Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(basti): Cleanup - Prevent attempting to remove a security group from a cluster db instance #124

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(basti): Cleanup - Prevent attempting to remove a security group from a cluster db instance #124

wants to merge 1 commit into from

Conversation

lukeinage
Copy link

Proposed Changes

This PR fixes the issue of attempting to remove a db instance security group that is part of a cluster in basti cleanup.

security-group-cleaner.ts removes the security group from the cluster and then tries to remove it from the instance causing a 400 error.

"InvalidParameterCombination: The specified DB Instance is a member of a cluster. Modify vpc security group for the DB Cluster using the ModifyDbCluster API"

This PR checks that the db instance doesn't have a cluster identifier before attempting to remove the security group.

Checklist

  • I cleaned up my code.
  • All the tests and checks passed (npm run test).
  • I have added necessary documentation and/or updated existing documentation.
  • I have added or modified tests to cover the changes.

@lukeinage-sbs
Prevent attempting to delete a security group from a db instance that…
c8f94b5 
… is part of a cluster by checking if it has a cluster identifier
BohdanPetryshyn
BohdanPetryshyn approved these changes Mar 15, 2025
View reviewed changes
Copy link
Collaborator

@BohdanPetryshyn BohdanPetryshyn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, thank you for the contribution @lukeinage ❤️

Could you please also describe your RDS configuration that results in this error?

@lukeinage
Copy link
Author

lukeinage commented Mar 17, 2025
edited
Loading

Sure! I can reproduce it with a default rds cluster configuration. I've created one with within cdk here

const vpc = new ec2.Vpc(this, 'Vpc');

new rds.DatabaseCluster(this, 'RdsCluster', {
    vpc,
    engine: rds.DatabaseClusterEngine.auroraPostgres({ version: rds.AuroraPostgresEngineVersion.VER_15_3 }),
    defaultDatabaseName: 'testdb',
    writer: rds.ClusterInstance.serverlessV2('WriterInstance'),
    readers: [
        rds.ClusterInstance.serverlessV2('ReaderInstance1')
    ],
    serverlessV2MinCapacity: 0.5,
    serverlessV2MaxCapacity: 1
});

I then run

basti init

and confirm all is as expected. Then I try to run

basti clean

It will clean up some resources but not all, this is the second attempt at running basti cleanup...

ℹ️ The following resources are going to be deleted:
Access security groups
  • sg-xxxxx
Bastion security groups
  • sg-xxxxx
? Proceed to cleanup? Yes
✖ Failed to prepare to access security group deletion
✖ Failed to delete bastion security group: sg-xxxxx

❌ Cleanup errors:

Unexpected error: The specified DB Instance is a member of a cluster. 
Modify vpc security group for the DB Cluster using the ModifyDbCluster API. 
The specified DB Instance is a member of a cluster. 
Modify vpc security group for the DB Cluster using the ModifyDbCluster API

Running with the PR, the cleanup runs as expected

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BohdanPetryshyn BohdanPetryshyn BohdanPetryshyn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lukeinage @BohdanPetryshyn @lukeinage-sbs