-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(rds): Add AWS RDS cluster transport encryption check #4004
feat(rds): Add AWS RDS cluster transport encryption check #4004
Conversation
@@ -14,7 +14,7 @@ def __init__(self, provider): | |||
# Call AWSService's __init__ | |||
super().__init__(__class__.__name__, provider) | |||
self.db_instances = [] | |||
self.db_clusters = {} | |||
self.db_clusters = [] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to be kept as a dict using the cluster ARN as key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed this to a list so that it would match self.db_instances and could use similar parameter group code. I can switch this back to a dict if required or if it would cause breaking changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We must use maps to store objects using the ARN as key for faster retrievals.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ahh I understand. Im going to close this PR and redo it entirely. Thank you @jfagoagas for the guidance.
) | ||
# We must use a unique value as the dict key to have unique keys | ||
db_cluster = [] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why this?
multi_az=cluster["MultiAZ"], | ||
region=regional_client.region, | ||
tags=cluster.get("TagList", []), | ||
self.db_clusters.append( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to be kept as it was.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Switched to more closely match db_instances. Can switch it back and rework the PR if this is required.
@madereddy are you planning to re-do the PR? |
Yes I will redo it after the other certificate PR has been merged. |
@madereddy I have merged the other PR! |
I will start working on the update commit now |
Context
Add additional RDS cluster transport level encryption logic for supported RDS versions:
Description
Added checks for MySQL, MariaDB, PostgreSQL, Aurora PostgreSQL, and Aurora MySQL DB clusters.
Had to modify rds_instance_deletion_protection check and test as well to deal the modification to the db_clusters which allows the parameters to be read.
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.