and databases

Initializers 

import { RdsSanitizedSnapshotter } from '@cloudsnorkel/cdk-rds-sanitized-snapshots'

new RdsSanitizedSnapshotter(scope: Construct, id: string, props: IRdsSanitizedSnapshotter)
Name Type Description
scope constructs.Construct No description.
id string No description.
props IRdsSanitizedSnapshotter No description.
scopeRequired
  • Type: constructs.Construct
idRequired
  • Type: string
propsRequired

Methods

Name Description
toString Returns a string representation of this construct.
toString 
public toString(): string

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.
isConstruct 
import { RdsSanitizedSnapshotter } from '@cloudsnorkel/cdk-rds-sanitized-snapshots'

RdsSanitizedSnapshotter.isConstruct(x: any)

Checks if x is a construct.

xRequired
  • Type: any

Any object.

Properties

Name Type Description
node constructs.Node The tree node.
props IRdsSanitizedSnapshotter No description.
snapshotter aws-cdk-lib.aws_stepfunctions.StateMachine Step function in charge of the entire process including snapshotting, sanitizing, and cleanup.
nodeRequired 
public readonly node: Node;
  • Type: constructs.Node

The tree node.

propsRequired 
public readonly props: IRdsSanitizedSnapshotter;
snapshotterRequired 
public readonly snapshotter: StateMachine;
  • Type: aws-cdk-lib.aws_stepfunctions.StateMachine

Step function in charge of the entire process including snapshotting, sanitizing, and cleanup.

Trigger this step function to get a new snapshot.

Protocols

IRdsSanitizedSnapshotter

Properties

Name Type Description
script string SQL script used to sanitize the database. It will be executed against the temporary database.
vpc aws-cdk-lib.aws_ec2.IVpc VPC where temporary database and sanitizing task will be created.
databaseCluster aws-cdk-lib.aws_rds.IDatabaseCluster Database cluster to snapshot and sanitize.
databaseInstance aws-cdk-lib.aws_rds.IDatabaseInstance Database instance to snapshot and sanitize.
databaseKey aws-cdk-lib.aws_kms.IKey KMS key used to encrypt original database, if any.
databaseName string Name of database to connect to inside the RDS cluster or instance.
dbSubnets aws-cdk-lib.aws_ec2.SubnetSelection VPC subnets to use for temporary databases.
fargateCluster aws-cdk-lib.aws_ecs.ICluster Cluster where sanitization task will be executed.
sanitizeSubnets aws-cdk-lib.aws_ec2.SubnetSelection VPC subnets to use for sanitization task.
schedule aws-cdk-lib.aws_events.Schedule The schedule or rate (frequency) that determines when the sanitized snapshot runs automatically.
shareAccounts string[] List of accounts the sanitized snapshot should be shared with.
snapshotHistoryLimit number Limit the number of snapshot history.
snapshotKey aws-cdk-lib.aws_kms.IKey Optional KMS key to encrypt target snapshot.
snapshotPrefix string Prefix for sanitized snapshot name.
tempPrefix string Prefix for all temporary snapshots and databases.
useExistingSnapshot boolean Use the latest available snapshot instead of taking a new one.
scriptRequired 
public readonly script: string;
  • Type: string

SQL script used to sanitize the database. It will be executed against the temporary database.

You would usually want to start this with USE mydatabase;.

vpcRequired 
public readonly vpc: IVpc;
  • Type: aws-cdk-lib.aws_ec2.IVpc

VPC where temporary database and sanitizing task will be created.

databaseClusterOptional 
public readonly databaseCluster: IDatabaseCluster;
  • Type: aws-cdk-lib.aws_rds.IDatabaseCluster

Database cluster to snapshot and sanitize.

Only one of databaseCluster and databaseInstance can be specified.

databaseInstanceOptional 
public readonly databaseInstance: IDatabaseInstance;
  • Type: aws-cdk-lib.aws_rds.IDatabaseInstance

Database instance to snapshot and sanitize.

Only one of databaseCluster and databaseInstance can be specified.

databaseKeyOptional 
public readonly databaseKey: IKey;
  • Type: aws-cdk-lib.aws_kms.IKey

KMS key used to encrypt original database, if any.

databaseNameOptional 
public readonly databaseName: string;
  • Type: string
  • Default: 'postgres' for PostgreSQL and not set for MySQL

Name of database to connect to inside the RDS cluster or instance.

This database will be used to execute the SQL script.

dbSubnetsOptional 
public readonly dbSubnets: SubnetSelection;
  • Type: aws-cdk-lib.aws_ec2.SubnetSelection
  • Default: ec2.SubnetType.PRIVATE_ISOLATED

VPC subnets to use for temporary databases.

fargateClusterOptional 
public readonly fargateCluster: ICluster;
  • Type: aws-cdk-lib.aws_ecs.ICluster
  • Default: a new cluster running on given VPC

Cluster where sanitization task will be executed.

sanitizeSubnetsOptional 
public readonly sanitizeSubnets: SubnetSelection;
  • Type: aws-cdk-lib.aws_ec2.SubnetSelection
  • Default: ec2.SubnetType.PRIVATE_WITH_EGRESS

VPC subnets to use for sanitization task.

scheduleOptional 
public readonly schedule: Schedule;
  • Type: aws-cdk-lib.aws_events.Schedule

The schedule or rate (frequency) that determines when the sanitized snapshot runs automatically.

shareAccountsOptional 
public readonly shareAccounts: string[];
  • Type: string[]

List of accounts the sanitized snapshot should be shared with.

snapshotHistoryLimitOptional 
public readonly snapshotHistoryLimit: number;
  • Type: number

Limit the number of snapshot history.

Set this to delete old snapshots and only leave a certain number of snapshots.

snapshotKeyOptional 
public readonly snapshotKey: IKey;
  • Type: aws-cdk-lib.aws_kms.IKey

Optional KMS key to encrypt target snapshot.

snapshotPrefixOptional 
public readonly snapshotPrefix: string;
  • Type: string
  • Default: cluster identifier (which might be too long)

Prefix for sanitized snapshot name.

The current date and time will be added to it.

tempPrefixOptional 
public readonly tempPrefix: string;
  • Type: string
  • Default: 'sanitize'

Prefix for all temporary snapshots and databases.

The step function execution id will be added to it.

useExistingSnapshotOptional 
public readonly useExistingSnapshot: boolean;
  • Type: boolean
  • Default: false

Use the latest available snapshot instead of taking a new one.

This can be used to shorten the process at the cost of using a possibly older snapshot.

This will use the latest snapshot whether it's an automatic system snapshot or a manual snapshot.