-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(aws-docdb): setting up cluster with retention policy == snapshot breaks internal security group #28773
Comments
Huh...funny enough the problem is around DocDB. I guess it's my bad on that part. However, I would still bring up to discussion a part where removal policy of group is set via escape hatch |
Yes I think we should fix here to avoid this error. aws-cdk/packages/aws-cdk-lib/aws-docdb/lib/cluster.ts Lines 423 to 427 in 45b8398
|
Would it work to jest get rid of escape hatch? |
@pahud would you mind checking on the linked PR from @lpizzinidev.
In short, there's a bit of a pickle between @lpizzinidev and myself :-) questioning the design of downgrading policies without explicit intention of a user/caller that creates given L2 construct. |
Adds support for `removalPolicy: RemovalPolicy.SNAPSHOT` for DocumentDB clusters as specified in the [documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html). To allow users to specify custom policies for the cluster's instances and security group the following properties have been added: * `instanceRemovalPolicy` * `securityGroupRemovalPolicy` Closes #28773. Closes #28861 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Describe the bug
Setting up a cluster with
removalPolicy: cdk.RemovalPolicy.SNAPSHOT
fails to synth becauseec2.SecurityGroup
does not supoort saidRemovalPolicy
Expected Behavior
cdk synth
executed correctly.Current Behavior
cdk synth
fails withError: AWS::EC2::SecurityGroup does not support snapshot removal policy
Reproduction Steps
Possible Solution
Personally I prefer the 2nd idea, because setting a retention policy inside Construct does seem to be a bit of an odd idea.
I think setting up one with CDK defaults make more sense and if user wants to change the default it can always create a security group before hand and pass it as
prop
Additional Information/Context
No response
CDK CLI Version
2.121.1
Framework Version
No response
Node.js Version
20.8
OS
MacOS sierra
Language
TypeScript
Language Version
5.3
Other information
No response
The text was updated successfully, but these errors were encountered: