Skip to content

Commit d1fe59e

Browse files
ahammondahammond
authored
fix: retain SG ingress / egress [INFRA-82505] (#138)
1 parent e43884f commit d1fe59e

File tree

2 files changed

+7
-9
lines changed

2 files changed

+7
-9
lines changed

src/aurora.ts

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -51,25 +51,24 @@ class ApplyRemovalPolicyAspect implements IAspect {
5151

5252
const resourceType = node.cfnResourceType;
5353

54-
// Infrastructure resources to RETAIN
5554
const retainedTypes = [
5655
'AWS::KMS::Key',
5756
'AWS::RDS::DBCluster',
5857
'AWS::RDS::DBInstance',
5958
'AWS::RDS::DBClusterParameterGroup',
6059
'AWS::RDS::DBSubnetGroup',
6160
'AWS::EC2::SecurityGroup',
61+
'AWS::EC2::SecurityGroupEgress',
62+
'AWS::EC2::SecurityGroupIngress',
6263
'AWS::SecretsManager::Secret',
6364
];
6465

65-
// Ephemeral resources to DESTROY
6666
const destroyedTypes = [
6767
'AWS::CDK::Metadata',
68-
'AWS::CloudFormation::Stack', // Nested stacks
68+
'AWS::CloudFormation::Stack',
6969
'AWS::Lambda::Function',
7070
'AWS::IAM::Role',
7171
'AWS::IAM::Policy',
72-
'AWS::EC2::SecurityGroupIngress',
7372
'AWS::SecretsManager::ResourcePolicy',
7473
'AWS::SecretsManager::RotationSchedule',
7574
'AWS::SecretsManager::SecretTargetAttachment',

test/aurora.test.ts

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -148,27 +148,25 @@ describe('Aurora', () => {
148148
template.hasResourceProperties('AWS::RDS::DBProxy', { DBProxyName: 'Test' });
149149
});
150150
it('removalPolicy defaults to RETAIN for infrastructure resources', () => {
151-
// Get all resources from the template
152151
const templateJson = template.toJSON();
153152
const resources = templateJson.Resources || {};
154153

155-
// Check infrastructure resource types that should be retained
156154
const infrastructureTypes = [
157155
'AWS::RDS::DBCluster',
158156
'AWS::RDS::DBInstance',
159157
'AWS::SecretsManager::Secret',
160158
'AWS::RDS::DBClusterParameterGroup',
161159
'AWS::EC2::SecurityGroup',
160+
'AWS::EC2::SecurityGroupEgress',
161+
'AWS::EC2::SecurityGroupIngress',
162162
];
163163

164164
const infrastructureResources = Object.entries(resources).filter(([_, resource]: [string, any]) =>
165165
infrastructureTypes.includes(resource.Type),
166166
);
167167

168-
// Verify we found some infrastructure resources
169168
expect(infrastructureResources.length).toBeGreaterThan(0);
170169

171-
// Check that these resources have DeletionPolicy: Retain by default
172170
infrastructureResources.forEach(([, resource]: [string, any]) => {
173171
expect(resource.DeletionPolicy).toBe('Retain');
174172
});
@@ -466,13 +464,14 @@ describe('Aurora', () => {
466464
const templateJson = template.toJSON();
467465
const resources = templateJson.Resources || {};
468466

469-
// Infrastructure resources that should be RETAINED
470467
const infrastructureTypes = [
471468
'AWS::RDS::DBCluster',
472469
'AWS::RDS::DBInstance',
473470
'AWS::RDS::DBClusterParameterGroup',
474471
'AWS::RDS::DBSubnetGroup',
475472
'AWS::EC2::SecurityGroup',
473+
'AWS::EC2::SecurityGroupEgress',
474+
'AWS::EC2::SecurityGroupIngress',
476475
'AWS::SecretsManager::Secret',
477476
];
478477

0 commit comments

Comments
 (0)