aws-rds 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b1cc2d54119dcd95b2c9fb03197051035846442c9ca4e7436203076a112b1686
-  data.tar.gz: c64db50775c8374124698dd728927d1334e7fa372b153bfc067e6fa1b166077f
+  metadata.gz: 28ec4b294e4916cb3a60b0635b8b7af526639ac9b05949b5d4e53637840409d0
+  data.tar.gz: acaa3428a63f54e84078c1615b934a416e92e0161961d84e58684ee3d4c65eb1
 SHA512:
-  metadata.gz: cffc7a7f694829c749e2bee6aac07b8961d5a5041b5287d4c7d8fd50d76e950f8fa01527487ccf9f9b55d7bf47676d6594d1e7b952d4b1703b245b8fced4399a
-  data.tar.gz: fe1240c028f158d1a7e4d479edd3c4c8c5b4c19d1108449ef21b5f09526d258f542244574ee149168e8780a345ef1d2ca9c0ea23136970a6acf0075ffae9dacd
+  metadata.gz: 516dc4b01e868ba041c9d56eeaea5fdde322f00a79b29529afe378f83eff09980614b5017a0dfcddb55b2e90f0c7119aee6ef79a191054bcade5b7c787371d6f
+  data.tar.gz: be2fac1b8f4cbd8e1bceed188a7d7257fc56ed5a4300064c6a4385034b1113416a5eda544aae6bceb4d8af6a3eac1af4c93c7bcc2bcd477ac437d7a6f676414c

data/CHANGELOG.md

@@ -3,6 +3,9 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [0.4.0]
+- security-group-name option to create a security group if not specified in profile with vpc_security_group_ids
+
 ## [0.3.0]
 - dont auto create security group when specified in the profile
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    aws-rds (0.1.2)
+    aws-rds (0.3.0)
       activesupport
       aws-sdk-ec2
       aws-sdk-rds

data/docs/example/config/development.yml

@@ -0,0 +1,20 @@
+---
+# main vpc_id and db_subnet_group_name are set here.
+# This could be the AWS default vpc or a custom VPC.
+main:
+  # vpc_id is used by the --security-group-name option.
+  # The --security-group-name option tells aws-rds to use the existing security group
+  # with the specified name.  Or it will create it under the vpc_id if it does
+  # not yet exist.  You can override this in the profile files.
+  vpc_id: vpc-111 # custom main vpc, can also override and profile
+  # db_subnet_group_name used by the create_db_instance command and specifies
+  # a list of subnets that the RDS db can be launched in.  This db_subnet_group_name
+  # needs to belong to the same vpc_id above.  You can also override this in the
+  # profiles.
+  db_subnet_group_name: my-db-subnet-group-name # db subnet group contains private subnets only
+
+# config variables to be used in profiles below.  Example usage:
+#
+#   <%= config["vpc_security_group_ids"].inspect %> in your profile file
+vpc_security_group_ids:
+  - sg-111

data/docs/example/profiles/default.yml

@@ -0,0 +1,10 @@
+---
+allocated_storage: 20
+db_instance_class: db.t2.micro
+master_user_password: changeme
+master_username: changeme
+engine: postgres
+vpc_security_group_ids: <%= config["vpc_security_group_ids"].inspect %>
+# db_name: mydb # can be overridden at the cli
+# vpc_security_group_ids: # can be also automatically set by specifying --security-group-name at the CLI
+# db_instance_identifier: not respected here. always set from the cli

data/{example/profiles/default.yml → docs/example/profiles/mydb.yml}

@@ -1,4 +1,5 @@
 ---
+db_name: demo
 allocated_storage: 20
 db_instance_class: db.t2.micro
 master_user_password: changeme

data/lib/aws_rds/cli.rb

@@ -9,8 +9,7 @@ module AwsRds
     option :db_name, desc: "database name"
     option :db_user, desc: "database user"
     option :db_password, desc: "database password"
-    option :security_group, type: :boolean, default: true, desc: "use separate security group"
-    option :security_group_name, desc: "optional. security group name"
+    option :security_group_name, desc: "security group to create if not vpc_security_group_ids not set in profile"
     def create(name)
       Create.new(options.merge(name: name)).run
     end

data/lib/aws_rds/create/params.rb

@@ -23,11 +23,15 @@ class AwsRds::Create
     end
 
     def set_security_groups(params)
-      return params unless @options[:security_group]
       return params if @options[:noop]
-
-      # return early and dont auto-create SG if user has set one
-      return params if params['vpc_security_group_ids']
+      # dont create SG if user has set one
+      #   db_security_groups: classic RDS db security groups, separtae groups from
+      #   from ec2 security groups.
+      #   vpc_security_group_ids: vpc security groups. same groups as what the ec2
+      #   security groups use.
+      # db_security_groups is not really recommended anymore because it is the
+      # EC2-classic network.
+      return params if params['vpc_security_group_ids'] || params['db_security_groups']
 
