Skip to content

feat(backup): option to prevent recovery point deletions#16282

Merged
mergify[bot] merged 7 commits intoaws:masterfrom
jogold:backup-deny-delete-policy
Sep 8, 2021
Merged

feat(backup): option to prevent recovery point deletions#16282
mergify[bot] merged 7 commits intoaws:masterfrom
jogold:backup-deny-delete-policy

Conversation

@jogold
Copy link
Copy Markdown
Contributor

@jogold jogold commented Aug 30, 2021
edited
Loading

Add a blockRecoveryPointDeletion prop that add statements to
the vault access policy that prevents recovery point deletions.

Converted test to use assertions while in there.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@jogold
feat(backup): vault policy to prevent recovery point deletions
3538dd6 
Add a convenience `BackupVault.DENY_DELETE_RECOVERY_POINT` policy to
prevent recovery point deletions.

Converted test to use `assertions` while in there.
@gitpod-io
Copy link
Copy Markdown

gitpod-io bot commented Aug 30, 2021

@peterwoodworth peterwoodworth added effort/small Small work item – less than a day of effort @aws-cdk/aws-backup Related AWS Backup labels Sep 1, 2021
BenChaimberg
BenChaimberg previously requested changes Sep 2, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@BenChaimberg BenChaimberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this! I think it's a very helpful configuration to have around but I'd like it to be a bit more discoverable – currently, users need to "know" about the static property and also know that they need to provide it to the accessPolicy property. What do you think about making this a bit more visible by adding a property to BackupProps? Maybe something like blockRecoveryPointDeletion?: boolean?

@jogold jogold changed the title feat(backup): vault policy to prevent recovery point deletions feat(backup): option to prevent recovery point deletions Sep 6, 2021
@mergify mergify bot dismissed BenChaimberg’s stale review September 6, 2021 08:54

Pull request has been modified.

@jogold jogold requested a review from BenChaimberg September 6, 2021 08:56
BenChaimberg
BenChaimberg reviewed Sep 6, 2021
View reviewed changes
@jogold jogold requested a review from BenChaimberg September 8, 2021 07:27
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Sep 8, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 6e71806 into aws:master Sep 8, 2021
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Sep 8, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

aws-cdk-automation commented Sep 8, 2021

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: f076ead
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@jogold jogold deleted the backup-deny-delete-policy branch September 8, 2021 12:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@BenChaimberg BenChaimberg BenChaimberg approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@BenChaimberg BenChaimberg

Labels

@aws-cdk/aws-backup Related AWS Backup effort/small Small work item – less than a day of effort

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jogold @aws-cdk-automation @BenChaimberg @peterwoodworth