CDK construct to periodically take snapshots of RDS databases, sanitize them, and share with selected accounts.

Related tags

Learning resource aws snapshot rds cdk
Overview

CDK Construct for RDS Sanitized Snapshots

NPM PyPI Maven Central Go Nuget Release License

Periodically take snapshots of RDS databases, sanitize them, and share with selected accounts.

Use this to automate your development and/or QA database creation, instead of forcing them to use a database that was created last year and was kind of kept in shape by random acts of kindness. Developers and QA love real data and this lets you create non-production databases with sanitized production data. Use the sanitization step to delete passwords, remove credit card numbers, eliminate PII, etc.

See Constructs Hub for installation instructions and API in all supported languages.

Overview

Architecture diagram

This project supplies a CDK construct that sets up a step function and a timer to execute this function. The function will create a sanitized snapshot of a given database and share it with configured accounts. Those accounts can then create new databases from those snapshots.

The step function does the following to create the snapshot:

  1. Get a snapshot of the given database by either:
    • Finding the latest snapshot for the given database
    • Creating and waiting for a new fresh snapshot
  2. Re-encrypt snapshot if KMS key is supplied
  3. Create a temporary database from the snapshot
  4. Wait for the database to be ready
  5. Reset the master password on the temporary database to a random password
  6. Wait for the password to be set
  7. Use a Fargate task to connect to the temporary database and run configured SQL statements to sanitize the data
  8. Take a snapshot of the temporary database
  9. Optionally share the snapshot with other accounts (if you have separate accounts for developers/QA)
  10. Delete temporary database and snapshot

Usage

  1. Confirm you're using CDK v2
  2. Install the appropriate package
    1. Python 
      pip install cloudsnorkel.cdk-rds-sanitized-snapshots
    2. TypeScript or JavaScript 
      npm i @cloudsnorkel/cdk-rds-sanitized-snapshots
    3. Java 
      <dependency>
<groupId>com.cloudsnorkel</groupId>
<artifactId>cdk.rds.sanitized-snapshots</artifactId>
</dependency>
    4. Go 
      go get github.com/CloudSnorkel/cdk-rds-sanitized-snapshots-go/cloudsnorkelcdkrdssanitizedsnapshots
    5. .NET 
      dotnet add package CloudSnorkel.Cdk.Rds.SanitizedSnapshots
  3. Use RdsSanitizedSnapshotter construct in your code (starting with default arguments is fine)

Code Sample

let vpc: ec2.Vpc;
let databaseInstance: rds.DatabaseInstance;

new RdsSanitizedSnapshotter(this, 'Snapshotter', {
  vpc: vpc,
  databaseInstance: databaseInstance,
  script: 'USE mydb; UPDATE users SET ssn = \'0000000000\'',
})

Encryption

The new snapshot will be encrypted with the same key used by the original database. If the original database wasn't encrypted, the snapshot won't be encrypted either. To add another step that changes the key, use the KMS key parameter.

See AWS documentation for instructions on giving other accounts access to the key.

Troubleshooting

  • Check the status of the state machine for the step function. Click on the failed step and check out the input, output and exception.

Testing

npm run bundle && npm run integ:default:deploy
You might also like...

This is the team project of construct week unit-3 (js201)

This is the team project of construct week unit-3 (js201) I. Project's Title = Clone of Mytheresa.com (E-commerce website) II. Project Description =

Sep 28, 2022

Construct ANSI colors strings from object descriptors.

ansi-construct Construct ANSI colors strings from object descriptors. Usage import { ansi } from 'ansi-construct' const item = ansi({ text: 'foo', co

Sep 8, 2022

An open-development real-time strategy (RTS) game project made in Construct.

Command & Construct This is an open-development real-time strategy (RTS) game project made in Construct. Read more about it and follow along the devel

Dec 20, 2022

The Space Traveler's Hub is an application where users can check out availble space rockets and book them or cancel the previously made booking. Also users can find a list of current missions along with their brief description and can join the selected mission or leave the mission the user joined earlier.

Space-Travelers-Hub The Space Traveler's Hub is an application where users can check out available space rockets and book them or cancel the previousl

Sep 22, 2022

AdsPower supports Local API, which has functions like reading and writing account configuration information, opening and closing browsers, searching for accounts.

AdsPower supports Local API, which has functions like reading and writing account configuration information, opening and closing browsers, searching for accounts. Besides, it can cooperate with Selenium and Puppeteer to execute browser operations automatically.

Dec 1, 2022

A discord bot that generates Discord Nitro, Hulu accounts, Origin, spotify and VPNs!

A discord bot that generates Discord Nitro, Hulu accounts, Origin, spotify and VPNs!

Discord-Account-Generator-Bot A discord bot that generates Discord Nitro, Hulu accounts, Origin, spotify and VPNs! Tutorial Basically download the fil

Oct 4, 2022

Tool to automate making Reddit accounts, written in Node.

redgen Tool to automate making Reddit accounts, written in Node. installation & configuration NOTE: This program requires that you have a 2Captcha acc

Sep 1, 2022

Get follower count for Instagram, Twitter, TikTok, Youtube accounts

💛 You can help the author become a full-time open-source maintainer by sponsoring him on GitHub. follower-count Install npm i follower-count Example

Dec 16, 2022

ReconCLI for YNAB - a CLI for quickly reconciling YNAB accounts

ReconCLI for YNAB ReconCLI for YNAB - a CLI for quickly reconciling YNAB accounts Features Quickly reconcile your YNAB accounts from a terminal Clear

Dec 16, 2022
Comments
  • Existing snapshots

    Existing snapshots

    Add an option to use the latest existing snapshot instead of taking a new one. Can be useful for big databases where snapshotting takes a long time and there is already an automated snapshot process like the system one.

    opened by kichik 0
Releases(v0.0.3)
Owner
CloudSnorkel
We do cool AWS stuff and way too much CloudFormation
CloudSnorkel
GitHub https://constructs.dev/packages/@cloudsnorkel/cdk-rds-sanitized-snapshots
This project provides a CDK construct creating AWS organizations.

AWS Organizations This project provides a CDK construct creating AWS organizations. Currently, there is no @aws-cdk/aws-organizations available. See t

Pepperize 107 Dec 29, 2022
A simple to do list webpage where you can log the daily tasks you have to do, mark them as checked, modify them, reorder them and remove them. Made using HTML, CSS and JavaScript.

To-Do-List This Webpage is for an app called To-Do-List which helps you add, remove or check tasks you have to do. It is a simple web page which conta

Zeeshan Haider 9 Mar 12, 2022
API and CLI tool to fetch and query Chome DevTools heap snapshots.

Puppeteer Heap Snapshot Capture heap snapshots and query the snapshot for objects matching a set of properties. Read more about it in this blog post.

Adrian Cooney 858 Jan 3, 2023
A TypeScript library for creating dependency snapshots.

Dependency Submission Toolkit @github/dependency-submission-toolkit is a TypeScript library for creating dependency snapshots and submitting them to t

GitHub 19 Nov 22, 2022
On-chain snapshots of the whole blockchain state

?? Snapshop ?? Snapshop is a tool for creating on-chain snapshots of the whole blockchain state. It lets your smart contracts read the storage of any

Igor Żuk 56 Sep 26, 2022
Easy and simple way to share data via mobile’s built-in share module.

React-Mobile-Share Provides an easy and simple way to share data (such as text, url and media) via mobile’s built-in share module. It is based on Web

EncoreSky Technologies 36 Dec 28, 2022
This is a Webpack based to-do-list project. With this app, users can add thier daily routine tasks to the list, mark them as complet, edit them or delete them.

To Do List This is a Webpack based to-do-list project. With this app, users can add thier daily routine tasks to the list, mark them as complet, edit

Ali Aqa Atayee 12 Oct 30, 2022
Harassment Manager is a web application that aims to empower users to document and take action on abuse targeted at them on online platforms.

Harassment Manager Online abuse and harassment silence important voices in conversation, forcing already marginalized people offline. Harassment Manag

Conversation AI 71 Dec 6, 2022
Automatically construct and visualize Graphs generated from your Node.js project

cyclops is a minimalist developer tool that can be used to generate directed graphs from your Node.js project. It can automatically detect circular de

Antoine Coulon 74 Jan 5, 2023
Automatically construct, traverse and visualize graphs generated from your Node.js project

skott is a minimalist developer tool that can be used to efficiently generate directed graphs from your JavaScript/Node.js project. It can automatical

Antoine Coulon 57 Dec 21, 2022