Defaulting to encrypted

ecs_composex/acm/acm_stack.py

@@ -198,4 +198,3 @@ def init_acm_certs(settings, dns_settings, root_stack):
         mappings = create_acm_mappings(lookup_resources, settings)
         if mappings:
             root_stack.stack_template.add_mapping(MOD_KEY, mappings)
-            print(mappings)

ecs_composex/docdb/docdb_stack.py

@@ -51,7 +51,9 @@ def __init__(self, name, definition, settings):
         self.arn_attr = DOCDB_SECRET
 
     def init_outputs(self):
-        print(self.arn_attr, type(self.arn_attr))
+        """
+        Method to init the DocDB output attributes
+        """
         self.output_properties = {
             DOCDB_NAME.title: (self.logical_name, self.cfn_resource, Ref, None),
             DOCDB_PORT.title: (

ecs_composex/ecs/ecs_scaling.py

@@ -283,9 +283,6 @@ def merge_family_services_scaling(services):
     x_scaling_configs = []
     for service in services:
         handle_defined_x_aws_autoscaling(x_scaling_configs, service)
-
-    print(x_scaling_configs)
-
     valid_keys = [
         ("range", str, handle_range),
         ("target_scaling", dict, handle_target_scaling),

ecs_composex/rds/README.rst

@@ -4,33 +4,30 @@
 AWS RDS
 =======
 
-This package is here to create all the CFN templates necessary to create RDS instances and allow microservices
-to access the databases.
+AWS RDS is one of the most amazing and feature rich service on AWS. Which also means that it is one of the possibly
+most complex to get right. AWS has done an amazing job at making RDS easy to consume but still requires a lot of
+settings to come together.
 
-Assumptions
-===========
+With AWS Aurora, and global databases etc, it becomes something that could be very complicated to describe in only a few
+lines.
 
-RDS is far more complex to configure and allow access to from microservices than pure IAM (at least at this time, using
-IAM based auth might have performances impact on your applications, so we are going to consider usual DB credentials
-are in use).
+Our objective with this module is to make some of the most common usage of AWS RDS, with a push for RDS Aurora, easy
+for developers and cloud engineers to define in a very simple way common RDS deployment patterns.
 
-The engine
-==========
+Defaults
+===========
 
-The engine & engine version are going to be used to determine if you are trying to create an Aurora Cluster in RDS
-or a normal traditional DB. You have nothing more to do.
+Credentials
+-----------
 
-Security groups configuration
-=============================
+Aurora and traditional RDS Databases support both Username/Password generic authentication. Due to the wide adoption of
+that authentication mechanism, all RDS Dbs will come with a username/password, auto generated and stored in AWS Secrets Manager.
 
-Per database, is created one Security Group for the DB itself and another that will be assigned to all microservices
-which have been registered to have access to the database. However, keep in mind the `SG Account limitations`_ which apply,
-by default, 5 Security Groups max per ENI. Given we are in *awsvpc* networking mode, each microservice running (container)
-has its own ENI.
 
+.. hint::
 
-Credentials
-===========
+    We do plan to allow a tick button to enable Aurora authentication with IAM, however have not received a Feature Request
+    for it.
 
 AWS Secrets Manager integrates very nicely to AWS RDS. This has no intention to implement the rotation system at this
 point in time, however, it will generate the password for the database and expose it securely to the microservices which
@@ -41,8 +38,27 @@ can via environment variables fetch
 * DB Password
 * DB Port
 
+Simple Properties
+==================
+
+AWS Aurora and RDS Instances both can accept 20+ Properties, with complex syntax on both of these. The objective with
+ComposeX is to keep things very simple. Therefore, in the attempt of making it easier, you can today simply define only
+two properties to get yourself up and running
+
+* Engine
+* EngineVersion
+
+Security groups configuration
+=============================
+
+Per database, is created one Security Group for the DB itself and another that will be assigned to all microservices
+which have been registered to have access to the database. However, keep in mind the `SG Account limitations`_ which apply,
+by default, 5 Security Groups max per ENI. Given we are in *awsvpc* networking mode, each microservice running (container)
+has its own ENI.
+
+
 .. _`SG Account limitations`: https://aws.amazon.com/premiumsupport/knowledge-center/increase-security-group-rule-limit/
 
 .. note::
 
-    See :ref:`rds_syntax_reference`
+    See :ref:`rds_syntax_reference` to start deploying (or re-use!) your services and connect them to RDS.

ecs_composex/rds/rds_db_template.py

@@ -128,6 +128,7 @@ def add_instance(template, db):
     instance = DBInstance(
         DATABASE_T,
         template=template,
+        DeletionPolicy="Snapshot",
         Engine=Ref(DB_ENGINE_NAME),
         EngineVersion=Ref(DB_ENGINE_VERSION),
         StorageType=If(
@@ -171,6 +172,7 @@ def add_instance(template, db):
             [GetAtt(db.db_sg, "GroupId")],
         ),
         Tags=Tags(SecretName=Ref(db.db_secret), Name=db.logical_name),
+        StorageEncrypted=True,
     )
     return instance
 
@@ -186,6 +188,7 @@ def add_cluster(template, db):
     cluster = DBCluster(
         CLUSTER_T,
         template=template,
+        DeletionPolicy="Snapshot",
         Condition=rds_conditions.USE_CLUSTER_CON_T,
         DBSubnetGroupName=If(
             rds_conditions.DBS_SUBNET_GROUP_CON_T,
@@ -217,6 +220,7 @@ def add_cluster(template, db):
         DBClusterParameterGroupName=Ref(CLUSTER_PARAMETER_GROUP_T),
         VpcSecurityGroupIds=[Ref(db.db_sg)],
         Tags=Tags(SecretName=Ref(db.db_secret), Name=db.logical_name),
+        StorageEncrypted=True,
     )
     return cluster
 

ecs_composex/rds/rds_stack.py

@@ -66,7 +66,9 @@ def __init__(self, name, definition, settings):
         self.arn_attr = Parameter(DB_SECRET_T, Type="String")
 
     def init_outputs(self):
-        print(self.db_secret)
+        """
+        Method to init the RDS Output attributes
+        """
         self.output_properties = {
             DB_NAME.title: (self.logical_name, self.cfn_resource, Ref, None),
             DB_ENDPOINT_PORT: (
@@ -89,13 +91,6 @@ def init_outputs(self):
             ),
         }
 
-    def uses_aurora(self):
-        if not self.lookup and self.properties[DB_ENGINE_NAME.title].startswith(
-            "aurora"
-        ):
-            return True
-        return False
-
 
 class XStack(ComposeXStack):
     """