-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(aws-rds): Can't destroy a stack with a database that has removalPolicy
property set to RemovalPolicy.RETAIN
#22141
Comments
It looks like The solution is to set the defaultChild in both the bindToCluster and bindToInstance methods i.e. this.node.defaultChild = this.clusterCfnGroup; |
@corymhall Thank you for you quick response. But I don't think that this solution will work because:
How about the following solution?:
So, what do you think? |
Looks good to me! |
Hi @corymhall @maxd does this issue still exist? I'm happy to pick it up if so as I have encountered the same in my project. |
I suppose it still exists. |
It would be great to have this fixed. |
I experience the same behavior even when the database has a My only solution has been to manually update the database to use a default parameter group and delete the one to be cleaned up. |
…28660) > Can't destroy a stack that includes a rds database and rds parameter group where the database has removalPolicy property set to RemovalPolicy.RETAIN ### The following is the current behaviour: ``` const parameterGroup = new ParameterGroup(this, 'ParameterGroup', { ... } const database = new DatabaseInstance(this, 'DatabaseInstance', { parameterGroup: parameterGroup, removalPolicy: RemovalPolicy.RETAIN, ... }) ``` When destroying the stack ``` When I destroy this stack I see the following errors: 2:04:24 PM | DELETE_FAILED | AWS::RDS::DBParameterGroup | ParameterGroup5E32DECB One or more database instances are still members of this parameter group xxx-database-parametergroup5e32decb-daetrwpaqpgw, so the group cannot be deleted (Service: Rd s, Status Code: 400, Request ID: 389b18db-ea82-482b-a0e6-f64887da6f82) 2:19:21 PM | DELETE_FAILED | AWS::EC2::SecurityGroup | DatabaseInstanceSecurityGroup8BDF0112 resource sg-0bfc8aacb3d3e3d4a has a dependent object (Service: AmazonEC2; Status Code: 400; Error Code: DependencyViolation; Request ID: 1eac5393-83df-48cf-bd75-41f25abb04 7a; Proxy: null) ``` As pointed out in the issue linked below, we cannot simply use the clusterRds' or instanceRds' removal policy because the parameter group can be simultaneously binded to a cluster and an instance. ### New behaviour: Add an optional property `removalPolicy` to the L2 Parameter Group resource and set the deletion policy to the generated L1 Parameter Group (Either cluster or instance) depending on the usage. Added unit test and integration test to verify that it works as expected. Closes #22141 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Describe the bug
I have a stack that creates a database with parameters group:
As you can see the database has
removalPolicy
property set toRETAIN
because I want to leave the database after destroying this stack.When I destroy this stack I see the following errors:
As I understand the CF leaves the database but tries to destroy
ParameterGroup
andSecurtyGroup
. I suppose this is the wrong behavior and CF should leave relatedParameterGroup
andSecurityGroup
too.I can create a custom
SecurityGroup
and change it remove policy use theapplyRemovalPolicy
method:BUT I can't change the removal policy for a
ParameterGroup
in the same way becauseparameterGroup.applyRemovalPolicy(RemovalPolicy.RETAIN)
raises the following error:Expected Behavior
I can destroy a stack with a database that has
removalPolicy
property set toRemovalPolicy.RETAIN
and has a relation to a parameter and security groups.Current Behavior
The CF leaves the database but tries to destroy the related parameter group and security group and fails with the errors:
Reproduction Steps
Possible Solution
I suppose:
DatabaseInstance
andDatabaseInstanceFromSnapshot
constructs should propagate the removal policy to the related parameters and security groups.ParametersGroup#applyRemovalPolicy
method should work and doesn't raise the error.Additional Information/Context
No response
CDK CLI Version
2.39.0 (build e36bfe5)
Framework Version
No response
Node.js Version
v16.15.1
OS
macOS 12.4 (21F79)
Language
Typescript
Language Version
4.7.4
Other information
Looks like the #20649 issue is similar to this.
The text was updated successfully, but these errors were encountered: