From 2da0508f64c3fb9612f93ab0b8243d4c3437d6e0 Mon Sep 17 00:00:00 2001 From: Jon Loinaz Date: Fri, 20 Dec 2024 11:25:21 +0100 Subject: [PATCH 1/4] upgrade python version --- apigw-http-api-lambda-rds-proxy/template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apigw-http-api-lambda-rds-proxy/template.yaml b/apigw-http-api-lambda-rds-proxy/template.yaml index 309c2bcdb..ad450133b 100644 --- a/apigw-http-api-lambda-rds-proxy/template.yaml +++ b/apigw-http-api-lambda-rds-proxy/template.yaml @@ -31,7 +31,7 @@ Parameters: Globals: Function: CodeUri: ./src - Runtime: python3.9 + Runtime: python3.13 MemorySize: 128 Timeout: 30 From df63f6d67102eb4e11dff8ace09584d8448076a4 Mon Sep 17 00:00:00 2001 From: Jon Loinaz Date: Fri, 20 Dec 2024 11:30:37 +0100 Subject: [PATCH 2/4] fix formatting of template version --- apigw-http-api-lambda-rds-proxy/template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apigw-http-api-lambda-rds-proxy/template.yaml b/apigw-http-api-lambda-rds-proxy/template.yaml index ad450133b..b869d1fb0 100644 --- a/apigw-http-api-lambda-rds-proxy/template.yaml +++ b/apigw-http-api-lambda-rds-proxy/template.yaml @@ -1,4 +1,4 @@ -AWSTemplateFormatVersion: '2010-09-09' +AWSTemplateFormatVersion: 2010-09-09 Transform: AWS::Serverless-2016-10-31 Description: > (uksb-1tthgi812) (tag:apigw-http-api-lambda-rds-proxy) From 78d7e5a04d17bd1025c5d30e33e71e4294b6150d Mon Sep 17 00:00:00 2001 From: Jon Loinaz Date: Fri, 20 Dec 2024 11:31:20 +0100 Subject: [PATCH 3/4] - upgrade cluster to newer lts of mysql. - use cheaper and graviton instance type by default. --- .../template-rds-proxy.yaml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/apigw-http-api-lambda-rds-proxy/template-rds-proxy.yaml b/apigw-http-api-lambda-rds-proxy/template-rds-proxy.yaml index 997a8164c..3f8c1e3d9 100644 --- a/apigw-http-api-lambda-rds-proxy/template-rds-proxy.yaml +++ b/apigw-http-api-lambda-rds-proxy/template-rds-proxy.yaml @@ -13,11 +13,11 @@ Mappings: ClusterSettings: global: dbSchema: mylab - dbVersion: 5.7.mysql_aurora.2.11.2 + dbVersion: 8.0.mysql_aurora.3.04.0 dbEngine: aurora-mysql - dbFamily: aurora-mysql5.7 + dbFamily: aurora-mysql8.0 port: 3306 - nodeType: db.r5.large + nodeType: db.t4g.medium Resources: # VPC for creating database and proxy @@ -199,6 +199,7 @@ Resources: dbNode1: Type: "AWS::RDS::DBInstance" Properties: + DeletionProtection: false DBClusterIdentifier: !Ref dbCluster DBInstanceIdentifier: !Sub "${AWS::StackName}-mysql-node-1" CopyTagsToSnapshot: true @@ -210,8 +211,10 @@ Resources: PubliclyAccessible: false EnablePerformanceInsights: true PerformanceInsightsRetentionPeriod: 7 + StorageEncrypted: true Tags: - Key: Name + Value: !Sub "${AWS::StackName}-mysql-node-1" # Reader node instance for RDS Aurora Cluster @@ -228,6 +231,8 @@ Resources: MonitoringRoleArn: !GetAtt roleEnhancedMonitoring.Arn PubliclyAccessible: false EnablePerformanceInsights: true + DeletionProtection: false + StorageEncrypted: true PerformanceInsightsRetentionPeriod: 7 Tags: - Key: Name From 2f629d52f90405dca820f184237622eb809e7034 Mon Sep 17 00:00:00 2001 From: Jon Loinaz Date: Fri, 20 Dec 2024 11:44:49 +0100 Subject: [PATCH 4/4] deletion protection set at cluster level --- apigw-http-api-lambda-rds-proxy/template-rds-proxy.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/apigw-http-api-lambda-rds-proxy/template-rds-proxy.yaml b/apigw-http-api-lambda-rds-proxy/template-rds-proxy.yaml index 3f8c1e3d9..541980236 100644 --- a/apigw-http-api-lambda-rds-proxy/template-rds-proxy.yaml +++ b/apigw-http-api-lambda-rds-proxy/template-rds-proxy.yaml @@ -191,6 +191,7 @@ Resources: EnableCloudwatchLogsExports: [ error, slowquery ] BacktrackWindow: 86400 EnableIAMDatabaseAuthentication: true + DeletionProtection: false Tags: - Key: Name Value: !Sub "${AWS::StackName}-mysql-cluster" @@ -199,7 +200,6 @@ Resources: dbNode1: Type: "AWS::RDS::DBInstance" Properties: - DeletionProtection: false DBClusterIdentifier: !Ref dbCluster DBInstanceIdentifier: !Sub "${AWS::StackName}-mysql-node-1" CopyTagsToSnapshot: true @@ -231,7 +231,6 @@ Resources: MonitoringRoleArn: !GetAtt roleEnhancedMonitoring.Arn PubliclyAccessible: false EnablePerformanceInsights: true - DeletionProtection: false StorageEncrypted: true PerformanceInsightsRetentionPeriod: 7 Tags: