Enable encryption at rest (#11)

 Enable encryption

Author: rezabekf

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.5.4
+current_version = 1.5.5
 commit = False
 tag = False
 

.pre-commit-config.yaml

@@ -4,7 +4,7 @@
 repos:
   # General
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.2.0
+    rev: v3.4.0
     hooks:
       - id: check-case-conflict
       - id: detect-private-key
@@ -35,16 +35,15 @@ repos:
 
   # CloudFormation
   - repo: https://github.com/aws-cloudformation/cfn-python-lint
-    rev: v0.37.1
+    rev: v0.44.7
     hooks:
       - id: cfn-python-lint
         name: AWS CloudFormation Linter
         files: \.(template)$
         args: [--ignore-checks=W4002]
 
-  # The bug creates circular checks with end-of-file-fixer.
   - repo: https://github.com/aws-cloudformation/rain
-    rev: 46a8f63541d848c8b57c129babdd124f324fdd78
+    rev: v1.1.1
     hooks:
       - id: cfn-format
         files: \.template$
@@ -58,11 +57,11 @@ repos:
           - --errors-only
 
   - repo: https://github.com/PyCQA/isort
-    rev: 5.5.4
+    rev: 5.7.0
     hooks:
       - id: isort
 
   - repo: https://github.com/psf/black
-    rev: stable
+    rev: 20.8b1
     hooks:
       - id: black

README.md

@@ -30,10 +30,10 @@ The database is migrated using AWS DMS. It continuously synchronises changes in
 
 #### Summary
 
-This sample will deploy the two SQL Server instances (one EC2 and one Amazon RDS) in their own VPCs.
-The SQL Server running in the EC2 instance represents the on-premises infrastructure and the Amazon RDS instance represents,
-then create a sample database in both. No tables will be created at this point - creating of tables inside the database is left to the user.
-A DMS migration task will also be created. Upon starting that task (eg; using console or aws cli), tables in the database will be continually replicated across from the EC2 instance to the Amazon RDS instance.
+This sample will deploy two SQL Server instances, one on EC2 and one on Amazon RDS, in their own VPCs.
+The SQL Server running on the EC2 instance represents the on-premises infrastructure, and the Amazon RDS instance represents AWS cloud.
+No tables will be created at this point - creating of tables inside the database is left to the user.
+AWS DMS migration task will also be created. Upon starting that task (eg; using console or aws cli), tables in the database will be continually replicated across from the EC2 instance to the Amazon RDS instance.
 
 ### Architecture
 
@@ -83,6 +83,7 @@ template are pre-populated. Click the *Next* button at the bottom of the page.
 |---------------|-------|-----------|
 |Availability Zones|Requires input|The list of Availability Zones to use for the subnets in the VPCs. *Use two AZs*.|
 |On premise CIDR IP|Requires input|The CIDR Allowed RDP and SQL access to the EC2 and RDS host. CIDR block parameter must be in the form x.x.x.x/0-32.|
+|DMSInstanceClass|dms.t3.large|Instance class of DMS instance.|
 |EC2 instance type|m5.2xlarge|The EC2 instance type for Microsoft SQL server.|
 |Windows server AMI|/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-SQL_2016_SP2_Standard|Query for the Latest Windows AMI Using Systems Manager Parameter Store https://aws.amazon.com/blogs/mt/query-for-the-latest-windows-ami-using-systems-manager-parameter-store/|
 |MSSQL Server version|13|MSSQL Server version. This is used to Change Auth mode from Windows only to SQL and Windows Auth. For MSSQL server 2017 use number 14, for MSSQL server 2016 use number 13.|
@@ -111,7 +112,7 @@ template are pre-populated. Click the *Next* button at the bottom of the page.
 [Database guide](docs/database/README.md)
 
 ### Limitations
-- MSSQL server 2017 doesnt support continues replication. The solution is using MSSQL server 2016 by default.
+- MSSQL server 2017 doesn't support continues replication. The solution is using MSSQL server 2016 by default.
 
 ## Local Development
 See [Local Development](docs/LOCAL_DEVELOPMENT.md) guide to get a copy of the project up and running on your local machine for development and testing purposes.
@@ -123,7 +124,7 @@ To remove the stack:
 1. Open the AWS CloudFormation Console
 1. Click the *aws-dms-sql-server* project, right-click and select "*Delete Stack*"
 1. Your stack will take some time to be deleted. You can track its progress in the "Events" tab.
-1. When it is done, the status will change from DELETE_IN_PROGRESS" to "DELETE_COMPLETE". It will then disappear from the list.
+1. When it is done, the status will change from "DELETE_IN_PROGRESS" to "DELETE_COMPLETE". It will then disappear from the list.
 
