feat(appconfig): environment deletion protection #32737
Conversation
github-actions
bot
added
p2
distinguished-contributor
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #32737 +/- ##
=======================================
Coverage 81.52% 81.52%
=======================================
Files 222 222
Lines 13715 13715
Branches 2417 2417
=======================================
Hits 11181 11181
Misses 2254 2254
Partials 280 280
Flags with carried forward coverage won't be shown. Click here to find out more.
|
aws-cdk-automation
added
the
pr/needs-community-review
badmintoncryer
changed the title
badmintoncryer
changed the title
|
|
||
| You can enable [deletion protection](https://docs.aws.amazon.com/appconfig/latest/userguide/deletion-protection.html) on the environment by setting the `deletionProtection` property. | ||
|
|
||
| - ACCOUNT_DEFAULT: The default setting, which instructs AWS AppConfig to implement the deletion protection value specified in the UpdateAccountSettings API. |
There was a problem hiding this comment.
Very very nit:
| - ACCOUNT_DEFAULT: The default setting, which instructs AWS AppConfig to implement the deletion protection value specified in the UpdateAccountSettings API. | |
| - ACCOUNT_DEFAULT: The default setting, which instructs AWS AppConfig to implement the deletion protection value specified in the UpdateAccountSettings API. |
There was a problem hiding this comment.
I understand this sentence means the following, is that correct?
- Use account-level settings when ACCOUNT_DEFAULT is set.
- If users want to enable account-level deletion protection, they need to use the
UpdateAccountSettingsAPI via AWS CLI or another tool.
The current explanation seems to be taken from the docs, but I think an explanation like the one below would be clearer. What do you think?
The default setting, which uses account-level deletion protection. To configure account-level deletion protection, use the UpdateAccountSettings API.
|
|
||
| - ACCOUNT_DEFAULT: The default setting, which instructs AWS AppConfig to implement the deletion protection value specified in the UpdateAccountSettings API. | ||
| - APPLY: Instructs the deletion protection check to run, even if deletion protection is disabled at the account level. APPLY also forces the deletion protection check to run against resources created in the past hour, which are normally excluded from deletion protection checks. | ||
| - BYPASS: Instructs AWS AppConfig to bypass the deletion protection check and delete a configuration profile even if deletion protection would have otherwise prevented it. |
There was a problem hiding this comment.
Just to clarify, if deletion protection is applied to an environment, is the protected resource the environment itself or a configuration set?
I'm not sure if "configuration profile" is the correct term in this context.
| @@ -141,6 +141,32 @@ abstract class EnvironmentBase extends Resource implements IEnvironment, IExtens | |||
| } | |||
| } | |||
|
|
|||
| /** | |||
There was a problem hiding this comment.
In my understanding, this enum is required for the configuration profile.
Therefore, I think it would be better to separate this enum into another file (e.g., util.ts).
aws-cdk-automation
removed
the
pr/needs-community-review
|
@mazyu36 Thank you very much for your review! All of your comments are spot-on and provide appropriate feedback. I've addressed all the discussions. |
Co-authored-by: Matsuda <[email protected]>
Co-authored-by: Matsuda <[email protected]>
|
@mazyu36 Thank you for your reveiw! And I'm sorry for my rough edits. |
aws-cdk-automation
added
the
pr/needs-maintainer-review
There was a problem hiding this comment.
Thanks @badmintoncryer for your contribution. LGTM. just left one nit comment.
| @@ -96,6 +96,24 @@ const user = new iam.User(this, 'MyUser'); | |||
| env.grantReadConfig(user); | |||
| ``` | |||
|
|
|||
| ### Deletion Protection Check | |||
|
|
|||
| You can enable [deletion protection](https://docs.aws.amazon.com/appconfig/latest/userguide/deletion-protection.html) on the environment by setting the `deletionProtection` property. | |||
There was a problem hiding this comment.
nit: seems typo. Are you referring to deletionProtectionCheck property
There was a problem hiding this comment.
Thnak you for your review! I've fixed this typo.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Issue # (if applicable)
None
Reason for this change
AWS AppConfig environment supports deletion protection and this feature is not configurable from AWS CDK.
Description of changes
DeletionProtectionCheckenumdeletionProtectionCheckprop toEnvironmentOptionThere are two entities,
EnvironmentOptionsandEnvironmentProps, whereEnvironmentPropsis designed as an extension ofEnvironmentOptionswith the addition of anapplicationprop.Therefore, the current argument addition has also been made to
EnvironmentOptions.Describe any new or updated permissions being added
None
Description of how you validated changes
Add both unit and integ test.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license