feat: Support cross account databases (#4)

CloudSnorkel · Jul 15, 2022 · 2e57e38 · 2e57e38
1 parent 1fd3318
commit 2e57e38
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/API.md b/API.md
@@ -153,6 +153,7 @@ Trigger this step function to get a new snapshot.
 | --- | --- | --- |
 | <code><a href="#@cloudsnorkel/cdk-rds-sanitized-snapshots.IRdsSanitizedSnapshotter.property.script">script</a></code> | <code>string</code> | SQL script used to sanitize the database. It will be executed against the temporary database. |
 | <code><a href="#@cloudsnorkel/cdk-rds-sanitized-snapshots.IRdsSanitizedSnapshotter.property.vpc">vpc</a></code> | <code>aws-cdk-lib.aws_ec2.IVpc</code> | VPC where temporary database and sanitizing task will be created. |
+| <code><a href="#@cloudsnorkel/cdk-rds-sanitized-snapshots.IRdsSanitizedSnapshotter.property.databaseAccount">databaseAccount</a></code> | <code>string</code> | Account of database cluster or instance to snapshot and sanitize. |
 | <code><a href="#@cloudsnorkel/cdk-rds-sanitized-snapshots.IRdsSanitizedSnapshotter.property.databaseCluster">databaseCluster</a></code> | <code>aws-cdk-lib.aws_rds.IDatabaseCluster</code> | Database cluster to snapshot and sanitize. |
 | <code><a href="#@cloudsnorkel/cdk-rds-sanitized-snapshots.IRdsSanitizedSnapshotter.property.databaseInstance">databaseInstance</a></code> | <code>aws-cdk-lib.aws_rds.IDatabaseInstance</code> | Database instance to snapshot and sanitize. |
 | <code><a href="#@cloudsnorkel/cdk-rds-sanitized-snapshots.IRdsSanitizedSnapshotter.property.databaseKey">databaseKey</a></code> | <code>aws-cdk-lib.aws_kms.IKey</code> | KMS key used to encrypt original database, if any. |
@@ -193,6 +194,20 @@ VPC where temporary database and sanitizing task will be created.
 
 ---
 
+##### `databaseAccount`<sup>Optional</sup> <a name="databaseAccount" id="@cloudsnorkel/cdk-rds-sanitized-snapshots.IRdsSanitizedSnapshotter.property.databaseAccount"></a>
+
+```typescript
+public readonly databaseAccount: string;
+```
+
+- *Type:* string
+
+Account of database cluster or instance to snapshot and sanitize.
+
+Use this when the database is shared across accounts.
+
+---
+
 ##### `databaseCluster`<sup>Optional</sup> <a name="databaseCluster" id="@cloudsnorkel/cdk-rds-sanitized-snapshots.IRdsSanitizedSnapshotter.property.databaseCluster"></a>
 
 ```typescript

diff --git a/src/index.ts b/src/index.ts
@@ -31,6 +31,13 @@ export interface IRdsSanitizedSnapshotter {
    */
   readonly databaseInstance?: rds.IDatabaseInstance;
 
+  /**
+   * Account of database cluster or instance to snapshot and sanitize.
+   *
+   * Use this when the database is shared across accounts.
+   */
+  readonly databaseAccount?: string;
+
   /**
    * KMS key used to encrypt original database, if any.
    */
@@ -176,12 +183,14 @@ export class RdsSanitizedSnapshotter extends Construct {
     this.reencrypt = props.snapshotKey !== undefined;
 
     this.dbClusterArn = cdk.Stack.of(this).formatArn({
+      account: props.databaseAccount,
       service: 'rds',
       resource: 'cluster',
       resourceName: this.databaseIdentifier,
       arnFormat: cdk.ArnFormat.COLON_RESOURCE_NAME,
     });
     this.dbInstanceArn = cdk.Stack.of(this).formatArn({
+      account: props.databaseAccount,
       service: 'rds',
       resource: 'db',
       resourceName: this.databaseIdentifier,