长期使用 rds.DatabaseInstanceFromSnapshot 安全吗?
Is it safe to use rds.DatabaseInstanceFromSnapshot long term?
将数据库保存在 CDK 中是否安全
this.database = new rds.DatabaseInstanceFromSnapshot(this, 'name', {...})
我担心将来某个时候数据库可能会被意外删除。最近发生了一起事件,我们在没有检查差异的情况下检查了错误的提交和 运行 cdk deploy。如果我们不阻止它,它就会删除数据库。将数据库配置移动到:
对我来说感觉更安全
this.database = rds.DatabaseInstanceBase.fromDatabaseInstanceAttributes(this, 'backendAPIDatabase', {
但是,这种方法的缺点是,如果我运行 cdk deploy,它要删除最初创建的数据库子网组和参数组。
默认情况下,当使用 rds.DatabaseInstanceFromSnapshot
时,DeletionPolicy
设置为 Retain
:
AWS CloudFormation keeps the resource without deleting the resource or its contents when its stack is deleted.
此外,UpdateReplacePolicy
也设置为Retain
:
Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation.
最后,deletion protection 也默认启用。这可以防止通过控制台、CLI 或 API:
意外删除
You can only delete instances that don't have deletion protection enabled.
见代码applyRemovalPolicy
and deletionProtection
。
将数据库保存在 CDK 中是否安全
this.database = new rds.DatabaseInstanceFromSnapshot(this, 'name', {...})
我担心将来某个时候数据库可能会被意外删除。最近发生了一起事件,我们在没有检查差异的情况下检查了错误的提交和 运行 cdk deploy。如果我们不阻止它,它就会删除数据库。将数据库配置移动到:
对我来说感觉更安全this.database = rds.DatabaseInstanceBase.fromDatabaseInstanceAttributes(this, 'backendAPIDatabase', {
但是,这种方法的缺点是,如果我运行 cdk deploy,它要删除最初创建的数据库子网组和参数组。
默认情况下,当使用 rds.DatabaseInstanceFromSnapshot
时,DeletionPolicy
设置为 Retain
:
AWS CloudFormation keeps the resource without deleting the resource or its contents when its stack is deleted.
此外,UpdateReplacePolicy
也设置为Retain
:
Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation.
最后,deletion protection 也默认启用。这可以防止通过控制台、CLI 或 API:
意外删除You can only delete instances that don't have deletion protection enabled.
见代码applyRemovalPolicy
and deletionProtection
。