Skip to content

Commit 1b17602

Browse files
jillrjillr
committed
Add permissions and terminator for rds global cluster
1 parent 3e3591b commit 1b17602

File tree

2 files changed

+38
-2
lines changed

2 files changed

+38
-2
lines changed

aws/policy/data-services.yaml

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ Statement:
1515
- glue:DeleteConnection
1616
- glue:UpdateConnection
1717
- glue:GetConnections
18-
- rds:DescribeDB*
18+
- rds:Describe*
1919
- rds:List*
2020
Resource: "*"
2121
- Sid: AllowGlobalResourceRestrictedActionsWhichIncurNoFees
@@ -76,6 +76,7 @@ Statement:
7676
- rds:CreateDBClusterParameterGroup
7777
- rds:CreateDBSubnetGroup
7878
- rds:DeleteDBCluster
79+
- rds:DeleteGlobalCluster
7980
- rds:DeleteDBParameterGroup
8081
- rds:DeleteDBClusterParameterGroup
8182
- rds:DeleteDBSubnetGroup
@@ -99,7 +100,6 @@ Statement:
99100
- rds:ModifyDBClusterParameterGroup
100101
- rds:ModifyDBSubnetGroup
101102
- rds:RemoveTagsFromResource
102-
- rds:DescribeOptionGroups
103103
- rds:CreateOptionGroup
104104
- rds:ModifyOptionGroup
105105
- rds:DeleteOptionGroup
@@ -129,6 +129,7 @@ Statement:
129129
- 'arn:aws:redshift:{{ aws_region }}:{{ aws_account_id }}:subnetgroup:*'
130130
- 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:subgrp:*'
131131
- 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:cluster:*'
132+
- 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:global-cluster:*'
132133
- 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:db:*'
133134
- 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:pg:*'
134135
- 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:cluster-pg:*'
@@ -185,3 +186,8 @@ Statement:
185186
- kafka:UpdateConfiguration
186187
- kafka:UpdateMonitoring
187188
Resource: "*"
189+
- Sid: Global RDS
190+
Effect: Allow
191+
Action:
192+
- rds:CreateGlobalCluster
193+
Resource: "*"

aws/terminator/data_services.py

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -393,3 +393,33 @@ def age_limit(self):
393393

394394
def terminate(self):
395395
self.client.delete_cluster(ClusterArn=self.id)
396+
397+
398+
class RdsGlobalCluster(DbTerminator):
399+
@staticmethod
400+
def create(credentials):
401+
return Terminator._create(credentials, RdsDbCluster, 'rds', lambda client: client.describe_global_clusters()['GlobalClusters'])
402+
403+
@property
404+
def id(self):
405+
return self.instance['GlobalClusterArn']
406+
407+
@property
408+
def name(self):
409+
return self.instance['GlobalClusterIdentifier']
410+
411+
@property
412+
def age_limit(self):
413+
return datetime.timedelta(minutes=60)
414+
415+
@property
416+
def members(self):
417+
return self.instance['GlobalClusterMembers']
418+
419+
def terminate(self):
420+
# The primary and secondary clusters must already be detached or destroyed first.
421+
for db in self.members:
422+
self.client.remove_from_global_cluster(GlobalClusterIdentifier=self.id, DbClusterIdentifier=[db['DBClusterArn']
423+
424+
self.client.modify_global_cluster(GlobalClusterIdentifier=self.name, DeletionProtection=False)
425+
self.client.delete_global_cluster(GlobalClusterIdentifier=self.name)

0 commit comments

Comments
 (0)