Cloudformation - AWS::RDS::DBInstance.Properties.StorageEncrypted behavior change

0

Until a couple of weeks ago CF was able to successfully create an RDS passing an empty string to AWS::RDS::DBInstance.Properties.StorageEncrypted, e.g:

    "Instance": {
      "Type": "AWS::RDS::DBInstance",
      "DeletionPolicy": "Snapshot",
      "Properties": {
         ...
        "StorageEncrypted": "",
      }
    } 

``

It seems that this behavior was changed and now we explicitly need to pass true/false.

Can anyone confirm that the behavior actually changed?

This is causing a lot of pain for us because on every deployment we apply the respective CF template. For all the DBs we have created with StorageEncrypted: "" CF now fails with the error Properties validation failed for resource Instance with message: #/StorageEncrypted: expected type: Boolean, found: String

If we replace StorageEncrypted: "" by StorageEncrypted: false it will recreate the DB instance - which obviously we don't want to happen.

質問済み 2年前347ビュー
1回答
0

Have you tried removing StorageEncrypted: "" entirely? The default is "false" and if you're lucky this won't trigger a stack update. Worth a try I think.

The best solution though, when you've got time, is to convert your DB to encrypted for best practice. The process is in summary:

  • snapshot the DB, encrypt the snapshot, then restore (and if you can’t tolerate an outage that long, you’ll need a more complex process involving DMS)
  • resolve stack drift by updating the stack with “DeletionPolicy: Retain” on the DBInstance, then updating the stack with the DBInstance removed, then importing the DBInstance into the stack with “StorageEncrypted: true”.
エキスパート
回答済み 2年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