       security_group_name = @options[:security_group_name] || @options[:name]
       sg = AwsRds::SecurityGroup.find_or_create(security_group_name)
@@ -36,8 +40,26 @@ class AwsRds::Create
     end
 
     def set_db_subnet_group(params)
-      params["db_subnet_group_name"] ||= AwsRds.config["db_subnet_group_name"]
+      params["db_subnet_group_name"] ||= main_db_subnet_group_name
       params
     end
+
+    def main_db_subnet_group_name
+      AwsRds.config["defaults"]["db_subnet_group_name"]
+    rescue NoMethodError => e
+      puts e.message
+      puts <<-EOL
+No db_subnet_group_name was specified in your profile. Also, a default db subnet group name was set.
+
+Please add a db_subnet_group_name in your profile file or add a default db_subnet_group_name to your config/#{AwsRds.env}.yml.
+
+To specify a default db_subnet_group_name setting. Example config/#{AwsRds.env}.yml:
+
+---
+defaults:
+  db_subnet_group_name: my-db-subnet-group
+EOL
+      exit 1
+    end
   end
 end

data/lib/aws_rds/help/create.md

@@ -1,13 +1,19 @@
-The create command creates an RDS database with a profile file with some pre-configured settings.   The profile file is in the profiles folder.  If a profile is not specified, it will only use the `profiles/default.yml` profile.
+The create command creates an RDS database with pre-configured settings from a profile file.  If a profile is not specified, it will use the `profiles/default.yml` profile.
 
 Examples:
 
-  aws-rds create my-db --profile my-db
+  aws-rds create mydb --profile mydb # uses profiles/mydb.yml
 
 Security Groups:
 
-By default, instead of using the default security group, a new security group is created and associated with the database.
+It is recommended that you configure an explicit security group in your profiles so that the RDS DB does not use the default security group. Using an explicit security group allows you to control access to the DB in a finely tuned manner.
 
-This security group's name is the same as database name by convention.  This can be overridden at with `--security-group-name`.  If the security group already exists, it will use the existing security group that matches the name.
+If you do not have an existing security groups and want would like aws-rds to create a security group for you, use the --security-group-name option:
 
-If you do not want to specify the security group name every time, you can configure the security group id in the profile file by setting vpc_security_group_ids.
+  aws-rds create mydb --profile mydb --security-group-name mydbsg
+
+When using the `--security-group-name` option, you need to set the vpc_id and db_subnet_group_group variables in your config/ENV.yml settings file.  Example config/development.yml:
+
+---
+vpc_id: vpc-123
+db_subnet_group_group: my-db-subnet-group

data/lib/aws_rds/security_group.rb

@@ -6,7 +6,7 @@ module AwsRds
     def find_or_create(name)
       resp = ec2.describe_security_groups(
         filters: [
-          {name: 'vpc-id', values: [AwsRds.config["vpc_id"]]},
+          {name: 'vpc-id', values: [main_vpc_id]},
           {name: 'group-name', values: [name]}]
         )
       sg = resp.security_groups.first
@@ -16,7 +16,7 @@ module AwsRds
       result = ec2.create_security_group(
         group_name: name,
         description: name,
-        vpc_id: AwsRds.config["vpc_id"],
+        vpc_id: main_vpc_id,
       )
       # TODO: add waiter
       # ec2.create_tags(
@@ -27,6 +27,22 @@ module AwsRds
       resp.security_groups.first
     end
 
+    def main_vpc_id
+      AwsRds.config["defaults"]["vpc_id"]
+    rescue NoMethodError => e
+      puts e.message
+      puts <<-EOL
+Unable to load a default vpc id from your config/#{AwsRds.env}.yml.
+Please specify a default vpc_id setting.
+
+Example config/#{AwsRds.env}.yml:
+---
+defaults:
+  vpc_id: vpc-123
+EOL
+      exit 1
+    end
+
     def self.find_or_create(name)
       new.find_or_create(name)
     end

data/lib/aws_rds/version.rb

@@ -1,3 +1,3 @@
 module AwsRds
-  VERSION = "0.3.0"
+  VERSION = "0.4.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-rds
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Tung Nguyen
@@ -169,10 +169,10 @@ files:
 - README.md
 - Rakefile
 - aws-rds.gemspec
-- example/README.md
-- example/config/development.yml
-- example/profiles/default.yml
-- example/profiles/mydb.yml
+- docs/example/README.md
+- docs/example/config/development.yml
+- docs/example/profiles/default.yml
+- docs/example/profiles/mydb.yml
 - exe/aws-rds
 - lib/aws-rds.rb
 - lib/aws_rds/aws_services.rb

data/example/config/development.yml

@@ -1,3 +0,0 @@
----
-vpc_id: vpc-123 # custom main vpc, use this when not specified in profile
-db_subnet_group_name: private-db-subnet-group # private subnet group

data/example/profiles/mydb.yml

@@ -1 +0,0 @@
-db_name: demo