 ## Contributing
 

cfn/dms.template

@@ -32,6 +32,9 @@ Parameters:
     Description: RDS Security Group ID.
     Type: AWS::EC2::SecurityGroup::Id
 
+  DMSInstanceClass:
+    Type: String
+
 Resources:
   DMSSecurityGroup:
     Type: AWS::EC2::SecurityGroup
@@ -72,7 +75,7 @@ Resources:
     Type: AWS::DMS::ReplicationInstance
     Properties:
       PubliclyAccessible: false
-      ReplicationInstanceClass: dms.t2.large
+      ReplicationInstanceClass: !Ref DMSInstanceClass
       ReplicationSubnetGroupIdentifier: !Ref ReplicationSubnetGroup
       VpcSecurityGroupIds:
         - !Ref DMSSecurityGroup

cfn/ec2-sql.template

@@ -260,6 +260,8 @@ Resources:
           Ebs:
             VolumeSize: 100
             VolumeType: gp2
+            Encrypted: true
+            DeleteOnTermination: true
       ImageId: !Ref WindowsSQLAMI
       InstanceType: !Ref WindowsSQLInstanceType
       SecurityGroupIds:

cfn/main.template

@@ -3,7 +3,7 @@ AWSTemplateFormatVersion: "2010-09-09"
 Description: Creates AWS infrastructure to deploy DMS solution. (uksb-1ppahhhui)
 
 Metadata:
-  Version: 1.5.4
+  Version: 1.5.5
 
   AWS::CloudFormation::Interface:
     ParameterGroups:
@@ -12,6 +12,10 @@ Metadata:
         Parameters:
           - AvailabilityZones
           - OnPremCidr
+      - Label:
+          default: AWS DMS configuration
+        Parameters:
+          - DMSInstanceClass
       - Label:
           default: EC2 SQL instance configuration
         Parameters:
@@ -35,6 +39,8 @@ Metadata:
         default: Availability Zones
       OnPremCidr:
         default: On premise CIDR IP
+      DMSInstanceClass:
+        default: DMS instance class
       WindowsSQLInstanceType:
         default: EC2 instance type
       WindowsSQLAMI:
@@ -66,6 +72,11 @@ Parameters:
     AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
     ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/0-32
 
+  DMSInstanceClass:
+    Description: Instance class of DMS instance
+    Type: String
+    Default: dms.t3.large
+
   WindowsSQLAMI:
     Description: The latest Windows server 2019 with SQL 2016 Standard AMI
     Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
@@ -74,9 +85,6 @@ Parameters:
   WindowsSQLInstanceType:
     Description: The instance type for MS SQL server.
     Type: String
-    AllowedValues:
-      - t3.2xlarge
-      - m5.2xlarge
     Default: m5.2xlarge
 
   MSSQLVersion:
@@ -110,13 +118,6 @@ Parameters:
   DbInstanceclass:
     Description: Instance class of RDS instance
     Type: String
-    AllowedValues:
-      - db.m4.large
-      - db.m4.16xlarge
-      - db.r4.large
-      - db.r4.16xlarge
-      - db.m5.large
-      - db.m5.24xlarge
     Default: db.m5.large
 
   Engine:
@@ -145,8 +146,6 @@ Mappings:
       PublicSubnet1Cidr: 10.1.0.0/24
       PublicSubnet2Cidr: 10.1.1.0/24
 
-Transform: AWS::Serverless-2016-10-31
-
 Resources:
   DMSIAMRoles:
     Type: AWS::CloudFormation::Stack
@@ -258,6 +257,7 @@ Resources:
         Username: !Ref Username
         WindowsSQLSecurityGroup: !GetAtt EC2SQL.Outputs.WindowsSQLSecurityGroup
         RDSSecurityGroup: !GetAtt RDSSQL.Outputs.RDSSecurityGroup
+        DMSInstanceClass: !Ref DMSInstanceClass
 
   DmsTaskConf:
     Type: AWS::CloudFormation::Stack

cfn/rds-sql.template

@@ -47,7 +47,7 @@ Resources:
       MasterUsername: !Ref DBUsername
       MultiAZ: false
       PubliclyAccessible: true
-      StorageEncrypted: false
+      StorageEncrypted: true
       StorageType: gp2
       VPCSecurityGroups:
         - !GetAtt RDSSecurityGroup.GroupId